Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/72a168-dc1c-46f4-b31c-4e659d2be654/1/roTTjNgpzO0vl77TPFgS5oRgxvw.roa
File:                     roTTjNgpzO0vl77TPFgS5oRgxvw.roa (raw, json)
Hash identifier:          ElMUVZaG987pX+nzbA7hAi/zp9jvS8rD+5w1qYg7OC4=
Subject key identifier:   AE:84:D3:8C:D8:29:CC:ED:2F:97:BE:D3:3C:58:12:E6:84:60:C6:FC
Certificate issuer:       /CN=eb7c85c442ccab75e2ce6de29db5fd00f326749d
Certificate serial:       018CC726D7A57EEB4C72C0069AC0654E0FD3
Authority key identifier: EB:7C:85:C4:42:CC:AB:75:E2:CE:6D:E2:9D:B5:FD:00:F3:26:74:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/63yFxELMq3Xizm3inbX9APMmdJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/72a168-dc1c-46f4-b31c-4e659d2be654/1/roTTjNgpzO0vl77TPFgS5oRgxvw.roa
Signing time:             Mon 01 Jan 2024 22:31:00 +0000
ROA not before:           Mon 01 Jan 2024 22:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211383
IP address blocks:        2a10:7640::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/72a168-dc1c-46f4-b31c-4e659d2be654/1/63yFxELMq3Xizm3inbX9APMmdJ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/72a168-dc1c-46f4-b31c-4e659d2be654/1/63yFxELMq3Xizm3inbX9APMmdJ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/63yFxELMq3Xizm3inbX9APMmdJ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:d7:a5:7e:eb:4c:72:c0:06:9a:c0:65:4e:0f:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb7c85c442ccab75e2ce6de29db5fd00f326749d
        Validity
            Not Before: Jan  1 22:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae84d38cd829cced2f97bed33c5812e68460c6fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:47:c4:c0:3b:ce:30:6e:d8:73:6f:25:e9:79:
                    f2:c0:88:87:9b:24:64:c7:ef:6d:3c:4b:aa:e6:f0:
                    57:87:96:72:fa:80:09:33:95:05:16:42:45:0a:90:
                    0c:e2:e7:44:3f:3b:b5:b4:29:99:4a:fa:c5:27:57:
                    38:eb:9c:49:40:a9:42:df:6b:46:3b:45:19:d8:ab:
                    d4:4b:7d:67:87:f6:fc:4b:60:55:39:bc:d6:09:cc:
                    48:94:8d:59:dd:52:ee:46:87:3e:e3:67:36:fb:b8:
                    aa:38:b6:47:60:48:87:87:d7:f6:77:bd:88:e5:a6:
                    b3:25:00:02:0c:12:ae:96:11:79:c4:29:93:8b:23:
                    cf:a7:fe:a5:c9:48:2a:3f:98:13:e1:d6:d2:49:c7:
                    47:aa:3f:9a:84:12:84:64:f4:10:33:3b:81:a6:62:
                    52:88:38:5f:29:1e:d5:a5:eb:a1:de:22:b1:71:47:
                    2c:df:47:c0:35:f2:4d:89:d9:c7:f5:7f:e3:35:8f:
                    4f:ad:d3:e1:fa:bf:43:0b:d4:99:b8:e7:70:55:56:
                    1e:da:36:d5:68:f4:48:d4:55:92:39:9f:0f:f7:04:
                    86:f8:cf:b4:c8:f4:21:b4:57:39:ae:41:81:43:0b:
                    cc:0e:85:ba:de:cd:6e:cd:91:65:b1:0b:81:ff:15:
                    ad:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:84:D3:8C:D8:29:CC:ED:2F:97:BE:D3:3C:58:12:E6:84:60:C6:FC
            X509v3 Authority Key Identifier:
                keyid:EB:7C:85:C4:42:CC:AB:75:E2:CE:6D:E2:9D:B5:FD:00:F3:26:74:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/63yFxELMq3Xizm3inbX9APMmdJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/72a168-dc1c-46f4-b31c-4e659d2be654/1/roTTjNgpzO0vl77TPFgS5oRgxvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/72a168-dc1c-46f4-b31c-4e659d2be654/1/63yFxELMq3Xizm3inbX9APMmdJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:7640::/29

    Signature Algorithm: sha256WithRSAEncryption
         ac:f5:dd:2f:be:a7:25:fd:82:8e:98:f8:09:4a:b0:f0:cd:5d:
         25:94:5f:1d:53:9d:db:23:05:ce:b4:01:59:39:2f:71:30:2f:
         92:c7:74:24:4e:87:cb:36:4f:b5:ff:34:b1:f7:f0:80:dc:5c:
         9c:8a:0f:73:97:87:ee:30:88:66:e1:7e:2c:70:01:14:b7:aa:
         ac:d3:d0:f6:4f:a5:9b:ab:a1:b4:3c:8b:5a:81:9b:ff:e6:e8:
         9b:c7:0e:6b:35:c8:d0:de:0b:2a:7d:c3:c2:51:44:c4:44:69:
         cc:e4:d3:70:e3:32:4c:5d:ff:14:f5:4b:45:7a:65:32:49:c3:
         4c:b9:6b:88:37:d3:69:37:00:37:5b:bf:7b:7e:74:a8:bc:db:
         a0:75:01:6f:41:81:74:8c:15:c3:ad:20:72:25:04:07:69:99:
         74:81:db:49:90:2e:b7:29:9d:87:99:e9:84:20:9f:01:39:e6:
         54:ed:81:39:a8:6c:bf:72:f9:d4:a3:57:6e:33:ed:0b:05:bd:
         5a:5d:cd:e8:37:2b:2b:e6:22:1f:72:1c:ab:cc:99:cb:39:01:
         bd:90:a6:31:7a:66:60:42:3d:07:d9:4c:93:2a:a9:bc:53:a4:
         7a:da:a6:67:2b:1a:68:ff:30:23:a9:e4:25:60:51:9f:52:96:
         99:ce:92:eb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJtelfutMcsAGmsBlTg/TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViN2M4NWM0NDJjY2FiNzVlMmNlNmRlMjlkYjVmZDAwZjMy
Njc0OWQwHhcNMjQwMTAxMjIzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTg0ZDM4Y2Q4MjljY2VkMmY5N2JlZDMzYzU4MTJlNjg0NjBjNmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkfEwDvOMG7Yc28l6XnywIiHmyRk
x+9tPEuq5vBXh5Zy+oAJM5UFFkJFCpAM4udEPzu1tCmZSvrFJ1c465xJQKlC32tG
O0UZ2KvUS31nh/b8S2BVObzWCcxIlI1Z3VLuRoc+42c2+7iqOLZHYEiHh9f2d72I
5aazJQACDBKulhF5xCmTiyPPp/6lyUgqP5gT4dbSScdHqj+ahBKEZPQQMzuBpmJS
iDhfKR7Vpeuh3iKxcUcs30fANfJNidnH9X/jNY9PrdPh+r9DC9SZuOdwVVYe2jbV
aPRI1FWSOZ8P9wSG+M+0yPQhtFc5rkGBQwvMDoW63s1uzZFlsQuB/xWtxQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK6E04zYKcztL5e+0zxYEuaEYMb8MB8GA1UdIwQY
MBaAFOt8hcRCzKt14s5t4p21/QDzJnSdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjN5RnhFTE1xM1hpem0zaW5iWDlBUE1tZEowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy83MmExNjgtZGMxYy00NmY0LWIzMWMt
NGU2NTlkMmJlNjU0LzEvcm9UVGpOZ3B6TzB2bDc3VFBGZ1M1b1JneHZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy83MmExNjgtZGMxYy00NmY0LWIzMWMtNGU2NTlkMmJlNjU0
LzEvNjN5RnhFTE1xM1hpem0zaW5iWDlBUE1tZEowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhB2QDAN
BgkqhkiG9w0BAQsFAAOCAQEArPXdL76nJf2Cjpj4CUqw8M1dJZRfHVOd2yMFzrQB
WTkvcTAvksd0JE6HyzZPtf80sffwgNxcnIoPc5eH7jCIZuF+LHABFLeqrNPQ9k+l
m6uhtDyLWoGb/+bom8cOazXI0N4LKn3DwlFExERpzOTTcOMyTF3/FPVLRXplMknD
TLlriDfTaTcAN1u/e350qLzboHUBb0GBdIwVw60gciUEB2mZdIHbSZAutymdh5np
hCCfATnmVO2BOahsv3L51KNXbjPtCwW9Wl3N6DcrK+YiH3Icq8yZyzkBvZCmMXpm
YEI9B9lMkyqpvFOketqmZysaaP8wI6nkJWBRn1KWmc6S6w==
-----END CERTIFICATE-----