Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/IvF1rSgRq3BglceqaT4rL7PSftI.roa
File:                     IvF1rSgRq3BglceqaT4rL7PSftI.roa (raw, json)
Hash identifier:          Y6z9/jeC3bc3HNb82V+o9UShGGoQYrFYcCut5dc8xPQ=
Subject key identifier:   22:F1:75:AD:28:11:AB:70:60:95:C7:AA:69:3E:2B:2F:B3:D2:7E:D2
Certificate issuer:       /CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Certificate serial:       01903BF33AD0404C4CA1B4FC539F39B68286
Authority key identifier: 2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/IvF1rSgRq3BglceqaT4rL7PSftI.roa
Signing time:             Fri 21 Jun 2024 17:58:34 +0000
ROA not before:           Fri 21 Jun 2024 17:58:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30788
IP address blocks:        2a0b:2a80::/29 maxlen: 29
                          2a0f:a380::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3b:f3:3a:d0:40:4c:4c:a1:b4:fc:53:9f:39:b6:82:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
        Validity
            Not Before: Jun 21 17:58:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22f175ad2811ab706095c7aa693e2b2fb3d27ed2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:4f:f0:75:f7:68:0f:fa:2c:e5:25:ee:af:b3:
                    23:a2:7f:a1:57:bf:b4:97:aa:0d:cf:98:a8:a7:08:
                    15:c7:81:68:4e:b8:f1:1c:89:11:3e:40:d6:bd:5d:
                    ad:02:77:e7:35:bf:28:50:bb:6c:65:08:66:f4:6c:
                    72:4b:9c:a7:64:83:ac:32:58:aa:42:98:03:cb:6a:
                    61:b7:fb:b8:4e:1d:6d:f9:e4:20:e9:c1:d7:cf:69:
                    93:54:f0:d4:54:85:f5:59:43:7f:60:d1:d2:76:89:
                    e9:f3:67:ef:3a:9b:2d:65:d3:f6:3b:b1:99:04:4a:
                    84:f7:a5:37:8f:5b:b6:58:ab:3a:76:6e:d3:f9:0c:
                    92:64:a0:8d:bd:60:74:27:76:02:26:28:04:63:52:
                    22:4f:16:6a:06:dc:bd:2c:7f:5a:b2:0e:8c:3f:bf:
                    3d:b5:6f:41:12:26:01:01:84:7e:24:6f:2a:e6:1a:
                    65:a2:b5:90:d3:3f:2d:fd:ab:8e:95:f9:61:bb:57:
                    be:af:dd:2d:61:aa:8b:3f:ca:68:cb:bb:36:69:60:
                    05:39:92:47:5f:53:ec:83:f6:6e:21:0e:13:ad:cd:
                    67:ea:4f:38:e1:59:bf:8e:44:8f:96:d2:17:45:11:
                    15:3e:24:1c:33:a5:f5:22:30:b8:c1:90:6b:0a:f5:
                    31:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:F1:75:AD:28:11:AB:70:60:95:C7:AA:69:3E:2B:2F:B3:D2:7E:D2
            X509v3 Authority Key Identifier:
                keyid:2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/IvF1rSgRq3BglceqaT4rL7PSftI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2a80::/29
                  2a0f:a380::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:9b:da:b2:d5:22:ee:0e:83:b6:f3:1b:b3:5d:0f:8b:59:05:
         04:23:b9:ad:bf:41:3b:54:3b:d3:bd:17:f0:39:47:a3:b1:3f:
         88:01:e0:83:a3:74:08:79:7c:88:5f:ff:00:40:10:f9:1b:37:
         4d:e2:01:94:00:fe:0b:3d:51:7d:76:78:a6:6c:fd:9f:f0:79:
         b9:16:a8:16:60:d2:8a:e4:46:21:29:0c:86:9d:88:c4:1c:15:
         be:17:02:a1:49:04:ff:97:32:0e:ed:55:d2:87:dc:7a:98:48:
         54:b7:d2:cc:ab:01:52:84:78:3d:13:03:0a:07:8d:fd:67:8a:
         e2:c6:7f:b1:df:05:ef:8d:64:29:0f:bc:17:4b:a7:31:73:e7:
         e8:f5:19:f4:1c:e1:7b:4e:2d:75:84:61:4d:93:6f:25:d6:d5:
         e7:39:40:69:cd:b6:a0:ed:1b:c2:51:f8:26:ec:51:0b:d2:09:
         99:fa:11:d3:b7:2b:98:6d:7b:fa:42:be:6a:d3:1a:f2:be:6d:
         ee:0f:fd:47:ac:2b:91:7a:24:c0:b6:fb:95:44:d9:88:4e:c2:
         4d:bc:dd:e9:b4:a5:61:e6:90:0d:2a:e3:7c:df:44:78:01:27:
         f3:28:ef:b4:9a:98:60:a9:55:fe:b8:93:5f:1b:c9:24:b6:37:
         81:8a:f1:a7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZA78zrQQExMobT8U585toKGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMTE2NGE5YjUwMTNkNjJmMDUxMzQ0ZjZkZjkxZjEzYmM3
ZWNiMGYwHhcNMjQwNjIxMTc1ODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmYxNzVhZDI4MTFhYjcwNjA5NWM3YWE2OTNlMmIyZmIzZDI3ZWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqU/wdfdoD/os5SXur7Mjon+hV7+0
l6oNz5iopwgVx4FoTrjxHIkRPkDWvV2tAnfnNb8oULtsZQhm9GxyS5ynZIOsMliq
QpgDy2pht/u4Th1t+eQg6cHXz2mTVPDUVIX1WUN/YNHSdonp82fvOpstZdP2O7GZ
BEqE96U3j1u2WKs6dm7T+QySZKCNvWB0J3YCJigEY1IiTxZqBty9LH9asg6MP789
tW9BEiYBAYR+JG8q5hplorWQ0z8t/auOlflhu1e+r90tYaqLP8poy7s2aWAFOZJH
X1Psg/ZuIQ4Trc1n6k844Vm/jkSPltIXRREVPiQcM6X1IjC4wZBrCvUxPQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCLxda0oEatwYJXHqmk+Ky+z0n7SMB8GA1UdIwQY
MBaAFC4RZKm1AT1i8FE0T235HxO8fssPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEt
ZmQ3ZjE3YmIxYTVjLzEvSXZGMXJTZ1JxM0JnbGNlcWFUNHJMN1BTZnRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEtZmQ3ZjE3YmIxYTVj
LzEvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgsqgAMF
AyoPo4AwDQYJKoZIhvcNAQELBQADggEBABKb2rLVIu4Og7bzG7NdD4tZBQQjua2/
QTtUO9O9F/A5R6OxP4gB4IOjdAh5fIhf/wBAEPkbN03iAZQA/gs9UX12eKZs/Z/w
ebkWqBZg0orkRiEpDIadiMQcFb4XAqFJBP+XMg7tVdKH3HqYSFS30syrAVKEeD0T
AwoHjf1niuLGf7HfBe+NZCkPvBdLpzFz5+j1GfQc4XtOLXWEYU2TbyXW1ec5QGnN
tqDtG8JR+CbsUQvSCZn6EdO3K5hte/pCvmrTGvK+be4P/UesK5F6JMC2+5VE2YhO
wk283em0pWHmkA0q43zfRHgBJ/Mo77SamGCpVf64k18bySS2N4GK8ac=
-----END CERTIFICATE-----