Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/MEIlS7IwiLZFZAjDbUEW9wVxJWQ.roa
File:                     MEIlS7IwiLZFZAjDbUEW9wVxJWQ.roa (raw, json)
Hash identifier:          kPmoUN/wsSxhThYCYRNvT0+6Lnaebye7g5WdMN4Zri0=
Subject key identifier:   30:42:25:4B:B2:30:88:B6:45:64:08:C3:6D:41:16:F7:05:71:25:64
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       018E26064A41704BC0C6E81E28EFAA6655DD
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/MEIlS7IwiLZFZAjDbUEW9wVxJWQ.roa
Signing time:             Sun 10 Mar 2024 01:42:10 +0000
ROA not before:           Sun 10 Mar 2024 01:42:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48266
IP address blocks:        2a0e:da40:3000::/36 maxlen: 128
                          2a12:8c00::/36 maxlen: 128
                          2a12:8c00:1000::/36 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:26:06:4a:41:70:4b:c0:c6:e8:1e:28:ef:aa:66:55:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Mar 10 01:42:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3042254bb23088b6456408c36d4116f705712564
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:6d:3c:d1:20:08:72:62:dc:44:a8:b1:7f:5c:
                    24:9a:3e:30:09:ca:c9:2a:6a:2f:e8:3a:a5:20:13:
                    fa:09:0a:00:b9:a4:00:72:d0:2f:e8:fd:d8:c6:8b:
                    bd:5f:9c:57:90:3e:d4:73:58:b7:59:c4:c5:cc:b6:
                    62:f1:16:9e:df:94:98:b4:7c:b0:98:f8:1b:07:99:
                    dd:32:81:f8:da:73:35:6f:a5:14:20:64:f2:01:1c:
                    c4:ae:69:f8:90:c5:83:d6:58:c2:8f:a4:40:5c:df:
                    3f:c3:18:e3:44:b1:9e:24:d6:b3:16:67:28:d6:05:
                    9b:fc:12:50:c1:f2:4c:ff:39:47:0d:48:20:c1:61:
                    24:93:6b:72:ec:e0:b0:05:a2:dc:b8:21:6c:43:0c:
                    a9:34:5e:0f:54:56:ad:fb:3f:8b:93:a8:59:15:9d:
                    84:51:5c:86:f7:a0:be:19:1a:14:fe:fc:82:c4:16:
                    64:7f:d0:0a:d8:94:c3:2e:c0:30:9c:fd:02:99:42:
                    b3:d4:37:dc:0c:33:38:2c:60:19:68:d8:1e:e8:02:
                    ab:05:9a:44:82:89:a6:67:3c:7f:d9:2a:34:c1:b2:
                    6e:e2:43:ff:b3:45:82:55:5f:1f:a7:fd:42:f0:1e:
                    a2:ea:d3:d7:f3:1d:b0:6e:12:ed:d3:5d:b4:09:c3:
                    58:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:42:25:4B:B2:30:88:B6:45:64:08:C3:6D:41:16:F7:05:71:25:64
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/MEIlS7IwiLZFZAjDbUEW9wVxJWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:da40:3000::/36
                  2a12:8c00::/35

    Signature Algorithm: sha256WithRSAEncryption
         bb:11:ec:8a:f3:f7:03:b0:0a:dd:c7:46:9c:dd:c3:c4:94:f9:
         5c:c3:ca:3e:8e:fa:f0:36:d8:47:0e:fa:33:fe:27:df:a8:ad:
         00:3a:46:e7:65:53:2c:45:03:c4:82:e2:a5:20:30:1c:2b:25:
         4d:d1:c8:62:de:b6:b8:55:3a:b6:ce:6b:6f:e3:91:b9:1e:06:
         6c:10:94:bc:5e:87:f0:dc:bf:14:c7:bb:4e:ce:fc:d3:5f:40:
         ac:22:11:a9:17:d7:af:ed:3c:ff:cf:97:5b:45:66:da:bc:af:
         55:9c:d8:41:63:e5:96:1d:cf:bf:f1:fd:40:14:b6:94:44:79:
         09:d9:e2:09:bd:bd:30:be:fc:0e:eb:f1:25:fb:9f:c7:be:ba:
         f1:04:5d:5f:90:a0:73:5b:1b:5e:f4:c3:2a:71:98:83:fa:25:
         c3:61:d8:ef:35:02:9e:14:04:bf:b4:31:8f:39:9a:b6:6c:09:
         ed:45:64:4f:c1:4a:db:0c:35:dc:ab:83:73:d8:0c:bd:15:ec:
         91:d7:30:cb:6a:df:92:76:70:4f:3a:a2:ab:c9:05:fa:25:c3:
         b9:73:54:6a:45:0a:a0:9a:bb:97:3a:55:4f:5f:7e:a7:40:c1:
         b1:b8:8b:b4:2a:80:b6:61:05:66:1c:d3:d0:2e:52:6f:9e:8b:
         2e:60:3f:dc
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAY4mBkpBcEvAxugeKO+qZlXdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjQwMzEwMDE0MjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDQyMjU0YmIyMzA4OGI2NDU2NDA4YzM2ZDQxMTZmNzA1NzEyNTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjG080SAIcmLcRKixf1wkmj4wCcrJ
Kmov6DqlIBP6CQoAuaQActAv6P3Yxou9X5xXkD7Uc1i3WcTFzLZi8Rae35SYtHyw
mPgbB5ndMoH42nM1b6UUIGTyARzErmn4kMWD1ljCj6RAXN8/wxjjRLGeJNazFmco
1gWb/BJQwfJM/zlHDUggwWEkk2ty7OCwBaLcuCFsQwypNF4PVFat+z+Lk6hZFZ2E
UVyG96C+GRoU/vyCxBZkf9AK2JTDLsAwnP0CmUKz1DfcDDM4LGAZaNge6AKrBZpE
gommZzx/2So0wbJu4kP/s0WCVV8fp/1C8B6i6tPX8x2wbhLt0120CcNYOQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFDBCJUuyMIi2RWQIw21BFvcFcSVkMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvTUVJbFM3SXdpTFpGWkFqRGJVRVc5d1Z4SldRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYEKg7aQDAD
BgUqEowAADANBgkqhkiG9w0BAQsFAAOCAQEAuxHsivP3A7AK3cdGnN3DxJT5XMPK
Po768DbYRw76M/4n36itADpG52VTLEUDxILipSAwHCslTdHIYt62uFU6ts5rb+OR
uR4GbBCUvF6H8Ny/FMe7Ts78019ArCIRqRfXr+08/8+XW0Vm2ryvVZzYQWPllh3P
v/H9QBS2lER5CdniCb29ML78DuvxJfufx7668QRdX5Cgc1sbXvTDKnGYg/olw2HY
7zUCnhQEv7QxjzmatmwJ7UVkT8FK2ww13KuDc9gMvRXskdcwy2rfknZwTzqiq8kF
+iXDuXNUakUKoJq7lzpVT19+p0DBsbiLtCqAtmEFZhzT0C5Sb56LLmA/3A==
-----END CERTIFICATE-----