Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/B2V-Adxriv4qD1OWF9_kvw24wac.roa
File:                     B2V-Adxriv4qD1OWF9_kvw24wac.roa (raw, json)
Hash identifier:          Qcobm2PNqULLzfSC7Vs2n9c+34KkOORDN3EB9l9+zKU=
Subject key identifier:   07:65:7E:01:DC:6B:8A:FE:2A:0F:53:96:17:DF:E4:BF:0D:B8:C1:A7
Certificate issuer:       /CN=7c3c39d1899e699bf5177418ee381489edff4380
Certificate serial:       018CC86F67F80FFDF274D578D7C5B6D7631D
Authority key identifier: 7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/B2V-Adxriv4qD1OWF9_kvw24wac.roa
Signing time:             Tue 02 Jan 2024 04:29:53 +0000
ROA not before:           Tue 02 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49158
IP address blocks:        212.9.96.0/19 maxlen: 20
                          212.9.117.0/24 maxlen: 24
                          2a02:2b90::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:67:f8:0f:fd:f2:74:d5:78:d7:c5:b6:d7:63:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3c39d1899e699bf5177418ee381489edff4380
        Validity
            Not Before: Jan  2 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07657e01dc6b8afe2a0f539617dfe4bf0db8c1a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:1d:d0:ab:50:07:ad:ad:f9:a5:6f:bf:b9:70:
                    1c:85:fb:95:e0:57:8e:ba:7e:d4:6f:31:30:c0:7e:
                    c5:16:03:d5:df:48:af:2a:5d:15:48:3f:a3:b2:88:
                    23:e9:6e:05:41:2e:83:1d:19:4d:34:6f:9d:e1:01:
                    f3:6e:73:69:b9:46:d8:0a:05:eb:2d:44:f9:f9:2d:
                    8e:43:02:56:3a:e3:c9:05:45:71:f3:5a:74:4c:80:
                    21:dc:5d:d7:3e:f4:eb:fb:c8:8c:81:95:3a:f4:f8:
                    59:85:38:7e:78:9a:0e:2a:f4:37:b8:e2:2d:50:84:
                    fa:3f:d8:9c:c0:ee:58:1f:46:15:10:cb:e9:94:0d:
                    59:a5:0f:41:27:11:a6:8f:04:60:f2:ac:db:95:45:
                    53:ef:bb:19:9c:6d:af:66:4b:58:00:2f:46:3c:12:
                    5c:f4:2f:bb:c4:96:ce:1e:e6:d0:70:e9:d0:2e:4e:
                    58:0e:a9:c8:d0:c3:c4:19:5b:78:68:69:ad:6a:99:
                    c2:9a:f9:4c:e2:2b:c6:11:eb:f1:34:5f:00:50:dc:
                    4f:f5:38:bf:74:dc:55:d2:84:82:53:18:41:5e:c3:
                    f2:12:31:6c:ee:f1:d2:31:50:93:92:09:98:54:4d:
                    47:16:fb:16:03:d8:98:9d:ff:e3:53:77:df:30:6c:
                    9a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:65:7E:01:DC:6B:8A:FE:2A:0F:53:96:17:DF:E4:BF:0D:B8:C1:A7
            X509v3 Authority Key Identifier:
                keyid:7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/B2V-Adxriv4qD1OWF9_kvw24wac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.9.96.0/19
                IPv6:
                  2a02:2b90::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:84:44:d6:d7:28:5d:cf:e8:28:fa:0d:60:a3:6a:6f:4b:89:
         4b:0c:98:0b:b0:4f:12:85:0d:34:cf:cd:22:9f:12:77:da:27:
         5a:4a:88:6c:1b:95:98:ef:43:42:7e:57:60:56:47:ea:f5:09:
         71:46:e0:04:bd:62:c4:b4:2c:98:40:c5:2d:fc:ef:62:08:18:
         a9:fd:12:67:5a:a5:19:8b:15:f8:49:65:33:b0:8b:0f:22:24:
         e7:23:0a:89:0c:0a:5c:cf:08:4c:3a:36:e1:be:2b:28:c4:3e:
         f3:18:36:74:21:39:24:67:50:31:9a:dc:c6:79:90:2b:c2:b3:
         40:8c:38:95:4c:bd:31:7b:04:5d:23:f1:c0:49:87:c5:e8:7e:
         7f:e8:09:c7:26:9a:5a:38:fe:18:fd:34:88:0a:86:22:50:60:
         1d:b0:c7:ea:cf:68:c2:54:39:bb:21:db:c3:8c:ed:b0:3a:74:
         f3:f6:ee:65:88:9d:4f:7a:84:37:56:82:64:ee:92:02:cb:63:
         ec:6f:da:df:58:43:d8:4b:0e:19:aa:77:88:a8:71:22:46:fb:
         89:ae:dc:90:f8:50:e1:d2:82:c5:56:a2:59:32:c6:a3:8f:0c:
         42:cf:39:6c:f7:8b:7f:bf:af:17:21:44:ab:31:42:55:fe:f1:
         6f:a2:9e:6c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb2f4D/3ydNV418W212MdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2MzOWQxODk5ZTY5OWJmNTE3NzQxOGVlMzgxNDg5ZWRm
ZjQzODAwHhcNMjQwMTAyMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzY1N2UwMWRjNmI4YWZlMmEwZjUzOTYxN2RmZTRiZjBkYjhjMWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArx3Qq1AHra35pW+/uXAchfuV4FeO
un7UbzEwwH7FFgPV30ivKl0VSD+jsogj6W4FQS6DHRlNNG+d4QHzbnNpuUbYCgXr
LUT5+S2OQwJWOuPJBUVx81p0TIAh3F3XPvTr+8iMgZU69PhZhTh+eJoOKvQ3uOIt
UIT6P9icwO5YH0YVEMvplA1ZpQ9BJxGmjwRg8qzblUVT77sZnG2vZktYAC9GPBJc
9C+7xJbOHubQcOnQLk5YDqnI0MPEGVt4aGmtapnCmvlM4ivGEevxNF8AUNxP9Ti/
dNxV0oSCUxhBXsPyEjFs7vHSMVCTkgmYVE1HFvsWA9iYnf/jU3ffMGyaYQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAdlfgHca4r+Kg9Tlhff5L8NuMGnMB8GA1UdIwQY
MBaAFHw8OdGJnmmb9Rd0GO44FInt/0OAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAt
MDYzZmNkZDNhMDU3LzEvQjJWLUFkeHJpdjRxRDFPV0Y5X2t2dzI0d2FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAtMDYzZmNkZDNhMDU3
LzEvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1AlgMA0E
AgACMAcDBQMqAiuQMA0GCSqGSIb3DQEBCwUAA4IBAQBahETW1yhdz+go+g1go2pv
S4lLDJgLsE8ShQ00z80inxJ32idaSohsG5WY70NCfldgVkfq9QlxRuAEvWLEtCyY
QMUt/O9iCBip/RJnWqUZixX4SWUzsIsPIiTnIwqJDApczwhMOjbhvisoxD7zGDZ0
ITkkZ1AxmtzGeZArwrNAjDiVTL0xewRdI/HASYfF6H5/6AnHJppaOP4Y/TSICoYi
UGAdsMfqz2jCVDm7IdvDjO2wOnTz9u5liJ1PeoQ3VoJk7pICy2Psb9rfWEPYSw4Z
qneIqHEiRvuJrtyQ+FDh0oLFVqJZMsajjwxCzzls94t/v68XIUSrMUJV/vFvop5s
-----END CERTIFICATE-----