Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/ubhZDa1_V77pIwvK6yCvZJwLacc.roa
File:                     ubhZDa1_V77pIwvK6yCvZJwLacc.roa (raw, json)
Hash identifier:          G4mjcb4WIb4gxOYbzLS+3W0B33rGpWA3o/LVcMc4KoE=
Subject key identifier:   B9:B8:59:0D:AD:7F:57:BE:E9:23:0B:CA:EB:20:AF:64:9C:0B:69:C7
Certificate issuer:       /CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
Certificate serial:       0191EBE4D7955B9F005DEDEA6E1C560380CE
Authority key identifier: C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/ubhZDa1_V77pIwvK6yCvZJwLacc.roa
Signing time:             Fri 13 Sep 2024 14:58:48 +0000
ROA not before:           Fri 13 Sep 2024 14:58:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215569
IP address blocks:        2a07:2486:4010::/44 maxlen: 44
                          2a07:2486:4010::/48 maxlen: 48
                          2a07:2486:401e::/48 maxlen: 48
                          2a07:2486:401f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:eb:e4:d7:95:5b:9f:00:5d:ed:ea:6e:1c:56:03:80:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
        Validity
            Not Before: Sep 13 14:58:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9b8590dad7f57bee9230bcaeb20af649c0b69c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2c:f2:3f:04:be:d6:42:c3:e2:90:1f:20:7c:
                    49:7e:35:3b:51:24:70:94:5f:43:52:05:01:16:a0:
                    4a:1a:87:43:08:5e:a8:a5:6e:46:45:a8:a7:e6:3f:
                    c5:a9:e5:aa:12:99:05:13:9b:1b:0c:06:00:2d:d3:
                    68:85:6c:07:00:ac:94:43:a1:38:29:a9:25:e2:ab:
                    4c:96:62:66:9e:ab:9d:71:34:b5:8e:55:e0:f8:e7:
                    df:93:d2:d3:d7:ab:b8:a5:6c:d2:39:62:1d:2b:17:
                    0f:b9:4d:44:87:a9:f7:4c:76:3c:05:0b:37:35:79:
                    88:24:52:23:8e:c3:57:11:e4:da:50:63:58:51:b1:
                    d5:17:80:83:ab:6e:b9:6a:9f:b5:f2:87:a6:ec:e0:
                    02:b7:2c:ec:2b:d0:28:c9:51:cb:56:4f:e2:35:5b:
                    5d:9b:7a:f6:2a:82:d7:0c:02:4d:ed:7e:fb:95:50:
                    1c:48:90:8e:73:71:e2:26:de:14:55:b8:35:28:c1:
                    3d:f6:bd:af:9f:a0:d3:ff:6d:a5:f3:d5:a3:2b:4f:
                    6d:ee:20:36:e1:a5:45:08:02:93:4c:30:d0:cd:71:
                    3a:0a:ab:56:45:4e:ae:cd:d6:33:f5:e4:a6:92:10:
                    79:5b:b2:7e:7b:2e:b3:3b:ba:44:88:c2:ec:00:45:
                    e8:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:B8:59:0D:AD:7F:57:BE:E9:23:0B:CA:EB:20:AF:64:9C:0B:69:C7
            X509v3 Authority Key Identifier:
                keyid:C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/ubhZDa1_V77pIwvK6yCvZJwLacc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2486:4010::/44

    Signature Algorithm: sha256WithRSAEncryption
         56:c6:6c:34:87:0d:bf:43:dc:47:2e:71:cc:aa:fe:9b:46:31:
         c3:71:2a:aa:28:0b:07:6b:57:08:6f:dc:ec:c4:54:c4:c4:5c:
         87:d0:eb:e3:0d:36:9e:2d:e8:f9:5d:b4:3c:5f:0b:6e:1e:d1:
         75:5a:50:9a:a0:a7:ba:2c:04:fa:91:4f:3c:47:32:44:b6:28:
         78:c9:08:65:b3:bf:4d:91:cd:07:f3:12:ff:55:36:8d:87:6d:
         d4:27:77:b0:29:e6:f5:e5:c1:f7:74:29:83:e8:f8:a4:e3:23:
         d9:63:02:6a:54:a3:d2:e1:fc:06:bb:2f:f6:57:fb:90:6b:57:
         bc:b3:09:5d:fe:41:69:f2:b8:39:c6:c6:28:82:29:6c:9d:8f:
         69:2c:97:34:0d:44:42:1a:a2:53:82:ec:c2:50:f4:a4:42:f7:
         93:4e:dd:af:0f:a9:d5:42:9f:e7:69:c7:2e:b4:23:63:f3:1d:
         fd:6a:68:58:c3:40:d8:44:3f:7d:39:a3:00:0d:5c:5a:83:40:
         cb:c9:9e:13:8d:3b:0b:e3:ba:bd:e0:12:ac:5a:b3:7c:98:0b:
         3e:c5:40:3a:57:8a:c9:ca:48:1c:cd:b3:72:1b:1a:54:16:b0:
         6d:d7:a2:44:00:96:5f:f3:95:b8:09:12:8b:2d:47:76:26:5a:
         6b:cf:7f:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZHr5NeVW58AXe3qbhxWA4DOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMzZlOGMyMTZmMDVhOWQ5ZTAzMjdmMTIyMmJmMTIxOThh
YmE1ZGEwHhcNMjQwOTEzMTQ1ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWI4NTkwZGFkN2Y1N2JlZTkyMzBiY2FlYjIwYWY2NDljMGI2OWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjizyPwS+1kLD4pAfIHxJfjU7USRw
lF9DUgUBFqBKGodDCF6opW5GRain5j/FqeWqEpkFE5sbDAYALdNohWwHAKyUQ6E4
Kakl4qtMlmJmnqudcTS1jlXg+Offk9LT16u4pWzSOWIdKxcPuU1Eh6n3THY8BQs3
NXmIJFIjjsNXEeTaUGNYUbHVF4CDq265ap+18oem7OACtyzsK9AoyVHLVk/iNVtd
m3r2KoLXDAJN7X77lVAcSJCOc3HiJt4UVbg1KME99r2vn6DT/22l89WjK09t7iA2
4aVFCAKTTDDQzXE6CqtWRU6uzdYz9eSmkhB5W7J+ey6zO7pEiMLsAEXo/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLm4WQ2tf1e+6SMLyusgr2ScC2nHMB8GA1UdIwQY
MBaAFMI26MIW8FqdngMn8SIr8SGYq6XaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgt
Mzg0ZmZjZTc3ZjUyLzEvdWJoWkRhMV9WNzdwSXd2SzZ5Q3ZaSndMYWNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgtMzg0ZmZjZTc3ZjUy
LzEvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgckhkAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBWxmw0hw2/Q9xHLnHMqv6bRjHDcSqqKAsHa1cI
b9zsxFTExFyH0OvjDTaeLej5XbQ8XwtuHtF1WlCaoKe6LAT6kU88RzJEtih4yQhl
s79Nkc0H8xL/VTaNh23UJ3ewKeb15cH3dCmD6Pik4yPZYwJqVKPS4fwGuy/2V/uQ
a1e8swld/kFp8rg5xsYogilsnY9pLJc0DURCGqJTguzCUPSkQveTTt2vD6nVQp/n
accutCNj8x39amhYw0DYRD99OaMADVxag0DLyZ4TjTsL47q94BKsWrN8mAs+xUA6
V4rJykgczbNyGxpUFrBt16JEAJZf85W4CRKLLUd2Jlprz3+H
-----END CERTIFICATE-----