Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/r00F9z_gDuZ2dbZrNZGgZZVRnfY.roa
File:                     r00F9z_gDuZ2dbZrNZGgZZVRnfY.roa (raw, json)
Hash identifier:          nQ0vk8ImFe4l0tm5UaB3TAUv0nNmm+5mBVV81PX8Egs=
Subject key identifier:   AF:4D:05:F7:3F:E0:0E:E6:76:75:B6:6B:35:91:A0:65:95:51:9D:F6
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       0190B5F29D36E58BBE1C5BF16003F8E56D37
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/r00F9z_gDuZ2dbZrNZGgZZVRnfY.roa
Signing time:             Mon 15 Jul 2024 10:31:34 +0000
ROA not before:           Mon 15 Jul 2024 10:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56746
IP address blocks:        2a05:b680:100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b5:f2:9d:36:e5:8b:be:1c:5b:f1:60:03:f8:e5:6d:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jul 15 10:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af4d05f73fe00ee67675b66b3591a06595519df6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f9:7b:be:95:b3:f2:32:13:9b:8e:44:c6:38:
                    26:58:ab:e6:ca:2d:2c:88:60:c8:81:7a:60:b2:49:
                    7f:88:36:c9:70:80:3d:b3:ef:be:76:a4:c8:3d:07:
                    42:fa:63:d5:b0:dd:51:d2:4a:1a:4e:65:6a:bf:a4:
                    ff:67:cc:2c:ec:e9:2a:ec:a8:ca:a5:68:78:a1:f6:
                    07:1b:20:d1:90:c0:cf:8e:1c:a0:b2:c3:69:22:60:
                    04:c4:5b:f1:4e:96:99:a5:d0:c5:cf:64:3f:59:82:
                    e5:6d:f0:2b:26:df:91:2d:3b:c0:f0:33:10:db:5d:
                    73:1c:38:af:5d:1b:3d:af:11:b5:5f:1d:e0:a9:82:
                    ef:6d:d3:20:f4:92:c1:9d:52:e5:ea:29:43:5d:5b:
                    1b:d1:62:13:e5:c4:b3:ad:9f:b9:75:e6:0d:27:b3:
                    1f:b8:4f:3c:f8:de:9a:8e:6d:98:71:3e:b2:40:d8:
                    b6:97:a4:68:f3:98:80:81:32:ca:e9:44:f8:0e:e4:
                    d6:d7:89:42:4c:96:f4:47:04:dd:d2:57:75:b9:85:
                    88:ab:c1:28:0d:9b:70:98:e0:a5:bf:5e:bd:26:36:
                    4b:31:a9:42:ff:c2:8e:45:e2:f1:93:8d:f4:c3:08:
                    58:37:0e:46:0c:b4:6d:67:50:15:5a:a9:b4:b2:23:
                    96:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:4D:05:F7:3F:E0:0E:E6:76:75:B6:6B:35:91:A0:65:95:51:9D:F6
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/r00F9z_gDuZ2dbZrNZGgZZVRnfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b680:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         14:a3:69:ec:99:88:56:1d:76:59:87:d4:bd:d8:cb:98:45:13:
         26:26:6e:f7:de:fa:25:2f:c2:dd:c1:2b:82:27:95:95:f6:15:
         51:66:cb:94:97:69:b2:da:cf:fd:d5:6f:97:4f:c8:a3:9b:a9:
         03:f7:36:00:8d:41:6d:ce:ed:0f:03:80:e6:98:b5:0c:85:89:
         62:00:86:05:2f:d6:56:dc:d3:db:42:53:9a:d7:45:f7:7a:36:
         99:41:18:c8:0a:98:9e:92:03:80:28:61:d6:87:7f:cc:95:d1:
         a1:89:a2:22:01:a8:30:72:0a:c9:c6:b0:64:cc:be:8c:d5:10:
         5c:ac:f7:46:d8:7f:6d:e5:f9:92:34:f7:89:cb:24:d9:6d:12:
         6f:c5:34:75:c1:f7:97:f2:a4:1b:5d:76:b8:0f:a2:bc:bb:20:
         82:05:b7:f6:39:2f:ec:66:21:9f:07:19:2e:0f:6d:a3:fc:22:
         75:2e:b2:ac:73:15:4c:d9:ae:f5:b7:d4:18:dd:6e:21:dd:f4:
         a4:2b:8f:1c:6b:e9:e5:47:00:5b:bb:21:d5:24:99:c9:f3:b0:
         bc:cb:23:ef:39:54:e3:eb:e5:52:7d:ba:b5:09:5d:46:4d:09:
         ba:df:2f:60:ad:23:60:4c:e0:d7:44:0b:03:5d:ed:a0:b3:65:
         12:ed:f3:e6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZC18p025Yu+HFvxYAP45W03MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjQwNzE1MTAzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjRkMDVmNzNmZTAwZWU2NzY3NWI2NmIzNTkxYTA2NTk1NTE5ZGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvl7vpWz8jITm45ExjgmWKvmyi0s
iGDIgXpgskl/iDbJcIA9s+++dqTIPQdC+mPVsN1R0koaTmVqv6T/Z8ws7Okq7KjK
pWh4ofYHGyDRkMDPjhygssNpImAExFvxTpaZpdDFz2Q/WYLlbfArJt+RLTvA8DMQ
211zHDivXRs9rxG1Xx3gqYLvbdMg9JLBnVLl6ilDXVsb0WIT5cSzrZ+5deYNJ7Mf
uE88+N6ajm2YcT6yQNi2l6Ro85iAgTLK6UT4DuTW14lCTJb0RwTd0ld1uYWIq8Eo
DZtwmOClv169JjZLMalC/8KOReLxk430wwhYNw5GDLRtZ1AVWqm0siOWuQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFK9NBfc/4A7mdnW2azWRoGWVUZ32MB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvcjAwRjl6X2dEdVoyZGJack5aR2daWlZSbmZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgW2gAEw
DQYJKoZIhvcNAQELBQADggEBABSjaeyZiFYddlmH1L3Yy5hFEyYmbvfe+iUvwt3B
K4InlZX2FVFmy5SXabLaz/3Vb5dPyKObqQP3NgCNQW3O7Q8DgOaYtQyFiWIAhgUv
1lbc09tCU5rXRfd6NplBGMgKmJ6SA4AoYdaHf8yV0aGJoiIBqDByCsnGsGTMvozV
EFys90bYf23l+ZI094nLJNltEm/FNHXB95fypBtddrgPory7IIIFt/Y5L+xmIZ8H
GS4PbaP8InUusqxzFUzZrvW31BjdbiHd9KQrjxxr6eVHAFu7IdUkmcnzsLzLI+85
VOPr5VJ9urUJXUZNCbrfL2CtI2BM4NdECwNd7aCzZRLt8+Y=
-----END CERTIFICATE-----