Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/Z17Ca-3wpAdAGyuZ8ZrakW830ts.roa
File:                     Z17Ca-3wpAdAGyuZ8ZrakW830ts.roa (raw, json)
Hash identifier:          IhQelhqe8/ukvLEB8DR833OQfz6lCebNXrejFEQA5y0=
Subject key identifier:   67:5E:C2:6B:ED:F0:A4:07:40:1B:2B:99:F1:9A:DA:91:6F:37:D2:DB
Certificate issuer:       /CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
Certificate serial:       018FE818C21D3AD94DCA3F2B527548042F8F
Authority key identifier: 2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/Z17Ca-3wpAdAGyuZ8ZrakW830ts.roa
Signing time:             Wed 05 Jun 2024 11:11:27 +0000
ROA not before:           Wed 05 Jun 2024 11:11:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39238
IP address blocks:        2a0e:7040::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e8:18:c2:1d:3a:d9:4d:ca:3f:2b:52:75:48:04:2f:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
        Validity
            Not Before: Jun  5 11:11:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=675ec26bedf0a407401b2b99f19ada916f37d2db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:30:6d:34:bc:27:ca:f0:98:25:43:86:43:bc:
                    64:88:3d:a7:31:b5:ca:d0:6f:cc:2f:37:a6:58:2a:
                    7c:a4:21:e3:7b:bc:ae:fb:77:79:30:b3:71:6c:11:
                    f6:87:b6:f1:11:60:f2:41:e0:2f:1c:bf:1b:de:f8:
                    61:5f:c5:36:4b:11:76:76:de:00:61:44:fb:c9:01:
                    10:c9:a9:d8:21:a3:1f:79:2b:02:9c:04:03:b4:b9:
                    c8:55:a7:6d:1a:af:e6:86:74:79:f7:4f:85:7c:83:
                    1b:d9:81:4e:0d:f0:00:71:a6:2e:e6:51:a5:6f:39:
                    31:1e:98:53:3c:a5:01:eb:e3:3e:ba:69:62:56:74:
                    85:d1:6e:4e:3a:a0:d5:eb:3c:f3:30:4a:90:6d:96:
                    48:25:96:ab:d2:3e:46:8f:5f:3c:b9:a5:7d:aa:87:
                    ee:fd:0e:b7:68:96:30:3a:c7:15:33:5d:9d:55:42:
                    79:f0:27:ff:31:37:3f:2f:c2:75:5d:00:89:14:a5:
                    0e:37:11:9b:b3:f6:58:b6:36:9c:ea:2c:50:d5:a4:
                    7a:f4:b6:57:56:64:6d:1a:96:5e:a9:17:95:c9:5b:
                    57:50:c6:be:92:ea:e8:d7:03:a8:bf:f8:70:76:67:
                    64:24:15:57:51:12:1e:37:00:ee:f4:4a:d4:24:f7:
                    56:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:5E:C2:6B:ED:F0:A4:07:40:1B:2B:99:F1:9A:DA:91:6F:37:D2:DB
            X509v3 Authority Key Identifier:
                keyid:2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/Z17Ca-3wpAdAGyuZ8ZrakW830ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:7040::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:ff:6c:12:bc:9c:8a:5f:4a:7c:31:98:5b:d0:12:17:98:30:
         8f:41:29:c5:74:8c:0d:1d:92:7e:88:73:3f:c9:a0:23:3e:01:
         97:09:49:04:a2:17:47:e4:72:54:c9:03:3b:fb:cf:02:84:21:
         ef:a8:4d:83:99:08:fb:ef:5f:9e:05:20:77:a1:f1:3d:23:a2:
         6d:4b:10:95:43:2e:4c:86:82:ac:98:67:ee:c1:33:c4:d1:24:
         a7:46:24:11:d3:24:00:80:b4:01:87:c7:a8:32:f4:28:99:b6:
         f0:01:28:f5:af:68:d7:39:74:e4:5c:0e:33:dc:08:ce:41:c3:
         32:30:6f:f7:30:65:f3:51:0d:4c:2f:87:ce:8b:25:1a:a8:57:
         8a:00:82:80:8c:15:3d:fa:55:aa:6d:5d:3b:8a:41:1d:02:23:
         5d:bb:2d:4c:b0:9f:e1:2c:39:b9:96:0a:e3:69:83:a2:7d:93:
         e8:2b:f3:69:8c:fa:a0:a8:67:32:d9:59:b8:ce:ca:3c:1e:6f:
         0a:4f:fa:6d:06:8c:d6:af:be:04:a3:8e:c7:9b:22:53:3f:32:
         09:56:d6:82:f4:78:f1:db:1c:26:24:cc:be:56:b2:75:ff:55:
         74:d9:0d:f6:f8:32:e1:6f:a2:b7:a5:1d:2d:f8:67:fe:53:92:
         cb:29:3e:46
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY/oGMIdOtlNyj8rUnVIBC+PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNWNhYjhhMDlhOWZkZTIzYzk2MzVmOGUxNjRhZWYwOWUx
Nzk0OGMwHhcNMjQwNjA1MTExMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzVlYzI2YmVkZjBhNDA3NDAxYjJiOTlmMTlhZGE5MTZmMzdkMmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2zBtNLwnyvCYJUOGQ7xkiD2nMbXK
0G/MLzemWCp8pCHje7yu+3d5MLNxbBH2h7bxEWDyQeAvHL8b3vhhX8U2SxF2dt4A
YUT7yQEQyanYIaMfeSsCnAQDtLnIVadtGq/mhnR590+FfIMb2YFODfAAcaYu5lGl
bzkxHphTPKUB6+M+umliVnSF0W5OOqDV6zzzMEqQbZZIJZar0j5Gj188uaV9qofu
/Q63aJYwOscVM12dVUJ58Cf/MTc/L8J1XQCJFKUONxGbs/ZYtjac6ixQ1aR69LZX
VmRtGpZeqReVyVtXUMa+kuro1wOov/hwdmdkJBVXURIeNwDu9ErUJPdWewIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGdewmvt8KQHQBsrmfGa2pFvN9LbMB8GA1UdIwQY
MBaAFC9cq4oJqf3iPJY1+OFkrvCeF5SMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUt
MDAyZjI2ZTNiODk4LzEvWjE3Q2EtM3dwQWRBR3l1WjhacmFrVzgzMHRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUtMDAyZjI2ZTNiODk4
LzEvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg5wQDAN
BgkqhkiG9w0BAQsFAAOCAQEAWv9sErycil9KfDGYW9ASF5gwj0EpxXSMDR2Sfohz
P8mgIz4BlwlJBKIXR+RyVMkDO/vPAoQh76hNg5kI++9fngUgd6HxPSOibUsQlUMu
TIaCrJhn7sEzxNEkp0YkEdMkAIC0AYfHqDL0KJm28AEo9a9o1zl05FwOM9wIzkHD
MjBv9zBl81ENTC+HzoslGqhXigCCgIwVPfpVqm1dO4pBHQIjXbstTLCf4Sw5uZYK
42mDon2T6CvzaYz6oKhnMtlZuM7KPB5vCk/6bQaM1q++BKOOx5siUz8yCVbWgvR4
8dscJiTMvlaydf9VdNkN9vgy4W+it6UdLfhn/lOSyyk+Rg==
-----END CERTIFICATE-----