Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/9sdDdP8OcxO54gnbNiamynaxogk.roa
File:                     9sdDdP8OcxO54gnbNiamynaxogk.roa (raw, json)
Hash identifier:          oej+ua6YJwA2k8uc25kIzAqvy+EpETOg1dQ26s5plDQ=
Subject key identifier:   F6:C7:43:74:FF:0E:73:13:B9:E2:09:DB:36:26:A6:CA:76:B1:A2:09
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018E61CB1E8F69E3F33E757DB91B6FE1E22D
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/9sdDdP8OcxO54gnbNiamynaxogk.roa
Signing time:             Thu 21 Mar 2024 16:14:45 +0000
ROA not before:           Thu 21 Mar 2024 16:14:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        2a0b:7080:20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:61:cb:1e:8f:69:e3:f3:3e:75:7d:b9:1b:6f:e1:e2:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Mar 21 16:14:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6c74374ff0e7313b9e209db3626a6ca76b1a209
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:c9:15:67:78:77:46:d6:94:8c:4f:b5:e1:b0:
                    3a:3f:d3:fe:d6:ca:70:7c:25:77:34:12:c5:25:98:
                    52:68:db:94:df:4b:5e:42:86:ab:20:89:06:61:1e:
                    41:e0:b7:48:e5:9f:8e:3f:74:ee:d2:49:60:f5:e2:
                    e4:46:2a:29:46:de:83:2e:ed:7c:de:e2:f8:7b:f2:
                    8d:41:3a:c6:a2:b9:d0:20:c5:0e:5e:19:c5:03:e2:
                    31:69:1b:27:76:34:a2:40:2f:8a:0a:35:38:11:5e:
                    38:6b:42:25:59:9d:f7:d2:6f:5d:02:14:61:3f:6c:
                    65:3e:24:87:52:6f:54:2a:24:59:76:8a:19:e3:88:
                    5c:4a:56:75:1b:a2:d2:2b:12:7c:62:87:63:3e:05:
                    8e:cb:d5:2c:52:76:ae:ed:d7:a2:d2:87:db:d1:85:
                    a8:f5:67:73:e5:ea:f6:ab:d9:41:a7:52:90:a1:49:
                    3b:ae:62:c7:46:48:fb:37:19:cf:6b:fb:84:35:1e:
                    23:b3:fd:5d:1e:8e:40:9c:8b:f2:f6:fa:12:2e:9a:
                    47:28:5b:e0:c2:e0:fe:95:7e:42:53:f8:79:44:36:
                    a7:83:f7:af:f4:f7:e7:d5:6b:0e:1b:c3:e1:d2:f0:
                    5b:1e:b1:98:cc:98:c9:c8:51:aa:82:c3:fe:e4:c3:
                    75:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:C7:43:74:FF:0E:73:13:B9:E2:09:DB:36:26:A6:CA:76:B1:A2:09
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/9sdDdP8OcxO54gnbNiamynaxogk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:7080:20::/44

    Signature Algorithm: sha256WithRSAEncryption
         0b:53:73:1d:af:e9:8a:59:50:28:e5:c5:f9:46:76:14:6c:19:
         10:52:c5:45:7c:38:4b:06:49:ef:5b:62:66:5e:a1:81:b7:3d:
         30:e5:bf:7d:ef:cb:64:c3:97:cb:ab:1b:00:af:15:b3:42:cd:
         73:b0:bd:28:37:20:f9:21:d0:04:74:c1:6b:dd:91:55:18:f8:
         72:09:ee:a0:89:65:4a:72:52:bf:bf:73:e2:e8:99:4d:b7:fb:
         64:68:e4:be:18:1d:28:18:2c:da:da:bc:6f:9a:4a:2f:59:f5:
         2f:18:94:bd:af:8f:ca:c1:9e:42:96:7c:32:f1:f3:4a:7f:b8:
         50:32:ed:a5:ff:2f:35:d5:55:af:27:e4:af:95:67:1f:7a:00:
         55:db:2c:1b:23:85:a4:be:39:d8:db:06:47:54:ff:a3:59:75:
         d0:fc:0e:99:95:eb:1c:64:13:9c:4d:5f:b9:1e:97:44:12:02:
         c9:36:5b:72:a1:1f:cc:5d:d6:97:a8:b7:4d:9c:ce:fd:09:12:
         c1:19:7b:a3:41:2d:f7:fb:57:10:55:68:ab:01:f5:40:33:e3:
         21:bd:85:28:06:ec:a1:f9:66:57:81:d6:59:e1:e6:35:a9:a6:
         d0:49:11:9b:03:f1:d9:9f:a3:69:30:d6:e6:47:81:a8:9c:ef:
         cc:b1:89:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY5hyx6PaePzPnV9uRtv4eItMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMzIxMTYxNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmM3NDM3NGZmMGU3MzEzYjllMjA5ZGIzNjI2YTZjYTc2YjFhMjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgskVZ3h3RtaUjE+14bA6P9P+1spw
fCV3NBLFJZhSaNuU30teQoarIIkGYR5B4LdI5Z+OP3Tu0klg9eLkRiopRt6DLu18
3uL4e/KNQTrGornQIMUOXhnFA+IxaRsndjSiQC+KCjU4EV44a0IlWZ330m9dAhRh
P2xlPiSHUm9UKiRZdooZ44hcSlZ1G6LSKxJ8YodjPgWOy9UsUnau7dei0ofb0YWo
9Wdz5er2q9lBp1KQoUk7rmLHRkj7NxnPa/uENR4js/1dHo5AnIvy9voSLppHKFvg
wuD+lX5CU/h5RDang/ev9Pfn1WsOG8Ph0vBbHrGYzJjJyFGqgsP+5MN1xQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPbHQ3T/DnMTueIJ2zYmpsp2saIJMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvOXNkRGRQOE9jeE81NGduYk5pYW15bmF4b2drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgtwgAAg
MA0GCSqGSIb3DQEBCwUAA4IBAQALU3Mdr+mKWVAo5cX5RnYUbBkQUsVFfDhLBknv
W2JmXqGBtz0w5b9978tkw5fLqxsArxWzQs1zsL0oNyD5IdAEdMFr3ZFVGPhyCe6g
iWVKclK/v3Pi6JlNt/tkaOS+GB0oGCza2rxvmkovWfUvGJS9r4/KwZ5Clnwy8fNK
f7hQMu2l/y811VWvJ+SvlWcfegBV2ywbI4WkvjnY2wZHVP+jWXXQ/A6ZlescZBOc
TV+5HpdEEgLJNltyoR/MXdaXqLdNnM79CRLBGXujQS33+1cQVWirAfVAM+MhvYUo
Buyh+WZXgdZZ4eY1qabQSRGbA/HZn6NpMNbmR4GonO/MsYnv
-----END CERTIFICATE-----