Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/Ii929d5cfpG1z1xjYHb88nEFwLM.roa
File:                     Ii929d5cfpG1z1xjYHb88nEFwLM.roa (raw, json)
Hash identifier:          tLx0SQC28zSCMfpZkMRer0zfj0YCAiUT2c3qcbyIhlQ=
Subject key identifier:   22:2F:76:F5:DE:5C:7E:91:B5:CF:5C:63:60:76:FC:F2:71:05:C0:B3
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       018CC2DB604E79DDB67A2231A6EE589178CE
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/Ii929d5cfpG1z1xjYHb88nEFwLM.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213021
IP address blocks:        2a07:22c1:c100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 22:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:60:4e:79:dd:b6:7a:22:31:a6:ee:58:91:78:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=222f76f5de5c7e91b5cf5c636076fcf27105c0b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:10:32:da:3e:6f:29:06:b5:1f:20:c9:d0:32:
                    21:53:55:74:9d:7c:56:a8:fa:03:b3:12:9c:db:f3:
                    07:94:4a:14:1b:a7:28:a1:9c:c2:12:4f:34:fc:9b:
                    f9:5d:4e:aa:05:54:da:23:34:75:03:86:c9:6f:d6:
                    df:93:46:a1:f5:c2:0a:bb:4d:fd:ed:66:a9:84:89:
                    0d:33:62:af:1b:fd:0a:f0:2a:de:8c:cf:48:5b:9f:
                    1d:0d:13:85:4f:77:6f:f1:ce:b5:e9:e8:00:7c:36:
                    10:f4:82:5e:87:9a:d0:5a:87:24:e4:e6:9f:9f:55:
                    83:59:ff:9c:89:da:f3:b3:97:b1:fd:97:5c:13:b2:
                    63:6c:79:85:8b:30:7e:d9:c6:dd:13:75:a4:02:29:
                    d0:f4:3b:61:9f:ab:f2:43:36:4b:c4:c4:3f:de:3d:
                    8a:47:4f:5d:24:74:e3:40:e0:18:56:b8:01:d2:fc:
                    21:f2:b5:79:05:57:13:e5:23:b8:cf:f8:7d:98:4e:
                    bc:29:a2:94:95:34:82:43:0e:88:4d:74:b2:bf:30:
                    ad:10:7e:2d:c0:55:8f:a6:17:bf:45:82:5a:84:f6:
                    5c:7c:f5:b5:31:c1:a2:9b:f7:ae:fb:8b:e3:1e:85:
                    a5:be:8a:40:77:48:b9:95:fe:d1:ed:16:a9:99:6c:
                    d8:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:2F:76:F5:DE:5C:7E:91:B5:CF:5C:63:60:76:FC:F2:71:05:C0:B3
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/Ii929d5cfpG1z1xjYHb88nEFwLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:22c1:c100::/40

    Signature Algorithm: sha256WithRSAEncryption
         9d:52:d8:ec:33:1b:2e:d1:c4:2a:81:1a:d8:8b:de:5a:01:d4:
         b5:21:3c:26:db:59:0f:40:81:37:1a:13:15:ad:42:c8:64:51:
         31:bb:e7:a2:2b:7e:94:95:ef:92:2a:77:13:e9:20:14:0f:d8:
         b6:68:be:14:18:0c:fb:ef:39:c7:16:8b:07:e0:bb:d8:da:a4:
         5e:56:70:cf:3a:15:54:4c:b7:02:f1:c8:9d:f2:a8:de:cf:13:
         0a:a3:42:40:10:5f:6e:05:51:eb:aa:a8:42:91:21:cb:51:b4:
         7b:cc:22:b1:32:ce:50:56:c1:5a:08:08:09:56:2b:b1:14:44:
         5b:e3:b4:4d:14:91:f2:fb:29:76:e7:f2:e2:ee:1e:62:ef:f3:
         75:91:8a:d1:3f:eb:62:68:f0:5a:e1:67:dd:88:4a:cb:40:38:
         ee:fc:da:2c:e4:1f:86:bd:dd:d1:e9:37:9f:4b:49:8d:5d:9a:
         38:78:84:f0:23:07:4d:fe:48:ba:05:24:ed:b6:3f:6e:cc:2a:
         b6:4f:74:11:54:d8:b3:44:66:36:b8:2d:c2:7c:f1:ed:3c:7f:
         d8:ca:43:1f:bc:d0:4a:06:0b:48:c3:3e:c5:47:ea:a5:0e:c3:
         87:19:cc:ea:2c:70:de:8d:aa:1a:56:df:ab:26:fe:36:3d:ce:
         7c:eb:b2:1c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzC22BOed22eiIxpu5YkXjOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjJmNzZmNWRlNWM3ZTkxYjVjZjVjNjM2MDc2ZmNmMjcxMDVjMGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRAy2j5vKQa1HyDJ0DIhU1V0nXxW
qPoDsxKc2/MHlEoUG6cooZzCEk80/Jv5XU6qBVTaIzR1A4bJb9bfk0ah9cIKu039
7WaphIkNM2KvG/0K8CrejM9IW58dDROFT3dv8c616egAfDYQ9IJeh5rQWock5Oaf
n1WDWf+cidrzs5ex/ZdcE7JjbHmFizB+2cbdE3WkAinQ9Dthn6vyQzZLxMQ/3j2K
R09dJHTjQOAYVrgB0vwh8rV5BVcT5SO4z/h9mE68KaKUlTSCQw6ITXSyvzCtEH4t
wFWPphe/RYJahPZcfPW1McGim/eu+4vjHoWlvopAd0i5lf7R7RapmWzY4QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCIvdvXeXH6Rtc9cY2B2/PJxBcCzMB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEvSWk5MjlkNWNmcEcxejF4allIYjg4bkVGd0xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgciwcEw
DQYJKoZIhvcNAQELBQADggEBAJ1S2OwzGy7RxCqBGtiL3loB1LUhPCbbWQ9AgTca
ExWtQshkUTG756IrfpSV75IqdxPpIBQP2LZovhQYDPvvOccWiwfgu9japF5WcM86
FVRMtwLxyJ3yqN7PEwqjQkAQX24FUeuqqEKRIctRtHvMIrEyzlBWwVoICAlWK7EU
RFvjtE0UkfL7KXbn8uLuHmLv83WRitE/62Jo8FrhZ92ISstAOO782izkH4a93dHp
N59LSY1dmjh4hPAjB03+SLoFJO22P27MKrZPdBFU2LNEZja4LcJ88e08f9jKQx+8
0EoGC0jDPsVH6qUOw4cZzOoscN6NqhpW36sm/jY9znzrshw=
-----END CERTIFICATE-----