Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/Z3XCmfe7g-E7hXpAeoO-8HHlvVw.roa
File:                     Z3XCmfe7g-E7hXpAeoO-8HHlvVw.roa (raw, json)
Hash identifier:          27+XWlUi543wNiPjncNcA+fR0LfKgFpdhKKW5RK5Kvo=
Subject key identifier:   67:75:C2:99:F7:BB:83:E1:3B:85:7A:40:7A:83:BE:F0:71:E5:BD:5C
Certificate issuer:       /CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
Certificate serial:       0192C34B7BF3D6323474B261E4E5E61DBEDB
Authority key identifier: CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/Z3XCmfe7g-E7hXpAeoO-8HHlvVw.roa
Signing time:             Fri 25 Oct 2024 10:49:16 +0000
ROA not before:           Fri 25 Oct 2024 10:49:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0e:7f40::/32 maxlen: 32
                          2a0e:7f43::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c3:4b:7b:f3:d6:32:34:74:b2:61:e4:e5:e6:1d:be:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
        Validity
            Not Before: Oct 25 10:49:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6775c299f7bb83e13b857a407a83bef071e5bd5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:26:8d:28:09:8c:2b:fa:52:07:d3:ec:62:3a:
                    64:55:53:80:c0:bb:c0:09:c8:4b:89:81:2d:b2:a9:
                    89:79:30:99:db:da:d3:a9:11:bf:af:ab:8f:59:dc:
                    15:88:6f:14:3e:cc:4e:c7:2b:69:58:a8:e3:fa:6e:
                    8b:e1:10:3a:93:ce:97:5c:8d:bc:b1:6d:03:29:6c:
                    23:ff:75:d0:78:b4:eb:12:3f:87:f1:d5:4b:8d:4e:
                    57:f2:22:71:bc:cf:40:68:ee:2a:c3:e1:87:55:bb:
                    71:f8:61:e3:e8:05:9d:ab:d9:fe:d6:90:c2:cd:49:
                    26:b9:f8:b5:8a:2a:32:22:b2:c0:4f:7d:6e:1b:ea:
                    cf:c7:46:72:11:71:b3:5a:8c:ec:62:db:1f:4a:0e:
                    db:5c:78:a8:dc:2d:a4:6a:e3:55:c7:31:09:94:e8:
                    e3:fa:cf:1d:2f:48:bf:05:d5:4e:5c:34:de:58:0b:
                    cb:1e:94:b6:56:35:af:91:ce:67:c5:38:17:15:7c:
                    b8:24:17:8d:d7:b1:71:11:7d:2e:e5:1b:af:94:14:
                    e1:d9:16:88:b3:1f:22:a9:93:81:f5:e0:da:f6:9a:
                    8a:24:94:23:34:7e:2a:e6:7a:2e:23:e2:6d:08:e8:
                    0a:39:7d:c8:51:7b:79:66:29:89:5b:a8:ae:3b:69:
                    7d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:75:C2:99:F7:BB:83:E1:3B:85:7A:40:7A:83:BE:F0:71:E5:BD:5C
            X509v3 Authority Key Identifier:
                keyid:CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/Z3XCmfe7g-E7hXpAeoO-8HHlvVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:7f40::/32
                  2a0e:7f43::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:59:d9:02:9e:90:55:ab:c4:68:9e:4b:d8:f9:7d:59:9a:5b:
         4f:b4:22:ac:46:aa:69:c1:dd:fb:19:d0:8f:8c:35:5a:e8:50:
         27:02:c0:36:91:6d:fe:3b:db:a0:19:61:b8:9a:95:f4:d5:f0:
         62:29:44:5c:a0:db:c0:a5:00:43:95:2d:bb:fb:60:f6:0c:65:
         a6:a2:64:52:25:09:8c:09:86:9b:b2:0e:14:cd:53:2c:a2:7e:
         a4:fa:59:b2:d6:4e:29:08:83:d7:e8:43:38:82:65:7f:49:22:
         c4:e5:03:30:ea:a9:dc:2c:d8:b6:a5:be:b8:ed:95:7e:41:22:
         70:36:74:19:f0:0f:bd:b9:74:95:8d:01:c4:fd:bc:6b:4a:9d:
         15:88:17:76:06:e1:0d:8f:0f:c0:5e:98:50:70:3a:8d:dc:1b:
         e1:8e:e2:c6:ae:1b:29:de:f6:55:eb:78:01:c0:d7:20:b0:63:
         1a:4f:1a:f9:df:39:30:c0:3b:ea:91:d9:02:00:b1:62:43:72:
         bd:86:0d:a2:54:4c:81:62:80:07:69:62:48:a3:aa:35:13:d7:
         64:f5:bb:86:f8:23:4f:8d:51:e5:98:f5:e2:18:de:84:bd:29:
         eb:c1:d7:d4:9d:b0:67:e2:96:d2:81:78:e5:27:6d:f3:ac:ea:
         01:06:32:ab
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZLDS3vz1jI0dLJh5OXmHb7bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOWNjZDgzMGI3ZTAzMzA4YmY1Y2YyNWU2N2E3ZmMyYmRl
MDk1N2MwHhcNMjQxMDI1MTA0OTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzc1YzI5OWY3YmI4M2UxM2I4NTdhNDA3YTgzYmVmMDcxZTViZDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyaNKAmMK/pSB9PsYjpkVVOAwLvA
CchLiYEtsqmJeTCZ29rTqRG/r6uPWdwViG8UPsxOxytpWKjj+m6L4RA6k86XXI28
sW0DKWwj/3XQeLTrEj+H8dVLjU5X8iJxvM9AaO4qw+GHVbtx+GHj6AWdq9n+1pDC
zUkmufi1iioyIrLAT31uG+rPx0ZyEXGzWozsYtsfSg7bXHio3C2kauNVxzEJlOjj
+s8dL0i/BdVOXDTeWAvLHpS2VjWvkc5nxTgXFXy4JBeN17FxEX0u5RuvlBTh2RaI
sx8iqZOB9eDa9pqKJJQjNH4q5nouI+JtCOgKOX3IUXt5ZimJW6iuO2l9GQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGd1wpn3u4PhO4V6QHqDvvBx5b1cMB8GA1UdIwQY
MBaAFMqczYMLfgMwi/XPJeZ6f8K94JV8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQt
ZDFjZGUyNDY1Zjg5LzEvWjNYQ21mZTdnLUU3aFhwQWVvTy04SEhsdlZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQtZDFjZGUyNDY1Zjg5
LzEveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg5/QAMF
ACoOf0MwDQYJKoZIhvcNAQELBQADggEBAENZ2QKekFWrxGieS9j5fVmaW0+0IqxG
qmnB3fsZ0I+MNVroUCcCwDaRbf4726AZYbialfTV8GIpRFyg28ClAEOVLbv7YPYM
ZaaiZFIlCYwJhpuyDhTNUyyifqT6WbLWTikIg9foQziCZX9JIsTlAzDqqdws2Lal
vrjtlX5BInA2dBnwD725dJWNAcT9vGtKnRWIF3YG4Q2PD8BemFBwOo3cG+GO4sau
Gyne9lXreAHA1yCwYxpPGvnfOTDAO+qR2QIAsWJDcr2GDaJUTIFigAdpYkijqjUT
12T1u4b4I0+NUeWY9eIY3oS9KevB19SdsGfiltKBeOUnbfOs6gEGMqs=
-----END CERTIFICATE-----