Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/81ac71-0f2a-4861-959b-afa4fd3506d0/1/_rtaFwrRxeE8PCjxuv76W7SPvO4.roa
File:                     _rtaFwrRxeE8PCjxuv76W7SPvO4.roa (raw, json)
Hash identifier:          d6Xb+7P+Gk0hUbHkl6GqAyx+6AUw8J5+PHwpriOxifs=
Subject key identifier:   FE:BB:5A:17:0A:D1:C5:E1:3C:3C:28:F1:BA:FE:FA:5B:B4:8F:BC:EE
Certificate issuer:       /CN=4603c656c197461a49caa1ffd720d18beeac8076
Certificate serial:       0190FE982ECCADF4F03E214C0E371CB9846C
Authority key identifier: 46:03:C6:56:C1:97:46:1A:49:CA:A1:FF:D7:20:D1:8B:EE:AC:80:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RgPGVsGXRhpJyqH_1yDRi-6sgHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/81ac71-0f2a-4861-959b-afa4fd3506d0/1/_rtaFwrRxeE8PCjxuv76W7SPvO4.roa
Signing time:             Mon 29 Jul 2024 13:05:04 +0000
ROA not before:           Mon 29 Jul 2024 13:05:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214457
IP address blocks:        2001:3200::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/81ac71-0f2a-4861-959b-afa4fd3506d0/1/RgPGVsGXRhpJyqH_1yDRi-6sgHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/81ac71-0f2a-4861-959b-afa4fd3506d0/1/RgPGVsGXRhpJyqH_1yDRi-6sgHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RgPGVsGXRhpJyqH_1yDRi-6sgHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fe:98:2e:cc:ad:f4:f0:3e:21:4c:0e:37:1c:b9:84:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4603c656c197461a49caa1ffd720d18beeac8076
        Validity
            Not Before: Jul 29 13:05:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=febb5a170ad1c5e13c3c28f1bafefa5bb48fbcee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c9:c9:63:ef:03:6a:cf:5c:27:2a:e7:87:9d:
                    b1:2c:a5:08:e0:c9:f1:86:39:3c:d4:4d:ef:de:5c:
                    cb:fd:89:e4:49:61:ec:ff:15:32:53:22:c4:ad:0e:
                    d4:da:4e:02:c9:e9:a5:60:fe:9a:89:9d:22:fc:4a:
                    a5:a2:d0:01:1f:73:a2:9b:6d:ca:cc:76:89:8f:7d:
                    96:c9:03:47:0e:bf:2b:f5:61:76:6d:04:52:10:cf:
                    15:3c:76:6e:4e:ca:cd:38:19:77:9b:82:e8:54:f0:
                    68:02:c7:17:c3:a7:45:15:67:31:2d:ba:71:b8:97:
                    10:01:1d:b4:0c:de:5f:d6:8c:39:e4:b5:37:22:02:
                    cb:dd:d2:fe:6f:6a:4e:07:8e:8f:d9:71:b4:02:47:
                    43:2f:82:47:dc:62:12:ec:89:4d:49:ea:c4:c9:eb:
                    cf:68:86:24:95:65:8b:82:cf:05:e1:75:59:03:e7:
                    e5:7a:b5:06:2e:b6:ac:a7:28:42:9d:9d:20:d4:eb:
                    92:2a:83:29:aa:42:d3:68:7a:8a:56:c9:39:b2:46:
                    f4:f5:3e:8b:8a:66:c1:f4:64:7a:a1:f2:a2:7c:8c:
                    bc:e9:8d:97:ce:96:19:ac:1b:fd:3d:39:ff:6d:4b:
                    73:55:47:28:8d:d1:da:bc:93:f5:62:0a:88:b9:9c:
                    8b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:BB:5A:17:0A:D1:C5:E1:3C:3C:28:F1:BA:FE:FA:5B:B4:8F:BC:EE
            X509v3 Authority Key Identifier:
                keyid:46:03:C6:56:C1:97:46:1A:49:CA:A1:FF:D7:20:D1:8B:EE:AC:80:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RgPGVsGXRhpJyqH_1yDRi-6sgHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/81ac71-0f2a-4861-959b-afa4fd3506d0/1/_rtaFwrRxeE8PCjxuv76W7SPvO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/81ac71-0f2a-4861-959b-afa4fd3506d0/1/RgPGVsGXRhpJyqH_1yDRi-6sgHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3200::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:ee:41:18:8c:5b:21:fe:04:ed:53:37:b9:f7:09:2b:c1:44:
         75:61:44:24:74:64:86:2b:33:2e:0f:fe:8d:b8:79:40:83:51:
         60:5a:d5:78:65:23:20:83:53:bc:5a:49:c7:b1:f2:ac:2e:bc:
         ed:b3:12:1a:25:f9:68:38:fa:f1:1c:71:e4:78:3e:b4:c0:4e:
         4f:a1:95:d1:4a:d6:ef:d1:8d:5e:22:dc:ff:6d:6b:5c:8d:14:
         4f:13:70:43:b0:10:d8:45:10:89:11:52:a2:b4:fa:6d:3c:60:
         c2:0f:b9:6e:e7:9b:d7:12:73:d9:3a:ea:b2:34:2b:ab:99:6d:
         8a:eb:95:08:bd:ca:aa:ff:51:e1:3e:23:b5:12:64:69:69:ec:
         91:ab:0a:3f:1e:6a:6f:13:4a:e6:3c:68:36:c9:e6:89:f4:86:
         91:cc:ac:c1:6a:ac:4a:89:5e:3b:8c:c8:ef:e6:4a:2d:4d:34:
         b4:f7:ec:62:ea:79:5c:06:fe:7b:c3:58:49:64:9d:d3:a4:bf:
         bb:10:a4:25:7e:67:c3:2a:f2:29:14:5f:bd:c5:4a:75:a2:63:
         d9:61:33:37:c2:9c:00:d0:55:d7:a8:8d:12:a0:38:99:52:2b:
         3c:14:3b:3f:a6:de:ba:22:dd:1a:50:13:bf:77:cf:2c:ac:13:
         54:59:0d:01
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZD+mC7MrfTwPiFMDjccuYRsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2MDNjNjU2YzE5NzQ2MWE0OWNhYTFmZmQ3MjBkMThiZWVh
YzgwNzYwHhcNMjQwNzI5MTMwNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWJiNWExNzBhZDFjNWUxM2MzYzI4ZjFiYWZlZmE1YmI0OGZiY2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8nJY+8Das9cJyrnh52xLKUI4Mnx
hjk81E3v3lzL/YnkSWHs/xUyUyLErQ7U2k4CyemlYP6aiZ0i/EqlotABH3Oim23K
zHaJj32WyQNHDr8r9WF2bQRSEM8VPHZuTsrNOBl3m4LoVPBoAscXw6dFFWcxLbpx
uJcQAR20DN5f1ow55LU3IgLL3dL+b2pOB46P2XG0AkdDL4JH3GIS7IlNSerEyevP
aIYklWWLgs8F4XVZA+flerUGLraspyhCnZ0g1OuSKoMpqkLTaHqKVsk5skb09T6L
imbB9GR6ofKifIy86Y2XzpYZrBv9PTn/bUtzVUcojdHavJP1YgqIuZyLLwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFP67WhcK0cXhPDwo8br++lu0j7zuMB8GA1UdIwQY
MBaAFEYDxlbBl0YaScqh/9cg0YvurIB2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmdQR1ZzR1hSaHBKeXFIXzF5RFJpLTZzZ0hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy84MWFjNzEtMGYyYS00ODYxLTk1OWIt
YWZhNGZkMzUwNmQwLzEvX3J0YUZ3clJ4ZUU4UENqeHV2NzZXN1NQdk80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy84MWFjNzEtMGYyYS00ODYxLTk1OWItYWZhNGZkMzUwNmQw
LzEvUmdQR1ZzR1hSaHBKeXFIXzF5RFJpLTZzZ0hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDIAEyADAN
BgkqhkiG9w0BAQsFAAOCAQEAe+5BGIxbIf4E7VM3ufcJK8FEdWFEJHRkhiszLg/+
jbh5QINRYFrVeGUjIINTvFpJx7HyrC687bMSGiX5aDj68Rxx5Hg+tMBOT6GV0UrW
79GNXiLc/21rXI0UTxNwQ7AQ2EUQiRFSorT6bTxgwg+5bueb1xJz2TrqsjQrq5lt
iuuVCL3Kqv9R4T4jtRJkaWnskasKPx5qbxNK5jxoNsnmifSGkcyswWqsSoleO4zI
7+ZKLU00tPfsYup5XAb+e8NYSWSd06S/uxCkJX5nwyryKRRfvcVKdaJj2WEzN8Kc
ANBV16iNEqA4mVIrPBQ7P6beuiLdGlATv3fPLKwTVFkNAQ==
-----END CERTIFICATE-----