Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/scEFUo9P4o_zQX2XHoPfFMpW_0g.roa
File:                     scEFUo9P4o_zQX2XHoPfFMpW_0g.roa (raw, json)
Hash identifier:          4/f3TykB+7iWB4UgySWl+aAaVQFXF2kHdQj0gJgQ+1U=
Subject key identifier:   B1:C1:05:52:8F:4F:E2:8F:F3:41:7D:97:1E:83:DF:14:CA:56:FF:48
Certificate issuer:       /CN=53129d048deb2e0bf62271399a090b9010160b39
Certificate serial:       01925E7EEAD2B7A77E8427B2518148FEBDCC
Authority key identifier: 53:12:9D:04:8D:EB:2E:0B:F6:22:71:39:9A:09:0B:90:10:16:0B:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UxKdBI3rLgv2InE5mgkLkBAWCzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/scEFUo9P4o_zQX2XHoPfFMpW_0g.roa
Signing time:             Sat 05 Oct 2024 21:03:48 +0000
ROA not before:           Sat 05 Oct 2024 21:03:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201207
IP address blocks:        2001:3580::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/UxKdBI3rLgv2InE5mgkLkBAWCzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/UxKdBI3rLgv2InE5mgkLkBAWCzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UxKdBI3rLgv2InE5mgkLkBAWCzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:5e:7e:ea:d2:b7:a7:7e:84:27:b2:51:81:48:fe:bd:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53129d048deb2e0bf62271399a090b9010160b39
        Validity
            Not Before: Oct  5 21:03:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1c105528f4fe28ff3417d971e83df14ca56ff48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:82:7e:b9:32:a4:af:9d:c7:e3:3a:df:41:85:
                    6f:8a:e2:f6:d7:c9:fb:02:11:38:da:47:9f:ed:ed:
                    88:5d:6f:3b:ba:f0:8d:ae:18:19:55:0c:a2:35:4a:
                    dd:80:83:f2:b2:08:99:5f:cf:bd:67:7c:43:66:63:
                    45:74:7a:a4:62:ed:a9:83:39:dd:4b:87:07:36:b9:
                    bd:c0:ce:6f:1e:75:ee:81:4e:c8:f7:ec:ad:1f:e6:
                    e1:9a:fd:50:b3:31:d1:18:16:f0:cf:8c:6f:3f:8f:
                    e4:f9:b6:b2:6e:ac:22:dd:34:b5:20:a0:16:ca:c7:
                    74:79:71:64:99:85:b1:69:b5:1e:91:ce:e8:7d:6f:
                    98:bc:1c:22:70:22:2b:fc:a2:76:44:2a:13:13:43:
                    95:e6:1e:7b:c7:1c:0d:6e:c9:ae:7a:39:d6:68:40:
                    9b:92:c3:20:64:ff:fb:c5:ec:cb:ed:70:aa:7f:55:
                    e8:12:14:1a:0a:e3:e4:4e:c5:57:ce:5e:57:50:88:
                    6f:49:b9:6e:52:e7:1a:84:2b:9b:dd:ba:20:b2:ff:
                    b2:f9:ab:d3:17:e5:54:35:e4:17:1e:bf:2b:e2:fc:
                    12:73:39:6b:aa:ee:da:47:f0:7f:2f:88:81:c9:2e:
                    f1:03:53:29:d7:37:12:3d:1a:17:6b:f5:7c:90:ce:
                    33:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:C1:05:52:8F:4F:E2:8F:F3:41:7D:97:1E:83:DF:14:CA:56:FF:48
            X509v3 Authority Key Identifier:
                keyid:53:12:9D:04:8D:EB:2E:0B:F6:22:71:39:9A:09:0B:90:10:16:0B:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UxKdBI3rLgv2InE5mgkLkBAWCzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/scEFUo9P4o_zQX2XHoPfFMpW_0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/UxKdBI3rLgv2InE5mgkLkBAWCzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3580::/29

    Signature Algorithm: sha256WithRSAEncryption
         1f:89:8b:bc:1f:63:f1:b5:df:9e:7f:e5:6f:08:c7:0c:4b:8f:
         2e:5f:fb:f5:a7:c4:9f:f6:b9:d4:f8:92:a9:a7:0d:64:16:49:
         3d:99:a7:15:32:04:9b:3e:9d:ff:5b:3c:a6:ad:23:34:66:85:
         1f:6c:ae:11:e6:e5:b5:2a:81:35:a3:02:67:8c:10:e8:6e:be:
         e3:29:42:5f:f5:9f:a6:ff:c9:9c:2c:51:81:0f:57:2b:66:a1:
         14:ff:df:bf:76:91:19:f5:b7:36:c1:32:72:b8:e3:6b:7d:56:
         e2:b7:8e:2d:ae:90:19:96:fe:3e:f3:7b:47:6e:3c:4f:10:97:
         5f:4d:5c:f9:94:9f:9a:dd:3b:9c:27:e3:d6:1e:01:60:f5:69:
         2d:f5:b7:96:51:9b:f2:7c:81:76:74:78:2f:bb:af:db:fa:94:
         3d:6e:0b:d4:77:03:65:ed:da:04:33:61:a7:f1:d7:db:df:70:
         33:d7:32:53:2b:d4:c8:25:c8:81:f9:58:56:c0:70:10:f0:92:
         d0:53:85:f7:8e:cf:31:51:10:2b:bb:68:93:d2:b0:49:1c:d1:
         5d:7e:61:35:07:7d:81:2a:51:90:0d:37:c2:2a:fa:7b:57:dd:
         87:c4:6b:87:ea:2a:d4:2b:96:92:ea:09:a1:ce:c8:15:1e:ac:
         e8:59:a8:1d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZJefurSt6d+hCeyUYFI/r3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMTI5ZDA0OGRlYjJlMGJmNjIyNzEzOTlhMDkwYjkwMTAx
NjBiMzkwHhcNMjQxMDA1MjEwMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWMxMDU1MjhmNGZlMjhmZjM0MTdkOTcxZTgzZGYxNGNhNTZmZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04J+uTKkr53H4zrfQYVviuL218n7
AhE42kef7e2IXW87uvCNrhgZVQyiNUrdgIPysgiZX8+9Z3xDZmNFdHqkYu2pgznd
S4cHNrm9wM5vHnXugU7I9+ytH+bhmv1QszHRGBbwz4xvP4/k+baybqwi3TS1IKAW
ysd0eXFkmYWxabUekc7ofW+YvBwicCIr/KJ2RCoTE0OV5h57xxwNbsmuejnWaECb
ksMgZP/7xezL7XCqf1XoEhQaCuPkTsVXzl5XUIhvSbluUucahCub3bogsv+y+avT
F+VUNeQXHr8r4vwSczlrqu7aR/B/L4iByS7xA1Mp1zcSPRoXa/V8kM4zpQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLHBBVKPT+KP80F9lx6D3xTKVv9IMB8GA1UdIwQY
MBaAFFMSnQSN6y4L9iJxOZoJC5AQFgs5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXhLZEJJM3JMZ3YySW5FNW1na0xrQkFXQ3prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS84ZDU4ZTQtODhmNi00YWVkLWJhNDMt
N2FlNjM1OWQzMTEwLzEvc2NFRlVvOVA0b196UVgyWEhvUGZGTXBXXzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS84ZDU4ZTQtODhmNi00YWVkLWJhNDMtN2FlNjM1OWQzMTEw
LzEvVXhLZEJJM3JMZ3YySW5FNW1na0xrQkFXQ3prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDIAE1gDAN
BgkqhkiG9w0BAQsFAAOCAQEAH4mLvB9j8bXfnn/lbwjHDEuPLl/79afEn/a51PiS
qacNZBZJPZmnFTIEmz6d/1s8pq0jNGaFH2yuEebltSqBNaMCZ4wQ6G6+4ylCX/Wf
pv/JnCxRgQ9XK2ahFP/fv3aRGfW3NsEycrjja31W4reOLa6QGZb+PvN7R248TxCX
X01c+ZSfmt07nCfj1h4BYPVpLfW3llGb8nyBdnR4L7uv2/qUPW4L1HcDZe3aBDNh
p/HX299wM9cyUyvUyCXIgflYVsBwEPCS0FOF947PMVEQK7tok9KwSRzRXX5hNQd9
gSpRkA03wir6e1fdh8Rrh+oq1CuWkuoJoc7IFR6s6FmoHQ==
-----END CERTIFICATE-----