Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/sqCezmegFErLrvn39mfihWO7H6U.roa
File:                     sqCezmegFErLrvn39mfihWO7H6U.roa (raw, json)
Hash identifier:          c9jG+2t3vOH2DPCYmEFJuCL4YiKqcC0bLDRtFekvJzc=
Subject key identifier:   B2:A0:9E:CE:67:A0:14:4A:CB:AE:F9:F7:F6:67:E2:85:63:BB:1F:A5
Certificate issuer:       /CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
Certificate serial:       018CC8DE836EB6B3BDBEC55BE123576672E8
Authority key identifier: C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/sqCezmegFErLrvn39mfihWO7H6U.roa
Signing time:             Tue 02 Jan 2024 06:31:14 +0000
ROA not before:           Tue 02 Jan 2024 06:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211452
IP address blocks:        2a07:291b::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:83:6e:b6:b3:bd:be:c5:5b:e1:23:57:66:72:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
        Validity
            Not Before: Jan  2 06:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2a09ece67a0144acbaef9f7f667e28563bb1fa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1b:fa:0d:b4:13:03:43:dc:82:cc:a1:1d:07:
                    9d:2f:44:a4:fa:c6:ac:28:01:e2:78:76:05:58:b8:
                    3e:a0:ea:45:41:1d:aa:a1:a4:e4:6f:fd:97:44:15:
                    21:c7:d1:fc:99:fa:26:10:82:44:20:65:c4:94:40:
                    19:a3:21:68:92:ba:14:4b:87:84:1f:c5:1d:33:86:
                    71:67:3e:96:b4:60:27:5c:0e:22:cf:2a:30:0a:7d:
                    25:f8:98:65:74:72:43:ad:4f:8a:f4:71:1f:8a:88:
                    5b:51:b6:9d:98:3a:66:b1:18:7e:97:48:51:07:7e:
                    51:72:ca:58:e8:5c:68:57:e2:00:aa:0c:2e:0e:05:
                    3e:0e:0a:50:f2:09:79:94:01:31:c7:54:44:63:94:
                    53:91:08:b0:bf:69:5d:1a:6b:99:47:b5:53:13:f1:
                    c5:72:0e:ab:be:ec:71:c0:43:2b:43:d6:e6:e8:f7:
                    f2:41:da:49:81:78:48:3a:d8:c1:8d:0f:02:04:42:
                    45:bd:64:b1:e1:a9:2e:1a:fd:dc:2a:59:60:3f:c6:
                    7b:a3:96:ad:c2:aa:5d:a7:0e:c6:82:6b:ef:ea:dc:
                    1d:47:ed:3a:32:d7:14:0f:9a:ef:44:1a:01:48:ef:
                    4d:50:3d:40:3c:34:90:4e:67:cb:b6:25:87:e5:54:
                    9f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:A0:9E:CE:67:A0:14:4A:CB:AE:F9:F7:F6:67:E2:85:63:BB:1F:A5
            X509v3 Authority Key Identifier:
                keyid:C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/sqCezmegFErLrvn39mfihWO7H6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:291b::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:56:b9:70:d5:66:80:6a:ba:8c:49:3e:96:69:bb:65:5a:1f:
         11:3e:31:c7:44:cd:4d:2b:c8:11:bc:38:6e:76:38:d4:d4:d1:
         cd:48:bc:81:a6:42:2c:6f:29:86:94:82:41:19:f1:84:32:bc:
         b6:05:0f:73:57:f0:bb:cc:90:88:f5:03:42:bd:d2:df:3f:f7:
         ae:b5:d8:bd:4b:46:a5:df:d4:ca:c4:ce:3a:78:b2:f9:01:3f:
         da:f0:9b:f9:d9:27:a1:db:d9:e7:d9:3f:ec:52:bb:bd:61:cd:
         33:ad:61:9a:4d:3a:4a:b1:94:19:f4:07:24:0a:00:b7:e6:61:
         5f:38:f8:3b:cf:5a:b1:d7:34:b5:33:e8:fb:a3:33:4d:9c:45:
         d1:34:b0:38:45:ab:48:a2:65:af:f1:3c:2b:4a:65:96:cf:fa:
         18:2a:0d:5d:fd:3d:f8:5e:ca:0f:66:e6:d1:76:35:fe:d4:b2:
         36:b0:e5:79:56:f7:01:27:6f:65:eb:6d:6d:8f:16:38:4a:a0:
         4e:c5:5c:29:04:2f:98:13:56:6e:cb:90:fc:ee:60:9f:8b:10:
         55:a0:cd:40:5f:ea:96:d0:d7:2b:d9:ab:b9:de:37:a3:01:57:
         8a:bf:ae:8e:1b:b6:0e:76:13:a9:23:fc:3b:39:8c:16:6a:eb:
         47:3e:1a:45
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3oNutrO9vsVb4SNXZnLoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NWM2ODNjYjFlYjljMGY0OWI5NjdlM2JkOWI4Yjg0Y2Yw
OTliYjgwHhcNMjQwMTAyMDYzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmEwOWVjZTY3YTAxNDRhY2JhZWY5ZjdmNjY3ZTI4NTYzYmIxZmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBv6DbQTA0PcgsyhHQedL0Sk+sas
KAHieHYFWLg+oOpFQR2qoaTkb/2XRBUhx9H8mfomEIJEIGXElEAZoyFokroUS4eE
H8UdM4ZxZz6WtGAnXA4izyowCn0l+JhldHJDrU+K9HEfiohbUbadmDpmsRh+l0hR
B35RcspY6FxoV+IAqgwuDgU+DgpQ8gl5lAExx1REY5RTkQiwv2ldGmuZR7VTE/HF
cg6rvuxxwEMrQ9bm6PfyQdpJgXhIOtjBjQ8CBEJFvWSx4akuGv3cKllgP8Z7o5at
wqpdpw7Ggmvv6twdR+06MtcUD5rvRBoBSO9NUD1APDSQTmfLtiWH5VSfMQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLKgns5noBRKy6759/Zn4oVjux+lMB8GA1UdIwQY
MBaAFMRcaDyx65wPSbln472bi4TPCZu4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYt
ODhkMmRmMTBkMTViLzEvc3FDZXptZWdGRXJMcnZuMzltZmloV083SDZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYtODhkMmRmMTBkMTVi
LzEveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgcpGzAN
BgkqhkiG9w0BAQsFAAOCAQEAhFa5cNVmgGq6jEk+lmm7ZVofET4xx0TNTSvIEbw4
bnY41NTRzUi8gaZCLG8phpSCQRnxhDK8tgUPc1fwu8yQiPUDQr3S3z/3rrXYvUtG
pd/UysTOOniy+QE/2vCb+dknodvZ59k/7FK7vWHNM61hmk06SrGUGfQHJAoAt+Zh
Xzj4O89asdc0tTPo+6MzTZxF0TSwOEWrSKJlr/E8K0plls/6GCoNXf09+F7KD2bm
0XY1/tSyNrDleVb3ASdvZettbY8WOEqgTsVcKQQvmBNWbsuQ/O5gn4sQVaDNQF/q
ltDXK9mrud43owFXir+ujhu2DnYTqSP8OzmMFmrrRz4aRQ==
-----END CERTIFICATE-----