Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/ASQhZEoNzDl00bnwNNCUJ3xINAw.roa
File:                     ASQhZEoNzDl00bnwNNCUJ3xINAw.roa (raw, json)
Hash identifier:          G4BWNW8esl1Np3V/sXgF+3I2sPwgOtE2eR2oxOZ/Iho=
Subject key identifier:   01:24:21:64:4A:0D:CC:39:74:D1:B9:F0:34:D0:94:27:7C:48:34:0C
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       018CC2DB5E393733E17043BEA7563655BD1A
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/ASQhZEoNzDl00bnwNNCUJ3xINAw.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211776
IP address blocks:        2a07:22c1:34::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5e:39:37:33:e1:70:43:be:a7:56:36:55:bd:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=012421644a0dcc3974d1b9f034d094277c48340c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:c3:14:61:b3:39:0c:e8:0d:9d:61:36:96:66:
                    20:12:48:f4:60:24:bc:db:5d:b4:7d:00:60:05:9a:
                    36:91:12:25:b6:4b:06:d3:48:ce:0e:7c:ec:08:76:
                    13:aa:07:07:73:cc:23:0a:69:37:32:1b:c0:bc:86:
                    e3:6f:00:c0:ec:9b:31:37:bf:fa:ec:fd:dc:33:43:
                    54:ab:1b:73:1f:48:27:16:9c:8a:bc:13:b4:13:62:
                    0e:90:71:43:20:46:8d:8f:1f:72:57:67:91:a2:83:
                    b3:23:9f:42:90:4e:d4:bf:7e:2a:5c:48:46:89:b3:
                    d9:44:eb:df:9f:f9:14:7d:25:e7:11:56:c5:fc:16:
                    6b:db:d9:36:28:10:77:17:84:85:9f:c2:19:19:92:
                    c5:d9:18:c0:ae:04:b4:be:6d:37:98:66:c4:fb:c8:
                    96:61:9b:6f:a6:e3:87:c8:8a:fa:09:f4:5f:f5:18:
                    44:38:9f:c9:83:df:0a:3f:46:1b:1e:90:6b:45:56:
                    71:e1:eb:b8:7c:4f:d3:e8:33:6a:7d:9b:98:3d:0e:
                    fc:37:e3:e5:ad:ec:d9:55:98:cb:6f:5b:52:f2:f6:
                    65:f9:31:f2:3c:7d:26:dc:a0:7d:c4:8e:40:d0:27:
                    66:a9:32:c0:f7:08:42:2b:cf:31:d1:12:ca:07:f3:
                    ff:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:24:21:64:4A:0D:CC:39:74:D1:B9:F0:34:D0:94:27:7C:48:34:0C
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/ASQhZEoNzDl00bnwNNCUJ3xINAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:22c1:34::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:37:7f:9c:0d:e3:40:a8:bc:99:cb:51:03:07:8d:3e:36:3a:
         d0:1e:38:76:f3:0c:55:05:ab:c7:64:16:84:42:3e:bc:fe:54:
         76:fe:24:ec:f9:bd:81:5a:58:32:80:e7:d8:cc:d4:d4:54:a3:
         7d:dc:45:c2:32:81:f8:cf:ea:0c:83:b5:42:d1:90:7d:c6:80:
         3c:c1:4a:c2:1f:43:9a:ae:1c:72:84:7b:d6:f3:da:51:84:fd:
         20:85:2a:bd:4f:3f:38:4f:cd:b3:bf:34:49:4f:0d:5a:42:71:
         e8:e9:07:e0:4c:aa:db:2f:30:07:11:e1:ad:17:78:f7:98:55:
         42:3a:95:6c:f2:e1:67:9b:cb:a9:4f:9f:f6:79:5c:8e:a3:c7:
         2d:52:e9:05:3a:8c:90:6e:f4:6d:e4:e4:17:7d:2b:1f:8d:f6:
         29:99:53:cc:9e:7a:ee:dd:70:58:c4:29:6e:47:e4:22:bc:be:
         62:ef:86:25:97:f9:d9:3c:38:dd:4e:94:fd:60:56:70:a9:09:
         ab:db:e0:98:2e:e2:d8:f4:bd:67:ea:3d:ca:6d:71:82:44:e7:
         03:5c:81:0a:32:81:0f:20:c1:35:40:2e:9d:ff:5e:b9:c6:8a:
         4b:7f:39:5b:04:52:5e:48:08:9b:34:cd:b2:ed:0c:12:3c:13:
         f1:97:cd:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2145NzPhcEO+p1Y2Vb0aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTI0MjE2NDRhMGRjYzM5NzRkMWI5ZjAzNGQwOTQyNzdjNDgzNDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsMUYbM5DOgNnWE2lmYgEkj0YCS8
2120fQBgBZo2kRIltksG00jODnzsCHYTqgcHc8wjCmk3MhvAvIbjbwDA7JsxN7/6
7P3cM0NUqxtzH0gnFpyKvBO0E2IOkHFDIEaNjx9yV2eRooOzI59CkE7Uv34qXEhG
ibPZROvfn/kUfSXnEVbF/BZr29k2KBB3F4SFn8IZGZLF2RjArgS0vm03mGbE+8iW
YZtvpuOHyIr6CfRf9RhEOJ/Jg98KP0YbHpBrRVZx4eu4fE/T6DNqfZuYPQ78N+Pl
rezZVZjLb1tS8vZl+THyPH0m3KB9xI5A0CdmqTLA9whCK88x0RLKB/P/HwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAEkIWRKDcw5dNG58DTQlCd8SDQMMB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEvQVNRaFpFb056RGwwMGJud05OQ1VKM3hJTkF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgciwQA0
MA0GCSqGSIb3DQEBCwUAA4IBAQAPN3+cDeNAqLyZy1EDB40+NjrQHjh28wxVBavH
ZBaEQj68/lR2/iTs+b2BWlgygOfYzNTUVKN93EXCMoH4z+oMg7VC0ZB9xoA8wUrC
H0OarhxyhHvW89pRhP0ghSq9Tz84T82zvzRJTw1aQnHo6QfgTKrbLzAHEeGtF3j3
mFVCOpVs8uFnm8upT5/2eVyOo8ctUukFOoyQbvRt5OQXfSsfjfYpmVPMnnru3XBY
xCluR+QivL5i74Yll/nZPDjdTpT9YFZwqQmr2+CYLuLY9L1n6j3KbXGCROcDXIEK
MoEPIME1QC6d/165xopLfzlbBFJeSAibNM2y7QwSPBPxl81q
-----END CERTIFICATE-----