Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/9orXjbjs-j2UQjLF2kaMPqeVf-I.roa
File:                     9orXjbjs-j2UQjLF2kaMPqeVf-I.roa (raw, json)
Hash identifier:          iyk0xss1dZ/Lmh1V92ltR9djPBnZBWUDG6GjS83faaM=
Subject key identifier:   F6:8A:D7:8D:B8:EC:FA:3D:94:42:32:C5:DA:46:8C:3E:A7:95:7F:E2
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       018F061F0C2ECC3AF60745E2195423DA4475
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/9orXjbjs-j2UQjLF2kaMPqeVf-I.roa
Signing time:             Mon 22 Apr 2024 14:04:09 +0000
ROA not before:           Mon 22 Apr 2024 14:04:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0d:b9c1::/32 maxlen: 32
                          2a0d:b9c5::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:1f:0c:2e:cc:3a:f6:07:45:e2:19:54:23:da:44:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Apr 22 14:04:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f68ad78db8ecfa3d944232c5da468c3ea7957fe2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:da:63:df:d5:a2:bb:56:96:4b:ad:9e:53:2b:
                    5d:35:58:d5:4f:b9:c7:8a:1e:37:9e:03:41:46:0b:
                    0d:48:52:dd:a2:7e:8c:e5:33:b7:70:2c:af:0e:27:
                    79:15:c9:5e:fc:8c:0c:3b:c2:b4:5c:e0:f6:73:de:
                    ed:79:4d:f8:2b:c6:31:df:a4:dc:e0:cd:69:f0:33:
                    da:20:59:b3:5c:18:37:85:8e:2c:74:4c:51:22:0e:
                    ed:65:e0:bf:c6:6e:f0:f4:71:b9:ce:d4:61:5a:61:
                    4e:f3:c9:13:e0:ad:41:ca:0b:48:86:d8:0c:28:b5:
                    82:1f:db:c7:6f:39:88:04:6b:ae:c7:64:1e:90:48:
                    8e:1f:97:c7:6c:b1:9b:96:2e:6d:8b:05:0c:5c:64:
                    92:9d:03:41:27:66:37:d5:d4:a9:ef:6b:a1:81:34:
                    80:3c:13:cf:f4:6c:f5:ac:99:75:19:62:bd:6b:ed:
                    e5:16:da:4d:46:47:4b:d3:6a:1b:3b:53:35:08:14:
                    49:e2:0f:9b:37:5f:af:ca:2f:f2:cd:d6:37:05:29:
                    4c:5c:81:17:46:02:89:1f:63:4b:6e:49:b9:b4:84:
                    5b:59:0f:5e:ad:7a:e3:92:cc:e8:c9:fa:ad:31:75:
                    b4:4c:a6:b9:36:5f:35:1e:5a:ad:ad:a9:dc:70:83:
                    73:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:8A:D7:8D:B8:EC:FA:3D:94:42:32:C5:DA:46:8C:3E:A7:95:7F:E2
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/9orXjbjs-j2UQjLF2kaMPqeVf-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:b9c1::/32
                  2a0d:b9c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         36:41:e0:19:ea:fc:2e:54:96:6b:7b:33:47:82:75:3c:79:8e:
         cb:56:29:f5:96:99:ad:44:70:5c:c4:95:aa:95:8b:10:94:e3:
         6e:29:75:16:74:5b:41:cc:e5:f6:46:fc:f5:35:d2:ed:52:98:
         99:f0:7b:de:84:0d:3c:81:05:3e:0b:ea:55:af:3e:d1:6e:a7:
         7e:44:9c:55:4e:90:d3:a1:7c:49:61:84:8b:bf:00:eb:9a:44:
         9f:e6:4f:30:ec:b9:52:cd:df:1c:20:90:83:12:a8:56:b6:15:
         05:45:26:66:53:fa:a9:7e:51:42:9e:e4:73:e7:02:e2:2a:86:
         17:5d:a9:b1:4b:f3:7f:6a:67:2c:ab:a0:d4:ef:88:a8:e0:fa:
         0b:b4:73:21:7c:b9:04:b4:46:f5:f9:fc:79:f5:7f:ac:ca:3f:
         06:5d:ca:96:14:42:28:2d:60:4e:96:95:db:c0:b3:a4:fb:16:
         d5:0d:5b:a2:10:c2:93:c5:80:8e:ca:ae:b5:a0:2d:08:84:83:
         ca:bc:f8:28:2f:86:d5:c6:f2:20:8d:0b:95:04:f6:de:cd:1b:
         e1:50:a4:26:a7:60:76:a0:b4:15:42:5e:3b:67:e8:8a:d1:8f:
         6e:4e:a1:c2:35:c2:be:7e:b1:e9:25:1f:b7:03:94:5b:c6:10:
         2e:35:77:6e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY8GHwwuzDr2B0XiGVQj2kR1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjQwNDIyMTQwNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjhhZDc4ZGI4ZWNmYTNkOTQ0MjMyYzVkYTQ2OGMzZWE3OTU3ZmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNpj39Wiu1aWS62eUytdNVjVT7nH
ih43ngNBRgsNSFLdon6M5TO3cCyvDid5Fcle/IwMO8K0XOD2c97teU34K8Yx36Tc
4M1p8DPaIFmzXBg3hY4sdExRIg7tZeC/xm7w9HG5ztRhWmFO88kT4K1BygtIhtgM
KLWCH9vHbzmIBGuux2QekEiOH5fHbLGbli5tiwUMXGSSnQNBJ2Y31dSp72uhgTSA
PBPP9Gz1rJl1GWK9a+3lFtpNRkdL02obO1M1CBRJ4g+bN1+vyi/yzdY3BSlMXIEX
RgKJH2NLbkm5tIRbWQ9erXrjkszoyfqtMXW0TKa5Nl81HlqtranccINz+wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPaK14247Po9lEIyxdpGjD6nlX/iMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvOW9yWGpianMtajJVUWpMRjJrYU1QcWVWZi1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg25wQMF
ACoNucUwDQYJKoZIhvcNAQELBQADggEBADZB4Bnq/C5Ulmt7M0eCdTx5jstWKfWW
ma1EcFzElaqVixCU424pdRZ0W0HM5fZG/PU10u1SmJnwe96EDTyBBT4L6lWvPtFu
p35EnFVOkNOhfElhhIu/AOuaRJ/mTzDsuVLN3xwgkIMSqFa2FQVFJmZT+ql+UUKe
5HPnAuIqhhddqbFL839qZyyroNTviKjg+gu0cyF8uQS0RvX5/Hn1f6zKPwZdypYU
QigtYE6WldvAs6T7FtUNW6IQwpPFgI7KrrWgLQiEg8q8+CgvhtXG8iCNC5UE9t7N
G+FQpCanYHagtBVCXjtn6IrRj25OocI1wr5+seklH7cDlFvGEC41d24=
-----END CERTIFICATE-----