Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/q6lMLYBWWHaI77D3FXSw5Wr2ElE.roa
File:                     q6lMLYBWWHaI77D3FXSw5Wr2ElE.roa (raw, json)
Hash identifier:          RDjp+S5nCVNHZOUNOJBXdUN0SHwrIW2sMbv8OiahLGM=
Subject key identifier:   AB:A9:4C:2D:80:56:58:76:88:EF:B0:F7:15:74:B0:E5:6A:F6:12:51
Certificate issuer:       /CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
Certificate serial:       01916C8A836D15AC4D067230F66D41B482EC
Authority key identifier: 2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/q6lMLYBWWHaI77D3FXSw5Wr2ElE.roa
Signing time:             Mon 19 Aug 2024 21:28:22 +0000
ROA not before:           Mon 19 Aug 2024 21:28:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30788
IP address blocks:        2a09:7e00::/29 maxlen: 29
                          2a12:4140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6c:8a:83:6d:15:ac:4d:06:72:30:f6:6d:41:b4:82:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
        Validity
            Not Before: Aug 19 21:28:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aba94c2d8056587688efb0f71574b0e56af61251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ca:55:ad:91:e7:a0:b5:82:87:88:8d:e6:1f:
                    3a:ca:48:c2:de:6c:38:4c:d4:1b:d7:b2:02:fd:19:
                    8a:d6:59:d2:0a:85:d4:c4:59:f0:e1:4d:8a:a7:08:
                    c0:7c:dd:b7:e1:3f:bc:89:79:27:37:ad:17:8e:1b:
                    64:23:4c:b5:79:0b:8e:05:34:97:bd:02:8e:61:03:
                    c5:ba:58:98:2b:a7:ee:39:a3:c2:41:2f:4a:ca:3a:
                    fc:25:71:32:f7:19:f9:32:9b:93:82:5f:ab:16:86:
                    f2:80:d2:a4:b6:62:cf:c0:d3:4d:10:38:20:44:2d:
                    34:32:77:a1:68:d8:15:d8:1b:44:3b:90:0f:71:d3:
                    50:f3:8c:84:f1:7e:6e:d4:4d:56:0f:02:07:e7:51:
                    f1:8f:56:ba:f0:7e:34:19:01:88:ca:45:d0:58:45:
                    ae:b7:07:4e:2e:d7:f4:59:f7:74:be:16:a1:30:6f:
                    5b:3f:dd:c6:d6:b4:a4:48:7f:f5:fd:8a:aa:0e:3b:
                    b3:d9:87:32:bc:ec:2e:02:46:84:0b:6a:d4:ec:4f:
                    1b:d2:63:23:45:13:c6:6f:4a:1e:54:69:f0:6b:af:
                    2f:ce:f1:d1:f8:ea:10:4c:6a:d8:8a:f4:66:1b:6d:
                    c1:62:e3:60:fc:a1:6a:97:ab:02:9c:ba:cc:73:37:
                    7c:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:A9:4C:2D:80:56:58:76:88:EF:B0:F7:15:74:B0:E5:6A:F6:12:51
            X509v3 Authority Key Identifier:
                keyid:2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/q6lMLYBWWHaI77D3FXSw5Wr2ElE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7e00::/29
                  2a12:4140::/29

    Signature Algorithm: sha256WithRSAEncryption
         48:27:b0:99:d7:b6:c2:1d:01:ac:24:21:6a:7a:f9:fa:9a:5a:
         0d:01:a9:9a:8e:e1:35:f5:91:47:5c:ed:9c:65:d0:60:ce:da:
         e0:06:f3:ed:10:01:f3:1d:ff:5b:b8:cf:e5:a0:e6:17:6e:35:
         5d:47:dd:b8:41:b9:5b:e6:df:cf:97:a4:4f:a7:6d:62:48:c0:
         95:bf:17:a5:cc:e8:42:ae:62:ed:10:f8:38:ec:d7:cc:3f:cb:
         40:2f:70:a5:39:70:f5:c8:04:a0:ad:97:70:3f:8f:2c:67:b8:
         d2:d1:6e:88:20:86:b6:d6:ea:1d:6c:9a:82:37:43:80:c2:b8:
         9e:c6:8e:c2:00:be:87:55:fb:6b:14:76:98:da:41:d9:25:02:
         04:ed:8f:47:4e:3c:e3:19:fc:11:b5:46:9a:8c:70:0c:25:cf:
         d9:50:56:7e:1a:bd:dc:3c:79:b9:df:73:8e:53:d5:42:5b:db:
         dc:f0:e4:e4:34:fa:58:ed:e1:5f:ee:d3:6b:03:e0:89:65:51:
         f4:fa:b8:ef:b5:c1:6f:7d:26:5c:ad:b8:9e:7b:8a:80:c4:e1:
         e7:9f:79:80:f9:2b:39:ef:37:3a:01:a9:89:f8:3b:7a:a8:05:
         eb:e2:69:45:3d:51:d9:a5:de:1f:b7:60:3b:04:fc:e7:24:ce:
         5b:99:87:f9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZFsioNtFaxNBnIw9m1BtILsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNWNhYjhhMDlhOWZkZTIzYzk2MzVmOGUxNjRhZWYwOWUx
Nzk0OGMwHhcNMjQwODE5MjEyODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmE5NGMyZDgwNTY1ODc2ODhlZmIwZjcxNTc0YjBlNTZhZjYxMjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscpVrZHnoLWCh4iN5h86ykjC3mw4
TNQb17IC/RmK1lnSCoXUxFnw4U2KpwjAfN234T+8iXknN60XjhtkI0y1eQuOBTSX
vQKOYQPFuliYK6fuOaPCQS9Kyjr8JXEy9xn5MpuTgl+rFobygNKktmLPwNNNEDgg
RC00MnehaNgV2BtEO5APcdNQ84yE8X5u1E1WDwIH51Hxj1a68H40GQGIykXQWEWu
twdOLtf0Wfd0vhahMG9bP93G1rSkSH/1/YqqDjuz2YcyvOwuAkaEC2rU7E8b0mMj
RRPGb0oeVGnwa68vzvHR+OoQTGrYivRmG23BYuNg/KFql6sCnLrMczd8mQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKupTC2AVlh2iO+w9xV0sOVq9hJRMB8GA1UdIwQY
MBaAFC9cq4oJqf3iPJY1+OFkrvCeF5SMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUt
MDAyZjI2ZTNiODk4LzEvcTZsTUxZQldXSGFJNzdEM0ZYU3c1V3IyRWxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUtMDAyZjI2ZTNiODk4
LzEvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgl+AAMF
AyoSQUAwDQYJKoZIhvcNAQELBQADggEBAEgnsJnXtsIdAawkIWp6+fqaWg0BqZqO
4TX1kUdc7Zxl0GDO2uAG8+0QAfMd/1u4z+Wg5hduNV1H3bhBuVvm38+XpE+nbWJI
wJW/F6XM6EKuYu0Q+Djs18w/y0AvcKU5cPXIBKCtl3A/jyxnuNLRbogghrbW6h1s
moI3Q4DCuJ7GjsIAvodV+2sUdpjaQdklAgTtj0dOPOMZ/BG1RpqMcAwlz9lQVn4a
vdw8ebnfc45T1UJb29zw5OQ0+ljt4V/u02sD4IllUfT6uO+1wW99JlytuJ57ioDE
4eefeYD5KznvNzoBqYn4O3qoBeviaUU9Udml3h+3YDsE/OckzluZh/k=
-----END CERTIFICATE-----