Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/5f0ac1-205d-4975-aade-503a9fc59a20/1/fP_HkdJBiY0FC5AeoXGsOvdkFPA.roa
File:                     fP_HkdJBiY0FC5AeoXGsOvdkFPA.roa (raw, json)
Hash identifier:          /Zsu+1iWoaxu+bki1hO8uZFbTcHH7mKmgPUXnKMNnoY=
Subject key identifier:   7C:FF:C7:91:D2:41:89:8D:05:0B:90:1E:A1:71:AC:3A:F7:64:14:F0
Certificate issuer:       /CN=f539a07ef47f805cca07c10ae187c93968808c47
Certificate serial:       0190E4CD65DEB6E09506F093FAC84152C2D3
Authority key identifier: F5:39:A0:7E:F4:7F:80:5C:CA:07:C1:0A:E1:87:C9:39:68:80:8C:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9TmgfvR_gFzKB8EK4YfJOWiAjEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/5f0ac1-205d-4975-aade-503a9fc59a20/1/fP_HkdJBiY0FC5AeoXGsOvdkFPA.roa
Signing time:             Wed 24 Jul 2024 12:53:04 +0000
ROA not before:           Wed 24 Jul 2024 12:53:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215914
IP address blocks:        2a01:f800::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/5f0ac1-205d-4975-aade-503a9fc59a20/1/9TmgfvR_gFzKB8EK4YfJOWiAjEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/5f0ac1-205d-4975-aade-503a9fc59a20/1/9TmgfvR_gFzKB8EK4YfJOWiAjEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9TmgfvR_gFzKB8EK4YfJOWiAjEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 18:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e4:cd:65:de:b6:e0:95:06:f0:93:fa:c8:41:52:c2:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f539a07ef47f805cca07c10ae187c93968808c47
        Validity
            Not Before: Jul 24 12:53:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cffc791d241898d050b901ea171ac3af76414f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a7:86:4d:f8:26:11:1b:45:69:4a:18:44:df:
                    88:7c:90:7f:f3:1b:6d:5d:91:80:31:de:89:69:df:
                    ac:42:45:f9:2c:9c:28:96:9c:b8:81:f1:99:41:02:
                    11:ec:3f:fc:33:c5:07:c4:1a:19:65:96:52:79:99:
                    3e:14:6a:ca:12:3d:98:21:f5:61:bc:86:51:c6:56:
                    39:2d:ce:72:48:19:95:ef:81:be:24:b8:ce:d2:ec:
                    0b:27:6c:87:a2:d4:6f:b9:c9:14:71:0d:41:17:87:
                    25:69:44:ae:6a:c4:0d:40:a0:29:52:39:23:2e:79:
                    76:e8:ca:ea:b9:da:f9:4e:9d:ae:62:25:92:2f:60:
                    ff:ca:af:9d:10:3c:c7:ca:ef:9a:c9:01:79:11:c0:
                    87:93:37:22:8f:4d:67:31:1d:e2:fa:19:5c:c3:78:
                    ef:a3:7c:55:17:a8:39:6f:6a:fa:7e:46:45:6d:e9:
                    68:dc:98:9c:f1:1c:cb:0e:4e:72:8b:45:2e:ae:d1:
                    48:52:9d:c9:8f:ef:a7:ec:f0:89:0d:94:44:85:8d:
                    c4:10:f3:be:57:af:d2:dc:bd:8f:12:8d:c2:f9:a7:
                    0d:a0:59:39:cc:f8:b5:c0:a4:f1:8d:e1:09:7c:fc:
                    61:ea:d9:53:d1:02:c1:9e:6c:11:74:ff:bd:41:4d:
                    e9:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:FF:C7:91:D2:41:89:8D:05:0B:90:1E:A1:71:AC:3A:F7:64:14:F0
            X509v3 Authority Key Identifier:
                keyid:F5:39:A0:7E:F4:7F:80:5C:CA:07:C1:0A:E1:87:C9:39:68:80:8C:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9TmgfvR_gFzKB8EK4YfJOWiAjEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/5f0ac1-205d-4975-aade-503a9fc59a20/1/fP_HkdJBiY0FC5AeoXGsOvdkFPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/5f0ac1-205d-4975-aade-503a9fc59a20/1/9TmgfvR_gFzKB8EK4YfJOWiAjEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f800::/29

    Signature Algorithm: sha256WithRSAEncryption
         a6:8e:1c:b5:45:58:87:b9:58:d1:7e:c7:71:46:f6:d7:06:eb:
         43:59:6a:0e:9b:9d:68:43:70:d3:f1:61:e3:d0:e5:fa:6d:76:
         78:63:d6:e0:02:e3:37:0c:b9:f8:c0:c8:ad:f4:98:9e:1b:b9:
         6a:72:1d:23:cc:72:58:a2:9c:4a:f5:fd:d9:c7:7c:ff:2c:a1:
         dc:80:01:9e:b8:00:7f:59:ae:85:14:1c:ba:16:dc:47:c6:e7:
         47:57:79:40:9a:b5:c6:04:1a:75:15:3c:ad:3d:ff:e8:4b:eb:
         97:5b:73:65:9c:e7:75:ba:42:af:73:4b:aa:dd:aa:8c:f7:2a:
         b3:5d:69:41:fd:5e:b7:a5:fa:9b:3f:4f:0d:c9:36:a6:06:be:
         15:2e:76:86:21:ce:81:cb:89:f7:e1:67:27:d3:6a:9c:a1:85:
         af:20:55:34:e8:7e:98:38:62:db:77:31:4e:75:5b:ab:bc:e5:
         37:41:af:14:45:d1:d7:9b:4e:69:1d:dd:a7:cd:b6:91:8f:a8:
         35:39:2e:07:aa:af:c2:93:45:f5:0b:70:a9:3c:8e:4d:86:3a:
         ca:7c:20:85:59:32:85:dc:0d:49:b0:b6:99:31:81:03:e4:03:
         ab:fa:3d:d0:54:71:01:7b:7b:9b:2c:0a:4a:4d:e3:9a:03:27:
         d8:e6:4f:b1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZDkzWXetuCVBvCT+shBUsLTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MzlhMDdlZjQ3ZjgwNWNjYTA3YzEwYWUxODdjOTM5Njg4
MDhjNDcwHhcNMjQwNzI0MTI1MzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2ZmYzc5MWQyNDE4OThkMDUwYjkwMWVhMTcxYWMzYWY3NjQxNGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaeGTfgmERtFaUoYRN+IfJB/8xtt
XZGAMd6Jad+sQkX5LJwolpy4gfGZQQIR7D/8M8UHxBoZZZZSeZk+FGrKEj2YIfVh
vIZRxlY5Lc5ySBmV74G+JLjO0uwLJ2yHotRvuckUcQ1BF4claUSuasQNQKApUjkj
Lnl26Mrqudr5Tp2uYiWSL2D/yq+dEDzHyu+ayQF5EcCHkzcij01nMR3i+hlcw3jv
o3xVF6g5b2r6fkZFbelo3Jic8RzLDk5yi0UurtFIUp3Jj++n7PCJDZREhY3EEPO+
V6/S3L2PEo3C+acNoFk5zPi1wKTxjeEJfPxh6tlT0QLBnmwRdP+9QU3pUQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHz/x5HSQYmNBQuQHqFxrDr3ZBTwMB8GA1UdIwQY
MBaAFPU5oH70f4BcygfBCuGHyTlogIxHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVRtZ2Z2Ul9nRnpLQjhFSzRZZkpPV2lBakVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS81ZjBhYzEtMjA1ZC00OTc1LWFhZGUt
NTAzYTlmYzU5YTIwLzEvZlBfSGtkSkJpWTBGQzVBZW9YR3NPdmRrRlBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS81ZjBhYzEtMjA1ZC00OTc1LWFhZGUtNTAzYTlmYzU5YTIw
LzEvOVRtZ2Z2Ul9nRnpLQjhFSzRZZkpPV2lBakVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgH4ADAN
BgkqhkiG9w0BAQsFAAOCAQEApo4ctUVYh7lY0X7HcUb21wbrQ1lqDpudaENw0/Fh
49Dl+m12eGPW4ALjNwy5+MDIrfSYnhu5anIdI8xyWKKcSvX92cd8/yyh3IABnrgA
f1muhRQcuhbcR8bnR1d5QJq1xgQadRU8rT3/6Evrl1tzZZzndbpCr3NLqt2qjPcq
s11pQf1et6X6mz9PDck2pga+FS52hiHOgcuJ9+FnJ9NqnKGFryBVNOh+mDhi23cx
TnVbq7zlN0GvFEXR15tOaR3dp822kY+oNTkuB6qvwpNF9QtwqTyOTYY6ynwghVky
hdwNSbC2mTGBA+QDq/o90FRxAXt7mywKSk3jmgMn2OZPsQ==
-----END CERTIFICATE-----