Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/jkI8fUoBx_VrUbpclU3gQO7Bwxs.roa
File:                     jkI8fUoBx_VrUbpclU3gQO7Bwxs.roa (raw, json)
Hash identifier:          /DLNyN9YhbATg7Ei+UzEccIwvXzhtCpBboDZuRszqpw=
Subject key identifier:   8E:42:3C:7D:4A:01:C7:F5:6B:51:BA:5C:95:4D:E0:40:EE:C1:C3:1B
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       01921E93B262350A933ADBCE5FDD39BDEF54
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/jkI8fUoBx_VrUbpclU3gQO7Bwxs.roa
Signing time:             Mon 23 Sep 2024 11:10:48 +0000
ROA not before:           Mon 23 Sep 2024 11:10:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3175
IP address blocks:        2a04:a5c0::/29 maxlen: 29
                          2a13:3c80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 05:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1e:93:b2:62:35:0a:93:3a:db:ce:5f:dd:39:bd:ef:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Sep 23 11:10:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e423c7d4a01c7f56b51ba5c954de040eec1c31b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ef:d9:07:d3:c8:6f:88:ed:64:74:b3:10:92:
                    d7:e6:6c:cf:d3:db:8c:27:cd:c5:6f:60:a8:47:27:
                    3f:ea:35:78:fe:f4:9b:42:ae:a2:92:21:3b:90:b0:
                    5a:22:7b:bc:d8:f8:cd:58:e6:f0:4a:5c:81:27:4f:
                    96:bd:35:40:14:98:14:ee:42:21:dd:67:c1:93:b0:
                    21:d3:d4:12:87:8f:b4:ae:d5:7f:46:2f:94:f6:74:
                    ab:a7:8b:61:95:07:b7:45:86:de:87:68:46:60:dd:
                    1f:30:ef:32:1b:72:de:64:3a:4a:c4:9b:d4:85:84:
                    67:c1:77:51:c5:5e:af:63:41:bd:07:72:39:3d:9f:
                    72:b0:e9:cf:df:15:f9:5f:9d:32:71:cf:86:87:51:
                    ab:9e:70:01:5c:c9:c1:a4:af:4e:75:c5:96:55:86:
                    15:4b:a1:28:20:4b:49:ef:a7:92:a1:7a:7d:0e:81:
                    05:5a:40:e6:8b:91:a1:c5:85:ea:a5:bb:3e:ec:ec:
                    dc:db:6c:36:8d:8e:99:e5:ae:28:cf:f9:76:ad:e7:
                    0b:93:9b:ae:be:11:c8:89:2f:26:8c:3f:ec:d4:8a:
                    19:d3:cb:21:78:a6:75:a4:6c:c1:cb:3f:a0:16:35:
                    31:c2:36:fe:4c:51:26:5e:24:fb:15:81:96:26:7e:
                    44:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:42:3C:7D:4A:01:C7:F5:6B:51:BA:5C:95:4D:E0:40:EE:C1:C3:1B
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/jkI8fUoBx_VrUbpclU3gQO7Bwxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:a5c0::/29
                  2a13:3c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:fd:19:30:d0:e7:f1:9c:5e:3d:ca:32:6e:56:ca:0e:32:b7:
         8a:b4:cb:b2:51:c4:5d:03:83:59:7b:f1:e4:1d:22:45:a9:66:
         2d:19:dc:43:c2:b1:d1:86:ac:26:73:ef:2f:ee:22:dd:77:92:
         5b:76:e5:ac:20:1b:94:a9:e1:5d:36:d8:98:2c:d0:ac:95:09:
         c4:11:d3:6c:64:1a:c5:2a:a7:38:41:40:b8:62:b1:91:f1:9e:
         ea:86:07:d5:0b:c0:c2:85:96:5a:4a:5b:3a:1f:c6:05:bc:64:
         92:4a:f8:50:06:3c:e0:0e:67:92:ba:cb:4f:66:c7:46:0a:38:
         3d:45:93:27:f0:ea:c8:de:1b:a4:f7:b5:fc:20:f4:2c:9d:1a:
         c2:88:ae:2a:de:fa:d3:2f:85:b0:e7:d3:7d:f1:07:f5:12:14:
         88:e7:e9:ce:e3:29:42:e4:75:ec:3b:66:49:17:c2:67:f1:b7:
         9a:54:66:0f:0b:46:fa:37:ce:8f:b0:a1:25:cf:a4:5a:0f:5a:
         25:b7:03:a9:eb:af:07:62:60:2d:98:2e:7f:8b:d7:00:81:6f:
         61:eb:c7:44:23:dd:7d:ef:a3:71:29:32:85:fe:18:9d:6a:81:
         1a:2f:59:a3:ec:61:bf:cd:02:81:e8:45:bd:d9:c1:46:68:8f:
         d0:1e:fe:e8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZIek7JiNQqTOtvOX905ve9UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwOTIzMTExMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTQyM2M3ZDRhMDFjN2Y1NmI1MWJhNWM5NTRkZTA0MGVlYzFjMzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiu/ZB9PIb4jtZHSzEJLX5mzP09uM
J83Fb2CoRyc/6jV4/vSbQq6ikiE7kLBaInu82PjNWObwSlyBJ0+WvTVAFJgU7kIh
3WfBk7Ah09QSh4+0rtV/Ri+U9nSrp4thlQe3RYbeh2hGYN0fMO8yG3LeZDpKxJvU
hYRnwXdRxV6vY0G9B3I5PZ9ysOnP3xX5X50ycc+Gh1GrnnABXMnBpK9OdcWWVYYV
S6EoIEtJ76eSoXp9DoEFWkDmi5GhxYXqpbs+7Ozc22w2jY6Z5a4oz/l2recLk5uu
vhHIiS8mjD/s1IoZ08sheKZ1pGzByz+gFjUxwjb+TFEmXiT7FYGWJn5EwQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFI5CPH1KAcf1a1G6XJVN4EDuwcMbMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvamtJOGZVb0J4X1ZyVWJwY2xVM2dRTzdCd3hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgSlwAMF
AyoTPIAwDQYJKoZIhvcNAQELBQADggEBAFv9GTDQ5/GcXj3KMm5Wyg4yt4q0y7JR
xF0Dg1l78eQdIkWpZi0Z3EPCsdGGrCZz7y/uIt13klt25awgG5Sp4V022Jgs0KyV
CcQR02xkGsUqpzhBQLhisZHxnuqGB9ULwMKFllpKWzofxgW8ZJJK+FAGPOAOZ5K6
y09mx0YKOD1Fkyfw6sjeG6T3tfwg9CydGsKIrire+tMvhbDn033xB/USFIjn6c7j
KULkdew7ZkkXwmfxt5pUZg8LRvo3zo+woSXPpFoPWiW3A6nrrwdiYC2YLn+L1wCB
b2Hrx0Qj3X3vo3EpMoX+GJ1qgRovWaPsYb/NAoHoRb3ZwUZoj9Ae/ug=
-----END CERTIFICATE-----