Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/b66121-7d8f-48d7-a093-c603cf2f7412/1/3Ji6EsRbVhlzuRDCLI86xE597fY.roa
File:                     3Ji6EsRbVhlzuRDCLI86xE597fY.roa (raw, json)
Hash identifier:          Zmq7UubgavNvTfLTxu28W+/YjHF0IfKHoMEPtTLr7/w=
Subject key identifier:   DC:98:BA:12:C4:5B:56:19:73:B9:10:C2:2C:8F:3A:C4:4E:7D:ED:F6
Certificate issuer:       /CN=8fa71283d8973409d960800f6f7fcdc8d3a30acb
Certificate serial:       018E191D82DC57ADD8D7CB537E6DF20312FF
Authority key identifier: 8F:A7:12:83:D8:97:34:09:D9:60:80:0F:6F:7F:CD:C8:D3:A3:0A:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j6cSg9iXNAnZYIAPb3_NyNOjCss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/b66121-7d8f-48d7-a093-c603cf2f7412/1/3Ji6EsRbVhlzuRDCLI86xE597fY.roa
Signing time:             Thu 07 Mar 2024 13:32:28 +0000
ROA not before:           Thu 07 Mar 2024 13:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202793
IP address blocks:        2a05:e00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/b66121-7d8f-48d7-a093-c603cf2f7412/1/j6cSg9iXNAnZYIAPb3_NyNOjCss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/b66121-7d8f-48d7-a093-c603cf2f7412/1/j6cSg9iXNAnZYIAPb3_NyNOjCss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j6cSg9iXNAnZYIAPb3_NyNOjCss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:19:1d:82:dc:57:ad:d8:d7:cb:53:7e:6d:f2:03:12:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fa71283d8973409d960800f6f7fcdc8d3a30acb
        Validity
            Not Before: Mar  7 13:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc98ba12c45b561973b910c22c8f3ac44e7dedf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6f:bc:40:b5:3f:e4:f9:a2:6e:88:06:3a:e5:
                    ba:d7:96:c9:aa:e4:b9:b8:c1:40:61:58:6a:42:07:
                    6b:61:af:6e:5d:b6:6a:07:c1:bf:e7:bb:4f:3d:85:
                    2d:9b:a7:49:1e:e4:51:a5:c0:29:87:a0:c5:98:f4:
                    6b:26:78:4c:3f:96:f4:51:c4:5d:22:69:37:4f:9c:
                    55:e7:5e:a4:70:95:18:e4:c4:6e:09:88:97:2c:62:
                    fd:4b:a1:06:45:92:0d:2e:2c:ed:61:73:80:85:34:
                    ea:3d:8e:bf:27:35:88:d5:af:f1:fc:24:64:c3:92:
                    58:ec:63:e0:0a:80:8e:c5:d3:3b:b9:63:ef:8c:75:
                    da:ac:1a:3f:0d:1a:1c:f5:e1:b4:c4:da:2b:c3:85:
                    c9:4b:a9:d7:49:df:50:b4:b7:91:8d:5e:84:de:04:
                    38:8c:81:b7:56:00:79:c5:47:75:50:ad:d3:fe:92:
                    6e:b2:71:32:ff:8a:a5:73:3a:0a:d9:8e:5e:f1:b2:
                    bd:d6:3c:2c:83:b6:1e:32:f3:44:37:f0:75:85:bf:
                    c9:dc:da:b6:5b:d7:d9:e3:62:2a:7d:be:6a:66:fe:
                    53:bb:ea:aa:f2:0b:47:ad:5e:37:e3:cb:94:1b:4e:
                    ce:ad:63:51:2b:4d:19:76:6a:31:c5:e9:b7:4c:4f:
                    17:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:98:BA:12:C4:5B:56:19:73:B9:10:C2:2C:8F:3A:C4:4E:7D:ED:F6
            X509v3 Authority Key Identifier:
                keyid:8F:A7:12:83:D8:97:34:09:D9:60:80:0F:6F:7F:CD:C8:D3:A3:0A:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j6cSg9iXNAnZYIAPb3_NyNOjCss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/b66121-7d8f-48d7-a093-c603cf2f7412/1/3Ji6EsRbVhlzuRDCLI86xE597fY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/b66121-7d8f-48d7-a093-c603cf2f7412/1/j6cSg9iXNAnZYIAPb3_NyNOjCss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:24:31:9d:ce:64:c4:6f:b5:71:28:7e:b4:8e:44:ef:4f:42:
         f7:f9:c3:5c:73:19:7d:37:86:a4:9f:3f:67:c3:a8:ce:52:2e:
         f8:d7:ef:f7:b2:51:12:db:3b:48:f3:d0:e7:22:c1:cc:a6:ae:
         8c:9f:49:f9:e8:17:b2:1b:fc:e6:0b:8a:3b:21:15:66:5e:c1:
         b5:02:fa:f0:e0:3d:78:f4:4a:84:c5:98:63:d4:a3:e6:05:dd:
         7f:79:b9:a6:5b:4f:bc:7c:50:95:64:1b:30:b3:6e:ff:af:0d:
         62:02:6c:51:43:ec:02:ab:95:39:3d:15:ed:32:d9:79:7a:89:
         63:ec:fc:b9:07:13:45:04:d2:e4:18:04:2f:1b:66:50:d2:35:
         fa:df:2e:7a:dd:07:c7:46:89:3b:d2:2f:fc:75:ec:02:4e:5a:
         5c:14:da:21:4e:cf:2f:ca:a4:f9:fb:55:8d:e4:91:ce:b9:ef:
         2b:3e:04:43:d9:75:e8:b8:05:83:11:8d:91:86:64:77:52:ef:
         e2:4a:ce:20:f2:36:3c:96:36:0d:ba:41:aa:99:dd:c2:66:ac:
         91:ce:cb:9d:74:34:41:62:9d:58:5f:b2:70:de:8d:b1:93:55:
         d9:63:dd:1a:64:fa:87:f8:a6:e7:c0:19:15:35:13:77:33:2a:
         b4:a0:c9:ef
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY4ZHYLcV63Y18tTfm3yAxL/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYTcxMjgzZDg5NzM0MDlkOTYwODAwZjZmN2ZjZGM4ZDNh
MzBhY2IwHhcNMjQwMzA3MTMzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzk4YmExMmM0NWI1NjE5NzNiOTEwYzIyYzhmM2FjNDRlN2RlZGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlW+8QLU/5PmibogGOuW615bJquS5
uMFAYVhqQgdrYa9uXbZqB8G/57tPPYUtm6dJHuRRpcAph6DFmPRrJnhMP5b0UcRd
Imk3T5xV516kcJUY5MRuCYiXLGL9S6EGRZINLiztYXOAhTTqPY6/JzWI1a/x/CRk
w5JY7GPgCoCOxdM7uWPvjHXarBo/DRoc9eG0xNorw4XJS6nXSd9QtLeRjV6E3gQ4
jIG3VgB5xUd1UK3T/pJusnEy/4qlczoK2Y5e8bK91jwsg7YeMvNEN/B1hb/J3Nq2
W9fZ42Iqfb5qZv5Tu+qq8gtHrV4348uUG07OrWNRK00Zdmoxxem3TE8XuQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNyYuhLEW1YZc7kQwiyPOsROfe32MB8GA1UdIwQY
MBaAFI+nEoPYlzQJ2WCAD29/zcjTowrLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajZjU2c5aVhOQW5aWUlBUGIzX055Tk9qQ3NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9iNjYxMjEtN2Q4Zi00OGQ3LWEwOTMt
YzYwM2NmMmY3NDEyLzEvM0ppNkVzUmJWaGx6dVJEQ0xJODZ4RTU5N2ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9iNjYxMjEtN2Q4Zi00OGQ3LWEwOTMtYzYwM2NmMmY3NDEy
LzEvajZjU2c5aVhOQW5aWUlBUGIzX055Tk9qQ3NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgUOADAN
BgkqhkiG9w0BAQsFAAOCAQEAQiQxnc5kxG+1cSh+tI5E709C9/nDXHMZfTeGpJ8/
Z8OozlIu+Nfv97JREts7SPPQ5yLBzKaujJ9J+egXshv85guKOyEVZl7BtQL68OA9
ePRKhMWYY9Sj5gXdf3m5pltPvHxQlWQbMLNu/68NYgJsUUPsAquVOT0V7TLZeXqJ
Y+z8uQcTRQTS5BgELxtmUNI1+t8uet0Hx0aJO9Iv/HXsAk5aXBTaIU7PL8qk+ftV
jeSRzrnvKz4EQ9l16LgFgxGNkYZkd1Lv4krOIPI2PJY2DbpBqpndwmaskc7LnXQ0
QWKdWF+ycN6NsZNV2WPdGmT6h/im58AZFTUTdzMqtKDJ7w==
-----END CERTIFICATE-----