Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/kE3D2e8OM6otRifKpgEat1C8JY4.roa
File:                     kE3D2e8OM6otRifKpgEat1C8JY4.roa (raw, json)
Hash identifier:          I9tAwH72MsVuzbS441YAKRk3T6oRbDt1HkHcPMwmoJ8=
Subject key identifier:   90:4D:C3:D9:EF:0E:33:AA:2D:46:27:CA:A6:01:1A:B7:50:BC:25:8E
Certificate issuer:       /CN=f6137c597d1e30cb75618e51f42b7f79ed5ffc88
Certificate serial:       0190EB284AAEA6CB382936A76FFA1AF08C2A
Authority key identifier: F6:13:7C:59:7D:1E:30:CB:75:61:8E:51:F4:2B:7F:79:ED:5F:FC:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/kE3D2e8OM6otRifKpgEat1C8JY4.roa
Signing time:             Thu 25 Jul 2024 18:30:04 +0000
ROA not before:           Thu 25 Jul 2024 18:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30788
IP address blocks:        2a0a:f8c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:eb:28:4a:ae:a6:cb:38:29:36:a7:6f:fa:1a:f0:8c:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6137c597d1e30cb75618e51f42b7f79ed5ffc88
        Validity
            Not Before: Jul 25 18:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=904dc3d9ef0e33aa2d4627caa6011ab750bc258e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:88:bb:af:0d:83:07:4a:6f:d3:22:d4:6e:02:
                    f2:fb:cd:90:2e:53:9c:d1:62:87:75:78:59:b5:77:
                    55:69:5d:82:ce:1c:46:55:ae:4d:c5:e0:7c:30:89:
                    e4:a5:f1:e2:00:03:8b:49:cf:24:9b:54:63:21:77:
                    0b:ef:d6:5a:84:39:3d:ed:be:35:ce:fa:12:77:67:
                    1b:63:cc:f8:c6:47:38:28:08:ae:05:9b:e0:40:07:
                    ff:ff:ad:f8:d4:28:d4:cd:55:02:57:e5:63:50:97:
                    9c:ad:e8:d7:aa:ac:a5:9a:4e:b6:1a:ac:a1:14:47:
                    fc:ae:19:42:de:f5:17:62:d0:1b:8a:5b:87:9a:6f:
                    6c:01:fd:4a:83:87:d9:37:89:28:4e:11:2f:0e:c2:
                    81:11:0f:f5:21:51:07:02:ae:db:18:cf:3b:fa:61:
                    5d:f2:39:9f:07:2b:ed:e2:7d:52:d4:c6:c7:ab:df:
                    a8:ad:4c:0c:f6:98:d8:28:cd:d5:f6:61:d0:80:a1:
                    84:fe:e6:af:c4:b2:62:9e:3d:de:e4:32:dd:af:0a:
                    12:87:fa:f8:e4:ba:c7:c6:82:11:16:25:75:94:ac:
                    78:c6:30:7a:f9:af:a0:39:93:7b:e7:7c:7c:dd:d9:
                    37:fc:79:2b:10:48:50:2b:82:17:fb:c0:ce:39:7e:
                    67:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:4D:C3:D9:EF:0E:33:AA:2D:46:27:CA:A6:01:1A:B7:50:BC:25:8E
            X509v3 Authority Key Identifier:
                keyid:F6:13:7C:59:7D:1E:30:CB:75:61:8E:51:F4:2B:7F:79:ED:5F:FC:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/kE3D2e8OM6otRifKpgEat1C8JY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:f8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:fc:ee:17:9b:28:0a:53:50:a4:d3:08:2e:8e:bd:43:d9:c5:
         5e:a6:60:99:8b:d1:a0:e3:04:3e:91:39:65:0d:9d:40:c9:b8:
         11:19:19:1e:9b:47:d1:0d:07:51:57:c5:05:a5:b1:1f:43:cd:
         97:66:ea:f5:51:00:b9:43:ca:0c:0a:70:15:31:1d:b0:62:4d:
         45:13:4a:8f:bc:98:71:05:9e:91:fb:25:b5:0a:f4:d0:64:d5:
         0b:6d:d4:cb:93:c9:c3:d9:e2:ee:78:fa:48:54:6f:3a:a0:07:
         cd:9a:93:49:8c:e2:e3:58:d3:c0:3d:64:b5:78:17:68:3a:32:
         95:f8:26:08:04:6c:51:93:69:e8:fb:c1:00:6e:98:52:81:fb:
         01:5f:81:65:b0:74:c8:8d:aa:c7:3d:f1:57:8e:28:3d:1e:23:
         d8:0d:3c:3b:b7:c6:46:ce:e1:40:a1:79:0d:96:31:2c:79:dc:
         7b:72:c2:74:6a:2a:14:77:67:a7:c1:4f:f0:b6:47:85:d3:35:
         b0:20:dd:1c:f8:fc:af:87:9f:dc:10:cf:cb:3f:dd:c9:f7:75:
         41:17:49:89:be:6f:c5:2e:23:82:a8:0d:4b:76:6e:20:35:28:
         c4:bb:ef:4e:fe:fc:aa:e8:49:af:8c:f7:fd:07:ca:9d:a2:3c:
         73:3f:db:1c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZDrKEqupss4KTanb/oa8IwqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MTM3YzU5N2QxZTMwY2I3NTYxOGU1MWY0MmI3Zjc5ZWQ1
ZmZjODgwHhcNMjQwNzI1MTgzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDRkYzNkOWVmMGUzM2FhMmQ0NjI3Y2FhNjAxMWFiNzUwYmMyNThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxoi7rw2DB0pv0yLUbgLy+82QLlOc
0WKHdXhZtXdVaV2CzhxGVa5NxeB8MInkpfHiAAOLSc8km1RjIXcL79ZahDk97b41
zvoSd2cbY8z4xkc4KAiuBZvgQAf//6341CjUzVUCV+VjUJecrejXqqylmk62Gqyh
FEf8rhlC3vUXYtAbiluHmm9sAf1Kg4fZN4koThEvDsKBEQ/1IVEHAq7bGM87+mFd
8jmfByvt4n1S1MbHq9+orUwM9pjYKM3V9mHQgKGE/uavxLJinj3e5DLdrwoSh/r4
5LrHxoIRFiV1lKx4xjB6+a+gOZN753x83dk3/HkrEEhQK4IX+8DOOX5nswIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJBNw9nvDjOqLUYnyqYBGrdQvCWOMB8GA1UdIwQY
MBaAFPYTfFl9HjDLdWGOUfQrf3ntX/yIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWhOOFdYMGVNTXQxWVk1UjlDdF9lZTFmX0lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8wZjFmOWYtNWE1MS00YmQ2LWJmMzAt
MzlhMjQzODhhNWU4LzEva0UzRDJlOE9NNm90UmlmS3BnRWF0MUM4Slk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8wZjFmOWYtNWE1MS00YmQ2LWJmMzAtMzlhMjQzODhhNWU4
LzEvOWhOOFdYMGVNTXQxWVk1UjlDdF9lZTFmX0lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgr4wDAN
BgkqhkiG9w0BAQsFAAOCAQEAUPzuF5soClNQpNMILo69Q9nFXqZgmYvRoOMEPpE5
ZQ2dQMm4ERkZHptH0Q0HUVfFBaWxH0PNl2bq9VEAuUPKDApwFTEdsGJNRRNKj7yY
cQWekfsltQr00GTVC23Uy5PJw9ni7nj6SFRvOqAHzZqTSYzi41jTwD1ktXgXaDoy
lfgmCARsUZNp6PvBAG6YUoH7AV+BZbB0yI2qxz3xV44oPR4j2A08O7fGRs7hQKF5
DZYxLHnce3LCdGoqFHdnp8FP8LZHhdM1sCDdHPj8r4ef3BDPyz/dyfd1QRdJib5v
xS4jgqgNS3ZuIDUoxLvvTv78quhJr4z3/QfKnaI8cz/bHA==
-----END CERTIFICATE-----