Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/9qaVjS-tQ_cVOJ4wfKO-ciu34d0.roa
File:                     9qaVjS-tQ_cVOJ4wfKO-ciu34d0.roa (raw, json)
Hash identifier:          N4a2PEq0Rd2Rlm4UhyMeZi2uVKjbSAIt1dTqsfJtz/0=
Subject key identifier:   F6:A6:95:8D:2F:AD:43:F7:15:38:9E:30:7C:A3:BE:72:2B:B7:E1:DD
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       018D78C89E61F73D8BE6A952DFBF12E290F0
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/9qaVjS-tQ_cVOJ4wfKO-ciu34d0.roa
Signing time:             Mon 05 Feb 2024 10:20:30 +0000
ROA not before:           Mon 05 Feb 2024 10:20:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20559
IP address blocks:        2a07:3502:1160::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:c8:9e:61:f7:3d:8b:e6:a9:52:df:bf:12:e2:90:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Feb  5 10:20:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6a6958d2fad43f715389e307ca3be722bb7e1dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f1:b5:5a:ed:cd:27:66:ab:6a:eb:4c:0b:55:
                    87:18:77:64:fa:d3:9d:8b:80:6f:f0:9e:de:35:b3:
                    3b:a1:d3:5f:d6:b6:1c:32:28:f5:40:da:d9:44:e8:
                    99:67:cb:54:d1:6c:cc:7c:5f:42:7d:63:04:6c:8c:
                    e9:83:52:a4:c5:87:39:b1:72:14:ee:21:1b:06:e9:
                    28:fe:d9:c4:ef:e2:e8:12:f8:07:3d:3a:2a:3a:d5:
                    be:ff:4b:2c:cf:70:f9:af:1b:2e:a3:94:60:7b:29:
                    2d:f0:a0:df:6a:f6:08:f1:e8:50:8a:94:a9:54:3b:
                    82:1e:a7:20:4d:d4:03:18:2e:af:be:7b:19:98:76:
                    c3:cf:7f:1a:8d:7b:88:e5:d0:c6:0f:6c:bd:7f:35:
                    39:fa:68:ec:45:a5:e9:ca:51:e6:d9:f3:98:9c:19:
                    0e:ee:03:74:e0:ff:09:bb:36:39:9b:73:15:26:bd:
                    b9:bf:c5:3d:6d:f7:85:b8:5c:1e:32:c9:c7:e8:c2:
                    5b:db:9b:c1:09:7e:f8:0c:19:a0:5f:4a:5f:bd:c8:
                    0d:66:ee:2c:dc:78:9a:71:70:b7:a1:89:a9:02:d2:
                    03:8f:7d:f0:e2:92:1f:18:12:2c:17:f1:98:a9:78:
                    33:42:9a:a9:65:8f:f2:2f:1a:3c:f9:97:65:f8:95:
                    0f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:A6:95:8D:2F:AD:43:F7:15:38:9E:30:7C:A3:BE:72:2B:B7:E1:DD
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/9qaVjS-tQ_cVOJ4wfKO-ciu34d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3502:1160::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:ec:2e:ba:88:b0:e9:26:96:ee:98:45:81:2f:cb:13:ad:55:
         70:fa:e3:a4:38:98:18:dd:6a:d6:f7:71:87:fd:5a:e4:2f:5c:
         8b:0c:6a:87:da:bf:1e:bc:e1:ba:f7:ee:55:b2:19:6e:a1:86:
         a1:69:af:b8:1c:39:b8:b0:54:95:18:5a:15:53:87:ce:eb:99:
         56:50:3d:5d:49:5d:a8:77:2d:93:81:dd:72:80:ee:f5:47:b7:
         8c:39:9d:9b:58:3e:58:17:a8:98:4f:56:fc:6d:8a:bf:fa:86:
         08:22:63:ed:95:22:7e:28:e8:30:fa:e6:83:cc:41:ba:3d:b6:
         1e:a4:55:81:bf:ea:71:57:f7:48:56:0f:8e:d0:28:ea:d1:4d:
         d6:b9:34:6a:5b:3b:e4:55:27:b8:4e:a2:79:7c:82:17:d6:de:
         0f:51:68:4d:e4:65:d6:70:66:c2:d6:6d:d5:22:82:78:30:24:
         99:49:41:98:4f:5a:eb:1e:9b:d1:05:39:8b:84:2e:a3:ba:fd:
         fe:67:73:af:76:d4:ae:ff:1c:af:f0:d6:1b:47:cc:d6:b0:1f:
         b8:32:36:1a:d7:5e:02:6c:fa:8b:a1:43:93:75:ed:27:0c:19:
         da:fd:7b:8e:66:78:da:f6:74:c2:83:4b:08:1d:d0:bf:c5:23:
         81:10:d6:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY14yJ5h9z2L5qlS378S4pDwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjQwMjA1MTAyMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmE2OTU4ZDJmYWQ0M2Y3MTUzODllMzA3Y2EzYmU3MjJiYjdlMWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/G1Wu3NJ2arautMC1WHGHdk+tOd
i4Bv8J7eNbM7odNf1rYcMij1QNrZROiZZ8tU0WzMfF9CfWMEbIzpg1KkxYc5sXIU
7iEbBuko/tnE7+LoEvgHPToqOtW+/0ssz3D5rxsuo5Rgeykt8KDfavYI8ehQipSp
VDuCHqcgTdQDGC6vvnsZmHbDz38ajXuI5dDGD2y9fzU5+mjsRaXpylHm2fOYnBkO
7gN04P8JuzY5m3MVJr25v8U9bfeFuFweMsnH6MJb25vBCX74DBmgX0pfvcgNZu4s
3HiacXC3oYmpAtIDj33w4pIfGBIsF/GYqXgzQpqpZY/yLxo8+Zdl+JUP5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPamlY0vrUP3FTieMHyjvnIrt+HdMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvOXFhVmpTLXRRX2NWT0o0d2ZLTy1jaXUzNGQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgc1AhFg
MA0GCSqGSIb3DQEBCwUAA4IBAQBz7C66iLDpJpbumEWBL8sTrVVw+uOkOJgY3WrW
93GH/VrkL1yLDGqH2r8evOG69+5VshluoYahaa+4HDm4sFSVGFoVU4fO65lWUD1d
SV2ody2Tgd1ygO71R7eMOZ2bWD5YF6iYT1b8bYq/+oYIImPtlSJ+KOgw+uaDzEG6
PbYepFWBv+pxV/dIVg+O0Cjq0U3WuTRqWzvkVSe4TqJ5fIIX1t4PUWhN5GXWcGbC
1m3VIoJ4MCSZSUGYT1rrHpvRBTmLhC6juv3+Z3OvdtSu/xyv8NYbR8zWsB+4MjYa
114CbPqLoUOTde0nDBna/XuOZnja9nTCg0sIHdC/xSOBENYg
-----END CERTIFICATE-----