Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/dgqJgn-rDbodPeCm9DWaWfJdkiQ.roa
File:                     dgqJgn-rDbodPeCm9DWaWfJdkiQ.roa (raw, json)
Hash identifier:          W9pANT5dM2+3RG+UjjmmOHjEPEAx0iGEPtHz9tZiz94=
Subject key identifier:   76:0A:89:82:7F:AB:0D:BA:1D:3D:E0:A6:F4:35:9A:59:F2:5D:92:24
Certificate issuer:       /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial:       01903EC2D5AC13393679218E3EA4CADF3485
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/dgqJgn-rDbodPeCm9DWaWfJdkiQ.roa
Signing time:             Sat 22 Jun 2024 07:04:34 +0000
ROA not before:           Sat 22 Jun 2024 07:04:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        2a12:440::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3e:c2:d5:ac:13:39:36:79:21:8e:3e:a4:ca:df:34:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
        Validity
            Not Before: Jun 22 07:04:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=760a89827fab0dba1d3de0a6f4359a59f25d9224
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:7c:0b:11:31:b5:39:73:24:39:fa:30:78:61:
                    48:2b:39:82:ed:2f:a8:0f:c4:4a:14:d8:fe:36:ac:
                    ed:a2:c8:4b:92:0b:cf:b7:06:bd:18:7b:a8:c4:24:
                    70:6c:a6:10:80:a1:5a:87:41:9b:64:75:c0:e2:16:
                    b1:f6:1c:da:a8:1c:c4:ed:ea:b5:2e:b3:14:0c:51:
                    aa:f3:fc:37:1c:77:03:e6:95:fc:d9:66:23:1f:4c:
                    45:5f:51:f4:65:fa:cb:b7:01:25:a2:5a:56:f8:32:
                    e3:51:51:fb:1e:53:21:1a:9b:f7:5d:81:88:8c:68:
                    32:7d:20:25:ba:e0:89:b3:a5:85:90:79:14:cc:2f:
                    5b:80:52:18:2c:98:6a:b7:93:82:7e:ea:49:1e:61:
                    c7:12:2d:0c:9f:d7:07:c3:11:82:96:7e:d2:b3:a0:
                    ef:b7:d6:76:32:ec:de:aa:56:96:17:86:5e:0b:ae:
                    5a:18:24:78:4d:be:96:c7:6b:00:69:54:04:9e:01:
                    d2:a3:18:5d:2d:5d:a8:74:5c:98:4b:34:7d:4b:fb:
                    c0:40:9a:b3:7f:de:d8:cf:b6:37:86:d1:cd:81:74:
                    8f:e7:72:73:cf:35:07:99:c1:5e:45:9c:e0:e6:27:
                    e5:9d:09:e1:56:d5:ee:e8:11:ee:b2:da:0a:d8:43:
                    af:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:0A:89:82:7F:AB:0D:BA:1D:3D:E0:A6:F4:35:9A:59:F2:5D:92:24
            X509v3 Authority Key Identifier:
                keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/dgqJgn-rDbodPeCm9DWaWfJdkiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:440::/29

    Signature Algorithm: sha256WithRSAEncryption
         c1:bc:54:c9:c0:cd:0a:eb:07:dc:08:5f:01:c2:1e:ab:6a:1a:
         ea:14:3c:92:0c:47:d3:df:ae:c4:96:51:8e:28:92:0c:45:56:
         48:a0:ef:f3:47:b2:f1:c0:76:af:3f:ec:31:07:3b:f0:ab:26:
         94:42:4f:4c:6b:f8:41:7a:45:1f:c7:22:6a:7c:eb:f5:3a:d5:
         7d:dd:67:20:18:3a:e0:94:5e:60:0a:77:ee:47:c5:69:29:f5:
         7f:48:b6:40:79:ac:ea:20:46:b1:16:a3:f7:a2:d2:65:34:e0:
         9f:28:93:af:2a:47:3f:5e:ea:0e:00:18:60:b9:9e:46:43:33:
         98:bc:d9:32:04:5f:71:1f:40:49:5e:21:93:0c:72:5a:9a:51:
         b9:55:15:13:33:7f:b9:57:12:3f:9f:fe:51:ac:cf:3f:51:b1:
         7c:59:b6:c1:23:93:54:2a:b2:0f:f6:f1:22:bc:70:6a:ef:c7:
         f0:7c:51:27:8c:81:98:fa:d4:f5:0a:3b:b6:c0:d6:b3:ad:c4:
         d4:6e:dd:53:f9:c5:32:d2:12:1a:e4:5d:0d:75:4f:01:e4:ac:
         d0:14:91:34:fb:23:34:65:e7:0d:4c:73:ec:ac:6d:23:f2:73:
         f2:d0:3c:16:9b:e3:9e:79:14:79:68:9b:6d:42:42:65:ff:42:
         2d:f9:dc:52
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZA+wtWsEzk2eSGOPqTK3zSFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjQwNjIyMDcwNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjBhODk4MjdmYWIwZGJhMWQzZGUwYTZmNDM1OWE1OWYyNWQ5MjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13wLETG1OXMkOfoweGFIKzmC7S+o
D8RKFNj+NqztoshLkgvPtwa9GHuoxCRwbKYQgKFah0GbZHXA4hax9hzaqBzE7eq1
LrMUDFGq8/w3HHcD5pX82WYjH0xFX1H0ZfrLtwElolpW+DLjUVH7HlMhGpv3XYGI
jGgyfSAluuCJs6WFkHkUzC9bgFIYLJhqt5OCfupJHmHHEi0Mn9cHwxGCln7Ss6Dv
t9Z2MuzeqlaWF4ZeC65aGCR4Tb6Wx2sAaVQEngHSoxhdLV2odFyYSzR9S/vAQJqz
f97Yz7Y3htHNgXSP53JzzzUHmcFeRZzg5iflnQnhVtXu6BHustoK2EOviQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHYKiYJ/qw26HT3gpvQ1mlnyXZIkMB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvZGdxSmduLXJEYm9kUGVDbTlEV2FXZkpka2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUtYTJhNGM2YTYyMWNk
LzEvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhIEQDAN
BgkqhkiG9w0BAQsFAAOCAQEAwbxUycDNCusH3AhfAcIeq2oa6hQ8kgxH09+uxJZR
jiiSDEVWSKDv80ey8cB2rz/sMQc78KsmlEJPTGv4QXpFH8cianzr9TrVfd1nIBg6
4JReYAp37kfFaSn1f0i2QHms6iBGsRaj96LSZTTgnyiTrypHP17qDgAYYLmeRkMz
mLzZMgRfcR9ASV4hkwxyWppRuVUVEzN/uVcSP5/+UazPP1GxfFm2wSOTVCqyD/bx
Irxwau/H8HxRJ4yBmPrU9Qo7tsDWs63E1G7dU/nFMtISGuRdDXVPAeSs0BSRNPsj
NGXnDUxz7KxtI/Jz8tA8FpvjnnkUeWibbUJCZf9CLfncUg==
-----END CERTIFICATE-----