Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/F9rGy4PEKKhzo-smv15e0DrNR5Q.roa
File:                     F9rGy4PEKKhzo-smv15e0DrNR5Q.roa (raw, json)
Hash identifier:          wjrUdJ24VV9fQpy3osfJeh1yYtU3LfzWYuDForDfkyE=
Subject key identifier:   17:DA:C6:CB:83:C4:28:A8:73:A3:EB:26:BF:5E:5E:D0:3A:CD:47:94
Certificate issuer:       /CN=3a0b05f40a6916394782302d1b5660737257a48b
Certificate serial:       018F7BA1B324367EF70C402F2F124203AC7B
Authority key identifier: 3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/F9rGy4PEKKhzo-smv15e0DrNR5Q.roa
Signing time:             Wed 15 May 2024 09:42:25 +0000
ROA not before:           Wed 15 May 2024 09:42:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202505
IP address blocks:        2a0f:6580:107::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7b:a1:b3:24:36:7e:f7:0c:40:2f:2f:12:42:03:ac:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0b05f40a6916394782302d1b5660737257a48b
        Validity
            Not Before: May 15 09:42:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17dac6cb83c428a873a3eb26bf5e5ed03acd4794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b5:51:08:94:7d:c3:4c:63:61:58:93:c8:ad:
                    8e:c5:dc:33:d0:d4:b6:d5:65:0e:9a:f2:cf:e5:94:
                    31:de:c2:23:8e:1f:5c:af:4d:96:5f:dc:75:5b:fe:
                    4e:72:33:e8:8b:4f:dc:38:ca:87:e2:28:f2:d7:a8:
                    45:fa:b1:17:bc:4a:de:20:b4:90:af:65:6d:8a:99:
                    63:30:48:ba:e0:98:89:97:29:76:45:6b:11:cf:a8:
                    32:98:1b:28:0e:34:9f:48:34:b4:52:fd:e0:e5:d1:
                    ea:cf:ad:0f:09:a5:f8:ed:3f:dc:f3:40:85:18:93:
                    17:bc:c5:ea:79:61:a2:2c:0a:e0:8c:ac:2b:bb:27:
                    ca:de:bb:76:cb:ce:00:fa:5a:61:48:d5:bf:39:7c:
                    55:fa:21:c7:f0:7c:df:7c:d8:e5:1b:0d:3d:f6:fa:
                    12:e0:16:6d:64:5e:0e:3c:de:f7:03:ad:33:99:c1:
                    13:00:ca:70:d0:30:67:d4:25:62:3a:9b:d8:99:35:
                    d9:e5:5f:b8:9c:ca:e8:26:a4:63:92:f3:63:51:21:
                    ca:1a:00:72:bf:a8:4c:48:21:91:a1:a3:da:32:db:
                    b4:76:7d:b1:8b:8d:89:3e:74:67:54:7b:14:d8:3f:
                    97:94:ba:55:26:7a:83:42:2d:26:eb:38:33:b2:31:
                    20:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:DA:C6:CB:83:C4:28:A8:73:A3:EB:26:BF:5E:5E:D0:3A:CD:47:94
            X509v3 Authority Key Identifier:
                keyid:3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/F9rGy4PEKKhzo-smv15e0DrNR5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6580:107::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:b1:d9:86:8e:0d:33:f9:a7:57:e6:1b:8d:2e:ac:4c:71:6c:
         a0:c4:ce:7c:2e:7c:30:14:3a:5e:9f:e6:5a:12:bd:9d:8f:5e:
         16:25:79:48:f2:90:60:40:f4:84:c7:73:81:72:b7:4d:ab:b3:
         99:c0:9a:3f:60:cd:4a:f7:36:08:7c:60:41:46:06:22:bb:e0:
         fd:a3:83:49:15:20:a6:7a:89:70:52:d1:55:64:0c:3f:50:b4:
         4d:64:76:2c:aa:04:4e:12:71:77:09:ba:be:3a:7e:c6:ea:9e:
         dd:ee:e3:16:31:c1:24:95:f5:18:5b:b0:21:95:26:52:4b:73:
         41:c2:0e:3b:a5:c5:5a:3e:69:e3:76:78:e7:ec:5b:40:87:f4:
         af:ea:d3:e1:ea:b7:98:3a:fc:17:af:a6:a7:7e:73:44:d5:27:
         fe:b0:5d:98:8e:e3:bf:f8:5a:9d:a2:c1:ab:46:c7:23:43:3e:
         39:7c:3a:a5:91:8f:f0:cb:b4:8f:87:a7:34:d0:ef:5e:25:45:
         58:f7:ce:a4:72:5e:47:f7:5b:7b:21:26:f1:40:26:23:d0:d6:
         4e:aa:41:2f:81:7f:43:f4:0c:61:17:8b:fb:09:04:1c:c4:4f:
         bd:4a:b5:74:ec:00:f3:a2:7c:19:b7:66:ca:f1:5c:1e:02:a7:
         7b:54:e9:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY97obMkNn73DEAvLxJCA6x7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMGIwNWY0MGE2OTE2Mzk0NzgyMzAyZDFiNTY2MDczNzI1
N2E0OGIwHhcNMjQwNTE1MDk0MjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2RhYzZjYjgzYzQyOGE4NzNhM2ViMjZiZjVlNWVkMDNhY2Q0Nzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrVRCJR9w0xjYViTyK2Oxdwz0NS2
1WUOmvLP5ZQx3sIjjh9cr02WX9x1W/5OcjPoi0/cOMqH4ijy16hF+rEXvEreILSQ
r2VtipljMEi64JiJlyl2RWsRz6gymBsoDjSfSDS0Uv3g5dHqz60PCaX47T/c80CF
GJMXvMXqeWGiLArgjKwruyfK3rt2y84A+lphSNW/OXxV+iHH8HzffNjlGw099voS
4BZtZF4OPN73A60zmcETAMpw0DBn1CViOpvYmTXZ5V+4nMroJqRjkvNjUSHKGgBy
v6hMSCGRoaPaMtu0dn2xi42JPnRnVHsU2D+XlLpVJnqDQi0m6zgzsjEgKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBfaxsuDxCioc6PrJr9eXtA6zUeUMB8GA1UdIwQY
MBaAFDoLBfQKaRY5R4IwLRtWYHNyV6SLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGIt
YjIwZTI4ZjUxODhmLzEvRjlyR3k0UEVLS2h6by1zbXYxNWUwRHJOUjVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGItYjIwZTI4ZjUxODhm
LzEvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9lgAEH
MA0GCSqGSIb3DQEBCwUAA4IBAQCCsdmGjg0z+adX5huNLqxMcWygxM58LnwwFDpe
n+ZaEr2dj14WJXlI8pBgQPSEx3OBcrdNq7OZwJo/YM1K9zYIfGBBRgYiu+D9o4NJ
FSCmeolwUtFVZAw/ULRNZHYsqgROEnF3Cbq+On7G6p7d7uMWMcEklfUYW7AhlSZS
S3NBwg47pcVaPmnjdnjn7FtAh/Sv6tPh6reYOvwXr6anfnNE1Sf+sF2YjuO/+Fqd
osGrRscjQz45fDqlkY/wy7SPh6c00O9eJUVY986kcl5H91t7ISbxQCYj0NZOqkEv
gX9D9AxhF4v7CQQcxE+9SrV07ADzonwZt2bK8VweAqd7VOlC
-----END CERTIFICATE-----