Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/BN-Dtj76qIJAS1ZndYB2d-IitKU.roa
File:                     BN-Dtj76qIJAS1ZndYB2d-IitKU.roa (raw, json)
Hash identifier:          5kVqpxuVE2gKeow7G3QRPkhWTNe5jQNiFieJc6b3XBo=
Subject key identifier:   04:DF:83:B6:3E:FA:A8:82:40:4B:56:67:75:80:76:77:E2:22:B4:A5
Certificate issuer:       /CN=cc2eb5b38bb62ede5c98cbfbcff9532852180516
Certificate serial:       0190B41A33972BE9135845B0240090EA7B0D
Authority key identifier: CC:2E:B5:B3:8B:B6:2E:DE:5C:98:CB:FB:CF:F9:53:28:52:18:05:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zC61s4u2Lt5cmMv7z_lTKFIYBRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/BN-Dtj76qIJAS1ZndYB2d-IitKU.roa
Signing time:             Mon 15 Jul 2024 01:55:34 +0000
ROA not before:           Mon 15 Jul 2024 01:55:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400587
IP address blocks:        2a07:e04::/36 maxlen: 36
                          2a07:e05::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/zC61s4u2Lt5cmMv7z_lTKFIYBRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/zC61s4u2Lt5cmMv7z_lTKFIYBRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zC61s4u2Lt5cmMv7z_lTKFIYBRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b4:1a:33:97:2b:e9:13:58:45:b0:24:00:90:ea:7b:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc2eb5b38bb62ede5c98cbfbcff9532852180516
        Validity
            Not Before: Jul 15 01:55:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04df83b63efaa882404b566775807677e222b4a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ef:2d:31:e4:40:72:90:74:3c:6b:e6:57:cd:
                    d5:dd:43:be:aa:5a:eb:83:2d:b3:b8:7b:03:31:0e:
                    70:5d:a2:15:46:59:c9:f5:84:10:46:23:0b:76:11:
                    31:29:ac:45:ba:f4:f2:fd:7c:f7:53:f0:02:33:c2:
                    48:98:bd:4f:37:9e:3f:bc:e8:b3:72:d1:cf:ce:78:
                    be:64:da:aa:14:70:7a:9b:6b:a5:b8:11:d6:04:ef:
                    89:41:61:1c:6e:11:4d:26:b3:24:43:c1:b6:b9:1e:
                    06:ba:41:c7:f3:5a:72:5f:83:60:31:fb:84:ba:60:
                    cf:1b:a7:a4:67:10:f4:80:86:87:c5:18:14:67:3a:
                    d8:e8:4f:b9:31:27:e2:5c:5b:36:b2:91:87:ea:99:
                    59:0e:50:42:5e:28:f7:1f:23:79:45:f2:c1:c4:fd:
                    1e:f0:b2:3a:04:17:f2:6e:07:08:12:1c:d2:89:69:
                    93:cf:83:26:26:fe:6f:ba:6c:87:8d:7a:15:46:6d:
                    8d:a4:7d:9f:df:11:7b:c6:7b:69:c6:cc:62:c2:e6:
                    76:67:d2:58:1a:0b:4f:0b:e9:79:55:05:95:85:21:
                    58:a4:1f:5e:53:f9:f1:8f:cd:ca:75:a0:7a:d5:8b:
                    e5:cc:2a:98:72:14:b1:eb:6c:b6:dc:db:11:17:07:
                    01:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:DF:83:B6:3E:FA:A8:82:40:4B:56:67:75:80:76:77:E2:22:B4:A5
            X509v3 Authority Key Identifier:
                keyid:CC:2E:B5:B3:8B:B6:2E:DE:5C:98:CB:FB:CF:F9:53:28:52:18:05:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zC61s4u2Lt5cmMv7z_lTKFIYBRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/BN-Dtj76qIJAS1ZndYB2d-IitKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/zC61s4u2Lt5cmMv7z_lTKFIYBRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:e04::/36
                  2a07:e05::/36

    Signature Algorithm: sha256WithRSAEncryption
         5c:af:23:ec:8b:3b:61:c4:6a:c1:08:53:03:63:38:fa:6c:c2:
         b8:d7:61:2b:1d:ae:e9:75:ab:bd:5d:9d:79:6a:88:1b:f2:2e:
         47:36:d5:5c:12:ea:4a:cf:8b:fe:b1:30:7d:88:76:f1:c5:91:
         9b:3c:4e:02:86:f9:9d:7b:db:1d:e4:2a:41:11:dc:76:ec:26:
         3f:59:f0:a3:6d:f8:21:3d:0b:dd:84:98:45:74:fe:4d:85:8a:
         2f:58:f2:d1:81:14:05:7c:f8:6c:42:da:0d:0c:ae:54:b8:ad:
         14:08:14:bb:77:ca:d2:e8:28:1a:43:fa:b6:d6:80:b8:77:0e:
         28:10:a0:94:6e:15:9b:5c:89:48:d2:b9:29:65:30:81:0e:62:
         ff:df:4d:d1:c6:4a:35:ff:41:26:c6:c7:c3:ba:c7:e0:b3:c5:
         1d:bd:28:7f:c3:2a:f6:8d:2f:e2:e2:fd:bb:68:45:65:c8:20:
         cc:4e:d3:91:27:bc:18:70:29:ef:22:90:c7:00:ec:43:c1:7f:
         7f:fd:15:ba:98:6f:6b:d0:c5:da:b0:dd:7e:1f:16:f6:c3:63:
         5a:af:e9:ea:47:e5:01:02:1e:a4:6f:1a:3e:cf:ba:48:2a:fe:
         cb:37:8e:0a:d5:18:96:a4:2b:d7:3d:68:09:be:f9:54:c2:d6:
         83:2a:d1:cf
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZC0GjOXK+kTWEWwJACQ6nsNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMmViNWIzOGJiNjJlZGU1Yzk4Y2JmYmNmZjk1MzI4NTIx
ODA1MTYwHhcNMjQwNzE1MDE1NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGRmODNiNjNlZmFhODgyNDA0YjU2Njc3NTgwNzY3N2UyMjJiNGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAze8tMeRAcpB0PGvmV83V3UO+qlrr
gy2zuHsDMQ5wXaIVRlnJ9YQQRiMLdhExKaxFuvTy/Xz3U/ACM8JImL1PN54/vOiz
ctHPzni+ZNqqFHB6m2uluBHWBO+JQWEcbhFNJrMkQ8G2uR4GukHH81pyX4NgMfuE
umDPG6ekZxD0gIaHxRgUZzrY6E+5MSfiXFs2spGH6plZDlBCXij3HyN5RfLBxP0e
8LI6BBfybgcIEhzSiWmTz4MmJv5vumyHjXoVRm2NpH2f3xF7xntpxsxiwuZ2Z9JY
GgtPC+l5VQWVhSFYpB9eU/nxj83KdaB61YvlzCqYchSx62y23NsRFwcBqwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFATfg7Y++qiCQEtWZ3WAdnfiIrSlMB8GA1UdIwQY
MBaAFMwutbOLti7eXJjL+8/5UyhSGAUWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekM2MXM0dTJMdDVjbU12N3pfbFRLRklZQlJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC82ZjAyNjktODM0ZS00N2M1LTk4ZTEt
ZjFmODAyZTY2MTNiLzEvQk4tRHRqNzZxSUpBUzFabmRZQjJkLUlpdEtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC82ZjAyNjktODM0ZS00N2M1LTk4ZTEtZjFmODAyZTY2MTNi
LzEvekM2MXM0dTJMdDVjbU12N3pfbFRLRklZQlJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYEKgcOBAAD
BgQqBw4FADANBgkqhkiG9w0BAQsFAAOCAQEAXK8j7Is7YcRqwQhTA2M4+mzCuNdh
Kx2u6XWrvV2deWqIG/IuRzbVXBLqSs+L/rEwfYh28cWRmzxOAob5nXvbHeQqQRHc
duwmP1nwo234IT0L3YSYRXT+TYWKL1jy0YEUBXz4bELaDQyuVLitFAgUu3fK0ugo
GkP6ttaAuHcOKBCglG4Vm1yJSNK5KWUwgQ5i/99N0cZKNf9BJsbHw7rH4LPFHb0o
f8Mq9o0v4uL9u2hFZcggzE7TkSe8GHAp7yKQxwDsQ8F/f/0Vuphva9DF2rDdfh8W
9sNjWq/p6kflAQIepG8aPs+6SCr+yzeOCtUYlqQr1z1oCb75VMLWgyrRzw==
-----END CERTIFICATE-----