Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/L9sLLKcaqIUZx3Ip12R1MyXaMl8.roa
File:                     L9sLLKcaqIUZx3Ip12R1MyXaMl8.roa (raw, json)
Hash identifier:          EfjbxP2rJ4/Tny22xMUV60G9rVkipOuB201yMBNxoN0=
Subject key identifier:   2F:DB:0B:2C:A7:1A:A8:85:19:C7:72:29:D7:64:75:33:25:DA:32:5F
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       0191381FA87650904C662AECB7E37765189A
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/L9sLLKcaqIUZx3Ip12R1MyXaMl8.roa
Signing time:             Fri 09 Aug 2024 17:11:24 +0000
ROA not before:           Fri 09 Aug 2024 17:11:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210644
IP address blocks:        2a0b:4140::/32 maxlen: 36
                          2a0b:4140:7028::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:38:1f:a8:76:50:90:4c:66:2a:ec:b7:e3:77:65:18:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Aug  9 17:11:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fdb0b2ca71aa88519c77229d764753325da325f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a0:ca:84:b7:a9:d3:8d:6e:49:dc:b0:d4:59:
                    5b:a9:21:00:07:87:64:61:5b:f6:99:c8:45:f0:97:
                    c9:93:2a:53:a2:d3:92:81:e7:ed:fa:4d:42:a3:47:
                    f5:66:4a:d7:45:15:96:e4:4d:b8:a6:ff:0f:c2:35:
                    f6:ac:ed:86:48:7f:36:63:40:f1:31:2f:e9:2d:ff:
                    d9:fc:ee:0d:3c:55:ed:8b:27:7f:ca:68:eb:9b:cd:
                    7f:2f:75:5f:94:a8:5f:5e:c4:e0:70:0b:cf:b2:6a:
                    f8:6a:ad:c1:93:84:9d:29:a8:eb:ae:b4:cc:87:fa:
                    34:c7:2a:6d:73:c3:39:f1:0c:14:4f:40:15:12:44:
                    51:59:42:83:2a:fe:88:3d:7c:26:26:90:e1:43:96:
                    e7:ff:97:af:f9:a7:43:36:ba:5d:87:c2:bc:83:69:
                    e5:c1:db:77:be:74:83:75:73:7e:b4:f3:87:8e:e2:
                    13:0b:b4:bb:a5:68:03:1f:33:2c:ff:0d:46:13:ea:
                    b4:27:1a:68:ef:73:4d:ac:8a:14:98:a9:61:32:16:
                    23:98:f4:47:5f:de:73:7e:fe:67:62:3a:2a:26:10:
                    2b:ee:fa:57:b8:45:6a:23:6f:80:40:0a:40:12:4b:
                    a5:5d:de:28:f6:5f:e0:fe:d7:93:5b:ed:0d:dd:3f:
                    06:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:DB:0B:2C:A7:1A:A8:85:19:C7:72:29:D7:64:75:33:25:DA:32:5F
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/L9sLLKcaqIUZx3Ip12R1MyXaMl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4140::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:57:44:29:ea:53:12:db:5c:ec:11:dd:70:a0:80:29:00:ce:
         8b:d3:46:08:16:2c:43:69:16:f9:70:98:37:c6:2f:ef:27:6f:
         c1:6c:50:43:1c:d6:7c:29:31:7f:37:61:20:a9:d8:a1:b1:db:
         57:2c:d6:58:ad:7b:7c:b9:5f:39:63:88:35:76:96:fb:cc:b3:
         57:d6:3e:b1:4e:51:a6:6e:83:66:df:00:8a:f0:96:0e:14:a7:
         c4:3d:bb:7b:a6:88:6c:8e:5b:03:81:56:2b:3d:1c:bc:48:06:
         8a:b1:30:37:29:66:ff:e7:fc:88:49:0e:df:57:46:73:c9:0d:
         57:a6:38:b4:4f:a5:40:a9:96:0c:39:11:08:1e:9a:10:13:45:
         02:36:ce:84:fb:2b:67:8c:fa:6a:29:25:74:2d:55:5e:81:3d:
         35:a2:2c:ea:2f:54:a1:8f:1a:66:64:1b:45:17:63:2d:57:20:
         51:1a:09:d2:89:ba:c2:36:df:54:cb:8e:c3:fd:ee:fb:dc:c4:
         af:07:61:29:2d:de:41:90:2a:3e:32:1a:5f:2b:7a:88:2e:05:
         27:58:fe:54:0c:21:1d:b5:0b:52:3c:ec:53:aa:41:ec:81:d7:
         d6:12:a3:c4:27:45:2b:f0:00:18:5d:bf:9b:e8:97:be:10:31:
         cf:9c:5b:00
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZE4H6h2UJBMZirst+N3ZRiaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjQwODA5MTcxMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmRiMGIyY2E3MWFhODg1MTljNzcyMjlkNzY0NzUzMzI1ZGEzMjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmaDKhLep041uSdyw1FlbqSEAB4dk
YVv2mchF8JfJkypTotOSgeft+k1Co0f1ZkrXRRWW5E24pv8PwjX2rO2GSH82Y0Dx
MS/pLf/Z/O4NPFXtiyd/ymjrm81/L3VflKhfXsTgcAvPsmr4aq3Bk4SdKajrrrTM
h/o0xyptc8M58QwUT0AVEkRRWUKDKv6IPXwmJpDhQ5bn/5ev+adDNrpdh8K8g2nl
wdt3vnSDdXN+tPOHjuITC7S7pWgDHzMs/w1GE+q0Jxpo73NNrIoUmKlhMhYjmPRH
X95zfv5nYjoqJhAr7vpXuEVqI2+AQApAEkulXd4o9l/g/teTW+0N3T8G2QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFC/bCyynGqiFGcdyKddkdTMl2jJfMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvTDlzTExLY2FxSVVaeDNJcDEyUjFNeVhhTWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgtBQDAN
BgkqhkiG9w0BAQsFAAOCAQEApFdEKepTEttc7BHdcKCAKQDOi9NGCBYsQ2kW+XCY
N8Yv7ydvwWxQQxzWfCkxfzdhIKnYobHbVyzWWK17fLlfOWOINXaW+8yzV9Y+sU5R
pm6DZt8AivCWDhSnxD27e6aIbI5bA4FWKz0cvEgGirEwNylm/+f8iEkO31dGc8kN
V6Y4tE+lQKmWDDkRCB6aEBNFAjbOhPsrZ4z6aikldC1VXoE9NaIs6i9UoY8aZmQb
RRdjLVcgURoJ0om6wjbfVMuOw/3u+9zErwdhKS3eQZAqPjIaXyt6iC4FJ1j+VAwh
HbULUjzsU6pB7IHX1hKjxCdFK/AAGF2/m+iXvhAxz5xbAA==
-----END CERTIFICATE-----