Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/1kZrDD2SugdCQxS9yHpZJE_leSA.roa
File:                     1kZrDD2SugdCQxS9yHpZJE_leSA.roa (raw, json)
Hash identifier:          //wg6FUcHF2cGZ9ZL08Z5vrTbROfMSjzGjjNevrPlY4=
Subject key identifier:   D6:46:6B:0C:3D:92:BA:07:42:43:14:BD:C8:7A:59:24:4F:E5:79:20
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801D1CB5A6CA6191000A3779C28C086
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/1kZrDD2SugdCQxS9yHpZJE_leSA.roa
Signing time:             Tue 02 Jan 2024 02:30:11 +0000
ROA not before:           Tue 02 Jan 2024 02:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3204
IP address blocks:        2a09:7:200a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d1:cb:5a:6c:a6:19:10:00:a3:77:9c:28:c0:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6466b0c3d92ba07424314bdc87a59244fe57920
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:58:54:c9:67:57:44:69:62:26:1b:a0:79:d9:
                    6f:b2:29:2e:63:7f:66:a9:20:29:6e:2c:3d:41:d5:
                    14:f9:60:2f:14:af:ca:ce:f1:ed:f9:09:cd:88:6b:
                    99:b8:f9:3c:6c:42:44:89:c5:28:82:db:1f:f1:52:
                    a7:1c:cc:76:8d:5a:0e:ed:13:31:d8:9e:80:84:3c:
                    8d:69:ad:7d:b8:c1:f7:95:b5:33:e9:fa:25:bd:5d:
                    3c:9a:3d:52:11:12:f3:dd:cd:4a:c7:3d:b2:c4:ad:
                    30:b6:b8:6d:a2:9f:3f:5a:7b:56:54:28:88:74:5a:
                    01:19:1c:8c:c5:ab:54:de:72:d0:6c:82:7b:10:b8:
                    e2:7b:7e:05:3a:db:48:6b:52:9f:96:c8:4e:c2:85:
                    d6:f3:52:c2:af:e3:43:46:d3:a4:30:98:07:45:4c:
                    b9:c9:78:7b:83:59:3d:2c:d7:84:24:b8:74:77:a2:
                    49:17:4a:d4:da:5c:fd:6d:57:36:9a:09:cb:c8:23:
                    37:92:c9:2d:da:91:51:6d:79:24:11:5e:db:ea:9c:
                    a8:9b:e9:46:3e:7a:2b:2b:a4:1c:7d:a5:c5:00:97:
                    59:aa:fa:fe:59:18:fc:f1:95:09:bb:55:2b:4f:c0:
                    6e:f2:54:b3:c6:3d:6f:2a:26:48:ca:56:97:2f:0c:
                    2e:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:46:6B:0C:3D:92:BA:07:42:43:14:BD:C8:7A:59:24:4F:E5:79:20
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/1kZrDD2SugdCQxS9yHpZJE_leSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7:200a::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:d6:b4:1a:0f:21:39:7d:4e:58:bd:eb:58:ce:db:af:61:88:
         24:51:24:f6:70:a2:f1:a4:c8:82:9d:ca:81:f4:22:40:26:cb:
         c8:cb:d5:34:0e:1e:60:69:76:eb:60:99:99:73:68:38:a7:ec:
         80:77:14:17:28:0f:41:a2:c1:56:d7:70:5c:5d:9b:95:47:7d:
         96:7a:c0:ce:75:cc:e8:4c:85:ff:e8:47:d7:2e:af:28:27:1c:
         ee:bd:ee:d7:cc:d9:a5:d9:e7:33:d0:9e:a1:41:86:e1:15:d4:
         cd:46:d5:72:57:0c:4d:dd:0b:9d:f7:e4:0f:5c:4a:5b:ec:73:
         c9:c6:36:89:67:40:5f:25:31:95:00:a1:f5:6b:7f:2a:c3:65:
         33:25:67:7e:a0:99:5c:09:f3:f6:2b:e0:59:7b:5a:c1:1f:20:
         9a:7a:82:64:bc:a8:dd:6f:a4:e7:a2:97:c5:e1:ec:b7:66:84:
         3d:86:e4:50:9a:c0:df:1a:b6:6a:dd:ae:76:22:f0:26:d6:54:
         e5:b4:05:07:be:c4:4c:7a:aa:af:b0:98:81:14:77:6a:1d:60:
         f8:fb:5a:82:97:b3:29:43:48:31:d7:aa:cd:07:b5:5e:73:cc:
         0a:83:e0:88:ff:61:33:b4:f4:b2:8f:e3:5f:69:02:34:ca:96:
         11:a1:9a:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAdHLWmymGRAAo3ecKMCGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjQ2NmIwYzNkOTJiYTA3NDI0MzE0YmRjODdhNTkyNDRmZTU3OTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1hUyWdXRGliJhugedlvsikuY39m
qSApbiw9QdUU+WAvFK/KzvHt+QnNiGuZuPk8bEJEicUogtsf8VKnHMx2jVoO7RMx
2J6AhDyNaa19uMH3lbUz6folvV08mj1SERLz3c1Kxz2yxK0wtrhtop8/WntWVCiI
dFoBGRyMxatU3nLQbIJ7ELjie34FOttIa1KflshOwoXW81LCr+NDRtOkMJgHRUy5
yXh7g1k9LNeEJLh0d6JJF0rU2lz9bVc2mgnLyCM3kskt2pFRbXkkEV7b6pyom+lG
PnorK6QcfaXFAJdZqvr+WRj88ZUJu1UrT8Bu8lSzxj1vKiZIylaXLwwumQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNZGaww9kroHQkMUvch6WSRP5XkgMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvMWtackREMlN1Z2RDUXhTOXlIcFpKRV9sZVNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgkAByAK
MA0GCSqGSIb3DQEBCwUAA4IBAQCe1rQaDyE5fU5YvetYztuvYYgkUST2cKLxpMiC
ncqB9CJAJsvIy9U0Dh5gaXbrYJmZc2g4p+yAdxQXKA9BosFW13BcXZuVR32WesDO
dczoTIX/6EfXLq8oJxzuve7XzNml2ecz0J6hQYbhFdTNRtVyVwxN3Qud9+QPXEpb
7HPJxjaJZ0BfJTGVAKH1a38qw2UzJWd+oJlcCfP2K+BZe1rBHyCaeoJkvKjdb6Tn
opfF4ey3ZoQ9huRQmsDfGrZq3a52IvAm1lTltAUHvsRMeqqvsJiBFHdqHWD4+1qC
l7MpQ0gx16rNB7Vec8wKg+CI/2EztPSyj+NfaQI0ypYRoZpy
-----END CERTIFICATE-----