Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/tJPDyvxsaRNG2TtigLboshc8VJE.roa
File:                     tJPDyvxsaRNG2TtigLboshc8VJE.roa (raw, json)
Hash identifier:          6xR6srnvbaXI07mgS9FOQ9K4mTVz3Z2gT9y//ZzyMWQ=
Subject key identifier:   B4:93:C3:CA:FC:6C:69:13:46:D9:3B:62:80:B6:E8:B2:17:3C:54:91
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019127EFAFBF7DA010935D5CCA6FACA8220E
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/tJPDyvxsaRNG2TtigLboshc8VJE.roa
Signing time:             Tue 06 Aug 2024 13:45:04 +0000
ROA not before:           Tue 06 Aug 2024 13:45:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215480
IP address blocks:        2a05:9080:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:27:ef:af:bf:7d:a0:10:93:5d:5c:ca:6f:ac:a8:22:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Aug  6 13:45:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b493c3cafc6c691346d93b6280b6e8b2173c5491
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:2a:d9:71:f0:92:07:56:92:5b:64:59:57:f4:
                    fd:2e:ee:19:bd:d7:82:64:f3:9a:6b:1f:7c:44:1d:
                    75:79:be:7e:e4:71:4e:35:97:c1:df:13:80:ea:ff:
                    72:6b:30:24:0b:75:be:83:76:fc:57:23:57:57:2c:
                    7e:ea:41:6d:1e:66:2d:1f:21:86:7e:46:d3:33:ff:
                    27:c7:2a:f0:ae:34:7c:94:9b:68:23:82:65:97:fa:
                    6e:c1:9c:f8:28:cd:ce:92:d1:1d:4d:07:1b:8f:ae:
                    a6:d0:08:7f:89:a7:5f:5b:76:98:fa:05:d0:4c:f9:
                    2f:26:bd:ec:77:be:80:af:2a:05:a4:19:7b:0f:ed:
                    23:c7:85:9c:3a:94:c1:2d:1d:0c:4d:ba:2b:d9:10:
                    11:e2:7b:4a:ff:1f:77:27:12:c4:9a:95:ff:98:7e:
                    39:e2:a0:47:97:34:22:29:f1:84:72:1c:8c:bb:3d:
                    a5:18:82:d1:9f:22:00:2e:d2:0d:67:79:99:30:51:
                    3c:04:ac:7b:5a:60:e7:83:0f:c5:fc:bf:b4:f2:61:
                    f0:51:8d:71:8c:90:f2:3d:55:f2:21:38:10:83:56:
                    b4:da:53:62:0b:86:cf:4c:21:77:98:3f:19:0a:e4:
                    96:c2:65:d5:95:e5:0e:89:2b:e0:f0:8c:76:33:04:
                    90:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:93:C3:CA:FC:6C:69:13:46:D9:3B:62:80:B6:E8:B2:17:3C:54:91
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/tJPDyvxsaRNG2TtigLboshc8VJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:57:c5:a3:57:3d:b7:36:25:5c:d8:3b:d1:5e:df:29:bd:90:
         c7:6a:17:37:17:ff:b1:48:ad:a2:e4:b4:3d:bb:f0:b3:2f:db:
         f7:db:73:6e:2a:89:ab:d3:75:d8:53:9a:6a:fe:e4:10:a0:61:
         23:17:ed:ca:f1:e8:81:f8:7f:14:49:30:f0:b2:c7:77:78:fc:
         64:1b:d0:6e:cf:a2:51:36:46:f1:28:47:49:ee:45:9a:52:c7:
         4b:e3:c6:1f:b8:7e:41:1c:28:ae:a6:ed:02:f2:5f:f4:23:8f:
         07:08:38:05:3d:7b:9c:03:f9:89:13:26:fd:77:20:27:c9:69:
         00:19:2a:56:28:ba:3f:a4:3b:99:e7:68:53:e5:1f:0b:8d:fd:
         d9:cd:e9:77:47:f2:d7:68:99:59:21:8a:c0:e4:33:3c:d9:78:
         b7:43:79:2f:09:57:fd:f9:d0:71:b4:21:fd:fc:c5:a6:21:26:
         6b:bd:08:28:d6:f2:3d:f9:7e:34:b9:69:98:12:cc:c8:bd:40:
         05:3e:7c:25:a0:24:f5:e1:57:96:a0:b7:d0:15:d3:6c:ff:47:
         9e:94:92:42:1b:34:f2:24:0e:05:5e:7b:d5:63:1d:24:d8:6d:
         37:07:5b:c9:9b:39:b8:2f:62:d7:1d:7d:b4:db:38:25:34:3e:
         da:1b:1a:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZEn76+/faAQk11cym+sqCIOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjQwODA2MTM0NTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDkzYzNjYWZjNmM2OTEzNDZkOTNiNjI4MGI2ZThiMjE3M2M1NDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3yrZcfCSB1aSW2RZV/T9Lu4ZvdeC
ZPOaax98RB11eb5+5HFONZfB3xOA6v9yazAkC3W+g3b8VyNXVyx+6kFtHmYtHyGG
fkbTM/8nxyrwrjR8lJtoI4Jll/puwZz4KM3OktEdTQcbj66m0Ah/iadfW3aY+gXQ
TPkvJr3sd76AryoFpBl7D+0jx4WcOpTBLR0MTbor2RAR4ntK/x93JxLEmpX/mH45
4qBHlzQiKfGEchyMuz2lGILRnyIALtINZ3mZMFE8BKx7WmDngw/F/L+08mHwUY1x
jJDyPVXyITgQg1a02lNiC4bPTCF3mD8ZCuSWwmXVleUOiSvg8Ix2MwSQaQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLSTw8r8bGkTRtk7YoC26LIXPFSRMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvdEpQRHl2eHNhUk5HMlR0aWdMYm9zaGM4VkpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWQgAAH
MA0GCSqGSIb3DQEBCwUAA4IBAQCRV8WjVz23NiVc2DvRXt8pvZDHahc3F/+xSK2i
5LQ9u/CzL9v323NuKomr03XYU5pq/uQQoGEjF+3K8eiB+H8USTDwssd3ePxkG9Bu
z6JRNkbxKEdJ7kWaUsdL48YfuH5BHCiupu0C8l/0I48HCDgFPXucA/mJEyb9dyAn
yWkAGSpWKLo/pDuZ52hT5R8Ljf3Zzel3R/LXaJlZIYrA5DM82Xi3Q3kvCVf9+dBx
tCH9/MWmISZrvQgo1vI9+X40uWmYEszIvUAFPnwloCT14VeWoLfQFdNs/0eelJJC
GzTyJA4FXnvVYx0k2G03B1vJmzm4L2LXHX202zglND7aGxpI
-----END CERTIFICATE-----