Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/9rNpUbLwKA3gYn0hqgoutw3fV-Q.roa
File:                     9rNpUbLwKA3gYn0hqgoutw3fV-Q.roa (raw, json)
Hash identifier:          TVUr3ENRWy3Rj1ZGSC9LwooUXRSPARD9upMwIkPr6j8=
Subject key identifier:   F6:B3:69:51:B2:F0:28:0D:E0:62:7D:21:AA:0A:2E:B7:0D:DF:57:E4
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018E89AB3F3CE8FF39A46FD7FE2855291210
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/9rNpUbLwKA3gYn0hqgoutw3fV-Q.roa
Signing time:             Fri 29 Mar 2024 10:04:45 +0000
ROA not before:           Fri 29 Mar 2024 10:04:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213220
IP address blocks:        2a0a:b380::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 14:06:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:89:ab:3f:3c:e8:ff:39:a4:6f:d7:fe:28:55:29:12:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Mar 29 10:04:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6b36951b2f0280de0627d21aa0a2eb70ddf57e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:90:3d:c9:23:ac:05:5e:aa:98:b0:5d:88:e3:
                    b1:46:49:41:73:be:4c:dc:e7:49:79:e5:09:0b:0b:
                    19:8a:aa:84:a3:d3:aa:8f:b0:78:18:5b:9b:3d:77:
                    ba:f3:14:5f:c0:89:f4:2a:f4:2b:74:bc:43:3f:38:
                    f2:8d:9e:38:b8:03:f9:c3:95:e3:78:94:e9:8b:dd:
                    09:83:cb:0a:e8:6d:53:40:0a:f6:c8:5e:9e:f4:e0:
                    70:c5:04:64:0e:50:af:3e:4a:1e:ba:81:95:1e:fe:
                    88:c6:0f:70:9b:f0:94:c8:75:ce:bf:5f:95:e9:6b:
                    76:98:f7:9a:68:e6:14:ee:38:c8:77:c4:8e:fc:3f:
                    0d:f5:93:77:92:4d:6c:4b:23:ce:3c:0c:2c:81:2f:
                    13:46:24:3f:cc:e8:81:33:5a:38:0d:c4:ae:0b:bd:
                    a6:6a:84:d9:84:b3:8e:f5:c0:8e:78:3c:cf:89:5c:
                    23:25:44:fc:03:d4:f6:11:3f:34:c8:df:35:fb:7e:
                    6f:17:64:ee:94:f8:37:a8:17:be:b8:15:b2:40:4a:
                    cf:18:6d:28:c1:2f:7c:a2:25:f1:b1:65:41:b7:15:
                    bf:46:e2:f8:46:5f:7e:0d:c8:84:04:dc:3e:11:68:
                    19:47:6a:f8:37:f7:a4:d6:04:5d:5b:87:63:b5:ef:
                    6e:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:B3:69:51:B2:F0:28:0D:E0:62:7D:21:AA:0A:2E:B7:0D:DF:57:E4
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/9rNpUbLwKA3gYn0hqgoutw3fV-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:b380::/32

    Signature Algorithm: sha256WithRSAEncryption
         57:64:57:93:8d:80:24:39:83:33:67:7b:dc:5d:74:6f:85:97:
         db:da:00:7f:03:5d:95:55:02:65:34:cf:45:c3:f8:33:fd:a5:
         26:7e:39:f7:c7:a2:ec:e9:f3:9c:63:da:1b:af:49:5e:4b:d2:
         5d:cd:3b:47:7b:8a:28:fd:d1:7d:3f:d2:68:f4:c7:2a:81:53:
         be:65:31:4b:5d:98:98:10:f4:35:80:ef:96:af:5e:a8:4b:fe:
         3b:9a:30:52:97:47:63:1c:1c:df:0e:51:b6:ed:b3:09:65:a2:
         49:40:96:30:fc:a3:d0:22:f1:60:95:92:a0:f6:47:b7:e4:53:
         27:66:d8:ea:2b:11:28:33:38:de:0d:f2:0d:14:9a:2d:20:22:
         d9:56:ad:26:e8:d7:55:a2:86:a0:cf:a0:e4:1a:9d:f1:ee:62:
         e8:a3:ee:31:30:2d:26:85:e4:1e:70:db:76:22:fc:e7:d0:66:
         a7:34:e7:37:42:f5:94:7f:06:e8:3f:17:33:be:78:b8:15:e9:
         19:e0:f8:17:18:12:99:d6:02:14:9a:81:d1:86:6e:6d:84:20:
         8d:7f:b1:89:9a:e3:52:78:be:64:06:9a:6c:c1:ec:d7:fe:08:
         cd:bd:26:d8:19:ef:ad:72:f5:06:ef:5f:a6:7f:27:bb:9b:d9:
         02:e6:15:51
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY6Jqz886P85pG/X/ihVKRIQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMzI5MTAwNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmIzNjk1MWIyZjAyODBkZTA2MjdkMjFhYTBhMmViNzBkZGY1N2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZA9ySOsBV6qmLBdiOOxRklBc75M
3OdJeeUJCwsZiqqEo9Oqj7B4GFubPXe68xRfwIn0KvQrdLxDPzjyjZ44uAP5w5Xj
eJTpi90Jg8sK6G1TQAr2yF6e9OBwxQRkDlCvPkoeuoGVHv6Ixg9wm/CUyHXOv1+V
6Wt2mPeaaOYU7jjId8SO/D8N9ZN3kk1sSyPOPAwsgS8TRiQ/zOiBM1o4DcSuC72m
aoTZhLOO9cCOeDzPiVwjJUT8A9T2ET80yN81+35vF2TulPg3qBe+uBWyQErPGG0o
wS98oiXxsWVBtxW/RuL4Rl9+DciEBNw+EWgZR2r4N/ek1gRdW4djte9uRwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPazaVGy8CgN4GJ9IaoKLrcN31fkMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvOXJOcFViTHdLQTNnWW4waHFnb3V0dzNmVi1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgqzgDAN
BgkqhkiG9w0BAQsFAAOCAQEAV2RXk42AJDmDM2d73F10b4WX29oAfwNdlVUCZTTP
RcP4M/2lJn4598ei7OnznGPaG69JXkvSXc07R3uKKP3RfT/SaPTHKoFTvmUxS12Y
mBD0NYDvlq9eqEv+O5owUpdHYxwc3w5Rtu2zCWWiSUCWMPyj0CLxYJWSoPZHt+RT
J2bY6isRKDM43g3yDRSaLSAi2VatJujXVaKGoM+g5Bqd8e5i6KPuMTAtJoXkHnDb
diL859BmpzTnN0L1lH8G6D8XM754uBXpGeD4FxgSmdYCFJqB0YZubYQgjX+xiZrj
Uni+ZAaabMHs1/4Izb0m2BnvrXL1Bu9fpn8nu5vZAuYVUQ==
-----END CERTIFICATE-----