Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/IUQI2zMjunczxga5TKmh9g3_-p4.roa
File:                     IUQI2zMjunczxga5TKmh9g3_-p4.roa (raw, json)
Hash identifier:          RlUaeJ5nP3WOiJ8MyZhK62jB9TLh48VQgTWNlNmJBvE=
Subject key identifier:   21:44:08:DB:33:23:BA:77:33:C6:06:B9:4C:A9:A1:F6:0D:FF:FA:9E
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018F2E0974AC79A1DF2ADD98E6754157197A
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/IUQI2zMjunczxga5TKmh9g3_-p4.roa
Signing time:             Tue 30 Apr 2024 08:05:22 +0000
ROA not before:           Tue 30 Apr 2024 08:05:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2376
IP address blocks:        2a01:dfff::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2e:09:74:ac:79:a1:df:2a:dd:98:e6:75:41:57:19:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Apr 30 08:05:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=214408db3323ba7733c606b94ca9a1f60dfffa9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:68:a3:2b:bb:0a:4f:78:da:d9:eb:8a:a0:28:
                    64:3a:7b:86:5e:15:dc:01:8c:6c:f4:f1:08:6a:5f:
                    13:8a:bc:b9:16:69:26:b3:44:2a:84:b0:c8:54:a3:
                    7d:a4:9d:43:76:09:db:3d:ee:a2:d1:4d:da:4e:f0:
                    7c:ee:4b:af:56:64:1d:90:8f:80:b1:00:a6:9d:2d:
                    ac:80:82:13:cf:06:b0:07:3a:5c:7c:8b:c1:9b:8c:
                    42:4a:62:c9:09:e3:47:c2:5c:7c:6b:31:3d:e8:57:
                    e0:0e:67:f4:30:36:3c:7a:7f:1c:65:dd:0b:40:f9:
                    56:32:38:0c:90:64:90:d7:07:8e:c9:59:20:c2:c5:
                    71:f4:09:7d:a2:63:9f:75:ce:78:b0:4d:fd:0d:eb:
                    94:6e:06:bf:48:8d:a8:3d:c5:28:7f:98:a2:b4:d3:
                    56:2e:88:83:13:57:07:a3:17:a9:17:55:c5:cb:2d:
                    49:b1:09:c6:78:9c:5b:5b:79:f8:70:14:a2:bd:e3:
                    85:ee:43:1f:6c:e2:ce:d2:6e:d8:2d:33:d9:ab:10:
                    eb:f3:55:c7:b4:4a:f7:2e:41:6b:97:75:62:a2:fd:
                    eb:ae:6c:91:4e:da:2a:39:3a:b0:f1:80:03:9b:fa:
                    eb:fa:78:eb:e3:82:22:e0:aa:9e:3b:97:f3:6f:79:
                    9e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:44:08:DB:33:23:BA:77:33:C6:06:B9:4C:A9:A1:F6:0D:FF:FA:9E
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/IUQI2zMjunczxga5TKmh9g3_-p4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:dfff::/32

    Signature Algorithm: sha256WithRSAEncryption
         4d:33:be:74:67:0e:5f:32:36:92:15:96:c3:11:96:d0:8e:6f:
         59:18:ee:ca:89:d7:d0:31:0e:36:6e:39:7e:b5:df:38:be:9e:
         f1:86:56:07:74:53:d6:94:81:58:5b:e9:f0:5f:21:89:c3:a1:
         90:38:4c:10:18:e7:66:e1:57:38:28:a7:23:ca:8a:a3:8b:8e:
         db:6c:39:50:9c:8b:dc:a1:47:ce:49:3b:50:82:e5:01:58:16:
         2c:e4:cf:9b:99:05:97:44:f3:19:7f:bb:ab:ac:61:b7:5e:ee:
         37:4d:c1:71:df:69:45:59:fa:97:0c:7e:db:f9:7e:05:12:7a:
         9f:3b:29:39:76:92:7f:ae:a3:0e:0d:e8:d0:d6:48:95:ca:6e:
         00:3a:24:87:2f:27:16:4d:21:8d:05:cf:95:9d:c8:a7:f8:73:
         c9:2d:02:0f:d9:e3:a6:1e:00:bf:88:e7:38:c7:0c:fe:0b:6c:
         16:3c:56:e8:41:6c:13:13:9d:0e:45:40:00:5d:61:17:37:97:
         da:40:4d:07:34:d7:39:fb:88:91:68:14:a6:4e:33:70:78:8c:
         4c:ee:dc:b5:e2:9a:87:ce:a6:cc:d8:f4:f9:82:2c:ac:88:ed:
         a0:16:5a:0d:48:6c:07:b1:0c:ca:77:10:60:6b:0e:2c:95:81:
         74:69:76:dc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8uCXSseaHfKt2Y5nVBVxl6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwNDMwMDgwNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTQ0MDhkYjMzMjNiYTc3MzNjNjA2Yjk0Y2E5YTFmNjBkZmZmYTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2mijK7sKT3ja2euKoChkOnuGXhXc
AYxs9PEIal8Tiry5Fmkms0QqhLDIVKN9pJ1DdgnbPe6i0U3aTvB87kuvVmQdkI+A
sQCmnS2sgIITzwawBzpcfIvBm4xCSmLJCeNHwlx8azE96FfgDmf0MDY8en8cZd0L
QPlWMjgMkGSQ1weOyVkgwsVx9Al9omOfdc54sE39DeuUbga/SI2oPcUof5iitNNW
LoiDE1cHoxepF1XFyy1JsQnGeJxbW3n4cBSiveOF7kMfbOLO0m7YLTPZqxDr81XH
tEr3LkFrl3Viov3rrmyRTtoqOTqw8YADm/rr+njr44Ii4KqeO5fzb3mefwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCFECNszI7p3M8YGuUypofYN//qeMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvSVVRSTJ6TWp1bmN6eGdhNVRLbWg5ZzNfLXA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgHf/zAN
BgkqhkiG9w0BAQsFAAOCAQEATTO+dGcOXzI2khWWwxGW0I5vWRjuyonX0DEONm45
frXfOL6e8YZWB3RT1pSBWFvp8F8hicOhkDhMEBjnZuFXOCinI8qKo4uO22w5UJyL
3KFHzkk7UILlAVgWLOTPm5kFl0TzGX+7q6xht17uN03Bcd9pRVn6lwx+2/l+BRJ6
nzspOXaSf66jDg3o0NZIlcpuADokhy8nFk0hjQXPlZ3Ip/hzyS0CD9njph4Av4jn
OMcM/gtsFjxW6EFsExOdDkVAAF1hFzeX2kBNBzTXOfuIkWgUpk4zcHiMTO7cteKa
h86mzNj0+YIsrIjtoBZaDUhsB7EMyncQYGsOLJWBdGl23A==
-----END CERTIFICATE-----