Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/b906c9-2b3d-437c-a3cd-5d92cef23c5a/1/sUSS8OVJ9t6tP7UGZ51G8BC8C1o.roa
File:                     sUSS8OVJ9t6tP7UGZ51G8BC8C1o.roa (raw, json)
Hash identifier:          0Gk5s5M6GopnuyqllJKSSGhGUiXXuZDaftWf49WyNV0=
Subject key identifier:   B1:44:92:F0:E5:49:F6:DE:AD:3F:B5:06:67:9D:46:F0:10:BC:0B:5A
Certificate issuer:       /CN=6f80964407c5daa44088acfe95e6488b800fade5
Certificate serial:       01901BD7A0B58D037B046F17F462977721CB
Authority key identifier: 6F:80:96:44:07:C5:DA:A4:40:88:AC:FE:95:E6:48:8B:80:0F:AD:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4CWRAfF2qRAiKz-leZIi4APreU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/b906c9-2b3d-437c-a3cd-5d92cef23c5a/1/sUSS8OVJ9t6tP7UGZ51G8BC8C1o.roa
Signing time:             Sat 15 Jun 2024 12:20:34 +0000
ROA not before:           Sat 15 Jun 2024 12:20:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209057
IP address blocks:        2a0e:6a00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/b906c9-2b3d-437c-a3cd-5d92cef23c5a/1/b4CWRAfF2qRAiKz-leZIi4APreU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/b906c9-2b3d-437c-a3cd-5d92cef23c5a/1/b4CWRAfF2qRAiKz-leZIi4APreU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4CWRAfF2qRAiKz-leZIi4APreU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:1b:d7:a0:b5:8d:03:7b:04:6f:17:f4:62:97:77:21:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f80964407c5daa44088acfe95e6488b800fade5
        Validity
            Not Before: Jun 15 12:20:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b14492f0e549f6dead3fb506679d46f010bc0b5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ed:f0:55:4e:98:7b:71:f1:15:b2:18:1d:17:
                    22:ca:c2:09:ca:72:a2:14:06:9d:1d:b6:14:b4:91:
                    9c:b3:e4:a6:36:6a:1f:a7:f7:65:43:00:40:79:8d:
                    89:7b:8a:92:cd:72:9c:0d:a4:b2:32:3c:b8:ce:d4:
                    d0:e9:25:c0:b2:03:7b:61:6d:7f:16:9f:38:b6:97:
                    b4:64:6a:35:fd:0e:ea:99:4f:9a:9f:6e:da:87:56:
                    af:54:34:8b:1e:71:96:e7:ef:db:ef:e3:78:4b:e7:
                    6c:f0:b6:49:2c:f3:b5:f2:fc:88:ee:35:17:af:03:
                    12:1f:9e:d3:fd:b3:b9:4d:93:a8:05:b7:73:d5:ae:
                    69:2d:31:72:fc:80:21:4d:8a:b0:40:53:2f:7d:f9:
                    99:16:e7:cc:9c:81:80:37:e3:bf:6e:68:1b:df:2c:
                    ec:f2:5e:00:90:78:69:04:af:9a:4f:ba:42:f8:ae:
                    5c:24:d0:d0:fe:11:4c:5a:e9:a2:6e:42:bc:52:ee:
                    e2:54:e2:87:12:4b:ae:88:a3:b8:57:61:5c:84:96:
                    16:06:63:46:26:8d:e9:e9:8c:84:48:ee:33:c5:3f:
                    1d:db:da:95:e1:cd:05:ba:8d:9d:db:a3:37:91:b3:
                    07:8c:8a:57:3f:14:f3:ec:18:7b:21:9b:74:a3:d9:
                    22:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:44:92:F0:E5:49:F6:DE:AD:3F:B5:06:67:9D:46:F0:10:BC:0B:5A
            X509v3 Authority Key Identifier:
                keyid:6F:80:96:44:07:C5:DA:A4:40:88:AC:FE:95:E6:48:8B:80:0F:AD:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4CWRAfF2qRAiKz-leZIi4APreU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/b906c9-2b3d-437c-a3cd-5d92cef23c5a/1/sUSS8OVJ9t6tP7UGZ51G8BC8C1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/b906c9-2b3d-437c-a3cd-5d92cef23c5a/1/b4CWRAfF2qRAiKz-leZIi4APreU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:6a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         b7:42:8c:af:d3:fb:35:a2:77:a0:38:c7:7e:63:3a:a0:25:51:
         29:df:5d:be:16:7d:fb:1b:7b:b2:88:81:3c:e5:be:38:91:88:
         f4:eb:9b:2f:b4:62:ca:46:00:8e:9a:a9:09:0a:28:17:cd:c4:
         10:5e:99:f8:2a:8c:4e:a9:b7:15:ad:c8:8d:f6:67:ce:43:ac:
         83:ec:7b:b4:b5:6d:6f:28:10:0d:96:ed:f4:84:e1:e5:4f:b5:
         07:35:95:fa:bd:2a:b4:00:0b:f4:53:e3:b8:40:91:91:07:5c:
         76:5b:d2:ee:04:2d:96:9b:af:4e:a5:5b:47:ae:a3:9d:13:c3:
         b8:4c:07:25:36:7b:34:e5:3d:61:85:c9:4d:c6:20:17:65:70:
         0d:5f:ab:43:fa:b0:98:cf:3a:c9:e9:c7:b5:db:68:df:9e:a0:
         e9:b9:b1:cc:d0:d7:f3:7a:7f:2e:00:ce:a0:f8:bc:aa:b2:43:
         49:1d:ce:5f:da:ac:5e:8d:58:76:c7:d0:6b:4c:ef:41:25:ee:
         5f:f2:14:f5:fb:83:3f:45:d7:81:bc:48:ff:c2:d9:1e:7e:0c:
         08:dc:eb:2f:b7:37:04:20:02:45:4b:ad:58:cb:df:63:cb:70:
         69:b3:3a:70:40:35:31:70:cf:1e:9b:30:84:aa:94:47:6c:bb:
         12:9f:82:0a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZAb16C1jQN7BG8X9GKXdyHLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODA5NjQ0MDdjNWRhYTQ0MDg4YWNmZTk1ZTY0ODhiODAw
ZmFkZTUwHhcNMjQwNjE1MTIyMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTQ0OTJmMGU1NDlmNmRlYWQzZmI1MDY2NzlkNDZmMDEwYmMwYjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAte3wVU6Ye3HxFbIYHRciysIJynKi
FAadHbYUtJGcs+SmNmofp/dlQwBAeY2Je4qSzXKcDaSyMjy4ztTQ6SXAsgN7YW1/
Fp84tpe0ZGo1/Q7qmU+an27ah1avVDSLHnGW5+/b7+N4S+ds8LZJLPO18vyI7jUX
rwMSH57T/bO5TZOoBbdz1a5pLTFy/IAhTYqwQFMvffmZFufMnIGAN+O/bmgb3yzs
8l4AkHhpBK+aT7pC+K5cJNDQ/hFMWumibkK8Uu7iVOKHEkuuiKO4V2FchJYWBmNG
Jo3p6YyESO4zxT8d29qV4c0Fuo2d26M3kbMHjIpXPxTz7Bh7IZt0o9ki+QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLFEkvDlSfberT+1BmedRvAQvAtaMB8GA1UdIwQY
MBaAFG+AlkQHxdqkQIis/pXmSIuAD63lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRDV1JBZkYycVJBaUt6LWxlWklpNEFQcmVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9iOTA2YzktMmIzZC00MzdjLWEzY2Qt
NWQ5MmNlZjIzYzVhLzEvc1VTUzhPVko5dDZ0UDdVR1o1MUc4QkM4QzFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9iOTA2YzktMmIzZC00MzdjLWEzY2QtNWQ5MmNlZjIzYzVh
LzEvYjRDV1JBZkYycVJBaUt6LWxlWklpNEFQcmVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg5qADAN
BgkqhkiG9w0BAQsFAAOCAQEAt0KMr9P7NaJ3oDjHfmM6oCVRKd9dvhZ9+xt7soiB
POW+OJGI9OubL7RiykYAjpqpCQooF83EEF6Z+CqMTqm3Fa3IjfZnzkOsg+x7tLVt
bygQDZbt9ITh5U+1BzWV+r0qtAAL9FPjuECRkQdcdlvS7gQtlpuvTqVbR66jnRPD
uEwHJTZ7NOU9YYXJTcYgF2VwDV+rQ/qwmM86yenHtdto356g6bmxzNDX83p/LgDO
oPi8qrJDSR3OX9qsXo1YdsfQa0zvQSXuX/IU9fuDP0XXgbxI/8LZHn4MCNzrL7c3
BCACRUutWMvfY8twabM6cEA1MXDPHpswhKqUR2y7Ep+CCg==
-----END CERTIFICATE-----