Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/dUcam_pRB1MhrX6suoyIjppMLTM.roa
File:                     dUcam_pRB1MhrX6suoyIjppMLTM.roa (raw, json)
Hash identifier:          WrTU9InXm54+wSS+hSf3JI//0iHyXiCBHLOInx1iT4o=
Subject key identifier:   75:47:1A:9B:FA:51:07:53:21:AD:7E:AC:BA:8C:88:8E:9A:4C:2D:33
Certificate issuer:       /CN=dc5c532f3cd5e11e19feb19655d4f19926f02020
Certificate serial:       01906463C502526BFD12041778FAAE0ABC93
Authority key identifier: DC:5C:53:2F:3C:D5:E1:1E:19:FE:B1:96:55:D4:F1:99:26:F0:20:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/dUcam_pRB1MhrX6suoyIjppMLTM.roa
Signing time:             Sat 29 Jun 2024 14:26:18 +0000
ROA not before:           Sat 29 Jun 2024 14:26:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44325
IP address blocks:        2001:1af0:9000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:02:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:64:63:c5:02:52:6b:fd:12:04:17:78:fa:ae:0a:bc:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc5c532f3cd5e11e19feb19655d4f19926f02020
        Validity
            Not Before: Jun 29 14:26:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75471a9bfa51075321ad7eacba8c888e9a4c2d33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:90:1a:aa:d0:c2:29:fb:41:9a:eb:51:d7:e3:
                    ae:c5:4f:39:3c:33:8e:88:7a:21:b7:f2:24:0e:41:
                    4d:13:e8:90:02:6a:b7:2d:40:e5:c6:16:22:5e:81:
                    13:0d:8c:28:9b:8e:20:99:b8:d2:e6:ec:60:62:2e:
                    43:9a:47:ec:69:10:6a:1d:2f:3c:58:3d:27:15:95:
                    dc:73:da:ba:40:ea:0c:12:cf:ff:a4:c5:f2:03:f4:
                    b8:95:0a:2b:f9:aa:65:2e:be:29:5b:c2:ee:2f:e9:
                    87:00:4d:4d:8d:82:0d:2d:cd:05:c6:d9:64:4f:e9:
                    9d:e3:de:fe:00:f6:03:33:b1:ca:e4:bf:8b:50:f7:
                    30:d1:3f:c5:2c:f6:4d:8a:a7:51:66:66:e4:5b:b1:
                    b3:64:03:84:37:c2:c2:66:31:ed:7c:3b:99:b6:42:
                    cc:35:91:6d:f1:1d:57:fa:9f:e0:7e:fb:18:d1:20:
                    ea:54:c3:d5:84:6f:fe:56:38:80:75:95:d6:46:d3:
                    2b:f2:a8:97:78:56:09:86:ad:27:39:3a:0a:67:e8:
                    18:55:14:64:2c:f2:73:ff:03:92:45:e0:29:25:b1:
                    16:dd:ac:a7:8d:a4:f7:68:f0:1c:b2:b7:5c:6c:3e:
                    da:ce:19:98:d4:81:87:66:ca:c9:db:ba:04:c7:3a:
                    c2:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:47:1A:9B:FA:51:07:53:21:AD:7E:AC:BA:8C:88:8E:9A:4C:2D:33
            X509v3 Authority Key Identifier:
                keyid:DC:5C:53:2F:3C:D5:E1:1E:19:FE:B1:96:55:D4:F1:99:26:F0:20:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/dUcam_pRB1MhrX6suoyIjppMLTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1af0:9000::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:a9:9f:1d:87:54:09:a8:37:ac:63:fe:a9:49:f8:5c:8a:5f:
         6c:59:19:bd:c4:29:b9:9d:6d:f0:23:67:22:b2:11:d6:5e:bc:
         f6:c3:fe:de:07:a2:b1:fc:e8:f2:c4:86:7e:4f:85:70:b9:75:
         b3:be:da:e3:f4:36:5e:df:f7:5e:88:39:b5:a6:d6:97:2b:2e:
         1d:f2:35:32:cc:75:1c:f5:b2:ac:8b:93:5f:78:38:75:da:8f:
         2c:a8:31:c1:33:6b:9d:a1:98:13:ea:d2:3b:c2:04:18:8c:7a:
         98:29:d7:d7:62:90:4a:b8:a4:a5:4d:30:1e:f1:03:bc:8c:2a:
         a3:b6:e1:56:c6:ce:d1:50:73:45:fe:d3:a2:e0:4c:73:f5:a5:
         62:ba:e6:d3:15:c6:f3:66:c8:e9:d2:66:09:fd:b0:0a:ed:16:
         36:91:87:27:6d:a9:47:b8:53:29:fb:3c:64:d2:ab:46:91:37:
         73:f3:e8:d8:a0:ee:05:01:1b:cf:3e:9c:5f:0c:cb:fd:ab:fe:
         5c:8f:24:80:b2:86:92:8f:91:eb:92:e2:ce:d1:be:b7:7a:55:
         db:c6:e4:3e:9c:fe:17:b6:bf:1f:92:80:c1:eb:a2:33:f0:f7:
         ef:df:6a:4a:dd:ca:27:fc:74:ab:b2:36:0a:c7:44:78:37:11:
         ee:3c:73:2d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZBkY8UCUmv9EgQXePquCryTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNWM1MzJmM2NkNWUxMWUxOWZlYjE5NjU1ZDRmMTk5MjZm
MDIwMjAwHhcNMjQwNjI5MTQyNjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTQ3MWE5YmZhNTEwNzUzMjFhZDdlYWNiYThjODg4ZTlhNGMyZDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZAaqtDCKftBmutR1+OuxU85PDOO
iHoht/IkDkFNE+iQAmq3LUDlxhYiXoETDYwom44gmbjS5uxgYi5DmkfsaRBqHS88
WD0nFZXcc9q6QOoMEs//pMXyA/S4lQor+aplLr4pW8LuL+mHAE1NjYINLc0Fxtlk
T+md497+APYDM7HK5L+LUPcw0T/FLPZNiqdRZmbkW7GzZAOEN8LCZjHtfDuZtkLM
NZFt8R1X+p/gfvsY0SDqVMPVhG/+VjiAdZXWRtMr8qiXeFYJhq0nOToKZ+gYVRRk
LPJz/wOSReApJbEW3aynjaT3aPAcsrdcbD7azhmY1IGHZsrJ27oExzrCGwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHVHGpv6UQdTIa1+rLqMiI6aTC0zMB8GA1UdIwQY
MBaAFNxcUy881eEeGf6xllXU8Zkm8CAgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0Z4VEx6elY0UjRaX3JHV1ZkVHhtU2J3SUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9kYjI2YmEtNzU0ZC00MTE4LWJlMzEt
NGI2YzFjZjlmZTRmLzEvZFVjYW1fcFJCMU1oclg2c3VveUlqcHBNTFRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9kYjI2YmEtNzU0ZC00MTE4LWJlMzEtNGI2YzFjZjlmZTRm
LzEvM0Z4VEx6elY0UjRaX3JHV1ZkVHhtU2J3SUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEa8JAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCDqZ8dh1QJqDesY/6pSfhcil9sWRm9xCm5nW3w
I2cishHWXrz2w/7eB6Kx/OjyxIZ+T4VwuXWzvtrj9DZe3/deiDm1ptaXKy4d8jUy
zHUc9bKsi5NfeDh12o8sqDHBM2udoZgT6tI7wgQYjHqYKdfXYpBKuKSlTTAe8QO8
jCqjtuFWxs7RUHNF/tOi4Exz9aViuubTFcbzZsjp0mYJ/bAK7RY2kYcnbalHuFMp
+zxk0qtGkTdz8+jYoO4FARvPPpxfDMv9q/5cjySAsoaSj5HrkuLO0b63elXbxuQ+
nP4Xtr8fkoDB66Iz8Pfv32pK3con/HSrsjYKx0R4NxHuPHMt
-----END CERTIFICATE-----