Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/biWMasp9BnMcdR8d7VeHQ93bwWM.roa
File:                     biWMasp9BnMcdR8d7VeHQ93bwWM.roa (raw, json)
Hash identifier:          Ds7i8+FGdlPmPJlZLaJSmwBZHbFUkKCgyRsdXKWrads=
Subject key identifier:   6E:25:8C:6A:CA:7D:06:73:1C:75:1F:1D:ED:57:87:43:DD:DB:C1:63
Certificate issuer:       /CN=7f6bd1a6b04625c571d830f878b1c0238247408c
Certificate serial:       019024DF55047B5A42F05248DB261134008A
Authority key identifier: 7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/biWMasp9BnMcdR8d7VeHQ93bwWM.roa
Signing time:             Mon 17 Jun 2024 06:25:34 +0000
ROA not before:           Mon 17 Jun 2024 06:25:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        2a0b:d500::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:24:df:55:04:7b:5a:42:f0:52:48:db:26:11:34:00:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f6bd1a6b04625c571d830f878b1c0238247408c
        Validity
            Not Before: Jun 17 06:25:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e258c6aca7d06731c751f1ded578743dddbc163
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:a6:f4:b3:c3:05:af:c7:f3:1f:da:9f:e0:95:
                    0b:25:65:b4:14:9b:f7:f7:27:d2:ea:1b:e7:e0:78:
                    cc:4d:cb:88:56:77:96:b7:c8:38:43:f3:7b:fe:48:
                    7f:83:47:d3:e8:1c:da:a5:72:83:1d:3b:b3:ea:d1:
                    b6:b7:64:90:e0:f9:77:28:32:61:27:9d:70:c5:6b:
                    40:e6:e5:cc:e3:55:0e:3c:91:78:da:00:97:75:61:
                    83:c6:65:ca:7b:48:83:61:18:06:25:8d:ba:78:f0:
                    2a:b8:bc:63:ce:6d:2e:e6:fe:7e:b3:3c:f7:26:10:
                    b4:ac:d5:bc:f3:37:9a:36:05:2b:f4:37:a4:90:df:
                    aa:ce:4c:94:ca:24:86:d3:2d:b4:06:cc:be:83:6f:
                    e3:ed:bc:b5:29:9f:ba:da:72:dc:da:22:cf:79:c6:
                    8b:e9:b4:9e:dc:45:6b:22:61:fc:3b:e8:c0:e4:84:
                    50:81:5d:5b:19:b3:4e:96:77:6c:a7:04:dc:1c:7f:
                    f1:70:38:3e:be:96:9e:f3:9a:84:72:f6:53:e7:4b:
                    44:ee:7b:f4:5e:26:eb:32:f3:a0:88:b8:0f:88:56:
                    e0:92:56:57:47:82:69:97:64:88:56:23:82:a8:11:
                    78:b8:ba:23:be:37:17:a9:e5:bf:ce:9c:8b:92:f9:
                    04:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:25:8C:6A:CA:7D:06:73:1C:75:1F:1D:ED:57:87:43:DD:DB:C1:63
            X509v3 Authority Key Identifier:
                keyid:7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/biWMasp9BnMcdR8d7VeHQ93bwWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:d500::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:24:17:56:0f:45:d2:5c:2f:88:69:bc:a0:aa:ac:aa:cd:18:
         57:53:b9:04:be:b6:36:73:40:af:40:01:c7:78:ab:80:5d:69:
         c6:fe:bf:81:a3:7e:37:c5:a9:9e:11:88:ff:47:de:a9:11:5b:
         ff:88:5b:12:ec:b2:b0:59:07:89:23:4f:fc:3d:ec:90:30:3c:
         d1:a7:7b:df:4c:88:d7:6f:6a:85:1c:2b:94:89:75:15:76:ac:
         2a:94:70:87:63:db:11:e1:c0:22:17:93:e1:c3:13:c7:30:74:
         d9:0a:bd:58:15:0d:dd:78:c1:d5:93:1e:67:21:d7:26:b0:e6:
         aa:4e:77:5f:94:c1:5a:8b:28:7a:54:34:d9:7a:5a:ad:8f:bc:
         83:af:2d:27:9d:02:d2:69:ae:7e:25:e2:ec:e2:4c:d4:52:18:
         7e:e2:bb:e3:19:b1:b9:5b:c6:71:74:f7:41:73:a5:88:03:d6:
         cb:a9:36:53:28:d2:d5:1c:24:a1:53:71:df:fc:1e:2c:44:e5:
         62:3c:cb:7e:6e:bd:0e:a7:81:26:d2:cd:0b:f3:f3:16:05:a8:
         44:82:69:f1:bc:0c:58:15:71:a8:82:2c:6e:2a:a6:ef:4c:8a:
         41:e5:e0:9d:9a:58:fc:0d:59:14:14:e9:32:30:dd:19:4c:63:
         8a:d2:89:56
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZAk31UEe1pC8FJI2yYRNACKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNmJkMWE2YjA0NjI1YzU3MWQ4MzBmODc4YjFjMDIzODI0
NzQwOGMwHhcNMjQwNjE3MDYyNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTI1OGM2YWNhN2QwNjczMWM3NTFmMWRlZDU3ODc0M2RkZGJjMTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ab0s8MFr8fzH9qf4JULJWW0FJv3
9yfS6hvn4HjMTcuIVneWt8g4Q/N7/kh/g0fT6BzapXKDHTuz6tG2t2SQ4Pl3KDJh
J51wxWtA5uXM41UOPJF42gCXdWGDxmXKe0iDYRgGJY26ePAquLxjzm0u5v5+szz3
JhC0rNW88zeaNgUr9DekkN+qzkyUyiSG0y20Bsy+g2/j7by1KZ+62nLc2iLPecaL
6bSe3EVrImH8O+jA5IRQgV1bGbNOlndspwTcHH/xcDg+vpae85qEcvZT50tE7nv0
XibrMvOgiLgPiFbgklZXR4Jpl2SIViOCqBF4uLojvjcXqeW/zpyLkvkE5QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG4ljGrKfQZzHHUfHe1Xh0Pd28FjMB8GA1UdIwQY
MBaAFH9r0aawRiXFcdgw+HixwCOCR0CMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEt
ODliNmMzMjMxNWMyLzEvYmlXTWFzcDlCbk1jZFI4ZDdWZUhROTNid1dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEtODliNmMzMjMxNWMy
LzEvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgvVADAN
BgkqhkiG9w0BAQsFAAOCAQEAKCQXVg9F0lwviGm8oKqsqs0YV1O5BL62NnNAr0AB
x3irgF1pxv6/gaN+N8WpnhGI/0feqRFb/4hbEuyysFkHiSNP/D3skDA80ad730yI
129qhRwrlIl1FXasKpRwh2PbEeHAIheT4cMTxzB02Qq9WBUN3XjB1ZMeZyHXJrDm
qk53X5TBWosoelQ02XparY+8g68tJ50C0mmufiXi7OJM1FIYfuK74xmxuVvGcXT3
QXOliAPWy6k2UyjS1RwkoVNx3/weLETlYjzLfm69DqeBJtLNC/PzFgWoRIJp8bwM
WBVxqIIsbiqm70yKQeXgnZpY/A1ZFBTpMjDdGUxjitKJVg==
-----END CERTIFICATE-----