Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/UNX1pIeX7F_ASkL3fBZedHQHPjM.roa
File:                     UNX1pIeX7F_ASkL3fBZedHQHPjM.roa (raw, json)
Hash identifier:          x/1FzRDR0yuY9hF7IFiZvmQAHrFpn/Kgxoj10MMqbZU=
Subject key identifier:   50:D5:F5:A4:87:97:EC:5F:C0:4A:42:F7:7C:16:5E:74:74:07:3E:33
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018E0A1D607BCAE89E0499593D769F609EF6
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/UNX1pIeX7F_ASkL3fBZedHQHPjM.roa
Signing time:             Mon 04 Mar 2024 15:38:01 +0000
ROA not before:           Mon 04 Mar 2024 15:38:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23470
IP address blocks:        2a0b:7080::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0a:1d:60:7b:ca:e8:9e:04:99:59:3d:76:9f:60:9e:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Mar  4 15:38:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50d5f5a48797ec5fc04a42f77c165e7474073e33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b4:83:b1:db:04:0e:70:01:0a:92:bd:f6:e4:
                    0e:af:07:b5:44:e7:48:cd:55:33:d2:3a:73:85:5c:
                    1c:39:0b:f3:fa:5f:7f:d5:f5:68:99:c6:2b:0c:97:
                    4b:f5:79:c4:be:cc:47:c7:e0:d9:86:44:6b:a4:84:
                    d4:9c:92:a2:69:c0:5d:d5:56:a0:42:a8:90:e0:17:
                    b7:4a:0b:15:7e:de:ca:68:f0:12:01:07:8e:78:44:
                    d6:af:36:69:b6:2d:db:66:fb:5f:ca:52:e7:96:77:
                    95:01:08:4f:29:4e:62:0d:23:15:6b:eb:80:ac:67:
                    d2:8a:19:32:74:e4:e2:42:36:9a:46:8e:ac:ed:ba:
                    5d:9b:cc:72:69:55:b4:08:6f:d6:96:5c:a3:82:bd:
                    a6:33:88:d3:02:3f:53:d4:85:ee:6e:f0:47:e6:dd:
                    bf:94:fa:5b:e3:74:5b:1f:13:d8:56:4c:4f:98:dd:
                    06:1c:06:d4:dc:fb:b1:a7:ff:16:17:70:57:8a:04:
                    80:0e:97:bc:b0:c7:0c:ed:02:c1:95:38:e2:a3:a0:
                    0e:26:d6:ff:78:0e:10:6d:c6:a0:ef:aa:79:5d:28:
                    ba:d4:75:c7:b7:36:be:d3:16:f2:00:ad:eb:1b:54:
                    6c:23:5f:9a:91:0e:7d:3f:50:eb:9e:74:d5:aa:7a:
                    ed:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:D5:F5:A4:87:97:EC:5F:C0:4A:42:F7:7C:16:5E:74:74:07:3E:33
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/UNX1pIeX7F_ASkL3fBZedHQHPjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:7080::/29

    Signature Algorithm: sha256WithRSAEncryption
         4c:7c:97:23:bb:1a:60:6f:17:fc:ca:fb:c5:b4:69:11:36:86:
         4d:cb:df:28:b6:13:92:99:20:da:12:96:46:96:67:7b:3c:12:
         4c:3b:d6:66:75:18:e1:a8:95:79:2a:b5:28:20:25:eb:c3:32:
         d7:ec:8b:77:ac:4b:77:e2:a4:a8:a2:4b:5b:e7:f9:bb:a1:b7:
         71:54:25:72:3e:a8:c8:a5:90:8d:9c:14:b0:68:f4:d7:de:4d:
         e9:25:87:07:44:56:88:f9:21:0f:80:bf:0b:b4:32:ee:5a:34:
         4c:0e:90:d6:a5:ee:f8:c9:6e:31:ce:69:2d:18:31:26:3c:f4:
         f5:d5:46:51:56:bc:bf:b4:f6:98:4a:7a:37:b9:69:99:87:c2:
         a3:b0:45:ab:d2:5e:79:4c:ea:1e:d0:01:61:6d:49:7d:5f:7d:
         f1:e1:89:61:30:a1:6d:f1:ab:06:70:07:41:e0:2a:5e:ec:21:
         19:96:65:f2:62:37:7a:b2:33:88:96:e5:a1:0c:f6:17:f3:bd:
         78:ca:6e:0b:f9:b8:ca:bf:2c:42:f4:90:e2:ef:98:7e:dc:2d:
         ac:a3:e9:e5:4d:7a:ed:d0:0c:7c:d7:93:25:b4:55:fa:5c:a3:
         1f:28:1f:14:1b:7d:fa:36:b3:ff:eb:de:bd:7a:38:d9:83:0a:
         e5:a1:c5:e2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY4KHWB7yuieBJlZPXafYJ72MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMzA0MTUzODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGQ1ZjVhNDg3OTdlYzVmYzA0YTQyZjc3YzE2NWU3NDc0MDczZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbSDsdsEDnABCpK99uQOrwe1ROdI
zVUz0jpzhVwcOQvz+l9/1fVomcYrDJdL9XnEvsxHx+DZhkRrpITUnJKiacBd1Vag
QqiQ4Be3SgsVft7KaPASAQeOeETWrzZpti3bZvtfylLnlneVAQhPKU5iDSMVa+uA
rGfSihkydOTiQjaaRo6s7bpdm8xyaVW0CG/Wllyjgr2mM4jTAj9T1IXubvBH5t2/
lPpb43RbHxPYVkxPmN0GHAbU3Puxp/8WF3BXigSADpe8sMcM7QLBlTjio6AOJtb/
eA4Qbcag76p5XSi61HXHtza+0xbyAK3rG1RsI1+akQ59P1DrnnTVqnrtVQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFDV9aSHl+xfwEpC93wWXnR0Bz4zMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvVU5YMXBJZVg3Rl9BU2tMM2ZCWmVkSFFIUGpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgtwgDAN
BgkqhkiG9w0BAQsFAAOCAQEATHyXI7saYG8X/Mr7xbRpETaGTcvfKLYTkpkg2hKW
RpZnezwSTDvWZnUY4aiVeSq1KCAl68My1+yLd6xLd+KkqKJLW+f5u6G3cVQlcj6o
yKWQjZwUsGj0195N6SWHB0RWiPkhD4C/C7Qy7lo0TA6Q1qXu+MluMc5pLRgxJjz0
9dVGUVa8v7T2mEp6N7lpmYfCo7BFq9JeeUzqHtABYW1JfV998eGJYTChbfGrBnAH
QeAqXuwhGZZl8mI3erIziJbloQz2F/O9eMpuC/m4yr8sQvSQ4u+YftwtrKPp5U16
7dAMfNeTJbRV+lyjHygfFBt9+jaz/+vevXo42YMK5aHF4g==
-----END CERTIFICATE-----