Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/BSJzl9IYQSnRi1c1MkifTWu8k6o.roa
File:                     BSJzl9IYQSnRi1c1MkifTWu8k6o.roa (raw, json)
Hash identifier:          GiWf1wce0kenNZR7tprwEjr28RN/KTXRT+JMTOlckos=
Subject key identifier:   05:22:73:97:D2:18:41:29:D1:8B:57:35:32:48:9F:4D:6B:BC:93:AA
Certificate issuer:       /CN=4ecd75a5109e2c106e1193d57ee2b999fec27fe0
Certificate serial:       019157DE6AA32EBDCC3CD96F83D866F2B174
Authority key identifier: 4E:CD:75:A5:10:9E:2C:10:6E:11:93:D5:7E:E2:B9:99:FE:C2:7F:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/BSJzl9IYQSnRi1c1MkifTWu8k6o.roa
Signing time:             Thu 15 Aug 2024 21:07:59 +0000
ROA not before:           Thu 15 Aug 2024 21:07:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48924
IP address blocks:        2a07:ddc0:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:57:de:6a:a3:2e:bd:cc:3c:d9:6f:83:d8:66:f2:b1:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ecd75a5109e2c106e1193d57ee2b999fec27fe0
        Validity
            Not Before: Aug 15 21:07:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05227397d2184129d18b573532489f4d6bbc93aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:fb:c1:8f:24:93:08:88:31:7f:37:e2:e2:08:
                    0e:25:66:ac:e5:bb:eb:b4:96:b4:58:e6:0a:4e:27:
                    f9:fb:3e:ba:95:45:c3:57:e3:99:5a:09:65:a5:2c:
                    e5:da:b1:cb:dd:d1:f5:42:e6:c4:6c:58:dc:4a:67:
                    8b:91:5d:1a:6e:d9:b4:59:43:32:92:b4:9d:7b:a3:
                    05:25:6d:11:01:c1:d6:12:a0:b4:79:1c:fd:b9:aa:
                    11:82:74:c1:76:00:94:c3:2a:d7:69:65:12:b5:cf:
                    c2:22:ab:e1:f0:a8:ba:22:cc:05:16:a3:f0:06:a4:
                    2d:07:4a:05:93:3c:9c:8a:4a:5c:b5:dd:09:1b:c5:
                    e5:f9:8d:2d:53:b7:e2:cf:d3:76:a2:d0:b4:ed:25:
                    67:aa:2f:d4:7f:21:0a:42:a3:69:b9:33:ea:1c:a6:
                    6a:a7:86:97:66:c6:dd:6d:c4:4e:21:05:73:b0:31:
                    12:32:4c:fa:55:4b:67:ea:10:93:63:33:5c:fc:0a:
                    eb:63:c7:27:d0:e4:a9:22:50:04:4f:89:f0:4a:d5:
                    36:66:b3:a2:98:bd:07:d5:d0:0a:4e:10:99:87:2a:
                    d7:13:9c:e3:1c:7b:1d:9a:2c:73:53:7a:7f:1d:25:
                    85:ed:4b:2e:30:1e:ec:23:a9:5a:af:89:19:85:dd:
                    08:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:22:73:97:D2:18:41:29:D1:8B:57:35:32:48:9F:4D:6B:BC:93:AA
            X509v3 Authority Key Identifier:
                keyid:4E:CD:75:A5:10:9E:2C:10:6E:11:93:D5:7E:E2:B9:99:FE:C2:7F:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/BSJzl9IYQSnRi1c1MkifTWu8k6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:ddc0:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:81:65:c0:69:b2:96:a3:20:24:9b:c8:50:fc:b7:6c:20:c8:
         74:7e:e7:ae:c4:18:3e:d3:31:b7:0d:69:2e:51:de:a6:d8:62:
         76:d9:cd:83:f6:61:21:03:07:e2:86:64:68:ea:f2:a3:73:ea:
         45:4d:80:c8:08:3b:7d:10:26:1d:1e:c2:31:e3:2b:49:52:7c:
         20:24:61:4b:7c:7e:10:a1:f6:d9:4d:87:9a:70:7c:10:99:50:
         61:b9:53:02:66:12:df:33:4b:6e:b5:6c:d6:4e:50:47:cf:43:
         b5:62:91:85:96:02:77:52:59:c0:c0:2f:47:04:b8:54:30:75:
         0d:fb:c8:02:f8:9c:89:8a:a6:69:46:ef:40:79:1e:48:dc:2c:
         28:f3:c0:e1:9f:c5:62:e9:82:f5:9d:10:b7:db:bb:7e:fc:02:
         fa:0d:83:e4:8a:dd:4f:38:12:6a:59:95:5e:61:7f:ba:05:f1:
         32:81:ca:71:74:e7:07:34:83:4b:89:77:58:19:08:5d:36:03:
         76:65:3b:33:2b:84:d7:f1:98:6d:a0:72:d0:fb:1d:4b:79:ee:
         97:a4:7b:63:67:50:17:78:92:1e:f4:be:e1:34:f1:df:26:cd:
         07:3e:80:da:d8:40:07:bb:b3:d7:f6:d9:15:6d:5f:6c:54:f3:
         69:fa:54:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZFX3mqjLr3MPNlvg9hm8rF0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlY2Q3NWE1MTA5ZTJjMTA2ZTExOTNkNTdlZTJiOTk5ZmVj
MjdmZTAwHhcNMjQwODE1MjEwNzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTIyNzM5N2QyMTg0MTI5ZDE4YjU3MzUzMjQ4OWY0ZDZiYmM5M2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfvBjySTCIgxfzfi4ggOJWas5bvr
tJa0WOYKTif5+z66lUXDV+OZWgllpSzl2rHL3dH1QubEbFjcSmeLkV0abtm0WUMy
krSde6MFJW0RAcHWEqC0eRz9uaoRgnTBdgCUwyrXaWUStc/CIqvh8Ki6IswFFqPw
BqQtB0oFkzycikpctd0JG8Xl+Y0tU7fiz9N2otC07SVnqi/UfyEKQqNpuTPqHKZq
p4aXZsbdbcROIQVzsDESMkz6VUtn6hCTYzNc/ArrY8cn0OSpIlAET4nwStU2ZrOi
mL0H1dAKThCZhyrXE5zjHHsdmixzU3p/HSWF7UsuMB7sI6lar4kZhd0I3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAUic5fSGEEp0YtXNTJIn01rvJOqMB8GA1UdIwQY
MBaAFE7NdaUQniwQbhGT1X7iuZn+wn/gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHMxMXBSQ2VMQkJ1RVpQVmZ1SzVtZjdDZi1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9kN2JlZWQtZGY5OC00ZWM4LTg3YjYt
NDA3MjU1N2M0N2ZhLzEvQlNKemw5SVlRU25SaTFjMU1raWZUV3U4azZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9kN2JlZWQtZGY5OC00ZWM4LTg3YjYtNDA3MjU1N2M0N2Zh
LzEvVHMxMXBSQ2VMQkJ1RVpQVmZ1SzVtZjdDZi1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgfdwAAI
MA0GCSqGSIb3DQEBCwUAA4IBAQBdgWXAabKWoyAkm8hQ/LdsIMh0fueuxBg+0zG3
DWkuUd6m2GJ22c2D9mEhAwfihmRo6vKjc+pFTYDICDt9ECYdHsIx4ytJUnwgJGFL
fH4QofbZTYeacHwQmVBhuVMCZhLfM0tutWzWTlBHz0O1YpGFlgJ3UlnAwC9HBLhU
MHUN+8gC+JyJiqZpRu9AeR5I3Cwo88Dhn8Vi6YL1nRC327t+/AL6DYPkit1POBJq
WZVeYX+6BfEygcpxdOcHNINLiXdYGQhdNgN2ZTszK4TX8ZhtoHLQ+x1Lee6XpHtj
Z1AXeJIe9L7hNPHfJs0HPoDa2EAHu7PX9tkVbV9sVPNp+lRX
-----END CERTIFICATE-----