Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/duyt9Q95uxdJTfQpIcIlJc-dN5k.roa
File:                     duyt9Q95uxdJTfQpIcIlJc-dN5k.roa (raw, json)
Hash identifier:          aJN1l/17Ww/SdimLNISIp50voX+ETKkoGnJIVTr+Ej4=
Subject key identifier:   76:EC:AD:F5:0F:79:BB:17:49:4D:F4:29:21:C2:25:25:CF:9D:37:99
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       018CC5DCF23F205D95D469F3C8F23E181A63
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/duyt9Q95uxdJTfQpIcIlJc-dN5k.roa
Signing time:             Mon 01 Jan 2024 16:30:40 +0000
ROA not before:           Mon 01 Jan 2024 16:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a0f:607:1070::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:f2:3f:20:5d:95:d4:69:f3:c8:f2:3e:18:1a:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 16:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76ecadf50f79bb17494df42921c22525cf9d3799
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b8:96:54:84:11:43:05:a5:8e:5f:b3:b2:bf:
                    9a:17:9f:a5:76:21:4a:4e:49:98:ee:bf:5c:6e:b5:
                    de:a9:fe:af:2a:a1:ca:66:d7:9b:58:57:9d:89:4e:
                    7a:8f:c1:68:af:0e:23:2a:6d:58:78:4b:46:78:bd:
                    81:3a:bf:ae:ae:e9:c5:e6:b5:9e:0c:43:a8:af:f4:
                    40:f9:c4:2b:09:92:1d:f1:0a:17:62:ac:ab:74:7a:
                    7d:05:0d:b7:b7:94:21:64:95:a3:3b:60:37:e4:7c:
                    09:c3:42:50:89:af:a8:5b:a3:eb:89:99:1a:e7:bb:
                    3f:33:1f:2c:f1:31:29:5d:01:ac:7e:af:40:2f:26:
                    a1:4c:34:84:d2:c1:6a:ff:2a:97:6b:e4:71:b4:39:
                    bb:4b:eb:be:f7:38:1a:8c:e9:69:87:da:a0:66:0f:
                    f5:40:1a:5e:5b:49:bc:0e:f6:14:10:20:52:b2:62:
                    fd:f8:ee:f7:6e:a2:ab:f9:71:f5:05:3a:3c:d9:51:
                    48:bc:1b:ac:9f:74:27:0f:0d:39:ab:41:3a:0c:d1:
                    7a:43:9c:a1:bd:e5:55:02:3a:b2:0e:af:01:f6:af:
                    10:1d:ad:da:2a:e1:b9:3a:09:d7:e2:58:7c:34:a0:
                    54:a9:ab:05:84:86:49:5e:5f:e0:14:83:47:d6:48:
                    2e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:EC:AD:F5:0F:79:BB:17:49:4D:F4:29:21:C2:25:25:CF:9D:37:99
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/duyt9Q95uxdJTfQpIcIlJc-dN5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1070::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:d0:89:0e:94:1e:31:09:cd:dd:b5:8b:fe:95:58:73:91:fe:
         2b:9a:54:c7:3b:a1:f9:fe:10:e2:fa:65:4a:22:42:1b:2f:39:
         f4:80:fa:f6:dc:74:9c:fd:a1:90:ca:71:e9:e5:a5:0b:1b:8e:
         f2:34:a7:b4:ea:0d:ac:b1:76:7b:64:7b:cf:e7:07:bd:a1:36:
         ac:23:ff:54:93:a8:a2:5c:b1:64:d9:a2:79:94:23:39:cc:9d:
         b2:93:13:0a:7e:fa:3b:cf:2d:05:1e:45:af:56:62:87:f4:89:
         29:0a:52:09:f6:71:a0:ed:e7:57:d8:1d:dc:a8:03:8b:94:c5:
         d2:b6:28:e9:ce:b2:fa:41:92:ad:4f:33:b5:dd:7f:61:77:80:
         bf:15:3d:bf:16:7e:96:d2:ec:92:81:30:ee:f9:af:2b:fc:6a:
         ca:4a:5e:23:a7:79:41:e3:4d:18:d3:e0:e7:c6:f6:ce:cf:4e:
         fe:68:a6:d5:9f:aa:cc:54:9c:fe:8f:75:23:42:0c:cc:da:54:
         a0:6a:ac:f5:30:0c:15:ef:29:1e:31:02:7b:f1:2e:60:28:e1:
         ba:b3:71:be:c4:d6:ee:d0:ad:a2:a1:2f:5b:fd:63:83:b3:49:
         5a:53:04:a8:3d:72:fb:e5:64:6d:b0:95:03:0e:1b:97:82:6f:
         3a:35:ff:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3PI/IF2V1GnzyPI+GBpjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjQwMTAxMTYzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmVjYWRmNTBmNzliYjE3NDk0ZGY0MjkyMWMyMjUyNWNmOWQzNzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLiWVIQRQwWljl+zsr+aF5+ldiFK
TkmY7r9cbrXeqf6vKqHKZtebWFediU56j8Forw4jKm1YeEtGeL2BOr+urunF5rWe
DEOor/RA+cQrCZId8QoXYqyrdHp9BQ23t5QhZJWjO2A35HwJw0JQia+oW6PriZka
57s/Mx8s8TEpXQGsfq9ALyahTDSE0sFq/yqXa+RxtDm7S+u+9zgajOlph9qgZg/1
QBpeW0m8DvYUECBSsmL9+O73bqKr+XH1BTo82VFIvBusn3QnDw05q0E6DNF6Q5yh
veVVAjqyDq8B9q8QHa3aKuG5OgnX4lh8NKBUqasFhIZJXl/gFINH1kguVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHbsrfUPebsXSU30KSHCJSXPnTeZMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvZHV5dDlROTV1eGRKVGZRcEljSWxKYy1kTjVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg8GBxBw
MA0GCSqGSIb3DQEBCwUAA4IBAQCm0IkOlB4xCc3dtYv+lVhzkf4rmlTHO6H5/hDi
+mVKIkIbLzn0gPr23HSc/aGQynHp5aULG47yNKe06g2ssXZ7ZHvP5we9oTasI/9U
k6iiXLFk2aJ5lCM5zJ2ykxMKfvo7zy0FHkWvVmKH9IkpClIJ9nGg7edX2B3cqAOL
lMXStijpzrL6QZKtTzO13X9hd4C/FT2/Fn6W0uySgTDu+a8r/GrKSl4jp3lB400Y
0+DnxvbOz07+aKbVn6rMVJz+j3UjQgzM2lSgaqz1MAwV7ykeMQJ78S5gKOG6s3G+
xNbu0K2ioS9b/WODs0laUwSoPXL75WRtsJUDDhuXgm86Nf8b
-----END CERTIFICATE-----