Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/uWIQs8iH4c3cX30uNoerhae5IL8.roa
File:                     uWIQs8iH4c3cX30uNoerhae5IL8.roa (raw, json)
Hash identifier:          OZQ3P2ZRy2yPm0LVt+tOxcM3IVkMYSKl8wRi4wpuTNY=
Subject key identifier:   B9:62:10:B3:C8:87:E1:CD:DC:5F:7D:2E:36:87:AB:85:A7:B9:20:BF
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       0190952AE409C2EEDB6C839DA8F71F09273C
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/uWIQs8iH4c3cX30uNoerhae5IL8.roa
Signing time:             Tue 09 Jul 2024 01:45:34 +0000
ROA not before:           Tue 09 Jul 2024 01:45:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152920
IP address blocks:        2a0f:cf40::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:95:2a:e4:09:c2:ee:db:6c:83:9d:a8:f7:1f:09:27:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jul  9 01:45:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b96210b3c887e1cddc5f7d2e3687ab85a7b920bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:b8:43:d3:93:34:61:cd:b1:9f:57:59:22:cf:
                    64:be:69:e7:24:9f:5a:cd:7a:f9:76:05:4a:f5:73:
                    89:23:9f:33:56:29:15:90:3a:28:21:99:0a:ce:ff:
                    4f:30:ff:2b:0e:2d:dd:a0:7c:18:e8:dd:cf:cb:7a:
                    f6:f9:e4:cb:26:2e:44:ab:84:70:67:74:9d:2b:ad:
                    dc:41:57:72:cf:39:8d:51:a6:0d:6d:59:c5:c2:e0:
                    13:67:97:66:cb:6e:5d:bb:03:6f:87:3b:2e:31:fd:
                    f1:b9:b8:94:f0:70:a5:35:da:b3:87:30:08:33:6e:
                    5f:a7:c3:eb:86:df:31:4f:07:6c:97:8d:c2:32:e5:
                    ba:56:af:62:eb:1f:1a:54:ec:fc:14:2e:93:e1:c4:
                    15:71:ea:24:07:03:8c:7b:cb:25:75:e2:6a:06:93:
                    21:ac:06:40:0b:4a:e6:01:1e:3b:ea:36:a1:87:4c:
                    54:aa:15:f4:7d:96:6d:1f:d5:01:01:b5:ee:c9:c2:
                    45:8c:df:5d:89:51:96:14:65:44:20:46:c1:6b:92:
                    a6:9f:9f:81:59:47:e2:dc:51:8b:88:52:6a:4f:0e:
                    de:c3:44:12:2b:de:12:8d:a4:9e:07:e6:d6:d1:47:
                    f7:92:4c:0d:c7:4f:6d:a3:8d:03:77:1f:d1:03:24:
                    ce:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:62:10:B3:C8:87:E1:CD:DC:5F:7D:2E:36:87:AB:85:A7:B9:20:BF
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/uWIQs8iH4c3cX30uNoerhae5IL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:cf40::/40

    Signature Algorithm: sha256WithRSAEncryption
         93:3e:91:55:b8:f4:90:02:94:4e:8b:6f:49:01:b4:02:06:71:
         55:48:f2:85:82:29:a2:fc:f9:97:3c:d2:ad:aa:58:3a:33:e9:
         c6:7f:f3:04:4f:ea:c1:48:d5:1f:c6:25:02:3d:fb:a3:8d:18:
         00:1a:1a:f0:bf:a3:fc:7c:1a:5f:41:17:ea:74:4a:36:45:4e:
         12:6a:c7:9e:d2:73:e9:94:47:76:ac:ea:cf:84:11:a7:75:f1:
         50:ca:92:a4:a4:dc:cf:a1:88:a0:bd:9a:43:3e:a3:95:1d:02:
         29:09:60:84:6e:73:5a:d5:a4:f4:0e:79:4c:34:12:a4:52:48:
         ad:c1:9f:5a:cb:f7:d5:42:19:74:eb:76:3a:8e:61:89:fc:c7:
         de:ee:b8:55:f9:eb:cc:87:ed:3e:05:27:7f:26:ab:8b:54:22:
         3c:41:6a:4b:07:0a:93:2a:a4:bc:fe:e2:d4:4c:a7:fa:f5:49:
         a6:f7:22:e9:5d:73:b9:53:c2:eb:7d:39:bb:38:b6:a4:b9:df:
         0f:bf:b8:ef:cc:47:4d:53:2b:59:76:35:00:e2:01:6b:88:47:
         a2:78:0e:d5:6b:4b:c0:8b:78:50:c0:a2:d4:0d:ce:ef:ea:a8:
         3d:ba:46:8f:0a:36:1b:4f:02:53:34:0c:64:9a:0a:9e:3b:b2:
         9a:95:91:de
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZCVKuQJwu7bbIOdqPcfCSc8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwNzA5MDE0NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTYyMTBiM2M4ODdlMWNkZGM1ZjdkMmUzNjg3YWI4NWE3YjkyMGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rhD05M0Yc2xn1dZIs9kvmnnJJ9a
zXr5dgVK9XOJI58zVikVkDooIZkKzv9PMP8rDi3doHwY6N3Py3r2+eTLJi5Eq4Rw
Z3SdK63cQVdyzzmNUaYNbVnFwuATZ5dmy25duwNvhzsuMf3xubiU8HClNdqzhzAI
M25fp8Prht8xTwdsl43CMuW6Vq9i6x8aVOz8FC6T4cQVceokBwOMe8sldeJqBpMh
rAZAC0rmAR476jahh0xUqhX0fZZtH9UBAbXuycJFjN9diVGWFGVEIEbBa5Kmn5+B
WUfi3FGLiFJqTw7ew0QSK94SjaSeB+bW0Uf3kkwNx09to40Ddx/RAyTO6wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLliELPIh+HN3F99LjaHq4WnuSC/MB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvdVdJUXM4aUg0YzNjWDMwdU5vZXJoYWU1SUw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg/PQAAw
DQYJKoZIhvcNAQELBQADggEBAJM+kVW49JAClE6Lb0kBtAIGcVVI8oWCKaL8+Zc8
0q2qWDoz6cZ/8wRP6sFI1R/GJQI9+6ONGAAaGvC/o/x8Gl9BF+p0SjZFThJqx57S
c+mUR3as6s+EEad18VDKkqSk3M+hiKC9mkM+o5UdAikJYIRuc1rVpPQOeUw0EqRS
SK3Bn1rL99VCGXTrdjqOYYn8x97uuFX568yH7T4FJ38mq4tUIjxBaksHCpMqpLz+
4tRMp/r1Sab3Iuldc7lTwut9Obs4tqS53w+/uO/MR01TK1l2NQDiAWuIR6J4DtVr
S8CLeFDAotQNzu/qqD26Ro8KNhtPAlM0DGSaCp47spqVkd4=
-----END CERTIFICATE-----