Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/Mhdx8dcl1SlwhdvE_WMWlS4P1yk.roa
File:                     Mhdx8dcl1SlwhdvE_WMWlS4P1yk.roa (raw, json)
Hash identifier:          3UrzjiWKXJ25V4TsEBLBh9sa39/C23LN4/awy7lVoKA=
Subject key identifier:   32:17:71:F1:D7:25:D5:29:70:85:DB:C4:FD:63:16:95:2E:0F:D7:29
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       01930B0A8EDB78F56CC4CF57EE4A367D8D51
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/Mhdx8dcl1SlwhdvE_WMWlS4P1yk.roa
Signing time:             Fri 08 Nov 2024 09:11:01 +0000
ROA not before:           Fri 08 Nov 2024 09:11:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214515
IP address blocks:        2a05:9080:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0b:0a:8e:db:78:f5:6c:c4:cf:57:ee:4a:36:7d:8d:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Nov  8 09:11:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=321771f1d725d5297085dbc4fd6316952e0fd729
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b9:6c:7c:2b:19:7a:18:ae:58:a0:d9:78:1f:
                    88:37:0e:71:10:75:5a:a0:5a:27:75:17:fe:27:17:
                    be:60:d2:19:68:6d:8d:29:ff:9a:5f:11:2a:b5:e4:
                    54:cb:c0:3c:a7:09:2f:30:be:f3:ec:b2:cb:9a:a3:
                    58:b5:b3:e6:78:59:59:06:66:1f:c7:5c:1a:43:8f:
                    86:7f:4a:a0:d0:87:20:e0:55:f4:cb:b5:35:6f:3f:
                    95:6f:18:08:ae:83:dd:16:88:e4:0f:7d:f6:ab:b6:
                    06:b9:93:64:75:28:8b:2b:99:66:e6:e3:56:94:b8:
                    fd:96:a8:43:1e:53:83:67:6e:e7:21:b5:63:ae:2b:
                    0f:2e:d8:22:eb:fc:0f:90:3e:e4:d6:16:aa:58:2d:
                    f0:c9:5f:54:7f:dc:ef:b0:41:d0:1c:0a:bb:ea:8a:
                    84:bd:ea:30:39:35:f8:75:76:18:54:e5:00:5c:35:
                    92:c6:19:f7:32:80:14:45:41:e6:44:2b:81:44:08:
                    3f:44:2b:82:1e:58:e6:8e:99:8d:e9:b9:09:51:16:
                    30:07:b2:51:9a:bd:a4:e5:56:2e:9a:a8:b6:7f:d1:
                    22:c4:a8:bb:df:07:50:22:3e:93:58:d6:aa:c5:07:
                    44:08:08:e6:f5:0d:fb:e6:a1:0a:ed:b4:a2:38:93:
                    86:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:17:71:F1:D7:25:D5:29:70:85:DB:C4:FD:63:16:95:2E:0F:D7:29
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/Mhdx8dcl1SlwhdvE_WMWlS4P1yk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:b8:51:cc:60:04:06:cc:bd:b5:b2:6b:29:2a:36:95:65:ae:
         7d:6f:3e:e8:7f:c6:84:24:87:c6:ea:8c:42:23:3a:1d:49:15:
         3f:26:09:a0:6e:20:b9:db:76:c3:79:ae:6f:61:e1:ac:6c:e2:
         8f:a9:bf:7d:69:ba:53:b0:7b:df:8d:fe:81:68:29:85:fc:e7:
         12:f7:30:7a:0e:44:8d:2f:f7:da:59:47:e7:4b:10:da:89:dd:
         b0:d2:19:7f:5f:e1:c7:7b:95:d4:cc:dc:69:58:e0:ec:e9:da:
         73:10:f0:ce:a0:45:48:e3:08:c2:78:2d:9c:25:29:df:11:58:
         37:7b:af:6f:2b:36:80:f4:54:72:7c:86:85:5e:8b:62:8e:b8:
         76:4e:3b:90:27:ac:c3:32:be:f4:59:db:a7:03:b9:4c:01:fb:
         c4:66:d9:3a:ea:bb:13:61:0b:d7:a4:ab:fe:34:f2:87:44:f8:
         ca:3e:0c:7a:32:fd:34:15:fb:26:74:97:a3:55:fe:d7:07:62:
         44:4d:57:8b:50:bf:5b:a4:37:f6:0f:eb:a3:d8:64:0d:cc:7d:
         0a:c8:68:81:9c:ae:7b:40:31:91:3e:e1:d6:de:8c:da:cc:e1:
         a1:78:bc:e1:e5:6d:b7:a6:7a:1c:eb:9b:c2:28:96:fa:b6:3b:
         ff:27:9c:5f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZMLCo7bePVsxM9X7ko2fY1RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjQxMTA4MDkxMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjE3NzFmMWQ3MjVkNTI5NzA4NWRiYzRmZDYzMTY5NTJlMGZkNzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7lsfCsZehiuWKDZeB+INw5xEHVa
oFondRf+Jxe+YNIZaG2NKf+aXxEqteRUy8A8pwkvML7z7LLLmqNYtbPmeFlZBmYf
x1waQ4+Gf0qg0Icg4FX0y7U1bz+VbxgIroPdFojkD332q7YGuZNkdSiLK5lm5uNW
lLj9lqhDHlODZ27nIbVjrisPLtgi6/wPkD7k1haqWC3wyV9Uf9zvsEHQHAq76oqE
veowOTX4dXYYVOUAXDWSxhn3MoAURUHmRCuBRAg/RCuCHljmjpmN6bkJURYwB7JR
mr2k5VYumqi2f9EixKi73wdQIj6TWNaqxQdECAjm9Q375qEK7bSiOJOGFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDIXcfHXJdUpcIXbxP1jFpUuD9cpMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvTWhkeDhkY2wxU2x3aGR2RV9XTVdsUzRQMXlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWQgAAG
MA0GCSqGSIb3DQEBCwUAA4IBAQBZuFHMYAQGzL21smspKjaVZa59bz7of8aEJIfG
6oxCIzodSRU/JgmgbiC523bDea5vYeGsbOKPqb99abpTsHvfjf6BaCmF/OcS9zB6
DkSNL/faWUfnSxDaid2w0hl/X+HHe5XUzNxpWODs6dpzEPDOoEVI4wjCeC2cJSnf
EVg3e69vKzaA9FRyfIaFXotijrh2TjuQJ6zDMr70WdunA7lMAfvEZtk66rsTYQvX
pKv+NPKHRPjKPgx6Mv00FfsmdJejVf7XB2JETVeLUL9bpDf2D+uj2GQNzH0KyGiB
nK57QDGRPuHW3ozazOGheLzh5W23pnoc65vCKJb6tjv/J5xf
-----END CERTIFICATE-----