Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/a39138-f4f1-4259-a4b9-acd87c546048/1/T7FDhMlKV2EA37ibIurrdQfAuO4.roa
File:                     T7FDhMlKV2EA37ibIurrdQfAuO4.roa (raw, json)
Hash identifier:          zHOt1VOSNHCxfCTgdGjtwSoiABHdTK+i7GcDoe3ENwY=
Subject key identifier:   4F:B1:43:84:C9:4A:57:61:00:DF:B8:9B:22:EA:EB:75:07:C0:B8:EE
Certificate issuer:       /CN=a9480cf18fd7859df9ad997940013a99b8dee374
Certificate serial:       019174CF629B55BDAD367E2934E32B0D1880
Authority key identifier: A9:48:0C:F1:8F:D7:85:9D:F9:AD:99:79:40:01:3A:99:B8:DE:E3:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUgM8Y_XhZ35rZl5QAE6mbje43Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/a39138-f4f1-4259-a4b9-acd87c546048/1/T7FDhMlKV2EA37ibIurrdQfAuO4.roa
Signing time:             Wed 21 Aug 2024 12:00:33 +0000
ROA not before:           Wed 21 Aug 2024 12:00:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61292
IP address blocks:        2a05:e883::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/a39138-f4f1-4259-a4b9-acd87c546048/1/qUgM8Y_XhZ35rZl5QAE6mbje43Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/a39138-f4f1-4259-a4b9-acd87c546048/1/qUgM8Y_XhZ35rZl5QAE6mbje43Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUgM8Y_XhZ35rZl5QAE6mbje43Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:74:cf:62:9b:55:bd:ad:36:7e:29:34:e3:2b:0d:18:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9480cf18fd7859df9ad997940013a99b8dee374
        Validity
            Not Before: Aug 21 12:00:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fb14384c94a576100dfb89b22eaeb7507c0b8ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:9a:e3:41:f3:fd:86:ca:4c:53:85:48:9f:62:
                    a4:7e:98:cf:28:89:df:e7:3c:6d:d3:b2:c5:12:a0:
                    06:50:17:ac:b2:70:8e:41:f3:a9:94:71:b6:f4:ef:
                    2c:13:3b:09:7f:bb:48:b7:2e:0f:70:0a:49:8c:9f:
                    1b:f7:cb:4b:6c:37:ab:08:d6:6f:85:6b:36:e5:cc:
                    da:eb:b1:ec:98:db:ed:70:90:bd:59:38:1a:53:85:
                    ab:8e:a8:83:9a:95:ee:b7:9d:d0:d9:09:f7:da:2a:
                    4b:40:65:71:46:ca:a2:a8:74:91:b2:0d:31:e5:02:
                    16:c9:10:31:b3:a4:0d:53:7c:c1:c8:31:98:79:3a:
                    aa:90:31:0d:7b:30:73:76:0d:8a:d1:b3:2f:73:2c:
                    39:9d:e6:89:39:47:e0:14:2e:17:33:3f:f5:cc:3d:
                    ab:95:c6:26:22:42:35:4b:de:d0:5e:ee:73:42:a1:
                    50:20:41:74:46:77:98:d2:6c:65:2b:f9:dc:a7:bc:
                    58:d4:9c:8a:18:87:ba:88:e0:57:12:aa:4a:a8:ee:
                    9a:10:9b:89:8e:39:64:d9:10:87:9f:b0:dc:13:50:
                    ee:23:d9:d2:92:e0:32:50:58:2f:77:ed:cc:38:57:
                    99:8c:fd:4a:bc:41:cd:50:8c:00:46:86:6a:36:2b:
                    fb:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:B1:43:84:C9:4A:57:61:00:DF:B8:9B:22:EA:EB:75:07:C0:B8:EE
            X509v3 Authority Key Identifier:
                keyid:A9:48:0C:F1:8F:D7:85:9D:F9:AD:99:79:40:01:3A:99:B8:DE:E3:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUgM8Y_XhZ35rZl5QAE6mbje43Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a39138-f4f1-4259-a4b9-acd87c546048/1/T7FDhMlKV2EA37ibIurrdQfAuO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a39138-f4f1-4259-a4b9-acd87c546048/1/qUgM8Y_XhZ35rZl5QAE6mbje43Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:e883::/36

    Signature Algorithm: sha256WithRSAEncryption
         38:b4:59:c3:b6:ed:c6:3b:64:00:15:08:c3:0d:fe:f5:3d:e2:
         cb:f4:06:80:ee:2b:49:4a:6c:54:ec:a7:35:ed:91:26:3c:34:
         9c:a8:c3:8e:1b:97:e8:59:52:a8:f0:e1:d4:f4:8a:b6:1c:4f:
         cb:a6:97:e5:19:dd:60:55:fb:d8:22:38:05:c5:3b:26:7d:e7:
         5f:aa:8d:fd:17:b2:bf:56:fe:28:9f:8e:1e:bf:f1:59:9f:f4:
         5d:d2:c6:06:57:f7:ee:5f:67:3e:fe:4f:21:02:85:22:34:bd:
         83:55:86:7b:1e:b2:a2:0a:b4:a1:af:8c:2f:94:02:e0:90:76:
         5c:7e:7f:c8:5f:4f:82:bf:47:de:66:69:f3:67:5a:79:59:d8:
         cd:3e:a9:43:88:85:6a:bf:7d:54:9a:e4:17:36:4d:9e:3b:b8:
         77:ab:90:9f:cb:56:65:ea:31:6c:f6:57:a8:7e:31:6e:3c:cd:
         56:04:c4:df:ab:40:de:ec:91:86:36:2a:3a:64:30:b4:62:f8:
         70:f8:76:6e:14:59:f1:65:b1:fe:b8:16:0a:14:2e:1b:7a:a3:
         c0:6f:44:bc:94:09:35:77:ae:66:c0:d4:46:e8:ee:79:0f:81:
         a5:37:a9:ef:96:f3:2c:5e:99:50:4a:65:87:4f:28:78:d3:ad:
         44:9f:cc:04
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZF0z2KbVb2tNn4pNOMrDRiAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5NDgwY2YxOGZkNzg1OWRmOWFkOTk3OTQwMDEzYTk5Yjhk
ZWUzNzQwHhcNMjQwODIxMTIwMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmIxNDM4NGM5NGE1NzYxMDBkZmI4OWIyMmVhZWI3NTA3YzBiOGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJrjQfP9hspMU4VIn2KkfpjPKInf
5zxt07LFEqAGUBessnCOQfOplHG29O8sEzsJf7tIty4PcApJjJ8b98tLbDerCNZv
hWs25cza67HsmNvtcJC9WTgaU4WrjqiDmpXut53Q2Qn32ipLQGVxRsqiqHSRsg0x
5QIWyRAxs6QNU3zByDGYeTqqkDENezBzdg2K0bMvcyw5neaJOUfgFC4XMz/1zD2r
lcYmIkI1S97QXu5zQqFQIEF0RneY0mxlK/ncp7xY1JyKGIe6iOBXEqpKqO6aEJuJ
jjlk2RCHn7DcE1DuI9nSkuAyUFgvd+3MOFeZjP1KvEHNUIwARoZqNiv7DQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFE+xQ4TJSldhAN+4myLq63UHwLjuMB8GA1UdIwQY
MBaAFKlIDPGP14Wd+a2ZeUABOpm43uN0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVVnTThZX1hoWjM1clpsNVFBRTZtYmplNDNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9hMzkxMzgtZjRmMS00MjU5LWE0Yjkt
YWNkODdjNTQ2MDQ4LzEvVDdGRGhNbEtWMkVBMzdpYkl1cnJkUWZBdU80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9hMzkxMzgtZjRmMS00MjU5LWE0YjktYWNkODdjNTQ2MDQ4
LzEvcVVnTThZX1hoWjM1clpsNVFBRTZtYmplNDNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgXogwAw
DQYJKoZIhvcNAQELBQADggEBADi0WcO27cY7ZAAVCMMN/vU94sv0BoDuK0lKbFTs
pzXtkSY8NJyow44bl+hZUqjw4dT0irYcT8uml+UZ3WBV+9giOAXFOyZ951+qjf0X
sr9W/iifjh6/8Vmf9F3SxgZX9+5fZz7+TyEChSI0vYNVhnsesqIKtKGvjC+UAuCQ
dlx+f8hfT4K/R95mafNnWnlZ2M0+qUOIhWq/fVSa5Bc2TZ47uHerkJ/LVmXqMWz2
V6h+MW48zVYExN+rQN7skYY2KjpkMLRi+HD4dm4UWfFlsf64FgoULht6o8BvRLyU
CTV3rmbA1Ebo7nkPgaU3qe+W8yxemVBKZYdPKHjTrUSfzAQ=
-----END CERTIFICATE-----