Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/v1XHW22dr2QZDeBaRGWo949sl98.roa
File:                     v1XHW22dr2QZDeBaRGWo949sl98.roa (raw, json)
Hash identifier:          q2zutVFp/kvMHYnycUy5U0rZOXUn4Zs5Ao5oph025mk=
Subject key identifier:   BF:55:C7:5B:6D:9D:AF:64:19:0D:E0:5A:44:65:A8:F7:8F:6C:97:DF
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801D5AA801518F20F0983C5E55841DA
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/v1XHW22dr2QZDeBaRGWo949sl98.roa
Signing time:             Tue 02 Jan 2024 02:30:12 +0000
ROA not before:           Tue 02 Jan 2024 02:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24013
IP address blocks:        2a09:7:1000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d5:aa:80:15:18:f2:0f:09:83:c5:e5:58:41:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf55c75b6d9daf64190de05a4465a8f78f6c97df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4c:8b:d0:62:d6:4c:12:9c:86:1f:bd:56:57:
                    c8:42:a3:31:43:eb:67:d4:bf:b2:cb:62:b8:65:91:
                    c8:a7:55:00:b6:31:c5:53:59:6f:68:e2:63:7c:28:
                    ad:82:17:51:8c:44:74:db:1b:20:e6:26:ef:0a:fc:
                    f6:83:e4:27:72:e0:d6:bc:55:8f:2c:93:00:0d:cf:
                    0d:06:37:fb:29:57:44:e8:ea:56:88:5a:ef:d9:91:
                    fe:dd:42:1b:2d:f2:f6:3d:ab:7d:28:c3:f9:15:c1:
                    74:5a:45:a0:21:de:2b:b6:da:71:7a:a4:60:85:33:
                    8d:da:1a:d3:a0:49:09:7e:47:ae:70:7e:a2:a1:e0:
                    76:57:bf:7c:39:51:ef:b0:31:bd:b0:9b:cc:e1:9e:
                    4d:44:d0:ee:3d:79:2f:57:be:f4:75:0a:48:7d:b2:
                    fe:e8:e5:c2:4f:9c:17:de:b0:20:7c:c5:95:fa:86:
                    e9:57:03:af:59:02:eb:5e:bd:c9:d1:87:93:5e:75:
                    8a:07:7e:2c:be:2a:fa:45:1b:fc:f2:1e:a5:23:1d:
                    19:0e:a3:33:5f:34:cd:0c:59:e7:4d:df:69:18:bf:
                    e0:ba:76:f1:c2:2a:c2:6a:ed:cd:af:4f:8e:ef:e0:
                    ea:5e:38:72:10:ce:b9:0b:8e:f3:a2:ac:ea:be:2a:
                    14:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:55:C7:5B:6D:9D:AF:64:19:0D:E0:5A:44:65:A8:F7:8F:6C:97:DF
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/v1XHW22dr2QZDeBaRGWo949sl98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         08:0a:98:df:74:54:eb:13:38:08:1e:83:0e:68:3d:e6:f5:53:
         58:bd:e6:a7:a0:35:0e:3c:89:69:fd:2a:f6:88:dd:62:5c:57:
         39:d1:19:0c:09:56:72:02:e9:c4:bd:a9:49:5e:5c:01:cb:cc:
         e8:a2:3c:18:c0:11:0d:a3:7a:3f:9d:d0:ad:fa:15:7a:ff:8d:
         5d:a9:1f:ca:50:59:9f:bb:4c:0d:f6:c0:3e:60:59:41:17:35:
         53:20:7f:4c:f2:b3:47:2b:9f:28:f5:46:e7:13:cf:5b:9a:87:
         47:78:41:e3:96:6e:9f:07:de:fe:d6:6d:75:22:1e:99:af:07:
         43:06:40:d3:f7:74:6d:5b:b6:7e:7f:cd:8a:6b:13:c4:25:2b:
         c1:1a:d5:cb:f8:78:07:75:8e:3b:e4:38:20:e0:67:46:fa:5f:
         0d:68:91:5c:86:88:1f:cc:3d:44:f1:79:70:06:ed:9a:f6:4c:
         fe:40:e1:1d:f9:f0:37:0c:7f:95:11:0e:d0:a7:bc:05:c1:f8:
         1b:12:05:20:46:48:73:dd:8c:20:77:ff:54:97:d5:f7:fe:c2:
         6f:03:62:7d:fe:58:d8:74:a3:e5:5a:5d:5f:d0:2f:d7:fc:71:
         fe:31:11:83:2a:ab:9f:29:15:5d:d7:52:5d:d6:99:f8:a6:ef:
         99:ab:d7:14
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIAdWqgBUY8g8Jg8XlWEHaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjU1Yzc1YjZkOWRhZjY0MTkwZGUwNWE0NDY1YThmNzhmNmM5N2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUyL0GLWTBKchh+9VlfIQqMxQ+tn
1L+yy2K4ZZHIp1UAtjHFU1lvaOJjfCitghdRjER02xsg5ibvCvz2g+QncuDWvFWP
LJMADc8NBjf7KVdE6OpWiFrv2ZH+3UIbLfL2Pat9KMP5FcF0WkWgId4rttpxeqRg
hTON2hrToEkJfkeucH6ioeB2V798OVHvsDG9sJvM4Z5NRNDuPXkvV770dQpIfbL+
6OXCT5wX3rAgfMWV+obpVwOvWQLrXr3J0YeTXnWKB34svir6RRv88h6lIx0ZDqMz
XzTNDFnnTd9pGL/gunbxwirCau3Nr0+O7+DqXjhyEM65C47zoqzqvioU5QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFL9Vx1ttna9kGQ3gWkRlqPePbJffMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvdjFYSFcyMmRyMlFaRGVCYVJHV285NDlzbDk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgkABxAw
DQYJKoZIhvcNAQELBQADggEBAAgKmN90VOsTOAgegw5oPeb1U1i95qegNQ48iWn9
KvaI3WJcVznRGQwJVnIC6cS9qUleXAHLzOiiPBjAEQ2jej+d0K36FXr/jV2pH8pQ
WZ+7TA32wD5gWUEXNVMgf0zys0crnyj1RucTz1uah0d4QeOWbp8H3v7WbXUiHpmv
B0MGQNP3dG1btn5/zYprE8QlK8Ea1cv4eAd1jjvkOCDgZ0b6Xw1okVyGiB/MPUTx
eXAG7Zr2TP5A4R358DcMf5URDtCnvAXB+BsSBSBGSHPdjCB3/1SX1ff+wm8DYn3+
WNh0o+VaXV/QL9f8cf4xEYMqq58pFV3XUl3Wmfim75mr1xQ=
-----END CERTIFICATE-----