Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/XFk1rhupV8PJ1jw9d2dvu3QB_Y8.roa
File:                     XFk1rhupV8PJ1jw9d2dvu3QB_Y8.roa (raw, json)
Hash identifier:          6gQUsqrkcG335EMmc/sp0AzSEcBlHuapSmCO6mwcgSc=
Subject key identifier:   5C:59:35:AE:1B:A9:57:C3:C9:D6:3C:3D:77:67:6F:BB:74:01:FD:8F
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       01920ADE3A30A500EE96472D2C38E0128F59
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/XFk1rhupV8PJ1jw9d2dvu3QB_Y8.roa
Signing time:             Thu 19 Sep 2024 15:19:48 +0000
ROA not before:           Thu 19 Sep 2024 15:19:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43182
IP address blocks:        2a0d:f740::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0a:de:3a:30:a5:00:ee:96:47:2d:2c:38:e0:12:8f:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Sep 19 15:19:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c5935ae1ba957c3c9d63c3d77676fbb7401fd8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4b:be:a8:91:92:31:ca:b5:ce:cc:a9:6e:d2:
                    6b:5b:24:4a:77:3d:e4:b1:d6:db:25:4a:1c:6b:07:
                    fd:ca:7a:4d:74:e7:6c:73:4b:1a:69:24:ab:1a:4c:
                    41:94:b4:87:4b:79:6a:b3:41:7c:d7:48:28:a5:c7:
                    da:ab:78:90:16:83:2f:15:5b:82:c5:9b:94:71:51:
                    c4:8c:84:13:54:51:12:3c:b0:36:21:4d:21:13:54:
                    eb:bb:71:04:2c:92:5b:60:82:cf:3e:af:eb:a3:0f:
                    a7:62:b5:90:21:fa:c9:32:cc:51:0c:cd:c2:9b:0c:
                    c4:ea:2f:c9:72:c7:82:37:90:63:0f:f4:7b:d5:16:
                    0c:a7:38:08:6b:99:38:06:d5:48:3e:23:f7:73:a9:
                    bf:2e:ba:05:12:89:a3:87:6b:fd:65:12:50:50:4b:
                    9d:0e:66:46:ba:e7:f9:33:b3:78:e8:bc:ac:7e:e8:
                    d5:14:2f:08:9e:a0:77:d7:b8:47:e1:c4:1c:69:6f:
                    f7:e3:1d:d2:9a:c7:95:ea:27:70:23:d7:ee:87:1f:
                    e8:38:e7:25:78:3c:b4:39:08:5b:69:13:4c:78:1b:
                    ed:2e:cd:e5:84:96:0d:85:75:dd:79:48:27:91:a2:
                    bb:ac:17:94:20:e2:8f:6e:99:44:28:05:fc:57:37:
                    65:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:59:35:AE:1B:A9:57:C3:C9:D6:3C:3D:77:67:6F:BB:74:01:FD:8F
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/XFk1rhupV8PJ1jw9d2dvu3QB_Y8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:f740::/32

    Signature Algorithm: sha256WithRSAEncryption
         09:2e:0b:07:3a:68:2a:82:07:cb:bf:ba:24:f4:be:e9:24:4f:
         27:bb:2f:df:d2:71:26:fe:41:1b:ca:87:34:83:10:35:2c:83:
         37:60:43:45:8b:84:65:31:05:66:21:b4:d7:8e:59:3e:32:55:
         3d:d6:05:ad:80:de:4b:55:76:21:a5:bf:0b:0e:22:a0:25:5a:
         61:fe:eb:1e:82:cd:88:5b:68:cf:70:ec:06:87:a3:27:8d:6d:
         ce:d3:68:e2:87:7f:ed:2d:46:23:bc:eb:6e:96:13:81:94:41:
         e6:e1:92:1d:e8:11:8a:8b:3a:84:06:e5:96:99:9b:d5:69:00:
         4a:2d:60:c8:4f:5d:44:38:fc:e3:50:71:9e:78:6d:45:c0:41:
         6b:fa:65:b3:bd:2d:22:f4:26:aa:96:84:d1:78:00:d6:7c:92:
         1e:9a:75:bc:5a:9c:6b:b2:74:d0:3d:f4:bb:7c:c6:6c:9d:9c:
         f5:9b:b9:d2:83:6b:0c:d9:f2:b6:d5:ff:3a:d9:b3:18:62:aa:
         0b:e9:1b:ad:75:c9:c6:cd:f0:00:79:6e:70:18:08:0a:ba:2e:
         dc:db:08:5b:69:98:33:c9:b6:0f:e2:5e:3e:2e:05:73:7a:c7:
         50:05:7b:93:bd:90:30:00:9e:78:5c:c8:cf:cf:53:01:7d:2f:
         81:a8:cb:54
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZIK3jowpQDulkctLDjgEo9ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjQwOTE5MTUxOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzU5MzVhZTFiYTk1N2MzYzlkNjNjM2Q3NzY3NmZiYjc0MDFmZDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUu+qJGSMcq1zsypbtJrWyRKdz3k
sdbbJUocawf9ynpNdOdsc0saaSSrGkxBlLSHS3lqs0F810gopcfaq3iQFoMvFVuC
xZuUcVHEjIQTVFESPLA2IU0hE1Tru3EELJJbYILPPq/row+nYrWQIfrJMsxRDM3C
mwzE6i/JcseCN5BjD/R71RYMpzgIa5k4BtVIPiP3c6m/LroFEomjh2v9ZRJQUEud
DmZGuuf5M7N46LysfujVFC8InqB317hH4cQcaW/34x3SmseV6idwI9fuhx/oOOcl
eDy0OQhbaRNMeBvtLs3lhJYNhXXdeUgnkaK7rBeUIOKPbplEKAX8VzdlbwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFxZNa4bqVfDydY8PXdnb7t0Af2PMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvWEZrMXJodXBWOFBKMWp3OWQyZHZ1M1FCX1k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg33QDAN
BgkqhkiG9w0BAQsFAAOCAQEACS4LBzpoKoIHy7+6JPS+6SRPJ7sv39JxJv5BG8qH
NIMQNSyDN2BDRYuEZTEFZiG0145ZPjJVPdYFrYDeS1V2IaW/Cw4ioCVaYf7rHoLN
iFtoz3DsBoejJ41tztNo4od/7S1GI7zrbpYTgZRB5uGSHegRios6hAbllpmb1WkA
Si1gyE9dRDj841BxnnhtRcBBa/pls70tIvQmqpaE0XgA1nySHpp1vFqca7J00D30
u3zGbJ2c9Zu50oNrDNnyttX/OtmzGGKqC+kbrXXJxs3wAHlucBgICrou3NsIW2mY
M8m2D+JePi4Fc3rHUAV7k72QMACeeFzIz89TAX0vgajLVA==
-----END CERTIFICATE-----