Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/keuKt-dF86Ri4yFMN9FHIezBpVI.roa
File:                     keuKt-dF86Ri4yFMN9FHIezBpVI.roa (raw, json)
Hash identifier:          vSaWA6uiQSFnBJnH6qE1Y6a5yTbvHiGaOJT13h4dKp0=
Subject key identifier:   91:EB:8A:B7:E7:45:F3:A4:62:E3:21:4C:37:D1:47:21:EC:C1:A5:52
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       0190A6C1745D84C8C1BC996F1BAD9A1E53AF
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/keuKt-dF86Ri4yFMN9FHIezBpVI.roa
Signing time:             Fri 12 Jul 2024 11:43:34 +0000
ROA not before:           Fri 12 Jul 2024 11:43:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214537
IP address blocks:        2a03:5840:1000::/37 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a6:c1:74:5d:84:c8:c1:bc:99:6f:1b:ad:9a:1e:53:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jul 12 11:43:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91eb8ab7e745f3a462e3214c37d14721ecc1a552
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b3:e5:8c:05:f2:ab:9a:41:62:0f:90:77:34:
                    23:ed:13:bf:96:5d:a4:6b:02:ae:92:87:80:a6:32:
                    cc:6e:af:4a:1a:09:0b:32:15:f1:97:b7:c6:3a:e0:
                    a7:f8:a2:04:0a:96:05:b4:dd:61:59:9f:db:cc:99:
                    5c:8c:e1:b2:1c:b2:78:65:0d:8c:7e:2e:84:a8:45:
                    c4:e2:3e:bd:f5:dc:4c:61:d9:ec:bd:ce:99:3c:48:
                    de:ba:65:96:d4:3f:a1:9e:b3:ff:ea:c8:f6:56:a7:
                    50:24:d5:a0:98:c9:81:99:ed:2e:27:e1:6e:11:7a:
                    4f:e6:42:76:05:b3:a5:43:13:83:2c:15:e4:bf:61:
                    c6:bf:61:84:5a:ed:9d:a3:b4:37:9f:bb:25:9d:d5:
                    ed:1a:e8:b8:8e:df:32:c5:b2:38:f0:1f:3f:5d:fc:
                    fa:a8:4c:ba:47:70:6f:b2:58:db:b2:3e:22:39:c2:
                    39:05:fd:2d:a5:29:15:58:d1:05:17:d9:43:75:1c:
                    18:c5:e0:16:26:bb:4d:45:7c:9c:a7:f7:81:a1:3a:
                    06:04:33:e2:ac:b1:90:ba:cb:c1:53:76:1a:65:7e:
                    7a:40:af:54:cb:ec:f9:98:aa:a3:0e:3d:3a:b9:ea:
                    52:41:36:7b:9e:62:51:55:c3:fe:9b:db:72:3c:5e:
                    f3:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:EB:8A:B7:E7:45:F3:A4:62:E3:21:4C:37:D1:47:21:EC:C1:A5:52
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/keuKt-dF86Ri4yFMN9FHIezBpVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:1000::/37

    Signature Algorithm: sha256WithRSAEncryption
         72:3a:3c:11:22:d2:4b:43:1b:ba:5f:ea:28:ea:0c:0f:48:c2:
         6d:c6:21:41:b8:19:3e:50:a7:fa:d0:90:fc:bf:f7:95:99:6c:
         3d:1b:d8:21:c3:81:ec:89:cc:15:81:90:db:2e:3b:d2:0e:b6:
         f2:5d:3c:85:4a:71:75:21:4d:89:db:05:62:0b:bf:e2:91:a4:
         2f:f1:29:2e:52:25:84:41:cd:19:51:09:ac:80:99:c4:69:97:
         9b:31:a2:64:d0:7d:85:05:b9:9a:ef:3c:ee:7a:a2:1d:90:21:
         00:20:04:4f:5c:a4:72:27:d3:46:ac:31:90:a8:31:e6:85:de:
         1d:2a:89:fa:4f:1b:63:ba:f6:25:6c:d6:d7:12:44:1b:d3:e1:
         68:d5:ad:01:a1:76:fd:8d:ba:36:08:76:15:e8:0a:5a:47:eb:
         60:56:cd:21:30:6e:4f:22:eb:e4:a7:ec:1b:d7:7d:68:a9:da:
         f9:c1:a2:ff:85:f8:49:ff:04:ae:7e:b0:24:a0:05:16:1b:dc:
         92:2e:ed:0d:0f:4e:31:c4:ea:21:9b:ce:35:35:10:bb:39:d6:
         fb:be:94:b3:65:8f:38:23:d0:ab:e9:98:72:4f:f1:09:ac:05:
         4c:35:81:d9:fb:8c:34:cf:38:a1:03:b4:e1:fc:37:8f:82:2f:
         67:5c:61:f6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZCmwXRdhMjBvJlvG62aHlOvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwNzEyMTE0MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWViOGFiN2U3NDVmM2E0NjJlMzIxNGMzN2QxNDcyMWVjYzFhNTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobPljAXyq5pBYg+QdzQj7RO/ll2k
awKukoeApjLMbq9KGgkLMhXxl7fGOuCn+KIECpYFtN1hWZ/bzJlcjOGyHLJ4ZQ2M
fi6EqEXE4j699dxMYdnsvc6ZPEjeumWW1D+hnrP/6sj2VqdQJNWgmMmBme0uJ+Fu
EXpP5kJ2BbOlQxODLBXkv2HGv2GEWu2do7Q3n7slndXtGui4jt8yxbI48B8/Xfz6
qEy6R3Bvsljbsj4iOcI5Bf0tpSkVWNEFF9lDdRwYxeAWJrtNRXycp/eBoToGBDPi
rLGQusvBU3YaZX56QK9Uy+z5mKqjDj06uepSQTZ7nmJRVcP+m9tyPF7zawIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJHrirfnRfOkYuMhTDfRRyHswaVSMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEva2V1S3QtZEY4NlJpNHlGTU45RkhJZXpCcFZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYDKgNYQBAw
DQYJKoZIhvcNAQELBQADggEBAHI6PBEi0ktDG7pf6ijqDA9Iwm3GIUG4GT5Qp/rQ
kPy/95WZbD0b2CHDgeyJzBWBkNsuO9IOtvJdPIVKcXUhTYnbBWILv+KRpC/xKS5S
JYRBzRlRCayAmcRpl5sxomTQfYUFuZrvPO56oh2QIQAgBE9cpHIn00asMZCoMeaF
3h0qifpPG2O69iVs1tcSRBvT4WjVrQGhdv2NujYIdhXoClpH62BWzSEwbk8i6+Sn
7BvXfWip2vnBov+F+En/BK5+sCSgBRYb3JIu7Q0PTjHE6iGbzjU1ELs51vu+lLNl
jzgj0KvpmHJP8QmsBUw1gdn7jDTPOKEDtOH8N4+CL2dcYfY=
-----END CERTIFICATE-----