Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/nMQvGN4gPppdoitTwAYvb1OoCSI.roa
File:                     nMQvGN4gPppdoitTwAYvb1OoCSI.roa (raw, json)
Hash identifier:          EsvfF5EcvPfDSYjxPFN8clzA9r6YYd5rGyc25Q4aQSI=
Subject key identifier:   9C:C4:2F:18:DE:20:3E:9A:5D:A2:2B:53:C0:06:2F:6F:53:A8:09:22
Certificate issuer:       /CN=7001e422227fa44cc5cb95d2a9dcce0fa5b89c07
Certificate serial:       018CC3B7340FEFCA45D63F5B034A66FC02CC
Authority key identifier: 70:01:E4:22:22:7F:A4:4C:C5:CB:95:D2:A9:DC:CE:0F:A5:B8:9C:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/nMQvGN4gPppdoitTwAYvb1OoCSI.roa
Signing time:             Mon 01 Jan 2024 06:30:12 +0000
ROA not before:           Mon 01 Jan 2024 06:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211432
IP address blocks:        2a0f:6740::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:34:0f:ef:ca:45:d6:3f:5b:03:4a:66:fc:02:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7001e422227fa44cc5cb95d2a9dcce0fa5b89c07
        Validity
            Not Before: Jan  1 06:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9cc42f18de203e9a5da22b53c0062f6f53a80922
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:4b:06:3c:b5:11:a0:d9:4a:b4:83:bb:85:84:
                    c7:2d:5e:fa:80:09:b7:5d:3e:f1:6d:86:f2:ea:58:
                    e0:c0:b4:89:e6:e2:e6:19:64:6c:36:be:82:87:ba:
                    b5:a2:84:10:84:f3:d3:41:a5:e7:70:ee:56:6e:ad:
                    ed:9b:c7:7e:5e:d5:55:de:bb:53:79:f6:28:1f:65:
                    c5:87:a7:b2:41:ee:26:f7:db:08:bc:a9:73:d9:c4:
                    c2:47:b7:fe:7a:74:50:41:f8:3d:04:96:ff:71:3b:
                    0d:cd:ea:d4:12:ed:6c:a9:54:ca:2d:fd:b6:1b:58:
                    32:7a:8c:b6:b8:81:34:09:18:9a:64:34:74:d9:dd:
                    81:39:06:92:ff:7b:74:b6:e9:83:92:8c:be:39:03:
                    2d:d6:4e:af:af:41:45:35:b2:a6:e4:53:e6:ec:39:
                    ec:a2:f5:a3:4d:ce:ea:fd:36:40:dc:62:dd:39:3a:
                    23:b9:92:30:97:20:e7:dc:b0:04:3d:52:1c:b6:2d:
                    7a:6c:06:db:e2:39:fc:67:5a:4c:79:6f:92:5b:c2:
                    c9:70:79:ff:a1:eb:86:3b:7b:9a:2a:68:ac:a3:4e:
                    db:fb:59:7f:df:1d:84:7c:b9:cd:5d:a6:61:68:db:
                    91:df:b0:df:f9:16:6c:bc:a6:c1:b3:e6:bd:cc:01:
                    0e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:C4:2F:18:DE:20:3E:9A:5D:A2:2B:53:C0:06:2F:6F:53:A8:09:22
            X509v3 Authority Key Identifier:
                keyid:70:01:E4:22:22:7F:A4:4C:C5:CB:95:D2:A9:DC:CE:0F:A5:B8:9C:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/nMQvGN4gPppdoitTwAYvb1OoCSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6740::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:8f:e3:79:7a:63:21:82:4c:42:6c:61:f7:9b:f3:97:f8:d2:
         87:8e:e5:54:25:a3:fa:eb:50:85:31:c0:9a:dd:6a:53:e9:be:
         31:ed:d5:f9:c2:fa:9e:ac:5c:36:72:d5:f2:c3:39:ad:93:ca:
         f1:74:6e:79:6c:dd:68:08:9d:a5:bb:83:6b:77:27:5f:4b:90:
         a0:7c:ba:c0:ca:b4:ba:d4:fc:11:f1:f9:21:f8:20:ee:77:99:
         45:d3:d5:79:15:f3:75:fc:05:a0:6e:ac:c9:19:9e:eb:8f:66:
         73:d0:d0:8b:26:c7:9c:7c:50:15:0b:fc:84:4a:db:8f:c1:fd:
         1d:d6:b9:86:08:f2:5b:26:db:e9:fe:72:b4:0f:c7:1b:8a:e0:
         df:06:e9:b1:1a:97:f0:7a:da:cf:74:f2:2c:6b:6b:93:83:8c:
         6d:be:5b:3b:35:23:03:0d:f4:e4:b3:00:eb:16:b0:ff:a8:dc:
         92:14:af:3b:44:71:d7:ff:76:0a:b0:02:c0:74:de:a5:95:39:
         71:29:7a:81:47:d0:64:04:26:c5:41:fb:58:f6:d7:68:b1:fe:
         f8:17:ba:6d:d1:06:59:ac:84:cf:c7:aa:fc:36:84:11:37:d9:
         57:5e:ed:43:5b:14:a1:34:2d:bd:b2:24:41:7c:14:bd:49:85:
         40:f0:fe:f7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDtzQP78pF1j9bA0pm/ALMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMDFlNDIyMjI3ZmE0NGNjNWNiOTVkMmE5ZGNjZTBmYTVi
ODljMDcwHhcNMjQwMTAxMDYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2M0MmYxOGRlMjAzZTlhNWRhMjJiNTNjMDA2MmY2ZjUzYTgwOTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0sGPLURoNlKtIO7hYTHLV76gAm3
XT7xbYby6ljgwLSJ5uLmGWRsNr6Ch7q1ooQQhPPTQaXncO5Wbq3tm8d+XtVV3rtT
efYoH2XFh6eyQe4m99sIvKlz2cTCR7f+enRQQfg9BJb/cTsNzerUEu1sqVTKLf22
G1gyeoy2uIE0CRiaZDR02d2BOQaS/3t0tumDkoy+OQMt1k6vr0FFNbKm5FPm7Dns
ovWjTc7q/TZA3GLdOTojuZIwlyDn3LAEPVIcti16bAbb4jn8Z1pMeW+SW8LJcHn/
oeuGO3uaKmiso07b+1l/3x2EfLnNXaZhaNuR37Df+RZsvKbBs+a9zAEOhQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJzELxjeID6aXaIrU8AGL29TqAkiMB8GA1UdIwQY
MBaAFHAB5CIif6RMxcuV0qnczg+luJwHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0FIa0lpSl9wRXpGeTVYU3Fkek9ENlc0bkFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My85OTJkMDMtODgzYi00MDRkLTg4N2Ut
ZjI0MzVkNWNmMzdiLzEvbk1RdkdONGdQcHBkb2l0VHdBWXZiMU9vQ1NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My85OTJkMDMtODgzYi00MDRkLTg4N2UtZjI0MzVkNWNmMzdi
LzEvY0FIa0lpSl9wRXpGeTVYU3Fkek9ENlc0bkFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg9nQDAN
BgkqhkiG9w0BAQsFAAOCAQEAb4/jeXpjIYJMQmxh95vzl/jSh47lVCWj+utQhTHA
mt1qU+m+Me3V+cL6nqxcNnLV8sM5rZPK8XRueWzdaAidpbuDa3cnX0uQoHy6wMq0
utT8EfH5Ifgg7neZRdPVeRXzdfwFoG6syRme649mc9DQiybHnHxQFQv8hErbj8H9
Hda5hgjyWybb6f5ytA/HG4rg3wbpsRqX8Hraz3TyLGtrk4OMbb5bOzUjAw305LMA
6xaw/6jckhSvO0Rx1/92CrACwHTepZU5cSl6gUfQZAQmxUH7WPbXaLH++Be6bdEG
WayEz8eq/DaEETfZV17tQ1sUoTQtvbIkQXwUvUmFQPD+9w==
-----END CERTIFICATE-----