Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/o9hz7NzlKPft6W3ki-Qb3oTHxAo.roa
File:                     o9hz7NzlKPft6W3ki-Qb3oTHxAo.roa (raw, json)
Hash identifier:          IvoBbga6R/Vbx7gV/ouKio4leDG8f0ROesoLZbEQaHY=
Subject key identifier:   A3:D8:73:EC:DC:E5:28:F7:ED:E9:6D:E4:8B:E4:1B:DE:84:C7:C4:0A
Certificate issuer:       /CN=8e3f1663996be1707611fdce1ddea8920dd398a3
Certificate serial:       0191AF71490BCC72A568A1BBCF8F4A323514
Authority key identifier: 8E:3F:16:63:99:6B:E1:70:76:11:FD:CE:1D:DE:A8:92:0D:D3:98:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/o9hz7NzlKPft6W3ki-Qb3oTHxAo.roa
Signing time:             Sun 01 Sep 2024 21:15:22 +0000
ROA not before:           Sun 01 Sep 2024 21:15:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397651
IP address blocks:        2a01:e300::/29 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:af:71:49:0b:cc:72:a5:68:a1:bb:cf:8f:4a:32:35:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e3f1663996be1707611fdce1ddea8920dd398a3
        Validity
            Not Before: Sep  1 21:15:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3d873ecdce528f7ede96de48be41bde84c7c40a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:a9:6c:09:07:4e:a4:71:b1:44:14:89:90:e5:
                    b1:a8:45:38:06:05:56:fa:ed:07:7a:60:3f:48:7a:
                    53:15:2c:35:58:13:dc:ac:e4:4e:7f:95:d9:12:eb:
                    6e:dd:f2:b9:74:1e:96:9a:40:e2:57:9c:a0:ea:94:
                    e7:0a:c6:5a:42:73:ed:31:06:6e:13:38:0e:4f:8d:
                    8f:0b:3c:c1:b5:65:8b:b5:ae:7f:f0:cf:33:df:76:
                    a0:91:f9:00:33:6b:bd:d4:60:58:b2:08:33:e3:55:
                    ce:d6:71:be:d4:7f:79:c4:e0:86:3e:a6:ec:fc:f6:
                    6d:73:42:55:94:59:5d:77:88:4d:5d:15:6e:6f:de:
                    b1:b7:88:1d:eb:e0:2c:38:9a:4f:7d:1f:74:87:3c:
                    05:66:d2:ff:aa:67:04:67:df:09:91:7f:85:8f:af:
                    0b:11:08:22:75:57:ea:90:f2:77:09:57:e5:a4:ea:
                    fb:40:f6:64:99:ca:95:ad:96:8c:cf:ba:48:41:9b:
                    5c:13:6f:e3:13:18:3a:77:f0:ba:e2:3b:b6:b9:0c:
                    d6:75:20:d6:d8:6a:a6:e0:71:44:da:ad:f5:55:00:
                    ad:09:64:69:3c:67:a6:b4:d2:9b:1e:74:cb:95:64:
                    2e:1f:46:34:50:07:03:40:d2:35:ed:f5:ee:7e:62:
                    f6:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:D8:73:EC:DC:E5:28:F7:ED:E9:6D:E4:8B:E4:1B:DE:84:C7:C4:0A
            X509v3 Authority Key Identifier:
                keyid:8E:3F:16:63:99:6B:E1:70:76:11:FD:CE:1D:DE:A8:92:0D:D3:98:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/o9hz7NzlKPft6W3ki-Qb3oTHxAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e300::/29

    Signature Algorithm: sha256WithRSAEncryption
         e4:8c:51:37:a6:09:61:13:af:de:cb:d3:a8:6c:e2:c1:de:16:
         cf:47:3a:50:ad:3f:69:71:fa:95:41:33:52:86:4c:eb:ca:27:
         3c:5c:e8:f6:61:0b:4a:5d:b6:8d:88:6e:70:d1:48:82:92:ea:
         8f:3e:9c:7d:dd:2c:80:ac:06:da:9e:ed:16:fb:1c:33:47:bc:
         00:a9:49:97:33:38:51:a5:80:b3:bb:0a:8f:84:5c:85:1e:e4:
         81:e4:b6:0c:06:14:35:ba:51:ad:09:88:4c:6f:2f:81:24:a1:
         2f:88:48:b6:ca:f6:26:63:7c:9e:bc:b4:0a:1b:47:ce:7b:87:
         52:9a:50:28:bd:ff:9e:5d:e1:77:fa:64:f6:d5:3a:28:d0:3d:
         01:4d:36:dd:a5:e1:38:0c:33:21:b4:51:12:65:72:c6:dd:ff:
         9e:8c:f7:02:21:91:55:75:1a:55:b4:a4:d7:d8:51:17:91:08:
         d1:7b:83:1a:0d:38:2c:98:d1:72:0d:c1:66:f8:5c:d2:9e:93:
         80:3b:d3:c0:9d:9b:c5:74:a3:f5:44:4e:49:bc:b9:8f:1d:e4:
         fe:16:dd:42:1a:4f:06:61:5a:6f:12:43:6d:b0:c4:59:56:85:
         3c:7a:b8:48:2c:9e:5e:1f:72:d8:62:5d:3f:4d:37:6d:b0:02:
         c2:c3:b2:2b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZGvcUkLzHKlaKG7z49KMjUUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlM2YxNjYzOTk2YmUxNzA3NjExZmRjZTFkZGVhODkyMGRk
Mzk4YTMwHhcNMjQwOTAxMjExNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2Q4NzNlY2RjZTUyOGY3ZWRlOTZkZTQ4YmU0MWJkZTg0YzdjNDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnqlsCQdOpHGxRBSJkOWxqEU4BgVW
+u0HemA/SHpTFSw1WBPcrOROf5XZEutu3fK5dB6WmkDiV5yg6pTnCsZaQnPtMQZu
EzgOT42PCzzBtWWLta5/8M8z33agkfkAM2u91GBYsggz41XO1nG+1H95xOCGPqbs
/PZtc0JVlFldd4hNXRVub96xt4gd6+AsOJpPfR90hzwFZtL/qmcEZ98JkX+Fj68L
EQgidVfqkPJ3CVflpOr7QPZkmcqVrZaMz7pIQZtcE2/jExg6d/C64ju2uQzWdSDW
2Gqm4HFE2q31VQCtCWRpPGemtNKbHnTLlWQuH0Y0UAcDQNI17fXufmL2OQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKPYc+zc5Sj37elt5IvkG96Ex8QKMB8GA1UdIwQY
MBaAFI4/FmOZa+FwdhH9zh3eqJIN05ijMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamo4V1k1bHI0WEIyRWYzT0hkNm9rZzNUbUtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9jZDk3Y2MtY2UyYi00MjY0LTllNzkt
YzhmOWJlN2QxOWRmLzEvbzloejdOemxLUGZ0Nlcza2ktUWIzb1RIeEFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9jZDk3Y2MtY2UyYi00MjY0LTllNzktYzhmOWJlN2QxOWRm
LzEvamo4V1k1bHI0WEIyRWYzT0hkNm9rZzNUbUtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHjADAN
BgkqhkiG9w0BAQsFAAOCAQEA5IxRN6YJYROv3svTqGziwd4Wz0c6UK0/aXH6lUEz
UoZM68onPFzo9mELSl22jYhucNFIgpLqjz6cfd0sgKwG2p7tFvscM0e8AKlJlzM4
UaWAs7sKj4RchR7kgeS2DAYUNbpRrQmITG8vgSShL4hItsr2JmN8nry0ChtHznuH
UppQKL3/nl3hd/pk9tU6KNA9AU023aXhOAwzIbRREmVyxt3/noz3AiGRVXUaVbSk
19hRF5EI0XuDGg04LJjRcg3BZvhc0p6TgDvTwJ2bxXSj9UROSby5jx3k/hbdQhpP
BmFabxJDbbDEWVaFPHq4SCyeXh9y2GJdP003bbACwsOyKw==
-----END CERTIFICATE-----