Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/PS7Fsj2Ca5lLjWuDcP4trufFYoI.roa
File:                     PS7Fsj2Ca5lLjWuDcP4trufFYoI.roa (raw, json)
Hash identifier:          3txuxlZfnCDpdQfVbjWsv0x1gUi2XIWaoZQ3O3c98Ts=
Subject key identifier:   3D:2E:C5:B2:3D:82:6B:99:4B:8D:6B:83:70:FE:2D:AE:E7:C5:62:82
Certificate issuer:       /CN=dc4e453affe895b6452b84027437c5c00fd37067
Certificate serial:       018CC9BB0A0EB76D74BC85750FD8B00BCE88
Authority key identifier: DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/PS7Fsj2Ca5lLjWuDcP4trufFYoI.roa
Signing time:             Tue 02 Jan 2024 10:32:07 +0000
ROA not before:           Tue 02 Jan 2024 10:32:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39122
IP address blocks:        2a0b:bc7::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:0a:0e:b7:6d:74:bc:85:75:0f:d8:b0:0b:ce:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc4e453affe895b6452b84027437c5c00fd37067
        Validity
            Not Before: Jan  2 10:32:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d2ec5b23d826b994b8d6b8370fe2daee7c56282
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:e9:07:77:b1:59:62:18:9e:98:67:95:2f:46:
                    86:fb:7d:bb:78:6d:05:70:f1:f9:84:4f:84:bb:4c:
                    ce:04:f7:40:df:73:f5:68:a9:f7:48:41:71:1d:ec:
                    37:78:1b:07:16:ce:e8:b7:d2:82:e3:20:ad:fd:f2:
                    37:5b:40:42:05:fe:46:87:44:0d:2d:36:b7:fc:df:
                    e9:80:88:7e:66:42:b1:72:9f:5f:ef:47:c9:21:dc:
                    e8:f2:45:57:b8:d8:61:56:98:eb:09:d1:2c:91:54:
                    18:77:6b:f6:2d:11:97:ab:b0:33:4c:f5:87:30:a0:
                    ed:87:3f:d7:0a:ec:80:c0:d2:e7:17:22:92:f3:43:
                    b4:06:2e:dc:cb:57:17:d0:9f:c0:47:ae:c5:92:67:
                    fa:db:6b:fb:36:2a:f3:16:59:8a:cd:51:2d:8d:17:
                    82:ec:7b:1e:ba:68:aa:a4:ce:e3:df:2c:72:0e:a3:
                    97:0b:d0:5f:db:e3:6a:0e:15:55:5a:40:51:0d:b7:
                    0e:45:a8:53:ee:4c:2a:86:71:b0:75:36:5a:4e:39:
                    e9:5c:45:cf:21:a9:df:a1:e3:ff:43:65:62:03:04:
                    b6:db:6c:4f:34:a7:9a:25:e5:48:04:6e:f4:4f:eb:
                    96:f4:80:63:30:f4:97:34:19:e1:89:d9:27:74:cc:
                    bd:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:2E:C5:B2:3D:82:6B:99:4B:8D:6B:83:70:FE:2D:AE:E7:C5:62:82
            X509v3 Authority Key Identifier:
                keyid:DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/PS7Fsj2Ca5lLjWuDcP4trufFYoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:bc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:3a:07:3d:0a:79:5e:95:4c:bf:25:29:b7:a0:17:af:74:9f:
         a0:6a:2d:0b:69:63:d2:65:52:c6:13:01:b8:2d:ac:ae:69:e8:
         25:f7:dd:f9:f1:af:98:08:45:9d:61:a0:19:11:bd:64:39:9e:
         9a:2f:b9:62:ec:ff:ea:af:a8:30:5f:ff:4f:f1:8b:f6:cc:ac:
         b9:64:60:34:fb:3e:27:e9:35:87:6f:3b:f2:87:cf:8d:13:c0:
         0a:df:91:d5:74:da:ea:26:e9:4e:7e:1f:95:12:10:27:da:62:
         ba:1a:6c:3e:25:9c:6d:40:e5:6f:4e:70:49:60:97:7a:34:ca:
         0e:af:ab:e2:d1:70:5b:c8:6b:80:b8:11:b7:13:2d:dd:70:e4:
         59:af:61:10:e6:04:10:c1:d1:0b:9e:34:33:a7:7e:f9:a6:43:
         ac:65:9c:da:b0:11:9b:3c:36:8f:78:00:f1:05:cb:c1:17:1b:
         e1:25:94:b2:43:40:84:93:1c:1d:75:fd:62:a6:c8:35:10:12:
         86:d3:76:80:71:29:73:f4:ce:c8:a1:4f:96:13:8b:b2:48:fa:
         94:f9:bd:41:fe:88:ce:4d:22:15:10:82:52:90:0b:61:99:15:
         f6:b2:75:c9:bb:a2:df:48:85:85:b8:e3:0a:1c:e2:44:32:41:
         de:37:ce:c4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJuwoOt210vIV1D9iwC86IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNGU0NTNhZmZlODk1YjY0NTJiODQwMjc0MzdjNWMwMGZk
MzcwNjcwHhcNMjQwMTAyMTAzMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDJlYzViMjNkODI2Yjk5NGI4ZDZiODM3MGZlMmRhZWU3YzU2MjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOkHd7FZYhiemGeVL0aG+327eG0F
cPH5hE+Eu0zOBPdA33P1aKn3SEFxHew3eBsHFs7ot9KC4yCt/fI3W0BCBf5Gh0QN
LTa3/N/pgIh+ZkKxcp9f70fJIdzo8kVXuNhhVpjrCdEskVQYd2v2LRGXq7AzTPWH
MKDthz/XCuyAwNLnFyKS80O0Bi7cy1cX0J/AR67Fkmf622v7NirzFlmKzVEtjReC
7HseumiqpM7j3yxyDqOXC9Bf2+NqDhVVWkBRDbcORahT7kwqhnGwdTZaTjnpXEXP
IanfoeP/Q2ViAwS222xPNKeaJeVIBG70T+uW9IBjMPSXNBnhidkndMy9VQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD0uxbI9gmuZS41rg3D+La7nxWKCMB8GA1UdIwQY
MBaAFNxORTr/6JW2RSuEAnQ3xcAP03BnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEt
MTgyMjg2N2UxNTk2LzEvUFM3RnNqMkNhNWxMald1RGNQNHRydWZGWW9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEtMTgyMjg2N2UxNTk2
LzEvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgsLxzAN
BgkqhkiG9w0BAQsFAAOCAQEAXToHPQp5XpVMvyUpt6AXr3SfoGotC2lj0mVSxhMB
uC2srmnoJffd+fGvmAhFnWGgGRG9ZDmemi+5Yuz/6q+oMF//T/GL9sysuWRgNPs+
J+k1h2878ofPjRPACt+R1XTa6ibpTn4flRIQJ9piuhpsPiWcbUDlb05wSWCXejTK
Dq+r4tFwW8hrgLgRtxMt3XDkWa9hEOYEEMHRC540M6d++aZDrGWc2rARmzw2j3gA
8QXLwRcb4SWUskNAhJMcHXX9YqbINRAShtN2gHEpc/TOyKFPlhOLskj6lPm9Qf6I
zk0iFRCCUpALYZkV9rJ1ybui30iFhbjjChziRDJB3jfOxA==
-----END CERTIFICATE-----