Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/m7bCfdzWhSAMvNkJ8Wi2-U6Rlp8.roa
File:                     m7bCfdzWhSAMvNkJ8Wi2-U6Rlp8.roa (raw, json)
Hash identifier:          w5WwmE4hnTxjZzlvwsXIjFTsVJXWU/Wb1uBVsRDYsBI=
Subject key identifier:   9B:B6:C2:7D:DC:D6:85:20:0C:BC:D9:09:F1:68:B6:F9:4E:91:96:9F
Certificate issuer:       /CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
Certificate serial:       01905383A413B28F2F1C196EA9D4F0E18182
Authority key identifier: 2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/m7bCfdzWhSAMvNkJ8Wi2-U6Rlp8.roa
Signing time:             Wed 26 Jun 2024 07:47:34 +0000
ROA not before:           Wed 26 Jun 2024 07:47:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204916
IP address blocks:        2a0d:3047::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:53:83:a4:13:b2:8f:2f:1c:19:6e:a9:d4:f0:e1:81:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
        Validity
            Not Before: Jun 26 07:47:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bb6c27ddcd685200cbcd909f168b6f94e91969f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d5:1b:d8:0d:34:c3:6e:72:80:7b:5f:5a:35:
                    ac:9d:fb:19:b4:81:34:aa:61:28:fe:d0:ce:7c:c7:
                    15:bc:36:2f:f0:91:78:9b:14:ba:93:1a:d8:ec:b6:
                    4e:c2:42:a7:79:80:88:c3:36:5f:c3:0f:20:2a:b6:
                    e9:be:24:35:a7:f1:6c:5e:ee:8e:ee:b9:dd:b7:8f:
                    57:bc:3d:dc:45:36:43:58:87:65:92:58:eb:d9:f1:
                    5b:d6:a4:06:5a:0a:47:bc:af:d6:f9:82:c2:07:42:
                    9e:65:f9:ab:72:0c:a5:c1:f8:d4:07:c5:8f:e7:38:
                    69:3a:b9:75:e3:c7:db:34:bc:23:1f:72:e5:e8:6e:
                    6b:eb:fc:f1:38:47:6c:bb:63:f9:56:82:78:1f:5a:
                    6b:67:93:90:a2:f9:6f:40:93:2f:9f:02:44:c9:c6:
                    8a:2a:9a:14:20:dc:54:b4:f5:36:09:2b:e8:e7:f8:
                    f1:44:dd:fd:60:a4:85:74:93:23:91:ef:11:cf:62:
                    be:7d:c1:26:c5:31:ce:9c:04:1a:b0:0e:9c:9a:57:
                    58:db:d6:da:c5:8f:e2:1e:d1:68:54:19:fa:e1:5f:
                    0f:1c:55:24:81:27:88:73:36:b0:66:8c:3f:3f:90:
                    67:02:72:77:b4:6a:a3:6e:29:76:d1:1b:52:51:8b:
                    b8:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:B6:C2:7D:DC:D6:85:20:0C:BC:D9:09:F1:68:B6:F9:4E:91:96:9F
            X509v3 Authority Key Identifier:
                keyid:2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/m7bCfdzWhSAMvNkJ8Wi2-U6Rlp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:3047::/32

    Signature Algorithm: sha256WithRSAEncryption
         af:06:6a:79:f0:88:2d:28:a9:52:1d:f6:4f:e8:04:6c:2b:73:
         a7:8b:c1:d4:72:74:6a:90:63:8a:18:15:dc:51:f1:fb:02:e5:
         e2:52:2f:42:f2:89:1f:15:44:82:12:d2:e8:4a:dd:59:fc:37:
         91:ff:03:9c:97:d1:dc:af:38:3c:a3:eb:64:c8:a3:b0:32:59:
         94:7b:0a:42:19:2e:b2:5c:d7:29:b8:37:d1:78:91:63:9c:9c:
         60:01:61:06:a7:ea:72:07:7c:96:3e:ec:80:34:04:0e:07:30:
         f2:ea:35:f5:1d:81:c8:1a:7c:ca:f0:ea:8b:f3:07:2f:36:a2:
         1d:0c:11:5a:dc:97:13:af:78:7d:2a:73:be:9a:ed:66:6c:6b:
         02:fd:80:9d:dd:42:4c:eb:26:07:0f:5d:d3:20:c5:29:92:24:
         ce:24:a8:0e:8b:0f:f2:96:b6:a2:08:80:10:0d:bb:84:70:fa:
         5b:0b:85:85:bb:d8:6d:d4:a5:fd:b3:73:7f:c2:5f:93:99:5f:
         11:bb:b5:4a:4c:fa:4a:82:25:97:eb:97:37:f3:cc:37:a0:5d:
         c3:26:7f:2f:e6:98:be:65:09:cd:91:1f:97:15:39:b1:ec:c8:
         12:7f:07:c6:91:82:54:cc:af:49:75:20:4c:0c:24:cd:87:a3:
         5d:09:48:18
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBTg6QTso8vHBluqdTw4YGCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNWNhYjhhMDlhOWZkZTIzYzk2MzVmOGUxNjRhZWYwOWUx
Nzk0OGMwHhcNMjQwNjI2MDc0NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmI2YzI3ZGRjZDY4NTIwMGNiY2Q5MDlmMTY4YjZmOTRlOTE5NjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29Ub2A00w25ygHtfWjWsnfsZtIE0
qmEo/tDOfMcVvDYv8JF4mxS6kxrY7LZOwkKneYCIwzZfww8gKrbpviQ1p/FsXu6O
7rndt49XvD3cRTZDWIdlkljr2fFb1qQGWgpHvK/W+YLCB0KeZfmrcgylwfjUB8WP
5zhpOrl148fbNLwjH3Ll6G5r6/zxOEdsu2P5VoJ4H1prZ5OQovlvQJMvnwJEycaK
KpoUINxUtPU2CSvo5/jxRN39YKSFdJMjke8Rz2K+fcEmxTHOnAQasA6cmldY29ba
xY/iHtFoVBn64V8PHFUkgSeIczawZow/P5BnAnJ3tGqjbil20RtSUYu4OwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJu2wn3c1oUgDLzZCfFotvlOkZafMB8GA1UdIwQY
MBaAFC9cq4oJqf3iPJY1+OFkrvCeF5SMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUt
MDAyZjI2ZTNiODk4LzEvbTdiQ2ZkeldoU0FNdk5rSjhXaTItVTZSbHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUtMDAyZjI2ZTNiODk4
LzEvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg0wRzAN
BgkqhkiG9w0BAQsFAAOCAQEArwZqefCILSipUh32T+gEbCtzp4vB1HJ0apBjihgV
3FHx+wLl4lIvQvKJHxVEghLS6ErdWfw3kf8DnJfR3K84PKPrZMijsDJZlHsKQhku
slzXKbg30XiRY5ycYAFhBqfqcgd8lj7sgDQEDgcw8uo19R2ByBp8yvDqi/MHLzai
HQwRWtyXE694fSpzvprtZmxrAv2And1CTOsmBw9d0yDFKZIkziSoDosP8pa2ogiA
EA27hHD6WwuFhbvYbdSl/bNzf8Jfk5lfEbu1Skz6SoIll+uXN/PMN6BdwyZ/L+aY
vmUJzZEflxU5sezIEn8HxpGCVMyvSXUgTAwkzYejXQlIGA==
-----END CERTIFICATE-----