Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/vv0pkgIYDh92gWIb8jukyI7XxmA.roa
File:                     vv0pkgIYDh92gWIb8jukyI7XxmA.roa (raw, json)
Hash identifier:          4grE6TFddEEX16VPBUMj1hMsXFJN3TpZ/hx1vE3wyTQ=
Subject key identifier:   BE:FD:29:92:02:18:0E:1F:76:81:62:1B:F2:3B:A4:C8:8E:D7:C6:60
Certificate issuer:       /CN=b0b56d10ccad9d69c01856be0afaa17ec682acbf
Certificate serial:       019146A8E6414D6C7B785E408C6FB9DEEBC1
Authority key identifier: B0:B5:6D:10:CC:AD:9D:69:C0:18:56:BE:0A:FA:A1:7E:C6:82:AC:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/vv0pkgIYDh92gWIb8jukyI7XxmA.roa
Signing time:             Mon 12 Aug 2024 12:55:59 +0000
ROA not before:           Mon 12 Aug 2024 12:55:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        2a01:f900::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 06:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:46:a8:e6:41:4d:6c:7b:78:5e:40:8c:6f:b9:de:eb:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b56d10ccad9d69c01856be0afaa17ec682acbf
        Validity
            Not Before: Aug 12 12:55:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=befd299202180e1f7681621bf23ba4c88ed7c660
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:08:82:73:3f:c2:4e:a7:d8:4b:14:3e:d0:dd:
                    98:17:9c:ab:68:07:c7:f0:62:99:61:b2:dd:99:03:
                    4b:e6:b7:a3:81:0b:10:65:a4:32:f2:72:32:fd:dc:
                    20:28:dc:d6:8e:4c:7e:21:bf:d9:bf:79:e1:03:a7:
                    f9:e7:b5:6e:12:21:ec:c1:95:aa:89:03:c6:22:de:
                    cd:0e:42:14:e3:9b:bc:08:89:0b:61:69:99:4a:09:
                    93:9b:18:3b:d5:d1:0d:eb:45:d2:1a:0f:ae:5f:04:
                    f4:af:7e:65:3b:12:bd:31:0c:d0:b5:f0:b6:0b:fb:
                    20:86:69:f9:de:fa:8e:fb:1d:f9:c2:27:df:6e:05:
                    fd:1e:fe:a2:ad:87:60:e9:99:8e:d2:32:7f:80:dd:
                    1d:1b:18:6a:27:e0:4d:ee:50:6f:e1:a5:9c:6c:9a:
                    92:84:fd:a0:40:4d:0b:ac:30:c0:ba:8a:57:f8:9f:
                    f5:aa:05:06:f0:f1:e7:64:1a:1b:c1:b2:32:33:89:
                    52:27:50:3c:73:99:74:4c:da:42:5c:f0:72:bc:ec:
                    d9:5d:1a:89:dd:d5:0d:7b:98:d8:74:36:e7:08:42:
                    49:d4:fc:70:dd:98:54:e8:42:94:69:c2:2c:cb:6b:
                    8e:eb:10:bf:72:82:ae:6a:0e:be:ee:61:2d:0c:16:
                    cf:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:FD:29:92:02:18:0E:1F:76:81:62:1B:F2:3B:A4:C8:8E:D7:C6:60
            X509v3 Authority Key Identifier:
                keyid:B0:B5:6D:10:CC:AD:9D:69:C0:18:56:BE:0A:FA:A1:7E:C6:82:AC:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/vv0pkgIYDh92gWIb8jukyI7XxmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f900::/29

    Signature Algorithm: sha256WithRSAEncryption
         56:7e:29:ae:4e:68:ff:22:21:3f:32:bf:0a:68:35:3b:83:03:
         86:4b:19:94:f1:e1:4d:60:6f:ac:1f:87:61:07:6c:bf:3e:e6:
         64:89:b3:a4:a5:39:76:c1:b0:fc:bc:f0:d0:e1:bc:7d:b6:d2:
         7c:98:24:30:dd:08:73:e2:1f:5b:95:d2:14:f0:9a:fd:5d:e4:
         0d:2c:f7:2b:83:f3:c3:a4:b2:c3:0b:89:b1:7c:fe:77:89:a1:
         b2:0a:36:b3:3a:f7:16:e9:c7:1d:0f:0f:95:8a:41:be:e0:d9:
         4a:1e:6c:2d:2a:b2:f6:93:af:b3:a5:5a:ce:6d:ed:7f:af:ee:
         21:77:25:0b:68:ca:44:c4:69:ae:2e:36:d5:04:4b:1a:d6:9f:
         78:01:05:67:e1:21:59:48:37:31:51:4d:5f:50:a8:7c:d1:4b:
         2b:0b:6d:26:06:78:c5:2d:cf:00:51:f3:c2:61:a6:b6:56:28:
         bd:62:09:36:05:80:45:86:68:42:b0:80:87:1d:c7:4f:16:a6:
         70:89:c0:19:ee:a5:ae:4d:7b:26:7c:70:3f:65:a7:c7:9e:7a:
         2c:9b:44:51:8d:7e:84:42:36:7a:6b:30:ff:c3:5e:53:0d:c3:
         83:03:1b:ac:d4:63:2d:ae:68:ff:0d:02:ad:ef:57:46:b4:31:
         e0:5a:1a:d7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZFGqOZBTWx7eF5AjG+53uvBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjU2ZDEwY2NhZDlkNjljMDE4NTZiZTBhZmFhMTdlYzY4
MmFjYmYwHhcNMjQwODEyMTI1NTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWZkMjk5MjAyMTgwZTFmNzY4MTYyMWJmMjNiYTRjODhlZDdjNjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngiCcz/CTqfYSxQ+0N2YF5yraAfH
8GKZYbLdmQNL5rejgQsQZaQy8nIy/dwgKNzWjkx+Ib/Zv3nhA6f557VuEiHswZWq
iQPGIt7NDkIU45u8CIkLYWmZSgmTmxg71dEN60XSGg+uXwT0r35lOxK9MQzQtfC2
C/sghmn53vqO+x35wiffbgX9Hv6irYdg6ZmO0jJ/gN0dGxhqJ+BN7lBv4aWcbJqS
hP2gQE0LrDDAuopX+J/1qgUG8PHnZBobwbIyM4lSJ1A8c5l0TNpCXPByvOzZXRqJ
3dUNe5jYdDbnCEJJ1Pxw3ZhU6EKUacIsy2uO6xC/coKuag6+7mEtDBbPqQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFL79KZICGA4fdoFiG/I7pMiO18ZgMB8GA1UdIwQY
MBaAFLC1bRDMrZ1pwBhWvgr6oX7Ggqy/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xWdEVNeXRuV25BR0ZhLUN2cWhmc2FDckw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC82OTQwOWUtMWVjNC00ODlkLWI2MWYt
YTE5Y2M4YTc2ZDA0LzEvdnYwcGtnSVlEaDkyZ1dJYjhqdWt5STdYeG1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC82OTQwOWUtMWVjNC00ODlkLWI2MWYtYTE5Y2M4YTc2ZDA0
LzEvc0xWdEVNeXRuV25BR0ZhLUN2cWhmc2FDckw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgH5ADAN
BgkqhkiG9w0BAQsFAAOCAQEAVn4prk5o/yIhPzK/Cmg1O4MDhksZlPHhTWBvrB+H
YQdsvz7mZImzpKU5dsGw/Lzw0OG8fbbSfJgkMN0Ic+IfW5XSFPCa/V3kDSz3K4Pz
w6SywwuJsXz+d4mhsgo2szr3FunHHQ8PlYpBvuDZSh5sLSqy9pOvs6Vazm3tf6/u
IXclC2jKRMRpri421QRLGtafeAEFZ+EhWUg3MVFNX1CofNFLKwttJgZ4xS3PAFHz
wmGmtlYovWIJNgWARYZoQrCAhx3HTxamcInAGe6lrk17JnxwP2Wnx556LJtEUY1+
hEI2emsw/8NeUw3DgwMbrNRjLa5o/w0Cre9XRrQx4Foa1w==
-----END CERTIFICATE-----