Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/b7q5JfcnLdrvnwpKlMa6c_M9VF8.roa
File:                     b7q5JfcnLdrvnwpKlMa6c_M9VF8.roa (raw, json)
Hash identifier:          dh+HCFYFPFWLiIQP3jFaQ4HkmlTvf8XgslaSST1KzFk=
Subject key identifier:   6F:BA:B9:25:F7:27:2D:DA:EF:9F:0A:4A:94:C6:BA:73:F3:3D:54:5F
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019420D5B5F49EF7FC1F83D585257690BE0B
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/b7q5JfcnLdrvnwpKlMa6c_M9VF8.roa
Signing time:             Wed 01 Jan 2025 07:47:44 +0000
ROA not before:           Wed 01 Jan 2025 07:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56369
IP address blocks:        90.84.96.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:b5:f4:9e:f7:fc:1f:83:d5:85:25:76:90:be:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 07:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fbab925f7272ddaef9f0a4a94c6ba73f33d545f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:19:df:4f:05:6b:06:69:ec:a9:33:17:46:6f:
                    9a:f0:af:9f:20:2d:2c:e0:05:51:d0:1a:96:d7:15:
                    5c:5c:f1:12:64:58:3e:09:30:09:9a:eb:2b:10:c7:
                    08:45:38:4b:8d:fb:50:5a:6d:5e:06:82:f3:18:46:
                    03:2a:39:19:bc:17:13:cc:62:4b:ec:4e:f2:b4:26:
                    2b:27:11:03:77:d9:56:5d:ca:d0:14:ec:c0:a4:40:
                    a0:0c:08:02:56:6e:19:bf:1d:f1:cd:65:03:85:82:
                    3a:c7:97:18:49:24:07:ea:c5:22:e4:a8:3a:38:8a:
                    c4:6f:ec:b6:21:8d:e9:03:82:cb:f1:44:a3:4d:87:
                    e4:0e:25:b7:d3:0c:a1:a5:bf:30:6e:3a:ed:c3:97:
                    a1:1b:92:10:93:30:17:33:12:87:0c:0a:bd:1b:22:
                    cc:fa:b1:28:58:b0:c3:2f:0d:08:1f:33:60:42:eb:
                    14:65:7f:d0:40:30:e6:18:a9:e5:b7:89:9f:68:8b:
                    d6:d6:58:33:ef:a7:27:ec:f2:e1:2d:e9:7d:9b:f4:
                    8d:c4:86:52:19:a3:8b:ac:30:bf:40:2f:43:0d:a5:
                    0e:d4:b8:0a:3c:98:6a:e3:82:d7:88:d6:c0:d7:3e:
                    66:5d:33:77:96:8b:03:31:3a:65:92:93:28:a3:29:
                    aa:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:BA:B9:25:F7:27:2D:DA:EF:9F:0A:4A:94:C6:BA:73:F3:3D:54:5F
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/b7q5JfcnLdrvnwpKlMa6c_M9VF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.84.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         aa:cd:8e:fb:ae:9f:13:c4:a4:6d:3f:7d:f0:49:6b:28:5b:91:
         02:21:e1:0f:38:e7:29:1f:27:7a:4b:05:55:31:cf:31:0b:0d:
         e4:53:71:29:19:63:02:38:c3:ca:1d:05:5c:d7:fd:a3:1f:ad:
         8e:51:61:15:da:25:db:5d:68:41:a6:7d:80:67:02:47:b0:df:
         cb:76:4f:56:48:03:a6:30:76:98:f6:d5:50:32:f3:da:30:60:
         d1:75:f2:14:b6:a8:37:6b:29:53:8f:13:b8:67:36:93:e0:77:
         cd:ba:6d:9d:8e:64:5b:5a:c0:e6:a5:0b:7f:30:f6:2f:8a:b3:
         50:49:e5:bf:36:04:17:b2:99:31:79:f8:54:9b:d7:04:fe:f8:
         76:d0:a4:6d:9a:64:8a:38:18:39:e4:d2:1d:21:d5:78:a9:ec:
         1f:96:f8:5e:ea:1a:ea:51:a5:8a:ce:14:a3:d9:ad:8f:74:0b:
         92:38:6e:22:e9:7a:f1:2e:f3:23:7c:d9:80:36:93:96:f3:ec:
         28:bf:25:08:b3:72:1e:d7:65:07:3c:6d:5f:13:ea:99:b7:60:
         26:29:b3:26:6d:8d:ec:79:a9:2a:91:ee:c1:6b:1c:9d:09:ba:
         31:6c:13:d8:e7:28:80:1d:ba:0e:1f:14:0a:4c:a5:30:2f:70:
         45:d3:9c:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1bX0nvf8H4PVhSV2kL4LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwMTAxMDc0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmJhYjkyNWY3MjcyZGRhZWY5ZjBhNGE5NGM2YmE3M2YzM2Q1NDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBnfTwVrBmnsqTMXRm+a8K+fIC0s
4AVR0BqW1xVcXPESZFg+CTAJmusrEMcIRThLjftQWm1eBoLzGEYDKjkZvBcTzGJL
7E7ytCYrJxEDd9lWXcrQFOzApECgDAgCVm4Zvx3xzWUDhYI6x5cYSSQH6sUi5Kg6
OIrEb+y2IY3pA4LL8USjTYfkDiW30wyhpb8wbjrtw5ehG5IQkzAXMxKHDAq9GyLM
+rEoWLDDLw0IHzNgQusUZX/QQDDmGKnlt4mfaIvW1lgz76cn7PLhLel9m/SNxIZS
GaOLrDC/QC9DDaUO1LgKPJhq44LXiNbA1z5mXTN3losDMTplkpMooymq4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+6uSX3Jy3a758KSpTGunPzPVRfMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvYjdxNUpmY25MZHJ2bndwS2xNYTZjX005VkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFWlRgMA0G
CSqGSIb3DQEBCwUAA4IBAQCqzY77rp8TxKRtP33wSWsoW5ECIeEPOOcpHyd6SwVV
Mc8xCw3kU3EpGWMCOMPKHQVc1/2jH62OUWEV2iXbXWhBpn2AZwJHsN/Ldk9WSAOm
MHaY9tVQMvPaMGDRdfIUtqg3aylTjxO4ZzaT4HfNum2djmRbWsDmpQt/MPYvirNQ
SeW/NgQXspkxefhUm9cE/vh20KRtmmSKOBg55NIdIdV4qewflvhe6hrqUaWKzhSj
2a2PdAuSOG4i6XrxLvMjfNmANpOW8+wovyUIs3Ie12UHPG1fE+qZt2AmKbMmbY3s
eakqke7BaxydCboxbBPY5yiAHboOHxQKTKUwL3BF05zx
-----END CERTIFICATE-----