Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/rVrzSetOljTklClpJYBrQGjNJQg.roa
File:                     rVrzSetOljTklClpJYBrQGjNJQg.roa (raw, json)
Hash identifier:          Dughaa3KjHToiFYrxb2OTCwRCVFT8JLD8iq7w3NtDMk=
Subject key identifier:   AD:5A:F3:49:EB:4E:96:34:E4:94:29:69:25:80:6B:40:68:CD:25:08
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       0193011A4EF3652337ED23F0E1F964FF1234
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/rVrzSetOljTklClpJYBrQGjNJQg.roa
Signing time:             Wed 06 Nov 2024 10:52:01 +0000
ROA not before:           Wed 06 Nov 2024 10:52:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214526
IP address blocks:        2a05:9080:3::/48 maxlen: 48
                          2a05:9080:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:27:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:01:1a:4e:f3:65:23:37:ed:23:f0:e1:f9:64:ff:12:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Nov  6 10:52:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad5af349eb4e9634e494296925806b4068cd2508
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:df:09:c9:61:97:b9:96:dc:8a:a1:dd:3f:f1:
                    fe:a5:b0:e9:72:68:87:c9:59:3e:8e:40:ca:7b:d6:
                    76:45:02:e1:37:5c:e0:1f:0d:da:69:a6:8f:3c:be:
                    f8:05:25:6f:5c:57:96:45:01:96:66:c7:9c:ff:2f:
                    e4:1c:86:cd:35:61:4a:36:1f:44:76:11:0d:b3:8f:
                    20:4a:98:89:75:4d:f8:87:80:fc:b2:f5:44:26:fd:
                    ec:d1:10:e6:a3:5f:2b:5e:8e:58:66:35:ab:fe:e4:
                    4e:17:fc:a1:8e:f4:ab:3e:06:93:b8:7f:e2:2c:06:
                    59:d3:03:fe:d8:7e:9f:9b:4d:92:ee:c8:16:4a:0d:
                    fa:9b:5a:8d:44:93:d1:4e:80:53:64:50:36:c0:62:
                    fd:65:0b:31:53:e3:42:bc:f0:be:89:a5:77:55:a6:
                    8e:27:18:9b:71:87:94:cb:50:43:da:96:7a:77:0d:
                    e1:c7:32:3f:36:9a:f3:98:7b:43:31:dc:40:90:d7:
                    9d:e7:98:5a:b2:6f:c0:a5:ca:65:e8:ab:23:31:22:
                    91:1f:ad:bc:da:20:a3:4c:0b:9b:0c:6d:e0:b8:ab:
                    a5:3c:5c:93:77:8a:eb:a1:f5:a8:c1:60:5c:54:51:
                    4b:a5:79:56:94:52:02:b7:62:01:0e:59:c7:85:df:
                    53:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:5A:F3:49:EB:4E:96:34:E4:94:29:69:25:80:6B:40:68:CD:25:08
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/rVrzSetOljTklClpJYBrQGjNJQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080:3::/48
                  2a05:9080:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:0a:92:70:85:04:15:15:93:6f:6e:0a:c6:ee:d5:2a:a4:11:
         2d:5e:fe:bc:92:30:c1:0e:0d:17:f7:05:54:5f:e7:63:06:a4:
         34:84:aa:4a:8e:5b:9c:f8:f6:65:b0:72:9b:9b:bc:83:a4:36:
         8c:40:4b:89:9a:60:b5:26:c5:27:a1:ed:49:ec:15:c6:d8:4a:
         bb:9a:2b:2e:15:d4:9e:a3:f6:db:0e:13:dc:20:32:85:e8:3b:
         30:f1:b9:34:3a:f0:0b:31:de:01:3d:e7:86:5d:9d:27:ce:63:
         72:a4:85:41:39:ff:8b:65:f4:90:5a:0f:c2:b0:a6:18:75:8d:
         96:64:1f:2a:da:ca:c7:9f:4b:79:64:5b:52:fd:78:fe:c6:4e:
         c9:2b:3d:06:27:f9:b9:d3:9b:61:55:9d:fe:c1:6f:10:6f:2d:
         4b:9b:d3:9e:9f:d4:3c:8e:e1:e3:2c:eb:5f:1f:57:54:a4:95:
         b8:d5:08:27:3f:e6:d7:0c:71:0a:80:01:ed:ca:96:bf:d3:3c:
         99:5a:64:e5:9c:48:04:5b:12:a0:66:1f:5e:10:5a:39:41:fc:
         1d:dc:fb:a8:7e:eb:53:19:a6:4a:f2:16:0a:12:86:aa:ee:58:
         5c:f0:18:00:4e:dc:e5:d0:7f:be:8e:b5:d6:7d:66:3d:bb:f8:
         5d:cb:e8:43
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZMBGk7zZSM37SPw4flk/xI0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjQxMTA2MTA1MjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDVhZjM0OWViNGU5NjM0ZTQ5NDI5NjkyNTgwNmI0MDY4Y2QyNTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0d8JyWGXuZbciqHdP/H+pbDpcmiH
yVk+jkDKe9Z2RQLhN1zgHw3aaaaPPL74BSVvXFeWRQGWZsec/y/kHIbNNWFKNh9E
dhENs48gSpiJdU34h4D8svVEJv3s0RDmo18rXo5YZjWr/uROF/yhjvSrPgaTuH/i
LAZZ0wP+2H6fm02S7sgWSg36m1qNRJPRToBTZFA2wGL9ZQsxU+NCvPC+iaV3VaaO
JxibcYeUy1BD2pZ6dw3hxzI/NprzmHtDMdxAkNed55hasm/Apcpl6KsjMSKRH628
2iCjTAubDG3guKulPFyTd4rrofWowWBcVFFLpXlWlFICt2IBDlnHhd9TEQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK1a80nrTpY05JQpaSWAa0BozSUIMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvclZyelNldE9salRrbENscEpZQnJRR2pOSlFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgWQgAAD
AwcAKgWQgAAHMA0GCSqGSIb3DQEBCwUAA4IBAQAFCpJwhQQVFZNvbgrG7tUqpBEt
Xv68kjDBDg0X9wVUX+djBqQ0hKpKjluc+PZlsHKbm7yDpDaMQEuJmmC1JsUnoe1J
7BXG2Eq7misuFdSeo/bbDhPcIDKF6Dsw8bk0OvALMd4BPeeGXZ0nzmNypIVBOf+L
ZfSQWg/CsKYYdY2WZB8q2srHn0t5ZFtS/Xj+xk7JKz0GJ/m505thVZ3+wW8Qby1L
m9Oen9Q8juHjLOtfH1dUpJW41QgnP+bXDHEKgAHtypa/0zyZWmTlnEgEWxKgZh9e
EFo5Qfwd3PuofutTGaZK8hYKEoaq7lhc8BgATtzl0H++jrXWfWY9u/hdy+hD
-----END CERTIFICATE-----