Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/x5oTl6rhNlADCUtKNByrTG21Qwk.roa
File:                     x5oTl6rhNlADCUtKNByrTG21Qwk.roa (raw, json)
Hash identifier:          IUU3UwkVd0K+2uvIAoRAVZJiN+DHujuOIzUgGzlWw44=
Subject key identifier:   C7:9A:13:97:AA:E1:36:50:03:09:4B:4A:34:1C:AB:4C:6D:B5:43:09
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       018CC2DB5ED7DB1A7D80398053CCA8C1BCE5
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/x5oTl6rhNlADCUtKNByrTG21Qwk.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212437
IP address blocks:        2a07:22c1:9::/48 maxlen: 48
                          2a07:22c1:30::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5e:d7:db:1a:7d:80:39:80:53:cc:a8:c1:bc:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c79a1397aae1365003094b4a341cab4c6db54309
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:12:68:30:ba:56:0e:2f:26:24:a8:d2:a3:68:
                    d0:f2:13:87:93:03:25:c2:e2:f7:60:30:51:f9:af:
                    c7:81:f1:0e:28:b0:c8:47:1f:40:3b:ac:ad:08:a4:
                    53:89:3b:82:17:52:d4:17:0d:d7:4f:c4:73:6f:14:
                    77:11:4b:b8:13:2c:4b:56:ab:13:02:59:07:49:25:
                    20:8b:74:6f:1e:37:c3:54:80:fa:de:bc:d7:38:63:
                    8c:2b:4d:b1:72:4c:41:8d:7b:db:98:0f:48:a4:03:
                    c3:4c:ee:39:c3:18:b0:c4:a2:0c:49:7f:28:d6:e9:
                    fc:1f:5e:ad:30:8e:40:d5:c1:08:1b:4b:f6:8d:ff:
                    a8:50:b5:23:50:f6:f4:f0:0c:3d:a7:c7:60:02:2d:
                    72:ea:a5:f3:52:fd:58:c4:17:e0:89:59:28:c2:55:
                    12:57:95:fe:d0:17:8c:fe:96:b0:09:b2:86:51:46:
                    1e:85:c4:52:00:30:75:f4:db:41:82:fe:3e:b5:6a:
                    ef:87:77:fb:5e:13:df:1d:7b:26:93:29:52:8d:cd:
                    51:9c:79:ed:69:1b:2f:94:c0:34:bf:fa:4d:99:8e:
                    09:24:cd:ff:2e:da:cf:f5:68:25:7f:8e:da:b5:a0:
                    f2:c8:3c:d8:03:3e:77:73:d9:01:6e:a3:ed:77:68:
                    dd:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:9A:13:97:AA:E1:36:50:03:09:4B:4A:34:1C:AB:4C:6D:B5:43:09
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/x5oTl6rhNlADCUtKNByrTG21Qwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:22c1:9::/48
                  2a07:22c1:30::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:fc:94:c4:c7:c0:15:bc:af:22:ab:70:6e:d6:19:25:8a:4e:
         c8:6e:07:a2:b8:6e:8d:5e:a4:8b:79:b0:d6:7b:fd:e6:cc:dc:
         90:cc:41:3e:8e:2c:f4:d3:3e:43:12:96:f0:9a:54:a6:fc:62:
         4c:68:53:08:a9:ac:33:76:b1:ce:96:3f:43:9a:45:2a:c8:91:
         6c:80:94:b7:f5:6c:08:c2:5d:1c:9a:26:04:d5:04:9a:35:0c:
         72:6b:0d:5b:7b:36:be:05:29:67:32:93:fd:90:1e:c8:c3:ed:
         45:69:99:22:44:a3:9c:2c:35:ba:cf:8b:6d:3a:22:9d:8b:2b:
         15:7d:b5:a5:21:24:64:4d:10:0c:13:39:b9:a8:67:7a:4c:34:
         f0:56:ef:0e:98:a4:61:2a:de:9a:d0:e7:00:f2:40:14:6b:bb:
         cd:91:b2:a2:82:77:4b:5f:43:89:87:c5:5d:4b:1b:6b:30:0a:
         8c:bf:e6:eb:7c:0d:0a:ee:a3:54:df:56:84:2a:5d:50:62:77:
         52:43:f4:f2:90:9b:c5:3c:ad:61:41:25:c2:bb:99:6f:36:c4:
         de:15:87:e5:c4:dd:81:0c:e2:1d:ad:90:38:38:90:3d:76:9b:
         76:5b:54:f4:80:a7:52:ff:14:63:76:2e:51:18:68:4e:9e:a9:
         a8:19:4c:c7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzC217X2xp9gDmAU8yowbzlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzlhMTM5N2FhZTEzNjUwMDMwOTRiNGEzNDFjYWI0YzZkYjU0MzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRJoMLpWDi8mJKjSo2jQ8hOHkwMl
wuL3YDBR+a/HgfEOKLDIRx9AO6ytCKRTiTuCF1LUFw3XT8RzbxR3EUu4EyxLVqsT
AlkHSSUgi3RvHjfDVID63rzXOGOMK02xckxBjXvbmA9IpAPDTO45wxiwxKIMSX8o
1un8H16tMI5A1cEIG0v2jf+oULUjUPb08Aw9p8dgAi1y6qXzUv1YxBfgiVkowlUS
V5X+0BeM/pawCbKGUUYehcRSADB19NtBgv4+tWrvh3f7XhPfHXsmkylSjc1RnHnt
aRsvlMA0v/pNmY4JJM3/LtrP9Wglf47ataDyyDzYAz53c9kBbqPtd2jdUQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMeaE5eq4TZQAwlLSjQcq0xttUMJMB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEveDVvVGw2cmhObEFEQ1V0S05CeXJURzIxUXdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgciwQAJ
AwcAKgciwQAwMA0GCSqGSIb3DQEBCwUAA4IBAQAR/JTEx8AVvK8iq3Bu1hklik7I
bgeiuG6NXqSLebDWe/3mzNyQzEE+jiz00z5DEpbwmlSm/GJMaFMIqawzdrHOlj9D
mkUqyJFsgJS39WwIwl0cmiYE1QSaNQxyaw1beza+BSlnMpP9kB7Iw+1FaZkiRKOc
LDW6z4ttOiKdiysVfbWlISRkTRAMEzm5qGd6TDTwVu8OmKRhKt6a0OcA8kAUa7vN
kbKigndLX0OJh8VdSxtrMAqMv+brfA0K7qNU31aEKl1QYndSQ/TykJvFPK1hQSXC
u5lvNsTeFYflxN2BDOIdrZA4OJA9dpt2W1T0gKdS/xRjdi5RGGhOnqmoGUzH
-----END CERTIFICATE-----