Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/vmoOJVcfVpWSUQTKGXqHnSD_N9o.roa
File:                     vmoOJVcfVpWSUQTKGXqHnSD_N9o.roa (raw, json)
Hash identifier:          im8tredl3sTGNztDooyAv+D7xiEiOT8oSzUuDz5R9Zk=
Subject key identifier:   BE:6A:0E:25:57:1F:56:95:92:51:04:CA:19:7A:87:9D:20:FF:37:DA
Certificate issuer:       /CN=9d6b9774c94876c98321de3201b11b75a1358d19
Certificate serial:       019268808F1DBFBEFC137E1548A1A3E2A276
Authority key identifier: 9D:6B:97:74:C9:48:76:C9:83:21:DE:32:01:B1:1B:75:A1:35:8D:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nWuXdMlIdsmDId4yAbEbdaE1jRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/vmoOJVcfVpWSUQTKGXqHnSD_N9o.roa
Signing time:             Mon 07 Oct 2024 19:41:48 +0000
ROA not before:           Mon 07 Oct 2024 19:41:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214209
IP address blocks:        2a0d:8140:1fff::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/nWuXdMlIdsmDId4yAbEbdaE1jRk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/nWuXdMlIdsmDId4yAbEbdaE1jRk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWuXdMlIdsmDId4yAbEbdaE1jRk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:68:80:8f:1d:bf:be:fc:13:7e:15:48:a1:a3:e2:a2:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d6b9774c94876c98321de3201b11b75a1358d19
        Validity
            Not Before: Oct  7 19:41:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be6a0e25571f5695925104ca197a879d20ff37da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:50:26:43:19:ef:65:64:34:83:b2:31:b6:54:
                    05:e2:29:27:ba:c3:73:a6:de:9f:25:18:a3:dc:71:
                    c9:3a:43:51:c2:1e:a5:c5:33:fa:69:27:2c:8e:7e:
                    54:aa:3f:8d:6c:8d:9b:0b:67:0e:ef:75:27:db:22:
                    99:cd:79:65:8f:cb:39:e7:de:ce:c0:af:13:e0:bb:
                    2e:c0:51:0b:b1:3e:09:ab:16:c6:c1:01:63:b2:1a:
                    11:45:4b:a6:0f:cd:68:03:33:4e:ef:43:44:c9:db:
                    d0:e0:ea:1d:d6:e8:32:22:fe:e6:a2:b0:94:fe:63:
                    2d:d9:ef:4e:e1:f0:c7:aa:3f:28:86:81:ba:d1:fa:
                    d0:43:2c:ec:f5:6c:6c:2c:59:5a:16:79:72:b9:ac:
                    d9:a2:e1:69:3c:55:79:90:9d:59:5b:68:cb:15:11:
                    75:bd:0e:89:1e:0b:4d:27:1c:45:52:e2:3e:10:ec:
                    58:76:17:01:c4:e8:8e:82:51:5a:8c:2a:eb:56:7e:
                    65:c1:bd:31:ed:fb:cb:b1:3b:c5:3f:2c:9b:46:98:
                    72:65:7e:1c:a2:c9:01:09:5d:7b:c6:b5:dd:5c:d2:
                    5e:f8:f2:36:5a:29:e8:6c:64:87:3e:c0:16:06:13:
                    c1:08:d1:9b:f0:4b:05:f5:7f:a3:ea:47:08:b5:9b:
                    68:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:6A:0E:25:57:1F:56:95:92:51:04:CA:19:7A:87:9D:20:FF:37:DA
            X509v3 Authority Key Identifier:
                keyid:9D:6B:97:74:C9:48:76:C9:83:21:DE:32:01:B1:1B:75:A1:35:8D:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nWuXdMlIdsmDId4yAbEbdaE1jRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/vmoOJVcfVpWSUQTKGXqHnSD_N9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/nWuXdMlIdsmDId4yAbEbdaE1jRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:8140:1fff::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:dd:1c:c2:79:d5:ef:28:a5:94:ff:9d:7d:7e:ba:50:18:06:
         66:ee:4b:af:d4:1d:0f:7a:4a:ba:72:02:bc:2a:6c:e4:e9:9a:
         8a:8e:22:e0:e8:7a:45:56:0c:b8:5b:55:8e:82:5f:9a:ad:30:
         7b:32:ac:a5:fa:c9:a0:45:8e:52:70:f0:13:f0:88:59:d2:26:
         fc:74:06:e5:0e:de:a0:15:6c:1e:b8:54:2a:97:81:04:e8:34:
         d5:4e:fc:14:b3:d2:cd:66:e1:dd:59:f8:1e:47:c7:7c:a6:44:
         aa:6a:95:8a:04:ac:6d:7d:e5:13:cb:3d:0c:13:0e:eb:01:f0:
         f5:9e:c5:7d:2c:36:96:ab:52:46:df:8a:3e:02:b6:fd:64:ee:
         19:f2:c8:14:79:32:78:a6:d9:0d:16:06:59:58:99:a9:38:19:
         1a:a2:ac:6d:cf:18:33:c1:c8:85:03:96:0c:ed:de:72:c1:db:
         16:a4:40:28:69:89:17:32:58:bd:b2:56:72:9f:48:cf:b6:c1:
         f1:ae:b4:6a:f0:05:67:ab:a8:11:a7:cb:45:45:82:56:cd:03:
         f1:24:2f:ce:35:cd:ef:42:59:ff:f9:e2:3e:21:4a:40:bd:2c:
         c9:fb:c0:8c:93:ce:75:15:bc:36:79:7d:70:26:de:c1:5b:4d:
         bd:d4:37:74
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZJogI8dv778E34VSKGj4qJ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNmI5Nzc0Yzk0ODc2Yzk4MzIxZGUzMjAxYjExYjc1YTEz
NThkMTkwHhcNMjQxMDA3MTk0MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTZhMGUyNTU3MWY1Njk1OTI1MTA0Y2ExOTdhODc5ZDIwZmYzN2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2FAmQxnvZWQ0g7IxtlQF4iknusNz
pt6fJRij3HHJOkNRwh6lxTP6aScsjn5Uqj+NbI2bC2cO73Un2yKZzXllj8s5597O
wK8T4LsuwFELsT4JqxbGwQFjshoRRUumD81oAzNO70NEydvQ4Ood1ugyIv7morCU
/mMt2e9O4fDHqj8ohoG60frQQyzs9WxsLFlaFnlyuazZouFpPFV5kJ1ZW2jLFRF1
vQ6JHgtNJxxFUuI+EOxYdhcBxOiOglFajCrrVn5lwb0x7fvLsTvFPyybRphyZX4c
oskBCV17xrXdXNJe+PI2WinobGSHPsAWBhPBCNGb8EsF9X+j6kcItZtoBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL5qDiVXH1aVklEEyhl6h50g/zfaMB8GA1UdIwQY
MBaAFJ1rl3TJSHbJgyHeMgGxG3WhNY0ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbld1WGRNbElkc21ESWQ0eUFiRWJkYUUxalJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS80MGNiOWMtYzQyNi00OGFiLTk5Njgt
YTU2YmRmYWRiODFlLzEvdm1vT0pWY2ZWcFdTVVFUS0dYcUhuU0RfTjlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS80MGNiOWMtYzQyNi00OGFiLTk5NjgtYTU2YmRmYWRiODFl
LzEvbld1WGRNbElkc21ESWQ0eUFiRWJkYUUxalJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg2BQB//
MA0GCSqGSIb3DQEBCwUAA4IBAQAZ3RzCedXvKKWU/519frpQGAZm7kuv1B0Pekq6
cgK8Kmzk6ZqKjiLg6HpFVgy4W1WOgl+arTB7Mqyl+smgRY5ScPAT8IhZ0ib8dAbl
Dt6gFWweuFQql4EE6DTVTvwUs9LNZuHdWfgeR8d8pkSqapWKBKxtfeUTyz0MEw7r
AfD1nsV9LDaWq1JG34o+Arb9ZO4Z8sgUeTJ4ptkNFgZZWJmpOBkaoqxtzxgzwciF
A5YM7d5ywdsWpEAoaYkXMli9slZyn0jPtsHxrrRq8AVnq6gRp8tFRYJWzQPxJC/O
Nc3vQln/+eI+IUpAvSzJ+8CMk851Fbw2eX1wJt7BW0291Dd0
-----END CERTIFICATE-----