Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/Dc9iO5bsnryt5m9HoDW9gKf6QpM.roa
File:                     Dc9iO5bsnryt5m9HoDW9gKf6QpM.roa (raw, json)
Hash identifier:          Y0eqJS4vptDAlZPGuPrmrvItXFEoYmDmgbZNDQvmid8=
Subject key identifier:   0D:CF:62:3B:96:EC:9E:BC:AD:E6:6F:47:A0:35:BD:80:A7:FA:42:93
Certificate issuer:       /CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
Certificate serial:       0190C69027483B62F62568794537596C6ED5
Authority key identifier: C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/Dc9iO5bsnryt5m9HoDW9gKf6QpM.roa
Signing time:             Thu 18 Jul 2024 15:57:34 +0000
ROA not before:           Thu 18 Jul 2024 15:57:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215147
IP address blocks:        2a07:2486:fc0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 09:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c6:90:27:48:3b:62:f6:25:68:79:45:37:59:6c:6e:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
        Validity
            Not Before: Jul 18 15:57:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dcf623b96ec9ebcade66f47a035bd80a7fa4293
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:9b:a6:1c:ce:a9:44:b6:7b:25:fc:63:68:e1:
                    37:a3:6b:fa:aa:e2:82:9f:8a:4d:90:96:80:f5:31:
                    91:b5:70:74:7f:f5:9a:19:16:32:a8:2b:15:c1:62:
                    11:81:49:da:49:08:fb:01:19:8a:ea:f8:00:7d:54:
                    d6:9f:13:a2:e9:35:1e:e6:45:5a:26:48:6f:dc:1f:
                    b2:c8:5e:f4:8f:af:dd:af:b2:b2:85:35:34:3e:0b:
                    b5:e7:f8:b1:39:5c:ba:42:56:eb:c1:ec:98:ae:55:
                    ba:e3:81:d7:12:dd:2d:04:71:89:7e:bc:e0:2b:48:
                    32:8e:83:5b:95:1a:b9:03:f0:54:50:19:c1:8b:62:
                    2b:85:70:b2:b9:8a:ac:07:d8:13:32:bc:56:af:eb:
                    46:8a:6e:e5:2e:63:a3:67:f3:79:b4:c8:d7:85:69:
                    d3:d2:94:35:de:89:3e:b9:18:8e:55:59:5d:70:a8:
                    2f:a1:f9:4c:61:2d:73:47:b0:08:79:45:62:6a:a8:
                    dc:c0:f6:b0:f3:99:31:25:d7:fa:34:e8:36:41:6b:
                    77:22:a5:70:22:82:9f:47:89:12:83:0b:6f:75:60:
                    d6:53:0f:17:25:c7:88:00:d3:b5:89:0e:0e:80:c6:
                    ed:a6:2a:2f:79:78:8e:cc:f2:98:4d:80:a8:1c:60:
                    a0:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:CF:62:3B:96:EC:9E:BC:AD:E6:6F:47:A0:35:BD:80:A7:FA:42:93
            X509v3 Authority Key Identifier:
                keyid:C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/Dc9iO5bsnryt5m9HoDW9gKf6QpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2486:fc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         94:e4:1e:f5:dd:81:bf:6a:72:9b:b5:47:59:3a:a0:76:18:ff:
         0c:1c:65:03:20:75:7f:47:b8:4a:3c:90:80:ed:7c:5b:d8:76:
         cd:13:c5:05:3f:26:0a:c2:67:43:d4:25:a3:fa:b1:0d:b4:8a:
         9e:a9:1b:e8:64:e6:85:2b:c6:27:54:10:83:7e:fa:65:12:76:
         37:5b:c8:9d:a6:6f:56:04:1e:36:fe:33:b4:12:86:7d:a7:7b:
         5b:03:1a:b4:c3:2c:40:82:0e:f5:97:0a:3e:f5:fb:ec:1a:64:
         56:4a:f2:25:f9:39:54:4f:44:0d:5c:53:c6:c1:59:3a:cc:06:
         0f:30:b0:7e:48:da:2f:3e:1b:bc:a5:4c:68:5e:10:61:f0:23:
         f6:8d:e3:32:c8:2c:96:fd:5d:22:9e:2d:69:5c:84:a6:be:83:
         69:ac:a8:40:cb:ce:96:7d:1a:d6:a5:6c:78:a7:44:c8:1e:14:
         fd:25:f7:e8:cb:b3:53:d3:ca:fa:d1:9d:84:63:25:64:a9:4b:
         85:6e:3e:fc:0d:4c:dd:3a:89:9f:b7:ff:5b:92:9a:51:c7:d8:
         d2:fd:07:ca:7b:17:84:1e:6c:69:39:dd:90:4c:93:5c:a0:41:
         ae:64:ae:57:92:5d:45:d5:ba:9d:69:b1:19:71:fa:f8:6a:95:
         c0:15:44:16
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZDGkCdIO2L2JWh5RTdZbG7VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMzZlOGMyMTZmMDVhOWQ5ZTAzMjdmMTIyMmJmMTIxOThh
YmE1ZGEwHhcNMjQwNzE4MTU1NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGNmNjIzYjk2ZWM5ZWJjYWRlNjZmNDdhMDM1YmQ4MGE3ZmE0MjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJumHM6pRLZ7JfxjaOE3o2v6quKC
n4pNkJaA9TGRtXB0f/WaGRYyqCsVwWIRgUnaSQj7ARmK6vgAfVTWnxOi6TUe5kVa
Jkhv3B+yyF70j6/dr7KyhTU0Pgu15/ixOVy6QlbrweyYrlW644HXEt0tBHGJfrzg
K0gyjoNblRq5A/BUUBnBi2IrhXCyuYqsB9gTMrxWr+tGim7lLmOjZ/N5tMjXhWnT
0pQ13ok+uRiOVVldcKgvoflMYS1zR7AIeUViaqjcwPaw85kxJdf6NOg2QWt3IqVw
IoKfR4kSgwtvdWDWUw8XJceIANO1iQ4OgMbtpioveXiOzPKYTYCoHGCg3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA3PYjuW7J68reZvR6A1vYCn+kKTMB8GA1UdIwQY
MBaAFMI26MIW8FqdngMn8SIr8SGYq6XaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgt
Mzg0ZmZjZTc3ZjUyLzEvRGM5aU81YnNucnl0NW05SG9EVzlnS2Y2UXBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgtMzg0ZmZjZTc3ZjUy
LzEvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgckhg/A
MA0GCSqGSIb3DQEBCwUAA4IBAQCU5B713YG/anKbtUdZOqB2GP8MHGUDIHV/R7hK
PJCA7Xxb2HbNE8UFPyYKwmdD1CWj+rENtIqeqRvoZOaFK8YnVBCDfvplEnY3W8id
pm9WBB42/jO0EoZ9p3tbAxq0wyxAgg71lwo+9fvsGmRWSvIl+TlUT0QNXFPGwVk6
zAYPMLB+SNovPhu8pUxoXhBh8CP2jeMyyCyW/V0ini1pXISmvoNprKhAy86WfRrW
pWx4p0TIHhT9Jffoy7NT08r60Z2EYyVkqUuFbj78DUzdOomft/9bkppRx9jS/QfK
exeEHmxpOd2QTJNcoEGuZK5Xkl1F1bqdabEZcfr4apXAFUQW
-----END CERTIFICATE-----