Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/9f63ac-b1e4-4dbd-9996-5a19afdb06a7/1/0EpwFg6qyMuJ3mEtcixzXfahXq4.roa
File:                     0EpwFg6qyMuJ3mEtcixzXfahXq4.roa (raw, json)
Hash identifier:          5t5EWpJuyCvpvB9Jg2SNKPwQRQYXdcwNOfTw8hGfa8I=
Subject key identifier:   D0:4A:70:16:0E:AA:C8:CB:89:DE:61:2D:72:2C:73:5D:F6:A1:5E:AE
Certificate issuer:       /CN=7365ec12014f911f7205eecbc2fc818b9b35723c
Certificate serial:       0193032B7B41AC611E2A77F77D7477CAEB0A
Authority key identifier: 73:65:EC:12:01:4F:91:1F:72:05:EE:CB:C2:FC:81:8B:9B:35:72:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c2XsEgFPkR9yBe7LwvyBi5s1cjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/9f63ac-b1e4-4dbd-9996-5a19afdb06a7/1/0EpwFg6qyMuJ3mEtcixzXfahXq4.roa
Signing time:             Wed 06 Nov 2024 20:30:01 +0000
ROA not before:           Wed 06 Nov 2024 20:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216364
IP address blocks:        2001:3300::/29 maxlen: 29
                          2001:3300::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/9f63ac-b1e4-4dbd-9996-5a19afdb06a7/1/c2XsEgFPkR9yBe7LwvyBi5s1cjw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/9f63ac-b1e4-4dbd-9996-5a19afdb06a7/1/c2XsEgFPkR9yBe7LwvyBi5s1cjw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c2XsEgFPkR9yBe7LwvyBi5s1cjw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:39:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:03:2b:7b:41:ac:61:1e:2a:77:f7:7d:74:77:ca:eb:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7365ec12014f911f7205eecbc2fc818b9b35723c
        Validity
            Not Before: Nov  6 20:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d04a70160eaac8cb89de612d722c735df6a15eae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:63:5a:8f:fe:17:42:cb:54:23:ea:b5:92:4e:
                    22:e5:4b:12:1c:6d:22:06:98:12:c1:7e:35:08:0b:
                    69:24:ea:f0:5a:4a:5d:48:50:ef:39:b6:f7:ad:1b:
                    e2:af:86:58:8c:81:62:74:57:60:5d:2f:ba:e3:da:
                    15:53:af:72:65:71:2a:66:a1:a9:08:3a:33:29:b9:
                    00:e2:c1:14:50:36:68:9e:3c:0c:a2:32:4a:99:78:
                    85:98:de:34:d8:05:a8:fb:77:f7:3e:2f:a2:ef:e5:
                    81:78:75:14:6e:54:56:d6:f1:91:9e:d0:be:5a:fa:
                    48:76:e2:4d:bd:fd:f6:34:5b:1b:06:93:98:6f:83:
                    e5:fe:58:d7:58:53:ac:80:f0:4d:6b:f3:e9:6a:1e:
                    8a:00:02:c8:1f:8c:73:bb:08:b3:4a:26:a0:65:de:
                    cb:c2:13:de:46:50:75:25:a3:c9:1e:38:cb:ce:67:
                    9d:ea:25:b7:74:f8:9e:ac:a7:2a:02:7e:78:b8:f1:
                    c7:e6:be:83:11:fa:03:f0:fd:f1:ad:e3:8b:18:58:
                    cb:a3:33:f9:7b:25:d3:03:06:42:69:d9:f6:6f:46:
                    08:9e:07:8e:03:03:31:cb:e0:26:a1:69:c5:61:47:
                    5f:38:bc:34:9b:bb:ce:d6:e6:be:34:9a:1b:90:7d:
                    2c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:4A:70:16:0E:AA:C8:CB:89:DE:61:2D:72:2C:73:5D:F6:A1:5E:AE
            X509v3 Authority Key Identifier:
                keyid:73:65:EC:12:01:4F:91:1F:72:05:EE:CB:C2:FC:81:8B:9B:35:72:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2XsEgFPkR9yBe7LwvyBi5s1cjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/9f63ac-b1e4-4dbd-9996-5a19afdb06a7/1/0EpwFg6qyMuJ3mEtcixzXfahXq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/9f63ac-b1e4-4dbd-9996-5a19afdb06a7/1/c2XsEgFPkR9yBe7LwvyBi5s1cjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3300::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:2a:b6:eb:5f:b3:5d:6c:16:bb:4f:0b:3e:b7:fa:38:19:f9:
         c5:26:b8:1f:e9:14:9e:27:b9:f8:49:99:27:47:7b:3b:68:41:
         d7:a3:9c:61:40:51:4c:f1:f2:0b:1b:9e:8f:c6:73:8e:7f:57:
         e1:da:b8:fc:41:4d:c0:89:e8:00:a7:7a:f2:b4:41:fd:2d:7a:
         68:9d:b9:b0:9d:a6:cf:88:32:ab:ae:05:92:a3:1d:08:c4:85:
         7e:5d:b2:5b:8f:fc:47:43:72:58:a6:eb:69:a4:0d:42:8b:62:
         9c:67:8b:af:19:f7:87:cb:81:00:94:c1:35:9e:2c:a4:78:09:
         f9:6c:ce:06:f4:6e:59:fa:de:9c:b8:de:ae:41:f0:ae:e8:26:
         2f:87:d7:c1:ae:4e:cc:86:12:71:aa:2c:e3:19:5f:4c:06:11:
         16:ea:eb:f5:32:96:1b:80:2c:fa:65:d5:aa:d1:ac:80:c3:dd:
         c3:ba:2c:32:a8:93:d9:8e:40:0d:64:25:c0:4b:7f:9e:ed:48:
         20:f6:51:89:05:0f:62:32:3d:55:ba:5b:65:9d:e7:ea:3d:18:
         20:46:a4:72:f5:29:24:65:2b:de:45:5f:6f:52:37:89:0b:a9:
         c5:a5:da:14:50:31:e2:a4:8c:61:37:bd:6a:34:cb:b9:dc:81:
         60:7a:68:70
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZMDK3tBrGEeKnf3fXR3yusKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczNjVlYzEyMDE0ZjkxMWY3MjA1ZWVjYmMyZmM4MThiOWIz
NTcyM2MwHhcNMjQxMTA2MjAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDRhNzAxNjBlYWFjOGNiODlkZTYxMmQ3MjJjNzM1ZGY2YTE1ZWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmNaj/4XQstUI+q1kk4i5UsSHG0i
BpgSwX41CAtpJOrwWkpdSFDvObb3rRvir4ZYjIFidFdgXS+649oVU69yZXEqZqGp
CDozKbkA4sEUUDZonjwMojJKmXiFmN402AWo+3f3Pi+i7+WBeHUUblRW1vGRntC+
WvpIduJNvf32NFsbBpOYb4Pl/ljXWFOsgPBNa/Ppah6KAALIH4xzuwizSiagZd7L
whPeRlB1JaPJHjjLzmed6iW3dPierKcqAn54uPHH5r6DEfoD8P3xreOLGFjLozP5
eyXTAwZCadn2b0YIngeOAwMxy+AmoWnFYUdfOLw0m7vO1ua+NJobkH0sGwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNBKcBYOqsjLid5hLXIsc132oV6uMB8GA1UdIwQY
MBaAFHNl7BIBT5EfcgXuy8L8gYubNXI8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzJYc0VnRlBrUjl5QmU3THd2eUJpNXMxY2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS85ZjYzYWMtYjFlNC00ZGJkLTk5OTYt
NWExOWFmZGIwNmE3LzEvMEVwd0ZnNnF5TXVKM21FdGNpeHpYZmFoWHE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS85ZjYzYWMtYjFlNC00ZGJkLTk5OTYtNWExOWFmZGIwNmE3
LzEvYzJYc0VnRlBrUjl5QmU3THd2eUJpNXMxY2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDIAEzADAN
BgkqhkiG9w0BAQsFAAOCAQEAEyq261+zXWwWu08LPrf6OBn5xSa4H+kUnie5+EmZ
J0d7O2hB16OcYUBRTPHyCxuej8Zzjn9X4dq4/EFNwInoAKd68rRB/S16aJ25sJ2m
z4gyq64FkqMdCMSFfl2yW4/8R0NyWKbraaQNQotinGeLrxn3h8uBAJTBNZ4spHgJ
+WzOBvRuWfrenLjerkHwrugmL4fXwa5OzIYScaos4xlfTAYRFurr9TKWG4As+mXV
qtGsgMPdw7osMqiT2Y5ADWQlwEt/nu1IIPZRiQUPYjI9VbpbZZ3n6j0YIEakcvUp
JGUr3kVfb1I3iQupxaXaFFAx4qSMYTe9ajTLudyBYHpocA==
-----END CERTIFICATE-----