Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/0c9128-a043-478c-9920-ad215285c864/1/dVbTu2SOjU4JE9vscXTIHhfprUY.roa
File:                     dVbTu2SOjU4JE9vscXTIHhfprUY.roa (raw, json)
Hash identifier:          6VBiel9yY0a5R16+nxgkmmj61LnnPu4Hd2sctltmoLI=
Subject key identifier:   75:56:D3:BB:64:8E:8D:4E:09:13:DB:EC:71:74:C8:1E:17:E9:AD:46
Certificate issuer:       /CN=5d6373f5df99d821dcb57c7fb9202fb4686e5d61
Certificate serial:       018CC42553387FE1CF04838103D3C1C31972
Authority key identifier: 5D:63:73:F5:DF:99:D8:21:DC:B5:7C:7F:B9:20:2F:B4:68:6E:5D:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XWNz9d-Z2CHctXx_uSAvtGhuXWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/0c9128-a043-478c-9920-ad215285c864/1/dVbTu2SOjU4JE9vscXTIHhfprUY.roa
Signing time:             Mon 01 Jan 2024 08:30:29 +0000
ROA not before:           Mon 01 Jan 2024 08:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209589
IP address blocks:        2a07:9cc5::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/0c9128-a043-478c-9920-ad215285c864/1/XWNz9d-Z2CHctXx_uSAvtGhuXWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/0c9128-a043-478c-9920-ad215285c864/1/XWNz9d-Z2CHctXx_uSAvtGhuXWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XWNz9d-Z2CHctXx_uSAvtGhuXWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:53:38:7f:e1:cf:04:83:81:03:d3:c1:c3:19:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d6373f5df99d821dcb57c7fb9202fb4686e5d61
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7556d3bb648e8d4e0913dbec7174c81e17e9ad46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:f5:59:42:a0:8e:96:7e:23:68:66:6a:37:49:
                    ee:3b:8d:22:ce:46:3b:3f:81:5b:10:cb:c1:07:a8:
                    54:0c:c4:b1:3c:64:6a:35:db:0a:9c:9f:53:fe:b3:
                    47:56:e4:05:a1:fb:b8:ed:da:bd:f9:d9:ef:6f:97:
                    20:f3:57:04:32:cf:56:6f:7f:f2:eb:a8:48:64:ba:
                    cf:08:1c:a5:fc:cb:03:d6:09:2b:9e:25:56:6b:2d:
                    61:fe:14:81:23:a5:c1:69:98:c2:e0:97:b3:95:df:
                    8e:a3:d3:6f:76:eb:51:be:70:a1:43:6d:da:0c:a2:
                    b3:a1:b5:f2:98:e4:35:d5:59:22:2a:5c:8b:dd:fa:
                    21:05:9e:29:6e:89:90:b9:30:0a:eb:6c:eb:fc:fa:
                    18:12:92:62:5f:66:30:6e:69:ea:8c:46:2b:8e:e4:
                    ba:ed:7d:7e:1d:3a:a5:ad:fb:10:37:78:5a:dd:fc:
                    c5:a6:6c:b8:0d:ea:e3:fe:5d:ce:a8:40:12:f4:15:
                    34:0f:de:02:a7:6b:bf:26:7e:49:11:0e:c0:98:6d:
                    e2:65:bc:c5:ff:90:91:18:d1:2c:66:a3:dc:cb:ab:
                    1f:e6:85:16:3f:df:37:15:03:ce:95:d8:fe:7d:1e:
                    3e:2d:9e:3a:02:a7:6a:80:34:ce:e6:fc:2d:d9:85:
                    a2:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:56:D3:BB:64:8E:8D:4E:09:13:DB:EC:71:74:C8:1E:17:E9:AD:46
            X509v3 Authority Key Identifier:
                keyid:5D:63:73:F5:DF:99:D8:21:DC:B5:7C:7F:B9:20:2F:B4:68:6E:5D:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XWNz9d-Z2CHctXx_uSAvtGhuXWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/0c9128-a043-478c-9920-ad215285c864/1/dVbTu2SOjU4JE9vscXTIHhfprUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/0c9128-a043-478c-9920-ad215285c864/1/XWNz9d-Z2CHctXx_uSAvtGhuXWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:9cc5::/32

    Signature Algorithm: sha256WithRSAEncryption
         36:6e:fe:26:b4:15:c7:c1:aa:22:5e:8b:06:78:b4:98:8a:8b:
         18:57:b0:07:2c:78:91:81:56:f7:9d:06:4c:92:70:d0:25:b9:
         ef:ff:d0:37:07:41:06:f6:2f:9e:79:c7:cd:f8:9e:b3:17:04:
         7a:e9:13:29:82:7d:a2:b7:c7:06:71:72:02:2f:7a:96:6b:fe:
         7c:bb:21:36:d0:84:75:6f:e1:0d:00:ba:e1:53:02:fa:5f:50:
         55:44:d0:be:19:a3:c0:2b:80:ec:3b:22:ec:4e:8a:04:e5:36:
         28:f8:51:06:8b:cd:f9:15:0b:92:c5:ea:18:ba:8a:84:38:4f:
         24:ae:31:b9:cf:2f:52:be:16:4f:50:68:a7:aa:4b:94:41:75:
         be:ab:d9:10:07:3e:25:76:3a:6d:6c:10:81:e7:7b:78:c5:b4:
         b9:48:b0:0a:32:d5:38:7b:b2:fa:d9:7e:f3:90:7c:e3:63:42:
         3f:6f:30:e1:a6:db:7d:ed:15:3f:f6:81:7e:c1:ef:48:39:1e:
         0a:44:9a:76:2b:91:6e:53:50:4e:13:a9:a1:34:1a:7d:b1:ba:
         f9:51:44:c3:6d:98:7c:71:2a:1d:2c:21:12:43:da:71:7d:c0:
         a9:66:af:6e:3d:9b:89:7a:9b:9d:47:63:ec:f0:62:63:13:c8:
         03:dc:73:cc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEJVM4f+HPBIOBA9PBwxlyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkNjM3M2Y1ZGY5OWQ4MjFkY2I1N2M3ZmI5MjAyZmI0Njg2
ZTVkNjEwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTU2ZDNiYjY0OGU4ZDRlMDkxM2RiZWM3MTc0YzgxZTE3ZTlhZDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfVZQqCOln4jaGZqN0nuO40izkY7
P4FbEMvBB6hUDMSxPGRqNdsKnJ9T/rNHVuQFofu47dq9+dnvb5cg81cEMs9Wb3/y
66hIZLrPCByl/MsD1gkrniVWay1h/hSBI6XBaZjC4Jezld+Oo9NvdutRvnChQ23a
DKKzobXymOQ11VkiKlyL3fohBZ4pbomQuTAK62zr/PoYEpJiX2YwbmnqjEYrjuS6
7X1+HTqlrfsQN3ha3fzFpmy4Derj/l3OqEAS9BU0D94Cp2u/Jn5JEQ7AmG3iZbzF
/5CRGNEsZqPcy6sf5oUWP983FQPOldj+fR4+LZ46AqdqgDTO5vwt2YWi5QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHVW07tkjo1OCRPb7HF0yB4X6a1GMB8GA1UdIwQY
MBaAFF1jc/Xfmdgh3LV8f7kgL7Robl1hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFdOejlkLVoyQ0hjdFh4X3VTQXZ0R2h1WFdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8wYzkxMjgtYTA0My00NzhjLTk5MjAt
YWQyMTUyODVjODY0LzEvZFZiVHUyU09qVTRKRTl2c2NYVElIaGZwclVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8wYzkxMjgtYTA0My00NzhjLTk5MjAtYWQyMTUyODVjODY0
LzEvWFdOejlkLVoyQ0hjdFh4X3VTQXZ0R2h1WFdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgecxTAN
BgkqhkiG9w0BAQsFAAOCAQEANm7+JrQVx8GqIl6LBni0mIqLGFewByx4kYFW950G
TJJw0CW57//QNwdBBvYvnnnHzfiesxcEeukTKYJ9orfHBnFyAi96lmv+fLshNtCE
dW/hDQC64VMC+l9QVUTQvhmjwCuA7Dsi7E6KBOU2KPhRBovN+RULksXqGLqKhDhP
JK4xuc8vUr4WT1Bop6pLlEF1vqvZEAc+JXY6bWwQged7eMW0uUiwCjLVOHuy+tl+
85B842NCP28w4abbfe0VP/aBfsHvSDkeCkSadiuRblNQThOpoTQafbG6+VFEw22Y
fHEqHSwhEkPacX3AqWavbj2biXqbnUdj7PBiYxPIA9xzzA==
-----END CERTIFICATE-----