Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/Z0SiCXWrFcTSybPOzkmlAdDgM58.roa
File:                     Z0SiCXWrFcTSybPOzkmlAdDgM58.roa (raw, json)
Hash identifier:          v3eej4g/NTQ2FeU0a39En3t5kBnYDFaUzRcYFP+C/JQ=
Subject key identifier:   67:44:A2:09:75:AB:15:C4:D2:C9:B3:CE:CE:49:A5:01:D0:E0:33:9F
Certificate issuer:       /CN=6b3a735d09aaa7970def12c4ac60e827fdb3f825
Certificate serial:       018F9A544320B0C9220C91E300BE826D43F3
Authority key identifier: 6B:3A:73:5D:09:AA:A7:97:0D:EF:12:C4:AC:60:E8:27:FD:B3:F8:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/Z0SiCXWrFcTSybPOzkmlAdDgM58.roa
Signing time:             Tue 21 May 2024 08:46:04 +0000
ROA not before:           Tue 21 May 2024 08:46:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43685
IP address blocks:        2a0b:2280::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9a:54:43:20:b0:c9:22:0c:91:e3:00:be:82:6d:43:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b3a735d09aaa7970def12c4ac60e827fdb3f825
        Validity
            Not Before: May 21 08:46:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6744a20975ab15c4d2c9b3cece49a501d0e0339f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:0a:15:f1:51:3a:4d:ee:dc:a5:f3:5e:80:30:
                    5c:2e:aa:f1:97:8f:f4:9c:2f:0d:31:03:69:03:50:
                    5d:ee:1a:53:e4:61:4b:2e:c6:0b:9d:d6:75:00:e8:
                    ea:5b:bf:a3:00:14:d6:c5:43:09:d1:6b:87:c7:b6:
                    b8:c4:ac:ee:04:2a:a5:6a:a8:1f:ae:9b:ca:40:2d:
                    c6:d4:24:ec:e6:e1:d3:1f:28:60:91:01:b4:65:e1:
                    6b:49:39:80:c0:bd:09:7d:d4:46:a0:1d:af:88:1c:
                    16:cc:e7:5d:ec:e7:64:09:a0:a5:8d:f5:d2:ec:ad:
                    33:aa:37:9f:d0:1b:9d:bf:52:0a:a5:05:64:41:2f:
                    5c:c2:d6:d8:a0:06:8e:6f:ea:89:b2:80:3f:ef:1d:
                    1d:de:c9:ca:5f:81:ea:89:0a:12:64:4a:ad:06:d5:
                    d0:51:74:65:69:ff:24:71:3c:29:31:e8:1b:fa:0f:
                    43:06:fb:a8:5f:28:16:93:12:12:cd:d4:4d:33:17:
                    c7:8e:ff:13:58:9a:3a:2c:27:84:3f:9f:af:b0:04:
                    da:ac:84:29:f4:20:80:84:31:de:bd:0f:35:68:14:
                    85:5f:bf:49:db:55:ea:da:0f:87:4c:08:07:df:3d:
                    27:e2:52:d5:92:9b:a9:6e:37:02:00:8d:1f:68:91:
                    ce:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:44:A2:09:75:AB:15:C4:D2:C9:B3:CE:CE:49:A5:01:D0:E0:33:9F
            X509v3 Authority Key Identifier:
                keyid:6B:3A:73:5D:09:AA:A7:97:0D:EF:12:C4:AC:60:E8:27:FD:B3:F8:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/Z0SiCXWrFcTSybPOzkmlAdDgM58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2280::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:dc:a3:eb:00:49:08:3b:23:db:f7:f6:7a:9f:39:42:62:12:
         e2:a2:a3:ed:35:a9:b2:d9:06:87:c0:9a:78:7d:2a:4e:cc:80:
         1e:21:70:8f:9c:89:06:22:14:10:e4:0f:e7:73:da:32:d9:40:
         92:46:97:ea:97:24:b8:f8:6b:1a:27:0b:cf:b9:a4:a0:b4:1a:
         c7:42:29:1d:b1:23:fe:68:60:97:f5:e8:1c:4b:62:57:ef:91:
         7e:c2:07:ea:9c:5d:af:51:e4:89:65:67:35:df:0f:64:a0:3c:
         e3:0a:aa:65:e5:4d:2c:f7:1a:1a:46:1a:90:52:a7:84:5b:ed:
         86:ab:41:9b:fa:6e:ee:de:40:ff:0c:83:9f:e2:0c:55:39:a4:
         47:5d:b8:10:92:98:cb:0e:89:1b:39:56:07:a2:ab:5f:0a:72:
         8a:35:87:e9:a7:c5:2b:16:47:a3:66:1c:63:a2:62:3d:ae:4f:
         f2:ea:63:8a:6b:ab:ce:66:f5:bf:f4:d4:9b:b7:99:be:d7:3d:
         a3:13:88:bb:c4:61:f9:b8:da:cc:cf:78:c3:a0:8c:58:ee:b2:
         b3:7c:57:36:45:0f:2f:a8:43:ce:bd:d5:3c:26:23:69:8a:19:
         27:e9:c1:0b:d3:ad:d9:27:c9:7b:97:dc:92:be:ad:0d:77:c9:
         13:a2:fc:0d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY+aVEMgsMkiDJHjAL6CbUPzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiM2E3MzVkMDlhYWE3OTcwZGVmMTJjNGFjNjBlODI3ZmRi
M2Y4MjUwHhcNMjQwNTIxMDg0NjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzQ0YTIwOTc1YWIxNWM0ZDJjOWIzY2VjZTQ5YTUwMWQwZTAzMzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQoV8VE6Te7cpfNegDBcLqrxl4/0
nC8NMQNpA1Bd7hpT5GFLLsYLndZ1AOjqW7+jABTWxUMJ0WuHx7a4xKzuBCqlaqgf
rpvKQC3G1CTs5uHTHyhgkQG0ZeFrSTmAwL0JfdRGoB2viBwWzOdd7OdkCaCljfXS
7K0zqjef0Budv1IKpQVkQS9cwtbYoAaOb+qJsoA/7x0d3snKX4HqiQoSZEqtBtXQ
UXRlaf8kcTwpMegb+g9DBvuoXygWkxISzdRNMxfHjv8TWJo6LCeEP5+vsATarIQp
9CCAhDHevQ81aBSFX79J21Xq2g+HTAgH3z0n4lLVkpupbjcCAI0faJHOFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGdEogl1qxXE0smzzs5JpQHQ4DOfMB8GA1UdIwQY
MBaAFGs6c10JqqeXDe8SxKxg6Cf9s/glMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXpwelhRbXFwNWNON3hMRXJHRG9KXzJ6LUNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jYzcyNDctNmYwYy00Yjc0LTg2OTAt
MDUxMDc2NzQ0YTY1LzEvWjBTaUNYV3JGY1RTeWJQT3prbWxBZERnTTU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jYzcyNDctNmYwYy00Yjc0LTg2OTAtMDUxMDc2NzQ0YTY1
LzEvYXpwelhRbXFwNWNON3hMRXJHRG9KXzJ6LUNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgsigDAN
BgkqhkiG9w0BAQsFAAOCAQEAItyj6wBJCDsj2/f2ep85QmIS4qKj7TWpstkGh8Ca
eH0qTsyAHiFwj5yJBiIUEOQP53PaMtlAkkaX6pckuPhrGicLz7mkoLQax0IpHbEj
/mhgl/XoHEtiV++RfsIH6pxdr1HkiWVnNd8PZKA84wqqZeVNLPcaGkYakFKnhFvt
hqtBm/pu7t5A/wyDn+IMVTmkR124EJKYyw6JGzlWB6KrXwpyijWH6afFKxZHo2Yc
Y6JiPa5P8upjimurzmb1v/TUm7eZvtc9oxOIu8Rh+bjazM94w6CMWO6ys3xXNkUP
L6hDzr3VPCYjaYoZJ+nBC9Ot2SfJe5fckr6tDXfJE6L8DQ==
-----END CERTIFICATE-----