Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/R091Ka0j_VXnFQJCZSHV0Lb1-To.roa
File:                     R091Ka0j_VXnFQJCZSHV0Lb1-To.roa (raw, json)
Hash identifier:          3JzylZx4cel0yPlxbD0aAz+TfbIzHUOz8Ps4tMwWN4s=
Subject key identifier:   47:4F:75:29:AD:23:FD:55:E7:15:02:42:65:21:D5:D0:B6:F5:F9:3A
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC3488FC3AA529BA2C783905E51AE97CD
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/R091Ka0j_VXnFQJCZSHV0Lb1-To.roa
Signing time:             Mon 01 Jan 2024 04:29:21 +0000
ROA not before:           Mon 01 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60326
IP address blocks:        2a0c:e642::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:8f:c3:aa:52:9b:a2:c7:83:90:5e:51:ae:97:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=474f7529ad23fd55e71502426521d5d0b6f5f93a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:8e:cd:3a:a5:a8:5c:cb:dc:72:3e:17:9d:5e:
                    4d:ed:92:99:47:01:83:bb:8e:be:58:df:4e:26:20:
                    29:96:50:2a:6a:9e:05:aa:f0:9b:de:59:f8:b3:9f:
                    cd:42:6d:ae:6e:d3:ee:2f:a5:57:e2:b7:22:c5:86:
                    28:f5:e0:3f:43:18:6d:6a:3f:30:1e:6c:ea:ef:35:
                    a0:d1:4d:47:d4:e8:2a:3a:bf:ab:6f:6f:84:9e:ed:
                    53:d1:65:c1:ba:77:01:26:58:fb:d5:21:f8:24:53:
                    5f:01:5e:ca:ed:03:10:f2:ef:71:dd:51:cf:9c:9e:
                    ee:16:6a:d9:5e:7a:ec:48:0a:8f:95:70:1b:37:a0:
                    55:db:12:41:4b:45:1f:cd:8f:4c:17:26:94:4a:fb:
                    eb:fb:ef:c2:ba:08:c1:2b:60:bd:1a:81:d1:d7:0a:
                    9a:d6:d9:d0:19:95:04:df:40:3f:c7:12:2d:65:0c:
                    12:9b:b5:77:4b:4c:b2:02:25:06:8b:6d:bb:ae:4f:
                    b7:cf:c2:e0:74:97:98:26:6f:8b:bd:b2:3d:c1:c3:
                    8c:31:d0:56:e7:d1:ef:0d:d0:eb:da:8b:e4:e9:a3:
                    0a:ba:2f:40:e5:f8:7a:2c:7e:1f:40:49:d5:a7:b6:
                    19:2c:f9:3c:a6:b3:cd:b1:ac:a8:d3:c3:a8:c3:c6:
                    9a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:4F:75:29:AD:23:FD:55:E7:15:02:42:65:21:D5:D0:B6:F5:F9:3A
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/R091Ka0j_VXnFQJCZSHV0Lb1-To.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:e642::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:fb:57:e4:b5:a9:03:e1:33:a4:15:1b:34:85:9d:79:11:80:
         21:38:02:e9:2e:32:0c:1b:b7:7f:16:65:40:ee:1f:26:3c:72:
         a0:94:d7:9c:06:c9:1c:5b:ff:86:b4:d4:5e:c3:cc:4c:6e:78:
         71:1e:48:3f:6a:e8:1e:42:4a:7f:66:5a:f1:82:52:1a:7e:6d:
         74:72:d4:f9:88:2f:96:77:5a:1d:93:1a:e4:b1:6c:56:51:18:
         78:06:de:1b:a2:ac:35:5c:55:87:6c:4c:31:90:f2:56:35:a9:
         80:96:6b:ea:fb:77:94:25:fd:84:22:86:ea:b8:ce:3b:33:26:
         23:8e:14:62:01:27:c8:32:fb:c2:6b:7e:d5:b4:c6:fb:ee:71:
         62:df:e9:36:69:3d:2c:a7:d0:17:2b:12:7a:a0:4d:5a:82:66:
         a5:30:5e:20:b2:e8:bb:03:76:42:63:fc:f2:18:2f:73:2b:62:
         f6:e0:29:6a:95:2b:b9:5f:03:8d:e3:d3:5c:ac:ff:fd:b0:70:
         c5:aa:e9:01:47:ab:61:fc:ab:c4:66:ee:ab:93:6e:d2:6f:1f:
         4f:c9:ad:f2:59:85:16:a6:0a:fc:90:59:09:8b:d5:19:77:5b:
         07:75:a3:1e:f3:70:b3:7e:74:9f:bd:b4:10:84:e2:1e:03:86:
         fb:9d:e8:54
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSI/DqlKboseDkF5RrpfNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzRmNzUyOWFkMjNmZDU1ZTcxNTAyNDI2NTIxZDVkMGI2ZjVmOTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh47NOqWoXMvccj4XnV5N7ZKZRwGD
u46+WN9OJiApllAqap4FqvCb3ln4s5/NQm2ubtPuL6VX4rcixYYo9eA/Qxhtaj8w
Hmzq7zWg0U1H1OgqOr+rb2+Enu1T0WXBuncBJlj71SH4JFNfAV7K7QMQ8u9x3VHP
nJ7uFmrZXnrsSAqPlXAbN6BV2xJBS0UfzY9MFyaUSvvr++/CugjBK2C9GoHR1wqa
1tnQGZUE30A/xxItZQwSm7V3S0yyAiUGi227rk+3z8LgdJeYJm+LvbI9wcOMMdBW
59HvDdDr2ovk6aMKui9A5fh6LH4fQEnVp7YZLPk8prPNsayo08Oow8aa3wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEdPdSmtI/1V5xUCQmUh1dC29fk6MB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvUjA5MUthMGpfVlhuRlFKQ1pTSFYwTGIxLVRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgzmQjAN
BgkqhkiG9w0BAQsFAAOCAQEAYvtX5LWpA+EzpBUbNIWdeRGAITgC6S4yDBu3fxZl
QO4fJjxyoJTXnAbJHFv/hrTUXsPMTG54cR5IP2roHkJKf2Za8YJSGn5tdHLU+Ygv
lndaHZMa5LFsVlEYeAbeG6KsNVxVh2xMMZDyVjWpgJZr6vt3lCX9hCKG6rjOOzMm
I44UYgEnyDL7wmt+1bTG++5xYt/pNmk9LKfQFysSeqBNWoJmpTBeILLouwN2QmP8
8hgvcyti9uApapUruV8DjePTXKz//bBwxarpAUerYfyrxGbuq5Nu0m8fT8mt8lmF
FqYK/JBZCYvVGXdbB3WjHvNws350n720EITiHgOG+53oVA==
-----END CERTIFICATE-----