Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/h9LRxtIHHNRKmjhX7zcQt5OpNR0.roa
File:                     h9LRxtIHHNRKmjhX7zcQt5OpNR0.roa (raw, json)
Hash identifier:          pYc/F5IiUgx0C3gHeTT8EdG53ONhe87HE5BZwiebf88=
Subject key identifier:   87:D2:D1:C6:D2:07:1C:D4:4A:9A:38:57:EF:37:10:B7:93:A9:35:1D
Certificate issuer:       /CN=76670236cd0e038684a33194bde7d4b95adc66f7
Certificate serial:       01905891F441A4A0757D31361553920D3060
Authority key identifier: 76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/h9LRxtIHHNRKmjhX7zcQt5OpNR0.roa
Signing time:             Thu 27 Jun 2024 07:21:18 +0000
ROA not before:           Thu 27 Jun 2024 07:21:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214958
IP address blocks:        2a05:541:1a1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:58:91:f4:41:a4:a0:75:7d:31:36:15:53:92:0d:30:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76670236cd0e038684a33194bde7d4b95adc66f7
        Validity
            Not Before: Jun 27 07:21:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87d2d1c6d2071cd44a9a3857ef3710b793a9351d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6d:dd:f4:c5:e1:34:b9:3a:6f:4b:d0:54:16:
                    d1:b9:c8:94:60:cf:30:da:d6:98:6e:fa:48:9d:f9:
                    60:f0:42:41:01:2a:48:e4:10:f1:ab:19:4c:2a:30:
                    cf:70:3a:52:3e:85:c8:38:1b:7e:dc:7f:0e:47:81:
                    8d:ef:f3:33:7c:59:e6:20:15:26:9d:cb:4c:17:ab:
                    d9:d6:6a:75:49:55:73:0a:f8:13:f1:06:c6:4c:c4:
                    93:88:c1:07:61:7f:03:4e:1c:5f:46:1d:5d:71:5c:
                    4f:4d:15:05:8d:1e:29:9d:7a:0d:7a:b1:8a:37:d1:
                    7f:87:a4:73:08:0b:16:3d:47:8d:d0:e5:20:ba:93:
                    63:71:1d:4c:4e:04:87:66:f1:d2:71:7c:a2:5b:60:
                    69:04:16:e2:23:6f:ba:d3:68:5a:c8:4f:9b:df:f4:
                    c1:71:99:15:a6:16:ed:cf:23:64:d9:42:b9:01:da:
                    c0:c1:7f:c9:3f:72:c5:8c:33:81:aa:e5:4f:4c:66:
                    13:8f:da:13:1d:9b:ca:46:7f:81:6c:f5:27:1b:8c:
                    f0:c6:d6:f2:c0:4f:fe:78:8e:bd:ff:a6:52:4d:60:
                    17:22:a5:75:86:03:1b:75:bf:2c:29:8a:95:d9:85:
                    f5:f0:08:3b:ac:df:12:83:e6:a0:2e:ce:15:8f:ef:
                    9d:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:D2:D1:C6:D2:07:1C:D4:4A:9A:38:57:EF:37:10:B7:93:A9:35:1D
            X509v3 Authority Key Identifier:
                keyid:76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/h9LRxtIHHNRKmjhX7zcQt5OpNR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:541:1a1::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:be:10:b1:6c:d9:82:77:e2:4c:dd:56:9f:12:d3:58:ef:b5:
         15:69:93:45:19:0e:9a:5b:93:bf:ec:a5:89:d3:83:58:df:80:
         1f:83:9e:db:35:ae:78:d3:8a:65:bd:82:62:05:b1:55:20:55:
         b2:87:68:66:21:b6:ee:68:22:00:d6:10:76:cd:34:5c:3e:24:
         aa:d8:3a:ea:30:8c:ce:dc:cb:13:25:3d:24:bf:0c:91:6a:3f:
         1d:f9:40:5f:7f:ec:c6:f1:cc:cb:80:25:b2:52:66:ef:82:36:
         19:0f:03:df:3d:62:17:3b:89:bf:02:eb:36:da:df:f9:bd:b3:
         60:48:78:c3:cd:52:53:d7:52:59:7f:07:84:a6:bc:aa:33:05:
         16:cc:c6:89:e5:c8:76:22:43:0c:ee:15:1e:8b:f7:fe:b7:7b:
         4a:58:6d:1c:40:6d:d9:af:7d:d5:31:a5:47:b4:92:f7:4a:fa:
         04:c4:4a:60:24:e3:6a:59:89:e7:43:cc:63:35:28:d7:36:87:
         17:03:61:b6:05:a0:90:e4:73:0c:19:76:c4:6d:51:cd:b1:8f:
         79:83:04:ce:4d:ed:9a:92:58:54:3c:da:b9:fb:69:db:2c:1b:
         2a:d3:d5:ee:ad:5a:29:2b:4e:e7:10:c5:65:26:f9:0e:09:00:
         08:30:b9:c5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZBYkfRBpKB1fTE2FVOSDTBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NjcwMjM2Y2QwZTAzODY4NGEzMzE5NGJkZTdkNGI5NWFk
YzY2ZjcwHhcNMjQwNjI3MDcyMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2QyZDFjNmQyMDcxY2Q0NGE5YTM4NTdlZjM3MTBiNzkzYTkzNTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtG3d9MXhNLk6b0vQVBbRuciUYM8w
2taYbvpInflg8EJBASpI5BDxqxlMKjDPcDpSPoXIOBt+3H8OR4GN7/MzfFnmIBUm
nctMF6vZ1mp1SVVzCvgT8QbGTMSTiMEHYX8DThxfRh1dcVxPTRUFjR4pnXoNerGK
N9F/h6RzCAsWPUeN0OUgupNjcR1MTgSHZvHScXyiW2BpBBbiI2+602hayE+b3/TB
cZkVphbtzyNk2UK5AdrAwX/JP3LFjDOBquVPTGYTj9oTHZvKRn+BbPUnG4zwxtby
wE/+eI69/6ZSTWAXIqV1hgMbdb8sKYqV2YX18Ag7rN8Sg+agLs4Vj++dWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIfS0cbSBxzUSpo4V+83ELeTqTUdMB8GA1UdIwQY
MBaAFHZnAjbNDgOGhKMxlL3n1Lla3Gb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgt
YmE0ZmMyMzQ2ODNlLzEvaDlMUnh0SUhITlJLbWpoWDd6Y1F0NU9wTlIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgtYmE0ZmMyMzQ2ODNl
LzEvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgUFQQGh
MA0GCSqGSIb3DQEBCwUAA4IBAQAKvhCxbNmCd+JM3VafEtNY77UVaZNFGQ6aW5O/
7KWJ04NY34Afg57bNa5404plvYJiBbFVIFWyh2hmIbbuaCIA1hB2zTRcPiSq2Drq
MIzO3MsTJT0kvwyRaj8d+UBff+zG8czLgCWyUmbvgjYZDwPfPWIXO4m/Aus22t/5
vbNgSHjDzVJT11JZfweEpryqMwUWzMaJ5ch2IkMM7hUei/f+t3tKWG0cQG3Zr33V
MaVHtJL3SvoExEpgJONqWYnnQ8xjNSjXNocXA2G2BaCQ5HMMGXbEbVHNsY95gwTO
Te2aklhUPNq5+2nbLBsq09XurVopK07nEMVlJvkOCQAIMLnF
-----END CERTIFICATE-----