Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/vHbCfyXSTRxyRGnfFKXvjIf7MJA.roa
File:                     vHbCfyXSTRxyRGnfFKXvjIf7MJA.roa (raw, json)
Hash identifier:          4qVwbnAwQAIE3v3r1yXeiCQCYTK3eaHjNt3J9xyqv5Y=
Subject key identifier:   BC:76:C2:7F:25:D2:4D:1C:72:44:69:DF:14:A5:EF:8C:87:FB:30:90
Certificate issuer:       /CN=7021d7528be713a4ba2cb4db5e58d64d882eb555
Certificate serial:       01910CE90A0643ABAAD2E3BF645DD8DF32D7
Authority key identifier: 70:21:D7:52:8B:E7:13:A4:BA:2C:B4:DB:5E:58:D6:4D:88:2E:B5:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/vHbCfyXSTRxyRGnfFKXvjIf7MJA.roa
Signing time:             Thu 01 Aug 2024 07:48:04 +0000
ROA not before:           Thu 01 Aug 2024 07:48:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50225
IP address blocks:        2a0f:bf02::/32 maxlen: 32
                          2a0f:bf03::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0c:e9:0a:06:43:ab:aa:d2:e3:bf:64:5d:d8:df:32:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7021d7528be713a4ba2cb4db5e58d64d882eb555
        Validity
            Not Before: Aug  1 07:48:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc76c27f25d24d1c724469df14a5ef8c87fb3090
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:85:bf:d0:10:e6:17:17:88:29:66:ac:15:d6:
                    e5:3b:c6:cf:e0:c2:de:60:82:74:2e:09:6c:0d:56:
                    3d:96:89:ff:92:a9:9a:ff:91:33:b7:13:37:44:5a:
                    37:3d:9c:5d:98:ee:d1:4e:c1:53:dc:38:45:9e:f4:
                    8b:9d:12:bd:41:8f:2c:48:9f:5f:00:1e:8d:37:cb:
                    ce:28:5b:1f:5a:d8:56:6a:47:7a:9e:f4:2e:c1:5a:
                    0a:73:da:3b:2c:71:79:e4:7f:8f:09:7a:38:77:89:
                    40:cd:c3:ca:b1:f3:2d:b0:3e:c1:89:bb:00:27:ee:
                    2b:cb:55:17:91:7e:19:f9:a5:11:c3:27:a0:91:fd:
                    64:1b:cf:db:9d:2d:0f:ac:33:e6:ba:e2:be:42:de:
                    cd:2b:ef:56:bc:c1:28:ab:34:b1:33:28:d2:6d:7a:
                    ef:1b:30:36:98:e8:ae:4a:5a:ec:e8:15:56:ef:8a:
                    d5:b3:42:e6:b8:82:4d:17:bb:6f:4d:a4:39:f2:f5:
                    e6:76:7f:c8:fc:df:d0:da:8d:b8:3e:4b:41:cd:9a:
                    c9:7a:9f:ee:0a:f9:88:f4:99:26:9e:4f:fe:a8:32:
                    18:71:79:a0:81:fd:3c:a5:e8:2c:4d:f2:7b:a4:67:
                    7b:1d:d2:c6:0e:11:e4:a2:1a:1b:50:0d:50:a6:ff:
                    eb:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:76:C2:7F:25:D2:4D:1C:72:44:69:DF:14:A5:EF:8C:87:FB:30:90
            X509v3 Authority Key Identifier:
                keyid:70:21:D7:52:8B:E7:13:A4:BA:2C:B4:DB:5E:58:D6:4D:88:2E:B5:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/vHbCfyXSTRxyRGnfFKXvjIf7MJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:bf02::/31

    Signature Algorithm: sha256WithRSAEncryption
         27:a4:51:73:8e:cc:ff:18:a2:06:4c:9b:21:3b:af:cf:99:b0:
         ad:88:06:dc:d4:77:6f:af:58:15:7b:8b:87:56:91:0a:30:99:
         50:d0:72:c1:df:00:33:97:9b:4f:aa:72:0b:0a:bd:dd:c4:dd:
         e3:8f:51:dd:e8:4d:15:a1:b3:17:7c:6c:c6:98:72:c4:d5:ba:
         18:e3:50:1b:df:a3:1e:bd:f0:9f:66:2e:63:9e:f5:77:d3:54:
         93:67:a1:9d:8c:77:ea:86:cd:be:0a:d5:0c:c3:8e:ff:e4:bd:
         ed:a1:18:82:77:22:79:94:49:8b:85:70:07:4e:3b:f3:bd:30:
         f7:87:98:ca:7f:74:e9:cd:bf:7d:db:b1:04:4d:ff:78:1c:16:
         e1:19:a0:c6:e2:09:93:b2:8d:58:aa:12:13:05:f5:9c:44:d3:
         c2:65:26:20:fc:dd:bd:66:de:32:8c:79:0b:6a:47:dc:3d:a1:
         79:73:3d:4a:65:ec:82:ca:5b:1d:21:22:82:51:f8:1f:0b:45:
         a9:49:4f:4a:c2:06:a2:06:f6:41:36:72:a5:c6:98:96:3a:a5:
         89:54:a9:38:83:a5:86:17:e7:3e:c8:8c:56:9d:c4:e2:a5:7c:
         05:ae:10:71:0b:5f:60:b3:ed:23:dd:24:09:fe:cd:c7:3b:54:
         fd:ae:8c:bc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZEM6QoGQ6uq0uO/ZF3Y3zLXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMjFkNzUyOGJlNzEzYTRiYTJjYjRkYjVlNThkNjRkODgy
ZWI1NTUwHhcNMjQwODAxMDc0ODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzc2YzI3ZjI1ZDI0ZDFjNzI0NDY5ZGYxNGE1ZWY4Yzg3ZmIzMDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4W/0BDmFxeIKWasFdblO8bP4MLe
YIJ0LglsDVY9lon/kqma/5EztxM3RFo3PZxdmO7RTsFT3DhFnvSLnRK9QY8sSJ9f
AB6NN8vOKFsfWthWakd6nvQuwVoKc9o7LHF55H+PCXo4d4lAzcPKsfMtsD7BibsA
J+4ry1UXkX4Z+aURwyegkf1kG8/bnS0PrDPmuuK+Qt7NK+9WvMEoqzSxMyjSbXrv
GzA2mOiuSlrs6BVW74rVs0LmuIJNF7tvTaQ58vXmdn/I/N/Q2o24PktBzZrJep/u
CvmI9Jkmnk/+qDIYcXmggf08pegsTfJ7pGd7HdLGDhHkohobUA1Qpv/rQwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLx2wn8l0k0cckRp3xSl74yH+zCQMB8GA1UdIwQY
MBaAFHAh11KL5xOkuiy0215Y1k2ILrVVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0NIWFVvdm5FNlM2TExUYlhsaldUWWd1dFZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8wMWIwYzAtMWI4Ny00ZDZmLTllOTAt
OTI4MWYwZDIzZGJmLzEvdkhiQ2Z5WFNUUnh5UkduZkZLWHZqSWY3TUpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8wMWIwYzAtMWI4Ny00ZDZmLTllOTAtOTI4MWYwZDIzZGJm
LzEvY0NIWFVvdm5FNlM2TExUYlhsaldUWWd1dFZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKg+/AjAN
BgkqhkiG9w0BAQsFAAOCAQEAJ6RRc47M/xiiBkybITuvz5mwrYgG3NR3b69YFXuL
h1aRCjCZUNBywd8AM5ebT6pyCwq93cTd449R3ehNFaGzF3xsxphyxNW6GONQG9+j
Hr3wn2YuY571d9NUk2ehnYx36obNvgrVDMOO/+S97aEYgncieZRJi4VwB047870w
94eYyn906c2/fduxBE3/eBwW4RmgxuIJk7KNWKoSEwX1nETTwmUmIPzdvWbeMox5
C2pH3D2heXM9SmXsgspbHSEiglH4HwtFqUlPSsIGogb2QTZypcaYljqliVSpOIOl
hhfnPsiMVp3E4qV8Ba4QcQtfYLPtI90kCf7NxztU/a6MvA==
-----END CERTIFICATE-----