Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/7cba62-77d0-4118-a4c5-a1076d127ec6/1/c7E7BZN2hHJD8xHC0x1eXKjZ4tY.roa
File:                     c7E7BZN2hHJD8xHC0x1eXKjZ4tY.roa (raw, json)
Hash identifier:          VNCom27Rx7WcJqjOORXm3U3Z/VES61eGmIIwo8r6gMU=
Subject key identifier:   73:B1:3B:05:93:76:84:72:43:F3:11:C2:D3:1D:5E:5C:A8:D9:E2:D6
Certificate issuer:       /CN=d2c17db099bd419eba552a37704deeed3b2e303b
Certificate serial:       0190C12F331E5C65EC23C918A880C8A0A8EA
Authority key identifier: D2:C1:7D:B0:99:BD:41:9E:BA:55:2A:37:70:4D:EE:ED:3B:2E:30:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0sF9sJm9QZ66VSo3cE3u7TsuMDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/7cba62-77d0-4118-a4c5-a1076d127ec6/1/c7E7BZN2hHJD8xHC0x1eXKjZ4tY.roa
Signing time:             Wed 17 Jul 2024 14:53:34 +0000
ROA not before:           Wed 17 Jul 2024 14:53:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202719
IP address blocks:        2a03:61a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/7cba62-77d0-4118-a4c5-a1076d127ec6/1/0sF9sJm9QZ66VSo3cE3u7TsuMDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/7cba62-77d0-4118-a4c5-a1076d127ec6/1/0sF9sJm9QZ66VSo3cE3u7TsuMDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0sF9sJm9QZ66VSo3cE3u7TsuMDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 14:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c1:2f:33:1e:5c:65:ec:23:c9:18:a8:80:c8:a0:a8:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2c17db099bd419eba552a37704deeed3b2e303b
        Validity
            Not Before: Jul 17 14:53:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73b13b059376847243f311c2d31d5e5ca8d9e2d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:12:69:f1:eb:3d:16:44:18:6c:71:6c:86:68:
                    50:9d:97:41:90:6f:ef:cb:82:5d:d8:48:7e:78:79:
                    62:1d:4d:ed:99:d3:f7:19:1f:fb:0c:c5:c2:1c:6e:
                    dc:03:53:dd:81:d2:99:fc:1e:e7:70:a5:cb:5e:94:
                    e2:b9:60:40:df:f0:0c:0c:16:a9:d5:d9:a1:c6:5e:
                    d1:0f:3d:2c:1e:74:aa:91:3b:a6:5d:60:7c:e8:2e:
                    2f:29:2c:22:9d:eb:6f:a8:f1:ec:93:53:53:60:84:
                    39:ec:0b:e8:cc:02:b2:1a:18:37:8c:f7:c2:11:02:
                    69:75:b5:77:df:e9:e9:fb:42:31:5c:89:1e:55:72:
                    b7:53:fe:05:c6:dd:92:8e:a0:ae:e8:75:a9:93:b9:
                    ac:98:78:bd:ba:7f:27:25:86:f2:d7:60:e6:d8:79:
                    34:99:a2:4f:cf:ef:bd:0f:1b:cc:8d:cd:1b:fa:c6:
                    a6:59:c2:8d:9c:fb:81:71:94:db:a0:5f:c3:ab:85:
                    b9:71:51:f0:19:21:94:fa:00:f4:5c:6a:18:64:7c:
                    55:02:da:d8:4d:26:05:a4:86:0e:88:11:66:1c:4a:
                    3a:03:bf:9c:e1:9d:60:e7:23:60:73:ec:9d:7f:4b:
                    54:fa:89:1f:ab:e1:bf:d7:20:9f:51:6c:4e:97:b5:
                    df:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:B1:3B:05:93:76:84:72:43:F3:11:C2:D3:1D:5E:5C:A8:D9:E2:D6
            X509v3 Authority Key Identifier:
                keyid:D2:C1:7D:B0:99:BD:41:9E:BA:55:2A:37:70:4D:EE:ED:3B:2E:30:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0sF9sJm9QZ66VSo3cE3u7TsuMDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7cba62-77d0-4118-a4c5-a1076d127ec6/1/c7E7BZN2hHJD8xHC0x1eXKjZ4tY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7cba62-77d0-4118-a4c5-a1076d127ec6/1/0sF9sJm9QZ66VSo3cE3u7TsuMDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:61a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:6e:73:b8:9c:e1:56:9c:45:f5:89:19:0e:98:f9:4a:af:e6:
         66:47:b8:e5:cc:ea:68:97:d8:6f:7a:9f:fe:33:4d:0e:c9:4f:
         34:3b:9c:0a:01:03:17:77:4e:3a:dc:9e:37:5f:97:8c:0a:39:
         e0:3d:e4:a5:f5:a6:c0:a9:3b:8e:fd:d8:39:da:29:f4:1b:fe:
         14:2f:32:13:18:64:b0:9a:71:40:47:8c:22:93:85:bc:df:0b:
         99:2d:4f:2f:81:ac:4e:15:ce:13:19:c8:3b:86:53:67:2e:d5:
         7e:5d:5a:82:a6:50:dc:cc:cf:56:b4:6f:5a:a7:58:18:d7:f8:
         fc:d2:fd:34:be:06:8d:5c:bb:ed:16:70:b9:57:f8:98:9c:98:
         f3:74:96:cd:8b:d1:4c:84:d0:01:08:99:25:f7:d1:1c:3f:be:
         e9:d8:46:23:c7:58:10:a8:78:1c:d7:66:09:a9:1b:16:40:c5:
         f3:c0:ad:56:31:d7:35:c1:52:25:76:1b:1e:73:de:fb:d1:c2:
         6d:6e:db:7a:3c:c0:0d:e1:71:3d:43:55:37:30:52:2a:7e:34:
         ae:24:c3:e9:be:b1:a6:77:ff:92:c3:27:98:2d:dc:92:88:a9:
         24:fc:a0:ef:41:66:43:ff:a3:2e:21:98:e9:54:33:6d:98:81:
         f6:67:66:aa
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZDBLzMeXGXsI8kYqIDIoKjqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYzE3ZGIwOTliZDQxOWViYTU1MmEzNzcwNGRlZWVkM2Iy
ZTMwM2IwHhcNMjQwNzE3MTQ1MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2IxM2IwNTkzNzY4NDcyNDNmMzExYzJkMzFkNWU1Y2E4ZDllMmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRJp8es9FkQYbHFshmhQnZdBkG/v
y4Jd2Eh+eHliHU3tmdP3GR/7DMXCHG7cA1PdgdKZ/B7ncKXLXpTiuWBA3/AMDBap
1dmhxl7RDz0sHnSqkTumXWB86C4vKSwinetvqPHsk1NTYIQ57AvozAKyGhg3jPfC
EQJpdbV33+np+0IxXIkeVXK3U/4Fxt2SjqCu6HWpk7msmHi9un8nJYby12Dm2Hk0
maJPz++9DxvMjc0b+samWcKNnPuBcZTboF/Dq4W5cVHwGSGU+gD0XGoYZHxVAtrY
TSYFpIYOiBFmHEo6A7+c4Z1g5yNgc+ydf0tU+okfq+G/1yCfUWxOl7XfdwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHOxOwWTdoRyQ/MRwtMdXlyo2eLWMB8GA1UdIwQY
MBaAFNLBfbCZvUGeulUqN3BN7u07LjA7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHNGOXNKbTlRWjY2VlNvM2NFM3U3VHN1TURzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83Y2JhNjItNzdkMC00MTE4LWE0YzUt
YTEwNzZkMTI3ZWM2LzEvYzdFN0JaTjJoSEpEOHhIQzB4MWVYS2paNHRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83Y2JhNjItNzdkMC00MTE4LWE0YzUtYTEwNzZkMTI3ZWM2
LzEvMHNGOXNKbTlRWjY2VlNvM2NFM3U3VHN1TURzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgNhoDAN
BgkqhkiG9w0BAQsFAAOCAQEAKW5zuJzhVpxF9YkZDpj5Sq/mZke45czqaJfYb3qf
/jNNDslPNDucCgEDF3dOOtyeN1+XjAo54D3kpfWmwKk7jv3YOdop9Bv+FC8yExhk
sJpxQEeMIpOFvN8LmS1PL4GsThXOExnIO4ZTZy7Vfl1agqZQ3MzPVrRvWqdYGNf4
/NL9NL4GjVy77RZwuVf4mJyY83SWzYvRTITQAQiZJffRHD++6dhGI8dYEKh4HNdm
CakbFkDF88CtVjHXNcFSJXYbHnPe+9HCbW7bejzADeFxPUNVNzBSKn40riTD6b6x
pnf/ksMnmC3ckoipJPyg70FmQ/+jLiGY6VQzbZiB9mdmqg==
-----END CERTIFICATE-----