Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/4oAof6-6CHyWIMnD4LAB3eOe730.roa
File:                     4oAof6-6CHyWIMnD4LAB3eOe730.roa (raw, json)
Hash identifier:          70v1HMxWB6NjLPdRNGjxMl49BBDJZb/riZsctifnoVE=
Subject key identifier:   E2:80:28:7F:AF:BA:08:7C:96:20:C9:C3:E0:B0:01:DD:E3:9E:EF:7D
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801D801F0A666CF81A8236018BB5F89
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/4oAof6-6CHyWIMnD4LAB3eOe730.roa
Signing time:             Tue 02 Jan 2024 02:30:13 +0000
ROA not before:           Tue 02 Jan 2024 02:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41767
IP address blocks:        2a09:7:2005::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d8:01:f0:a6:66:cf:81:a8:23:60:18:bb:5f:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e280287fafba087c9620c9c3e0b001dde39eef7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:e7:f1:d3:cb:f7:f5:70:0b:e6:6d:1a:ad:66:
                    8d:8b:ab:06:8a:a0:6f:15:76:24:f6:d1:80:77:fb:
                    9a:62:b1:42:dc:31:af:1b:a0:45:00:fd:5e:4d:5c:
                    41:56:92:72:fc:b2:60:47:ea:91:3e:28:f3:50:69:
                    c0:33:6f:8f:3b:eb:af:cf:89:ce:67:0a:d2:be:85:
                    7d:57:5e:82:16:e8:a0:4b:dd:bd:7e:6d:2a:0c:2c:
                    6d:4b:90:fd:e3:92:53:8a:f4:95:96:69:af:18:27:
                    d1:25:52:c8:0d:f8:36:b4:a3:0e:09:31:13:38:7e:
                    b7:24:0a:38:6b:c6:12:d3:b7:79:f9:12:3f:1f:ed:
                    64:13:49:7d:5f:07:e2:c8:0a:b7:52:a1:4d:cc:1a:
                    b7:11:e4:6e:8d:96:82:88:86:07:31:ac:c4:35:ab:
                    c1:29:6e:a6:d2:94:2f:d4:7f:9c:30:61:2e:68:c6:
                    9c:79:a4:7e:da:a5:66:8c:7f:e9:75:9a:e6:82:2b:
                    de:c0:56:e0:83:5d:44:f6:19:40:9d:46:92:f8:a2:
                    50:5b:21:b5:2d:22:4e:46:fb:2f:3c:25:33:a1:a6:
                    ab:d1:ad:f6:47:78:08:0a:72:3e:2c:1b:31:7d:4f:
                    57:d0:bd:7e:08:0c:c1:8c:ad:74:25:e9:34:7f:63:
                    be:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:80:28:7F:AF:BA:08:7C:96:20:C9:C3:E0:B0:01:DD:E3:9E:EF:7D
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/4oAof6-6CHyWIMnD4LAB3eOe730.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7:2005::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:c5:72:67:71:5c:aa:c6:b4:66:79:25:6d:d0:28:47:69:4b:
         b6:83:57:88:d5:c1:6e:e5:c4:f4:6f:8f:c5:01:34:25:a0:68:
         2f:82:c6:f3:dd:24:b6:20:f6:6e:3f:a3:4d:1b:3f:3f:98:86:
         58:90:23:01:a6:20:8b:eb:e2:1a:f9:a4:90:76:f7:03:44:a8:
         05:b6:3f:d9:63:83:10:69:92:bc:e5:12:63:d7:15:fb:46:84:
         84:76:2c:97:b1:3e:08:9e:50:df:8b:79:c5:d9:53:d7:10:b3:
         f8:43:83:bb:08:b4:43:95:48:10:dd:88:6c:83:fb:aa:1f:a9:
         f6:b4:a8:22:98:05:a9:1e:ce:cd:ea:4f:4b:1a:93:9b:f3:97:
         5a:98:41:cc:b9:8d:48:90:f6:6f:5b:dd:1e:69:02:3f:0a:fe:
         65:23:a7:72:f5:26:20:00:ef:1c:1a:e4:92:38:40:7f:d1:c5:
         98:f8:0f:c4:9a:3e:ef:38:bc:ec:e9:01:57:3e:42:d0:30:07:
         e2:5e:5d:35:dd:71:75:8d:08:ba:b6:b8:ec:ad:1f:59:0e:72:
         7f:b1:09:d7:e7:e4:30:fd:e0:56:6d:59:be:db:42:66:43:03:
         73:9c:50:54:f3:4a:d3:9f:66:a7:b8:71:a9:9c:12:61:b3:17:
         a3:02:c9:da
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAdgB8KZmz4GoI2AYu1+JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjgwMjg3ZmFmYmEwODdjOTYyMGM5YzNlMGIwMDFkZGUzOWVlZjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgufx08v39XAL5m0arWaNi6sGiqBv
FXYk9tGAd/uaYrFC3DGvG6BFAP1eTVxBVpJy/LJgR+qRPijzUGnAM2+PO+uvz4nO
ZwrSvoV9V16CFuigS929fm0qDCxtS5D945JTivSVlmmvGCfRJVLIDfg2tKMOCTET
OH63JAo4a8YS07d5+RI/H+1kE0l9XwfiyAq3UqFNzBq3EeRujZaCiIYHMazENavB
KW6m0pQv1H+cMGEuaMaceaR+2qVmjH/pdZrmgivewFbgg11E9hlAnUaS+KJQWyG1
LSJORvsvPCUzoaar0a32R3gICnI+LBsxfU9X0L1+CAzBjK10Jek0f2O+YQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOKAKH+vugh8liDJw+CwAd3jnu99MB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvNG9Bb2Y2LTZDSHlXSU1uRDRMQUIzZU9lNzMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgkAByAF
MA0GCSqGSIb3DQEBCwUAA4IBAQCYxXJncVyqxrRmeSVt0ChHaUu2g1eI1cFu5cT0
b4/FATQloGgvgsbz3SS2IPZuP6NNGz8/mIZYkCMBpiCL6+Ia+aSQdvcDRKgFtj/Z
Y4MQaZK85RJj1xX7RoSEdiyXsT4InlDfi3nF2VPXELP4Q4O7CLRDlUgQ3Yhsg/uq
H6n2tKgimAWpHs7N6k9LGpOb85damEHMuY1IkPZvW90eaQI/Cv5lI6dy9SYgAO8c
GuSSOEB/0cWY+A/Emj7vOLzs6QFXPkLQMAfiXl013XF1jQi6trjsrR9ZDnJ/sQnX
5+Qw/eBWbVm+20JmQwNznFBU80rTn2anuHGpnBJhsxejAsna
-----END CERTIFICATE-----