Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/vd69oEQY9A3sHjhWOgsLVWdU3P8.roa
File:                     vd69oEQY9A3sHjhWOgsLVWdU3P8.roa (raw, json)
Hash identifier:          iH8l0IhnoWzF+x78Omo1nDI5sixKG5BmCy30r6bhC9g=
Subject key identifier:   BD:DE:BD:A0:44:18:F4:0D:EC:1E:38:56:3A:0B:0B:55:67:54:DC:FF
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       018CC64B6A29BB66B2E35467102D6C95EFDA
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/vd69oEQY9A3sHjhWOgsLVWdU3P8.roa
Signing time:             Mon 01 Jan 2024 18:31:20 +0000
ROA not before:           Mon 01 Jan 2024 18:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216126
IP address blocks:        2a0e:46c4:2200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:6a:29:bb:66:b2:e3:54:67:10:2d:6c:95:ef:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  1 18:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bddebda04418f40dec1e38563a0b0b556754dcff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6c:7e:b9:95:9e:37:cb:15:12:c5:96:14:a2:
                    25:6a:86:24:9e:d7:a4:fc:6e:68:50:5b:b3:26:2c:
                    86:e5:73:b7:b2:4f:26:44:b4:43:c6:8a:84:aa:b8:
                    b4:70:2a:2e:11:79:b3:bc:a4:29:65:6b:43:4e:68:
                    20:32:69:0e:01:4d:f9:c2:ca:31:0c:a0:ed:13:d4:
                    32:c3:a4:7b:48:2f:44:80:48:74:08:f3:c6:31:2b:
                    38:6c:2b:c4:50:60:f5:98:d5:36:ef:4e:15:58:97:
                    13:0a:cd:6d:47:bc:09:25:87:b2:17:53:dc:df:9d:
                    58:07:53:ad:0b:56:d8:d4:fe:ec:7c:98:7f:cc:02:
                    6c:4f:6f:5f:b0:29:50:e6:f8:a1:f3:bd:ed:f5:35:
                    31:b4:2c:db:28:39:f3:c6:36:bb:d0:28:60:32:de:
                    4b:fb:3c:9e:f1:11:b1:51:f5:23:78:d3:8b:a1:e4:
                    53:cf:10:02:88:54:4b:8e:d3:91:7d:76:40:13:57:
                    60:a3:ea:83:13:66:3e:29:b9:1b:67:b5:a1:0e:50:
                    67:7e:b7:bf:94:d1:b5:e5:15:ec:0b:71:c9:00:fd:
                    02:1b:36:61:2c:b6:54:14:b1:54:b7:44:8c:01:1c:
                    2d:89:e7:4a:90:31:30:60:2a:6c:19:85:c3:96:d9:
                    87:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:DE:BD:A0:44:18:F4:0D:EC:1E:38:56:3A:0B:0B:55:67:54:DC:FF
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/vd69oEQY9A3sHjhWOgsLVWdU3P8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c4:2200::/40

    Signature Algorithm: sha256WithRSAEncryption
         8c:89:cc:ff:96:45:bd:42:5a:94:28:52:af:96:32:8a:35:fb:
         82:61:5d:70:61:25:25:1a:c6:1e:28:18:b4:2b:47:95:a0:0d:
         26:54:2d:a9:f0:1d:b9:93:cb:3e:39:27:ca:fa:63:30:3e:de:
         df:40:93:a5:ab:d3:96:55:38:03:cb:9c:1c:22:e5:4d:92:68:
         24:fd:9f:68:4b:e9:b9:e2:96:83:51:f7:65:69:56:2b:e1:8e:
         50:b6:5c:c6:33:21:58:f7:6a:72:d3:ed:b4:cf:a7:05:b2:89:
         52:e3:54:14:1c:a1:17:cf:d8:19:63:a8:aa:99:8b:2e:5e:89:
         90:24:61:f8:c2:46:80:c9:b9:73:72:04:7e:06:4a:db:94:5a:
         ce:69:d5:c3:a2:a9:14:95:c0:3a:d5:77:d6:00:71:ed:37:3f:
         4e:91:ab:20:26:00:2f:bb:de:ce:6b:e7:29:82:79:71:4d:3d:
         76:1f:2d:72:56:2e:7f:4d:9a:99:fb:89:4b:48:ae:67:a2:ed:
         28:79:84:d5:32:ca:2c:59:d6:09:d8:ec:d6:e7:e1:39:af:52:
         62:76:9e:44:f0:f7:c8:90:29:33:4e:c7:59:ae:95:52:11:4a:
         70:10:ee:10:67:0b:ec:b2:b5:3d:59:59:06:75:cc:2c:6d:61:
         a7:69:62:d7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGS2opu2ay41RnEC1sle/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjQwMTAxMTgzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGRlYmRhMDQ0MThmNDBkZWMxZTM4NTYzYTBiMGI1NTY3NTRkY2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmx+uZWeN8sVEsWWFKIlaoYkntek
/G5oUFuzJiyG5XO3sk8mRLRDxoqEqri0cCouEXmzvKQpZWtDTmggMmkOAU35wsox
DKDtE9Qyw6R7SC9EgEh0CPPGMSs4bCvEUGD1mNU2704VWJcTCs1tR7wJJYeyF1Pc
351YB1OtC1bY1P7sfJh/zAJsT29fsClQ5vih873t9TUxtCzbKDnzxja70ChgMt5L
+zye8RGxUfUjeNOLoeRTzxACiFRLjtORfXZAE1dgo+qDE2Y+KbkbZ7WhDlBnfre/
lNG15RXsC3HJAP0CGzZhLLZUFLFUt0SMARwtiedKkDEwYCpsGYXDltmHXwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFL3evaBEGPQN7B44VjoLC1VnVNz/MB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvdmQ2OW9FUVk5QTNzSGpoV09nc0xWV2RVM1A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg5GxCIw
DQYJKoZIhvcNAQELBQADggEBAIyJzP+WRb1CWpQoUq+WMoo1+4JhXXBhJSUaxh4o
GLQrR5WgDSZULanwHbmTyz45J8r6YzA+3t9Ak6Wr05ZVOAPLnBwi5U2SaCT9n2hL
6bniloNR92VpVivhjlC2XMYzIVj3anLT7bTPpwWyiVLjVBQcoRfP2BljqKqZiy5e
iZAkYfjCRoDJuXNyBH4GStuUWs5p1cOiqRSVwDrVd9YAce03P06RqyAmAC+73s5r
5ymCeXFNPXYfLXJWLn9Nmpn7iUtIrmei7Sh5hNUyyixZ1gnY7Nbn4TmvUmJ2nkTw
98iQKTNOx1mulVIRSnAQ7hBnC+yytT1ZWQZ1zCxtYadpYtc=
-----END CERTIFICATE-----