Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/zZagmmyrjHNTp7s6-7GbynjGhxk.roa
File:                     zZagmmyrjHNTp7s6-7GbynjGhxk.roa (raw, json)
Hash identifier:          FYlFcitWFGvIjjH3e05wbki68/1tjLz2D/gRNFKYHjM=
Subject key identifier:   CD:96:A0:9A:6C:AB:8C:73:53:A7:BB:3A:FB:B1:9B:CA:78:C6:87:19
Certificate issuer:       /CN=f50bae60970a2dfc86dd607c5b915ad5c534b413
Certificate serial:       018CC3B6B339DC2D8FF115E433407A5E38A3
Authority key identifier: F5:0B:AE:60:97:0A:2D:FC:86:DD:60:7C:5B:91:5A:D5:C5:34:B4:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/zZagmmyrjHNTp7s6-7GbynjGhxk.roa
Signing time:             Mon 01 Jan 2024 06:29:39 +0000
ROA not before:           Mon 01 Jan 2024 06:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210805
IP address blocks:        2a0a:2786::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b3:39:dc:2d:8f:f1:15:e4:33:40:7a:5e:38:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f50bae60970a2dfc86dd607c5b915ad5c534b413
        Validity
            Not Before: Jan  1 06:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd96a09a6cab8c7353a7bb3afbb19bca78c68719
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:05:88:ac:2c:3c:29:9d:76:70:92:12:5e:be:
                    b7:ec:23:4a:e1:5c:81:9e:3c:c5:fa:47:86:61:bb:
                    8a:2c:bb:39:69:56:d4:f4:75:69:db:0d:21:c1:87:
                    39:b2:37:81:93:68:98:c1:9f:8f:d7:f0:d4:49:ee:
                    b1:b1:94:21:fb:c6:3d:a7:4b:21:3b:cb:a4:02:5b:
                    3d:4f:a4:1f:39:ed:59:1f:83:af:82:b6:e3:d8:50:
                    65:73:58:f7:00:57:54:8a:a0:d7:73:84:95:44:6a:
                    40:3c:2c:9f:6d:7e:30:b6:cd:47:9b:5f:f3:05:5b:
                    f5:17:5f:84:48:87:39:00:ab:9d:a7:26:c0:60:af:
                    32:37:8a:e9:1b:71:64:68:ea:48:e4:0c:0b:2a:57:
                    bc:62:c3:8e:56:78:22:fa:c6:b3:19:c6:ed:6f:10:
                    64:b2:d7:63:f1:5e:43:96:94:41:ca:16:c2:83:74:
                    32:bb:ad:7e:ec:e5:58:01:db:cb:7a:15:67:07:ac:
                    af:e5:31:e6:5f:02:69:70:60:61:4d:1e:b8:90:27:
                    cf:ed:c9:37:ad:43:9b:6d:54:b4:df:94:1c:84:06:
                    e0:a1:43:8c:b4:2a:6b:ab:b2:95:a8:eb:6b:64:92:
                    60:bc:22:66:18:31:35:f9:e1:98:de:d5:47:88:80:
                    ab:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:96:A0:9A:6C:AB:8C:73:53:A7:BB:3A:FB:B1:9B:CA:78:C6:87:19
            X509v3 Authority Key Identifier:
                keyid:F5:0B:AE:60:97:0A:2D:FC:86:DD:60:7C:5B:91:5A:D5:C5:34:B4:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/zZagmmyrjHNTp7s6-7GbynjGhxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2786::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:34:51:63:a2:ad:48:61:b2:f3:58:8b:f6:31:3d:95:d8:e2:
         3e:4c:a6:7b:e7:80:d6:20:07:d3:1a:b8:d6:e6:2f:8e:52:0c:
         7d:2a:ad:7e:41:1f:ae:73:65:ef:2b:3b:09:54:e4:a7:4b:1b:
         1f:ff:5e:df:fd:15:4b:30:5f:6e:db:9f:2c:3d:58:27:26:a3:
         7b:19:61:9c:f0:d6:09:db:c9:a6:4a:5b:0d:42:30:85:00:b5:
         c5:17:28:04:89:19:bd:be:ac:f0:38:dd:bc:b9:1d:66:59:b5:
         11:d9:99:ed:be:16:c8:70:e9:62:f3:46:7d:02:5f:56:01:55:
         fb:a3:0b:de:c1:5f:e1:6d:52:93:03:94:8d:2d:4b:4a:58:c0:
         5c:1a:37:37:89:3d:8a:e8:3f:a2:3e:f1:47:87:25:a7:26:c2:
         71:e0:d8:dd:24:77:38:19:ba:13:d7:70:47:cd:c2:ce:b5:2b:
         77:30:ac:8f:8a:02:0f:b4:4d:ef:c8:80:95:d2:fb:68:43:1d:
         ba:79:43:21:03:0e:da:1f:f8:c7:15:dd:6c:b8:a0:2a:a2:bc:
         03:4e:12:a1:80:dc:51:f4:17:62:bd:c6:68:e5:c2:26:1d:ba:
         b8:bd:ab:10:19:4e:05:60:ab:af:e6:e6:0b:a6:0d:12:41:ed:
         dd:95:b6:1d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDtrM53C2P8RXkM0B6XjijMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MGJhZTYwOTcwYTJkZmM4NmRkNjA3YzViOTE1YWQ1YzUz
NGI0MTMwHhcNMjQwMTAxMDYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDk2YTA5YTZjYWI4YzczNTNhN2JiM2FmYmIxOWJjYTc4YzY4NzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogWIrCw8KZ12cJISXr637CNK4VyB
njzF+keGYbuKLLs5aVbU9HVp2w0hwYc5sjeBk2iYwZ+P1/DUSe6xsZQh+8Y9p0sh
O8ukAls9T6QfOe1ZH4Ovgrbj2FBlc1j3AFdUiqDXc4SVRGpAPCyfbX4wts1Hm1/z
BVv1F1+ESIc5AKudpybAYK8yN4rpG3FkaOpI5AwLKle8YsOOVngi+sazGcbtbxBk
stdj8V5DlpRByhbCg3Qyu61+7OVYAdvLehVnB6yv5THmXwJpcGBhTR64kCfP7ck3
rUObbVS035QchAbgoUOMtCprq7KVqOtrZJJgvCJmGDE1+eGY3tVHiICrtQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM2WoJpsq4xzU6e7Ovuxm8p4xocZMB8GA1UdIwQY
MBaAFPULrmCXCi38ht1gfFuRWtXFNLQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVF1dVlKY0tMZnlHM1dCOFc1RmExY1UwdEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9mNzFkY2ItOWU5Mi00NGU3LWIwNDIt
MzY2NTA2N2RiMjU2LzEvelphZ21teXJqSE5UcDdzNi03R2J5bmpHaHhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9mNzFkY2ItOWU5Mi00NGU3LWIwNDItMzY2NTA2N2RiMjU2
LzEvOVF1dVlKY0tMZnlHM1dCOFc1RmExY1UwdEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgonhjAN
BgkqhkiG9w0BAQsFAAOCAQEAPjRRY6KtSGGy81iL9jE9ldjiPkyme+eA1iAH0xq4
1uYvjlIMfSqtfkEfrnNl7ys7CVTkp0sbH/9e3/0VSzBfbtufLD1YJyajexlhnPDW
CdvJpkpbDUIwhQC1xRcoBIkZvb6s8DjdvLkdZlm1EdmZ7b4WyHDpYvNGfQJfVgFV
+6ML3sFf4W1SkwOUjS1LSljAXBo3N4k9iug/oj7xR4clpybCceDY3SR3OBm6E9dw
R83CzrUrdzCsj4oCD7RN78iAldL7aEMdunlDIQMO2h/4xxXdbLigKqK8A04SoYDc
UfQXYr3GaOXCJh26uL2rEBlOBWCrr+bmC6YNEkHt3ZW2HQ==
-----END CERTIFICATE-----