Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nvtMZ9yXRMjUjNrbkrIEJa5pt2c.roa
File:                     nvtMZ9yXRMjUjNrbkrIEJa5pt2c.roa (raw, json)
Hash identifier:          y9hplP2oOVU5n6JeQSUIE38Xw5hrQNoQgIb5v91bW4k=
Subject key identifier:   9E:FB:4C:67:DC:97:44:C8:D4:8C:DA:DB:92:B2:04:25:AE:69:B7:67
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018F2F75021C3B3C8D5C6A2CE90902FDD93D
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nvtMZ9yXRMjUjNrbkrIEJa5pt2c.roa
Signing time:             Tue 30 Apr 2024 14:42:28 +0000
ROA not before:           Tue 30 Apr 2024 14:42:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216157
IP address blocks:        2a0d:77c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2f:75:02:1c:3b:3c:8d:5c:6a:2c:e9:09:02:fd:d9:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Apr 30 14:42:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9efb4c67dc9744c8d48cdadb92b20425ae69b767
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b4:3e:b6:7d:04:df:62:aa:3b:f9:36:c1:f2:
                    16:5c:b1:9c:1b:30:ef:fc:ce:90:ad:17:32:2d:1a:
                    3e:2d:b1:ae:f5:9c:76:99:22:39:10:2b:87:a0:c5:
                    53:ad:0e:67:8b:6f:25:d1:8f:4a:fe:c0:2a:30:dc:
                    17:31:db:30:fc:76:a7:3b:62:23:8d:ee:64:01:78:
                    13:7c:cf:e6:0b:51:11:38:54:dc:89:b7:e6:00:e8:
                    23:0b:6f:46:00:35:91:cb:4b:a4:d4:c8:3a:8c:0e:
                    87:04:22:9f:fb:1e:cf:b2:df:c3:cc:18:b4:0a:2d:
                    de:04:b0:e5:3b:0d:ba:9d:7e:b6:01:a4:d1:c8:62:
                    dc:8c:e1:d1:63:3c:a5:79:96:89:ca:82:48:5b:53:
                    9d:f3:75:c9:ca:05:8e:4b:e3:18:8f:cf:c3:f1:6c:
                    fe:15:26:20:35:71:67:33:07:e6:d8:e9:65:6d:41:
                    15:7f:50:08:27:c8:7a:68:f5:c7:b7:67:62:1d:aa:
                    51:ee:fd:31:bf:b4:01:65:48:bf:51:2e:05:10:45:
                    7b:bd:5d:0c:32:14:10:c4:87:01:fd:c4:4b:e3:08:
                    1f:4e:9c:60:d2:73:50:b3:a2:1b:9e:e4:b0:7a:f2:
                    03:f7:7e:70:b2:48:e2:07:49:42:22:9e:9d:51:48:
                    7b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:FB:4C:67:DC:97:44:C8:D4:8C:DA:DB:92:B2:04:25:AE:69:B7:67
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nvtMZ9yXRMjUjNrbkrIEJa5pt2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:77c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:78:0e:f6:9e:1c:47:7b:1c:d1:f2:47:2c:9b:2e:25:1b:29:
         f8:9c:fc:9d:f3:d4:33:05:de:ce:d2:d5:44:4b:45:f1:b0:30:
         14:4e:43:92:20:ce:50:bf:16:95:6c:ca:a3:8a:1e:b8:1e:01:
         37:cc:70:ae:2a:4b:f3:d0:19:d8:42:85:1a:bf:ee:a6:8b:27:
         d4:2a:7e:61:3f:62:f8:d8:bf:09:7b:82:39:d0:f2:ea:c1:c3:
         f4:cd:76:e9:90:a5:38:e2:aa:ba:95:77:0c:fa:cf:be:41:98:
         5d:de:3b:a2:7f:20:09:3f:e2:f0:e5:34:22:c5:80:b6:ae:47:
         3f:39:64:2f:d6:a7:db:c7:29:b7:da:e6:61:42:22:79:24:b1:
         cd:b7:63:55:68:85:5a:c9:44:e0:79:15:50:14:81:04:1e:88:
         5d:7a:e3:17:27:69:ae:4a:81:82:2a:f9:03:83:76:4b:5b:f2:
         54:77:ee:5b:c3:08:96:04:0b:5e:97:25:91:ff:5b:14:47:88:
         0c:34:ac:d8:2f:f6:e7:1d:65:f5:ea:19:2d:0b:36:ce:e7:5f:
         6b:29:91:91:1a:63:f9:71:5a:42:03:17:50:84:97:2c:90:12:
         f8:2e:47:e7:4e:b9:90:c3:25:ee:02:de:0e:52:3e:86:04:bf:
         54:d6:f2:a0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8vdQIcOzyNXGos6QkC/dk9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwNDMwMTQ0MjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWZiNGM2N2RjOTc0NGM4ZDQ4Y2RhZGI5MmIyMDQyNWFlNjliNzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubQ+tn0E32KqO/k2wfIWXLGcGzDv
/M6QrRcyLRo+LbGu9Zx2mSI5ECuHoMVTrQ5ni28l0Y9K/sAqMNwXMdsw/HanO2Ij
je5kAXgTfM/mC1EROFTcibfmAOgjC29GADWRy0uk1Mg6jA6HBCKf+x7Pst/DzBi0
Ci3eBLDlOw26nX62AaTRyGLcjOHRYzyleZaJyoJIW1Od83XJygWOS+MYj8/D8Wz+
FSYgNXFnMwfm2OllbUEVf1AIJ8h6aPXHt2diHapR7v0xv7QBZUi/US4FEEV7vV0M
MhQQxIcB/cRL4wgfTpxg0nNQs6IbnuSwevID935wskjiB0lCIp6dUUh7UQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJ77TGfcl0TI1Iza25KyBCWuabdnMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvbnZ0TVo5eVhSTWpVak5yYmtySUVKYTVwdDJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg13wDAN
BgkqhkiG9w0BAQsFAAOCAQEAaXgO9p4cR3sc0fJHLJsuJRsp+Jz8nfPUMwXeztLV
REtF8bAwFE5DkiDOUL8WlWzKo4oeuB4BN8xwripL89AZ2EKFGr/uposn1Cp+YT9i
+Ni/CXuCOdDy6sHD9M126ZClOOKqupV3DPrPvkGYXd47on8gCT/i8OU0IsWAtq5H
PzlkL9an28cpt9rmYUIieSSxzbdjVWiFWslE4HkVUBSBBB6IXXrjFydprkqBgir5
A4N2S1vyVHfuW8MIlgQLXpclkf9bFEeIDDSs2C/25x1l9eoZLQs2zudfaymRkRpj
+XFaQgMXUISXLJAS+C5H5065kMMl7gLeDlI+hgS/VNbyoA==
-----END CERTIFICATE-----