Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/fNjWaeaf9yQDDdref_yuAIypVfc.roa
File:                     fNjWaeaf9yQDDdref_yuAIypVfc.roa (raw, json)
Hash identifier:          6dCWf82R7IlFUE99ReHfgLAzQ0EbJdMSMRo/i+m9qUk=
Subject key identifier:   7C:D8:D6:69:E6:9F:F7:24:03:0D:DA:DE:7F:FC:AE:00:8C:A9:55:F7
Certificate issuer:       /CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
Certificate serial:       018F061F0BDEA043BA25AAB2D2562F3321F7
Authority key identifier: 2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/fNjWaeaf9yQDDdref_yuAIypVfc.roa
Signing time:             Mon 22 Apr 2024 14:04:08 +0000
ROA not before:           Mon 22 Apr 2024 14:04:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0d:3045::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 14:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:1f:0b:de:a0:43:ba:25:aa:b2:d2:56:2f:33:21:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
        Validity
            Not Before: Apr 22 14:04:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cd8d669e69ff724030ddade7ffcae008ca955f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:06:72:04:04:1b:6d:c5:43:06:df:4b:7c:9d:
                    39:04:70:5c:cf:e1:96:5d:9a:05:45:ba:b0:de:b1:
                    c0:48:1c:c6:20:08:e3:d8:6f:ba:36:61:45:df:69:
                    7a:fb:61:a5:85:64:dc:0c:6c:41:04:99:0b:f6:c9:
                    2e:2b:cb:19:4a:9c:7b:0a:13:72:d7:fa:45:97:7b:
                    77:b3:89:e4:5a:dc:7f:8d:8c:cb:b5:ff:a3:0e:1d:
                    ae:c0:84:3f:c5:b5:58:93:55:80:e4:f2:ff:eb:eb:
                    62:dc:97:3b:61:04:27:82:1a:61:20:97:47:81:78:
                    e5:f3:29:df:12:14:f9:ee:32:50:a9:f6:0e:84:27:
                    99:10:00:15:be:7f:3a:dc:a0:94:a3:76:82:cf:20:
                    f9:46:45:c2:f6:78:93:9d:7e:4f:0c:34:d5:68:4c:
                    f5:3f:7d:49:ed:81:0c:4b:4f:3b:5f:f7:fb:cc:e4:
                    66:0d:9b:71:68:a1:b9:4b:65:8d:31:fe:ed:4d:7e:
                    e3:74:88:72:05:48:01:06:50:fd:3f:c1:d7:c8:d9:
                    af:92:7f:47:c9:0c:34:b6:14:d0:92:27:5d:7a:14:
                    93:f2:e1:53:c9:01:dc:e2:54:23:8b:ab:66:c9:a9:
                    f3:ac:04:b7:8d:a8:6b:8a:14:7f:fe:3c:59:51:5d:
                    a6:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:D8:D6:69:E6:9F:F7:24:03:0D:DA:DE:7F:FC:AE:00:8C:A9:55:F7
            X509v3 Authority Key Identifier:
                keyid:2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/fNjWaeaf9yQDDdref_yuAIypVfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:3045::/32

    Signature Algorithm: sha256WithRSAEncryption
         49:0c:8c:18:bc:73:02:1e:7e:62:01:5b:68:44:db:12:7c:66:
         0c:f0:3b:59:0a:1c:97:fe:be:05:24:3d:68:85:d1:dd:84:c0:
         fe:92:fe:3a:68:f4:35:40:74:66:aa:a2:92:e3:2e:8d:ba:b5:
         a1:31:83:63:46:bc:bb:43:12:80:07:e8:f5:45:2f:59:56:88:
         97:31:15:19:ed:2b:fd:8c:81:dc:68:c9:16:40:00:1b:f9:d5:
         40:15:d0:c9:88:3e:9f:73:ea:81:30:bf:17:13:c2:a4:de:a6:
         80:34:cd:13:fa:9c:9a:1a:24:61:90:51:00:9c:8d:78:b1:27:
         95:66:f3:9d:90:61:fc:3d:04:a2:b3:38:07:42:f8:7a:b1:0c:
         d5:79:cb:c8:79:7d:03:18:08:8d:ed:68:b1:b9:4f:d9:be:80:
         0c:d1:f1:bc:68:97:6c:f5:d9:17:e7:fc:b3:8e:a7:41:d2:a4:
         4e:cf:2b:ca:59:4b:ff:b0:cb:0b:9d:a9:ae:45:1a:f1:96:dd:
         b5:07:fa:78:95:41:45:6e:50:e0:f5:2e:e6:b3:f9:dc:b7:ae:
         60:3b:30:95:90:37:43:26:cb:47:bf:86:5c:b5:c1:ae:33:31:
         5a:c7:06:4c:2a:a3:f8:6b:d3:b9:c3:09:4c:a2:da:2b:eb:df:
         53:81:88:65
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8GHwveoEO6Jaqy0lYvMyH3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNWNhYjhhMDlhOWZkZTIzYzk2MzVmOGUxNjRhZWYwOWUx
Nzk0OGMwHhcNMjQwNDIyMTQwNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Q4ZDY2OWU2OWZmNzI0MDMwZGRhZGU3ZmZjYWUwMDhjYTk1NWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAZyBAQbbcVDBt9LfJ05BHBcz+GW
XZoFRbqw3rHASBzGIAjj2G+6NmFF32l6+2GlhWTcDGxBBJkL9skuK8sZSpx7ChNy
1/pFl3t3s4nkWtx/jYzLtf+jDh2uwIQ/xbVYk1WA5PL/6+ti3Jc7YQQnghphIJdH
gXjl8ynfEhT57jJQqfYOhCeZEAAVvn863KCUo3aCzyD5RkXC9niTnX5PDDTVaEz1
P31J7YEMS087X/f7zORmDZtxaKG5S2WNMf7tTX7jdIhyBUgBBlD9P8HXyNmvkn9H
yQw0thTQkiddehST8uFTyQHc4lQji6tmyanzrAS3jahrihR//jxZUV2mEQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHzY1mnmn/ckAw3a3n/8rgCMqVX3MB8GA1UdIwQY
MBaAFC9cq4oJqf3iPJY1+OFkrvCeF5SMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUt
MDAyZjI2ZTNiODk4LzEvZk5qV2FlYWY5eVFERGRyZWZfeXVBSXlwVmZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUtMDAyZjI2ZTNiODk4
LzEvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg0wRTAN
BgkqhkiG9w0BAQsFAAOCAQEASQyMGLxzAh5+YgFbaETbEnxmDPA7WQocl/6+BSQ9
aIXR3YTA/pL+Omj0NUB0ZqqikuMujbq1oTGDY0a8u0MSgAfo9UUvWVaIlzEVGe0r
/YyB3GjJFkAAG/nVQBXQyYg+n3PqgTC/FxPCpN6mgDTNE/qcmhokYZBRAJyNeLEn
lWbznZBh/D0EorM4B0L4erEM1XnLyHl9AxgIje1osblP2b6ADNHxvGiXbPXZF+f8
s46nQdKkTs8ryllL/7DLC52prkUa8ZbdtQf6eJVBRW5Q4PUu5rP53LeuYDswlZA3
QybLR7+GXLXBrjMxWscGTCqj+GvTucMJTKLaK+vfU4GIZQ==
-----END CERTIFICATE-----