Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/KvegIu_uTgbObF73ZPYvfF1TEEY.roa
File:                     KvegIu_uTgbObF73ZPYvfF1TEEY.roa (raw, json)
Hash identifier:          Hi1ahs6Htexf2gJIVc2kd/5R1k8gZRTyrM0t77QS0Q8=
Subject key identifier:   2A:F7:A0:22:EF:EE:4E:06:CE:6C:5E:F7:64:F6:2F:7C:5D:53:10:46
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       018E086D0D445FC6A7D07DE6AAD05EBE7137
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/KvegIu_uTgbObF73ZPYvfF1TEEY.roa
Signing time:             Mon 04 Mar 2024 07:45:48 +0000
ROA not before:           Mon 04 Mar 2024 07:45:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15435
IP address blocks:        2a07:3501:1030::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:08:6d:0d:44:5f:c6:a7:d0:7d:e6:aa:d0:5e:be:71:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Mar  4 07:45:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2af7a022efee4e06ce6c5ef764f62f7c5d531046
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:19:68:9f:13:73:9a:67:06:16:2e:46:c0:12:
                    4c:b5:1f:f9:0c:06:1a:ad:cc:ef:7f:c1:41:bd:c3:
                    3b:fe:91:c4:e4:44:4c:54:04:2a:dd:bb:50:f0:04:
                    53:b8:6b:76:ea:5b:3d:a2:ce:5f:cd:bf:71:74:b0:
                    0c:b5:41:f1:ae:08:aa:c4:d8:af:0c:d6:e0:17:2f:
                    96:37:9a:c4:a1:c5:8c:a6:26:f9:96:d8:19:78:b0:
                    ec:9a:eb:74:6e:0a:2f:78:52:43:00:cc:38:46:c9:
                    19:b6:dc:54:df:e7:1a:07:f8:e2:5d:42:0e:52:b9:
                    f4:7f:5b:24:5d:14:f3:94:61:17:ad:74:27:50:a2:
                    9e:9a:fd:b6:55:fa:28:8c:d8:b2:da:05:74:f1:2e:
                    88:73:c9:5e:26:2b:d7:77:94:c5:b3:aa:66:1c:48:
                    91:0a:09:38:8d:14:bd:10:0f:3e:65:ac:04:8f:24:
                    95:30:24:6b:01:d2:c9:b9:c4:8a:7d:dd:cb:2f:da:
                    c6:1a:11:1a:cf:21:b8:c3:6f:de:a0:bd:79:2e:2c:
                    83:6b:27:cb:f3:64:5f:b8:d7:93:f1:79:ab:1f:86:
                    1f:68:1d:d7:93:6a:9a:ae:40:06:e6:09:73:ca:f1:
                    c5:50:c3:0e:fb:ea:33:9b:f0:cf:15:20:27:b1:87:
                    2d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:F7:A0:22:EF:EE:4E:06:CE:6C:5E:F7:64:F6:2F:7C:5D:53:10:46
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/KvegIu_uTgbObF73ZPYvfF1TEEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3501:1030::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:37:c2:dd:0b:10:a6:cd:20:03:54:db:4e:7c:e5:e2:3f:36:
         6a:64:5f:62:43:14:82:ce:9f:62:67:c5:46:85:96:43:c6:ea:
         d7:f7:07:5a:7e:6e:7f:91:55:f8:1a:2e:bc:96:8b:c6:16:6c:
         ca:b9:c1:87:ab:ce:e0:d7:d2:6a:cc:60:f4:c7:46:1b:de:fa:
         46:cb:9a:68:e5:c5:4a:fd:61:19:71:ac:50:d7:08:53:71:07:
         1d:9d:62:9d:12:39:ff:5c:1a:28:2d:8c:cc:67:45:8d:a4:d5:
         97:a1:20:11:9a:ca:86:7b:28:3c:f4:98:01:dc:ea:2d:f0:84:
         42:cf:6b:53:42:56:e8:28:5f:72:21:44:8e:97:4a:a8:f8:c0:
         32:d6:83:0f:e0:aa:dd:cc:f5:fb:1e:5f:01:1b:19:ce:86:01:
         7d:02:7a:a5:c1:5a:76:d6:45:c1:47:5f:97:86:e4:b9:f2:cf:
         76:8c:e8:84:48:db:de:51:21:c9:a2:32:31:e6:30:93:40:b9:
         ed:41:0c:66:a5:09:9a:2f:23:48:6d:78:20:19:49:07:00:f2:
         05:7d:e7:e4:34:5d:a5:80:ba:01:ff:4a:03:97:f0:f6:6a:ba:
         8b:4f:72:c8:61:e5:d7:6b:cb:73:fa:35:b5:a0:9b:ed:85:77:
         86:e5:1f:c1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4IbQ1EX8an0H3mqtBevnE3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjQwMzA0MDc0NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWY3YTAyMmVmZWU0ZTA2Y2U2YzVlZjc2NGY2MmY3YzVkNTMxMDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRlonxNzmmcGFi5GwBJMtR/5DAYa
rczvf8FBvcM7/pHE5ERMVAQq3btQ8ARTuGt26ls9os5fzb9xdLAMtUHxrgiqxNiv
DNbgFy+WN5rEocWMpib5ltgZeLDsmut0bgoveFJDAMw4RskZttxU3+caB/jiXUIO
Urn0f1skXRTzlGEXrXQnUKKemv22VfoojNiy2gV08S6Ic8leJivXd5TFs6pmHEiR
Cgk4jRS9EA8+ZawEjySVMCRrAdLJucSKfd3LL9rGGhEazyG4w2/eoL15LiyDayfL
82RfuNeT8XmrH4YfaB3Xk2qarkAG5glzyvHFUMMO++ozm/DPFSAnsYctFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCr3oCLv7k4Gzmxe92T2L3xdUxBGMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvS3ZlZ0l1X3VUZ2JPYkY3M1pQWXZmRjFURUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgc1ARAw
MA0GCSqGSIb3DQEBCwUAA4IBAQAQN8LdCxCmzSADVNtOfOXiPzZqZF9iQxSCzp9i
Z8VGhZZDxurX9wdafm5/kVX4Gi68lovGFmzKucGHq87g19JqzGD0x0Yb3vpGy5po
5cVK/WEZcaxQ1whTcQcdnWKdEjn/XBooLYzMZ0WNpNWXoSARmsqGeyg89JgB3Oot
8IRCz2tTQlboKF9yIUSOl0qo+MAy1oMP4KrdzPX7Hl8BGxnOhgF9AnqlwVp21kXB
R1+XhuS58s92jOiESNveUSHJojIx5jCTQLntQQxmpQmaLyNIbXggGUkHAPIFfefk
NF2lgLoB/0oDl/D2arqLT3LIYeXXa8tz+jW1oJvthXeG5R/B
-----END CERTIFICATE-----