Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/1-bESpzrHwTfaGjE5lmQI6IyRcUc.roa
File:                     1-bESpzrHwTfaGjE5lmQI6IyRcUc.roa (raw, json)
Hash identifier:          AQKwHm/QuxYZwA5yVKV9InS/qfx5Ce1luIsBpnyj28w=
Subject key identifier:   F9:B1:12:A7:3A:C7:C1:37:DA:1A:31:39:96:64:08:E8:8C:91:71:47
Certificate issuer:       /CN=9d6b9774c94876c98321de3201b11b75a1358d19
Certificate serial:       018D5BCB7F19318AC2D85C505F9C7A23A1A0
Authority key identifier: 9D:6B:97:74:C9:48:76:C9:83:21:DE:32:01:B1:1B:75:A1:35:8D:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nWuXdMlIdsmDId4yAbEbdaE1jRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/1-bESpzrHwTfaGjE5lmQI6IyRcUc.roa
Signing time:             Tue 30 Jan 2024 19:14:39 +0000
ROA not before:           Tue 30 Jan 2024 19:14:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     150315
IP address blocks:        2a0d:8140:fff::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/nWuXdMlIdsmDId4yAbEbdaE1jRk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/nWuXdMlIdsmDId4yAbEbdaE1jRk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWuXdMlIdsmDId4yAbEbdaE1jRk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 04:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5b:cb:7f:19:31:8a:c2:d8:5c:50:5f:9c:7a:23:a1:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d6b9774c94876c98321de3201b11b75a1358d19
        Validity
            Not Before: Jan 30 19:14:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9b112a73ac7c137da1a3139966408e88c917147
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7f:81:6e:66:d3:2e:76:4f:17:b3:0f:6f:ba:
                    84:9a:bd:79:b5:7e:53:b6:bf:5c:10:87:ff:44:42:
                    7d:d0:0b:df:7f:e7:7a:2a:9c:ff:84:19:93:36:32:
                    61:7b:91:0a:fc:4b:d0:a9:11:43:fc:fd:a7:e6:3a:
                    d6:78:e8:ce:7d:67:c0:a3:c8:c2:86:6d:f1:f1:19:
                    af:bf:2e:41:a4:d3:07:7e:67:a2:fc:6d:74:1e:ce:
                    c3:44:49:97:a5:30:47:e5:ee:e3:4f:5f:53:c5:64:
                    da:7f:e0:93:0a:df:6b:57:4d:41:5c:0a:0b:1e:32:
                    82:9b:e1:3b:f9:64:66:85:30:a7:82:5c:e2:b4:15:
                    95:5a:e3:2f:2c:fb:c0:6f:15:89:ad:3e:8f:61:5d:
                    7c:b9:53:07:5a:bd:de:f0:91:56:8e:5a:51:a5:fa:
                    2f:54:3e:ed:e0:cb:d3:de:f1:cc:b1:0a:d2:0e:15:
                    aa:0d:04:ef:93:42:3e:c0:ee:fc:78:0f:c2:c6:01:
                    e6:6b:29:e5:6e:08:b3:60:53:92:a3:23:f8:af:5d:
                    3c:52:7a:63:e3:8a:45:76:8d:e9:f1:29:30:44:fb:
                    45:09:cc:b3:f3:12:a7:5c:74:6a:b1:a6:e5:7f:72:
                    a9:a1:7a:42:4d:f7:fc:d8:aa:31:25:ef:56:dd:f9:
                    b3:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:B1:12:A7:3A:C7:C1:37:DA:1A:31:39:96:64:08:E8:8C:91:71:47
            X509v3 Authority Key Identifier:
                keyid:9D:6B:97:74:C9:48:76:C9:83:21:DE:32:01:B1:1B:75:A1:35:8D:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nWuXdMlIdsmDId4yAbEbdaE1jRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/1-bESpzrHwTfaGjE5lmQI6IyRcUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/nWuXdMlIdsmDId4yAbEbdaE1jRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:8140:fff::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:56:7a:32:0b:fc:60:36:d8:f8:2f:1f:51:dc:6c:cb:52:79:
         8b:f5:79:8f:4f:05:cc:c7:ed:29:c2:05:fd:25:58:79:8f:cf:
         00:59:10:f4:b4:d6:51:6e:38:eb:5d:35:51:5d:c5:cf:53:92:
         e7:a5:a9:9e:fa:64:b5:8c:dc:f4:e2:58:09:00:2c:7a:99:24:
         a1:35:fe:26:88:89:48:a0:90:cf:55:e5:39:dc:39:82:ba:e3:
         b4:20:b7:c5:ea:4c:76:d0:e4:3d:47:fc:04:76:d2:5b:ff:9d:
         10:69:8c:a1:39:2e:3e:ea:d0:8d:7e:a9:87:63:30:b8:a7:07:
         72:c3:32:18:30:f3:4a:76:2d:2e:d9:f8:73:d6:3e:5b:74:52:
         69:b3:3e:73:b6:5f:ce:b5:80:76:74:1c:d4:43:68:23:57:66:
         5f:10:7e:2e:f3:ae:b8:32:9d:2b:38:bc:41:bb:62:2b:ab:28:
         91:ce:d3:c0:08:43:8c:ef:05:c6:a8:c1:a0:29:49:94:12:ab:
         81:25:c0:6e:8c:d1:c3:88:c8:76:f1:89:f7:82:0e:1e:6c:1e:
         4a:00:53:e9:a5:56:2e:96:7f:6e:5a:66:fa:3b:6d:48:62:6c:
         01:db:fb:cb:3f:8f:41:4a:c8:6b:73:81:a0:3a:26:c5:d3:12:
         b1:a8:fb:2e
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAY1by38ZMYrC2FxQX5x6I6GgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNmI5Nzc0Yzk0ODc2Yzk4MzIxZGUzMjAxYjExYjc1YTEz
NThkMTkwHhcNMjQwMTMwMTkxNDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWIxMTJhNzNhYzdjMTM3ZGExYTMxMzk5NjY0MDhlODhjOTE3MTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH+BbmbTLnZPF7MPb7qEmr15tX5T
tr9cEIf/REJ90Avff+d6Kpz/hBmTNjJhe5EK/EvQqRFD/P2n5jrWeOjOfWfAo8jC
hm3x8Rmvvy5BpNMHfmei/G10Hs7DREmXpTBH5e7jT19TxWTaf+CTCt9rV01BXAoL
HjKCm+E7+WRmhTCnglzitBWVWuMvLPvAbxWJrT6PYV18uVMHWr3e8JFWjlpRpfov
VD7t4MvT3vHMsQrSDhWqDQTvk0I+wO78eA/CxgHmaynlbgizYFOSoyP4r108Unpj
44pFdo3p8SkwRPtFCcyz8xKnXHRqsablf3KpoXpCTff82KoxJe9W3fmzBQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPmxEqc6x8E32hoxOZZkCOiMkXFHMB8GA1UdIwQY
MBaAFJ1rl3TJSHbJgyHeMgGxG3WhNY0ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbld1WGRNbElkc21ESWQ0eUFiRWJkYUUxalJrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS80MGNiOWMtYzQyNi00OGFiLTk5Njgt
YTU2YmRmYWRiODFlLzEvMS1iRVNwenJId1RmYUdqRTVsbVFJNkl5UmNVYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2UvNDBjYjljLWM0MjYtNDhhYi05OTY4LWE1NmJkZmFkYjgx
ZS8xL25XdVhkTWxJZHNtRElkNHlBYkViZGFFMWpSay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoNgUAP
/zANBgkqhkiG9w0BAQsFAAOCAQEAhFZ6Mgv8YDbY+C8fUdxsy1J5i/V5j08FzMft
KcIF/SVYeY/PAFkQ9LTWUW446101UV3Fz1OS56WpnvpktYzc9OJYCQAsepkkoTX+
JoiJSKCQz1XlOdw5grrjtCC3xepMdtDkPUf8BHbSW/+dEGmMoTkuPurQjX6ph2Mw
uKcHcsMyGDDzSnYtLtn4c9Y+W3RSabM+c7ZfzrWAdnQc1ENoI1dmXxB+LvOuuDKd
Kzi8QbtiK6sokc7TwAhDjO8FxqjBoClJlBKrgSXAbozRw4jIdvGJ94IOHmweSgBT
6aVWLpZ/blpm+jttSGJsAdv7yz+PQUrIa3OBoDomxdMSsaj7Lg==
-----END CERTIFICATE-----