Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/581e68-4d45-40eb-89d9-8816fba8be12/1/rJSqs0rEC-K2BbkuZkJ0Y-ERdXI.roa
File:                     rJSqs0rEC-K2BbkuZkJ0Y-ERdXI.roa (raw, json)
Hash identifier:          PkU3mNtuNlsunSYLQ+92jXVNR9fN+7t0w4gUw/rtGzg=
Subject key identifier:   AC:94:AA:B3:4A:C4:0B:E2:B6:05:B9:2E:66:42:74:63:E1:11:75:72
Certificate issuer:       /CN=3ea99f00000beeb9f1b2854ba50ec7b88126dba9
Certificate serial:       018CC9BBEFA569FA0B08107632E9231CD474
Authority key identifier: 3E:A9:9F:00:00:0B:EE:B9:F1:B2:85:4B:A5:0E:C7:B8:81:26:DB:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PqmfAAAL7rnxsoVLpQ7HuIEm26k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/581e68-4d45-40eb-89d9-8816fba8be12/1/rJSqs0rEC-K2BbkuZkJ0Y-ERdXI.roa
Signing time:             Tue 02 Jan 2024 10:33:06 +0000
ROA not before:           Tue 02 Jan 2024 10:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211146
IP address blocks:        2a0b:f500::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/581e68-4d45-40eb-89d9-8816fba8be12/1/PqmfAAAL7rnxsoVLpQ7HuIEm26k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/581e68-4d45-40eb-89d9-8816fba8be12/1/PqmfAAAL7rnxsoVLpQ7HuIEm26k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PqmfAAAL7rnxsoVLpQ7HuIEm26k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:ef:a5:69:fa:0b:08:10:76:32:e9:23:1c:d4:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ea99f00000beeb9f1b2854ba50ec7b88126dba9
        Validity
            Not Before: Jan  2 10:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac94aab34ac40be2b605b92e66427463e1117572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:48:67:02:99:5f:db:42:6c:f7:4c:5a:5b:55:
                    b2:e6:d0:4c:70:63:68:8c:fc:b2:ad:6d:d4:df:bd:
                    2b:0d:d1:69:e5:2d:9e:f6:19:1a:ec:2c:18:fd:44:
                    fd:ed:1a:51:37:72:8e:7c:22:1c:55:47:bd:dd:6f:
                    15:e6:bd:e1:08:62:47:ab:43:eb:c1:c4:4f:a6:0f:
                    08:bf:d8:e5:82:d2:3c:43:56:3c:c6:89:b3:27:f4:
                    fc:2a:d8:30:ef:40:bc:e0:ea:cf:35:34:8e:17:3a:
                    64:31:76:6a:c3:c3:79:9f:95:76:37:a4:25:f1:a9:
                    76:fb:da:c0:3d:08:2d:e6:e6:c3:e5:36:04:e7:b6:
                    42:9c:67:ae:46:2d:2f:96:af:b9:35:33:41:df:29:
                    5b:92:49:8f:b1:13:03:cd:09:cd:d7:6f:03:bb:81:
                    0a:92:b2:12:45:72:bd:0b:9b:5e:8a:ea:86:da:5c:
                    61:9f:37:10:73:d4:4e:ae:3c:ee:c1:c1:e3:77:c6:
                    77:b9:a8:81:06:c0:07:0c:71:cd:28:c2:b7:81:88:
                    4e:cb:f5:b2:a7:4c:d9:97:7e:67:a8:fc:6f:12:d7:
                    90:f5:9a:2c:b9:2e:18:5e:b9:90:75:9a:73:7f:89:
                    d9:8f:98:80:f3:f2:3e:81:b2:87:25:96:94:dd:af:
                    5f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:94:AA:B3:4A:C4:0B:E2:B6:05:B9:2E:66:42:74:63:E1:11:75:72
            X509v3 Authority Key Identifier:
                keyid:3E:A9:9F:00:00:0B:EE:B9:F1:B2:85:4B:A5:0E:C7:B8:81:26:DB:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PqmfAAAL7rnxsoVLpQ7HuIEm26k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/581e68-4d45-40eb-89d9-8816fba8be12/1/rJSqs0rEC-K2BbkuZkJ0Y-ERdXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/581e68-4d45-40eb-89d9-8816fba8be12/1/PqmfAAAL7rnxsoVLpQ7HuIEm26k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:f500::/29

    Signature Algorithm: sha256WithRSAEncryption
         75:ce:02:1a:e2:fa:4e:78:63:5a:94:ec:29:10:db:fa:9e:dc:
         41:b2:68:f9:40:72:81:1f:27:f3:1b:d8:66:f0:2b:a4:6b:af:
         b2:47:1b:de:ca:ea:0a:d6:c1:89:d6:f5:2c:35:fc:55:6a:9c:
         6b:97:dc:81:dc:70:28:3c:20:3c:29:c9:98:42:41:52:8e:aa:
         d1:de:64:05:1d:8f:a7:4c:75:c2:6f:aa:a9:d1:81:ff:89:ac:
         b2:4b:67:c0:88:2b:e2:a0:b5:9a:63:fa:dc:19:a7:ab:91:3c:
         ae:f4:3c:1c:d7:b9:2e:23:d6:a3:1c:37:45:4f:80:40:a4:a1:
         ee:56:e8:5f:d5:13:e3:bb:d6:47:e2:fc:fd:b0:52:ef:7c:a7:
         09:18:52:47:e5:68:f9:1b:96:1f:6e:b7:37:6a:84:0b:bf:6d:
         9d:db:50:16:c3:5a:77:3e:f1:8d:28:1c:c4:21:6f:62:db:6e:
         c7:30:84:dd:30:2b:25:83:1a:4f:25:44:c1:e2:af:9e:76:cf:
         d5:03:3a:1d:a8:a5:14:c7:8d:32:c8:ff:df:6e:b8:f8:56:62:
         d5:2c:f1:00:97:33:3c:db:7b:ff:5d:88:92:f7:80:12:98:62:
         6a:c4:11:cb:20:ee:b7:61:cc:21:55:f5:a9:8f:0d:6f:f1:a4:
         ed:95:7c:d1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJu++lafoLCBB2MukjHNR0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYTk5ZjAwMDAwYmVlYjlmMWIyODU0YmE1MGVjN2I4ODEy
NmRiYTkwHhcNMjQwMTAyMTAzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzk0YWFiMzRhYzQwYmUyYjYwNWI5MmU2NjQyNzQ2M2UxMTE3NTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkhnAplf20Js90xaW1Wy5tBMcGNo
jPyyrW3U370rDdFp5S2e9hka7CwY/UT97RpRN3KOfCIcVUe93W8V5r3hCGJHq0Pr
wcRPpg8Iv9jlgtI8Q1Y8xomzJ/T8Ktgw70C84OrPNTSOFzpkMXZqw8N5n5V2N6Ql
8al2+9rAPQgt5ubD5TYE57ZCnGeuRi0vlq+5NTNB3ylbkkmPsRMDzQnN128Du4EK
krISRXK9C5teiuqG2lxhnzcQc9ROrjzuwcHjd8Z3uaiBBsAHDHHNKMK3gYhOy/Wy
p0zZl35nqPxvEteQ9ZosuS4YXrmQdZpzf4nZj5iA8/I+gbKHJZaU3a9f/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKyUqrNKxAvitgW5LmZCdGPhEXVyMB8GA1UdIwQY
MBaAFD6pnwAAC+658bKFS6UOx7iBJtupMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHFtZkFBQUw3cm54c29WTHBRN0h1SUVtMjZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS81ODFlNjgtNGQ0NS00MGViLTg5ZDkt
ODgxNmZiYThiZTEyLzEvckpTcXMwckVDLUsyQmJrdVprSjBZLUVSZFhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS81ODFlNjgtNGQ0NS00MGViLTg5ZDktODgxNmZiYThiZTEy
LzEvUHFtZkFBQUw3cm54c29WTHBRN0h1SUVtMjZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgv1ADAN
BgkqhkiG9w0BAQsFAAOCAQEAdc4CGuL6TnhjWpTsKRDb+p7cQbJo+UBygR8n8xvY
ZvArpGuvskcb3srqCtbBidb1LDX8VWqca5fcgdxwKDwgPCnJmEJBUo6q0d5kBR2P
p0x1wm+qqdGB/4mssktnwIgr4qC1mmP63Bmnq5E8rvQ8HNe5LiPWoxw3RU+AQKSh
7lboX9UT47vWR+L8/bBS73ynCRhSR+Vo+RuWH263N2qEC79tndtQFsNadz7xjSgc
xCFvYttuxzCE3TArJYMaTyVEweKvnnbP1QM6HailFMeNMsj/3264+FZi1SzxAJcz
PNt7/12IkveAEphiasQRyyDut2HMIVX1qY8Nb/Gk7ZV80Q==
-----END CERTIFICATE-----