Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/XccOAtxI2-gX7uzyoiOdbOv8E9M.roa
File:                     XccOAtxI2-gX7uzyoiOdbOv8E9M.roa (raw, json)
Hash identifier:          2jY/T056iJX8fvOQxpsAuXyq7AEn+eTo/CVsw10DKB4=
Subject key identifier:   5D:C7:0E:02:DC:48:DB:E8:17:EE:EC:F2:A2:23:9D:6C:EB:FC:13:D3
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       01921B3D83077FCA0C6C0B0E2954C73B12BE
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/XccOAtxI2-gX7uzyoiOdbOv8E9M.roa
Signing time:             Sun 22 Sep 2024 19:37:48 +0000
ROA not before:           Sun 22 Sep 2024 19:37:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214999
IP address blocks:        2a0a:79c7:fdf0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1b:3d:83:07:7f:ca:0c:6c:0b:0e:29:54:c7:3b:12:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Sep 22 19:37:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5dc70e02dc48dbe817eeecf2a2239d6cebfc13d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d7:bf:2b:99:29:3e:d2:f0:53:e7:b9:3b:a4:
                    64:43:c0:8d:ca:84:25:3a:f3:04:01:0c:43:2c:61:
                    18:7e:af:cc:ab:1d:51:2b:68:5e:d0:4a:7b:52:e7:
                    5f:e0:c3:a1:fb:7e:b2:c3:34:b3:1a:d2:13:eb:17:
                    df:15:58:d9:0f:de:ee:5e:93:06:ac:e8:fc:2f:67:
                    32:9a:0f:bd:eb:75:58:ba:79:39:42:46:8f:e6:66:
                    06:88:ad:f6:36:b2:f8:b8:7f:cc:5b:4b:6c:a2:f1:
                    4b:7e:70:bb:2f:ac:ce:14:6e:ce:c7:1d:c1:fd:f4:
                    41:f8:2d:26:78:bd:78:5d:8c:a9:35:3e:a9:cc:0b:
                    4d:6d:d9:d1:50:6d:d2:04:ab:9b:76:79:d4:34:cf:
                    ba:87:31:f8:44:8e:51:25:78:50:e2:91:d5:3a:fc:
                    b6:dd:db:a4:1e:4e:de:b9:59:de:12:c1:37:67:c0:
                    e8:a0:fe:1f:fa:3d:a6:e3:1c:24:30:ca:af:8b:00:
                    87:69:0a:b5:04:dd:5c:62:0a:f4:45:23:78:c4:96:
                    ac:ca:32:37:ad:aa:bb:db:d6:89:aa:41:d6:9f:64:
                    44:e9:93:a4:94:d3:0c:14:4d:16:e1:6c:48:32:46:
                    9e:cc:cc:16:5b:a7:04:8f:99:1a:bb:c9:bb:80:06:
                    c3:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:C7:0E:02:DC:48:DB:E8:17:EE:EC:F2:A2:23:9D:6C:EB:FC:13:D3
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/XccOAtxI2-gX7uzyoiOdbOv8E9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:79c7:fdf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         01:5e:de:72:2a:8b:b0:f1:31:33:cf:88:6e:02:f0:7e:2f:ba:
         a7:d6:5e:0c:b9:46:f0:a3:eb:75:60:36:ba:99:06:22:b3:e0:
         d1:d1:c4:5e:73:b4:e0:5d:d4:16:07:fd:80:10:8b:31:ef:52:
         1c:49:eb:28:5d:c3:90:a5:74:e2:92:fc:66:d3:40:32:1b:3d:
         2a:f5:2e:12:ec:55:86:1e:bc:2d:d6:f1:1e:c5:6f:50:6a:f1:
         ae:70:9e:f2:a9:92:23:a0:1d:27:67:cc:e5:c4:09:f7:c4:fe:
         da:51:22:d7:7c:ba:66:16:72:9d:d9:20:77:22:d4:18:ca:98:
         4f:db:2c:f0:d6:03:85:99:43:09:a4:16:bf:85:b4:8f:d0:2d:
         6f:37:be:85:0f:23:8b:d4:58:da:42:7b:55:7f:fa:a6:6d:f2:
         43:27:ef:08:4c:53:fd:25:40:98:00:1b:d9:db:79:77:4b:35:
         ca:85:13:6f:43:b7:b0:46:2c:04:45:f8:5a:34:bb:0b:63:1a:
         d5:04:e9:2c:bf:16:da:ce:4a:17:b4:52:ec:ca:39:ec:bb:6a:
         23:bc:4a:de:e8:39:24:29:c0:06:7c:07:c1:67:47:a2:5a:a2:
         69:bf:b3:fd:2f:a1:31:3c:4b:00:9f:22:cd:a0:e4:28:a2:53:
         04:ff:54:c0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZIbPYMHf8oMbAsOKVTHOxK+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwOTIyMTkzNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGM3MGUwMmRjNDhkYmU4MTdlZWVjZjJhMjIzOWQ2Y2ViZmMxM2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9e/K5kpPtLwU+e5O6RkQ8CNyoQl
OvMEAQxDLGEYfq/Mqx1RK2he0Ep7Uudf4MOh+36ywzSzGtIT6xffFVjZD97uXpMG
rOj8L2cymg+963VYunk5QkaP5mYGiK32NrL4uH/MW0tsovFLfnC7L6zOFG7Oxx3B
/fRB+C0meL14XYypNT6pzAtNbdnRUG3SBKubdnnUNM+6hzH4RI5RJXhQ4pHVOvy2
3dukHk7euVneEsE3Z8DooP4f+j2m4xwkMMqviwCHaQq1BN1cYgr0RSN4xJasyjI3
raq729aJqkHWn2RE6ZOklNMMFE0W4WxIMkaezMwWW6cEj5kau8m7gAbDWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF3HDgLcSNvoF+7s8qIjnWzr/BPTMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvWGNjT0F0eEkyLWdYN3V6eW9pT2RiT3Y4RTlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgp5x/3w
MA0GCSqGSIb3DQEBCwUAA4IBAQABXt5yKouw8TEzz4huAvB+L7qn1l4MuUbwo+t1
YDa6mQYis+DR0cRec7TgXdQWB/2AEIsx71IcSesoXcOQpXTikvxm00AyGz0q9S4S
7FWGHrwt1vEexW9QavGucJ7yqZIjoB0nZ8zlxAn3xP7aUSLXfLpmFnKd2SB3ItQY
yphP2yzw1gOFmUMJpBa/hbSP0C1vN76FDyOL1FjaQntVf/qmbfJDJ+8ITFP9JUCY
ABvZ23l3SzXKhRNvQ7ewRiwERfhaNLsLYxrVBOksvxbazkoXtFLsyjnsu2ojvEre
6DkkKcAGfAfBZ0eiWqJpv7P9L6ExPEsAnyLNoOQoolME/1TA
-----END CERTIFICATE-----