Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/dfb94c-fdf4-4972-9ad8-7d697337137b/1/km9tLek0zvYwuUXNwBpmIAxeIME.roa
File:                     km9tLek0zvYwuUXNwBpmIAxeIME.roa (raw, json)
Hash identifier:          8ok4LK4wYi/aUVmvyUxG+WG0c2pSSdCz7xY6Qozo1vc=
Subject key identifier:   92:6F:6D:2D:E9:34:CE:F6:30:B9:45:CD:C0:1A:66:20:0C:5E:20:C1
Certificate issuer:       /CN=093509e7ec68fe2d943407d5dd126a0f596f2ab5
Certificate serial:       018F32EF5A2635994C845E8DEC68A2387A00
Authority key identifier: 09:35:09:E7:EC:68:FE:2D:94:34:07:D5:DD:12:6A:0F:59:6F:2A:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTUJ5-xo_i2UNAfV3RJqD1lvKrU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/dfb94c-fdf4-4972-9ad8-7d697337137b/1/km9tLek0zvYwuUXNwBpmIAxeIME.roa
Signing time:             Wed 01 May 2024 06:54:58 +0000
ROA not before:           Wed 01 May 2024 06:54:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47959
IP address blocks:        2a00:1b80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/dfb94c-fdf4-4972-9ad8-7d697337137b/1/CTUJ5-xo_i2UNAfV3RJqD1lvKrU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/dfb94c-fdf4-4972-9ad8-7d697337137b/1/CTUJ5-xo_i2UNAfV3RJqD1lvKrU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTUJ5-xo_i2UNAfV3RJqD1lvKrU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:32:ef:5a:26:35:99:4c:84:5e:8d:ec:68:a2:38:7a:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093509e7ec68fe2d943407d5dd126a0f596f2ab5
        Validity
            Not Before: May  1 06:54:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=926f6d2de934cef630b945cdc01a66200c5e20c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:da:7c:26:e9:6b:f4:9f:d3:86:9e:c4:49:5a:
                    08:67:bc:a5:f6:27:34:37:39:7f:2b:ce:a0:03:cb:
                    d7:c4:62:18:2f:8b:96:5f:b7:6d:4b:d6:ae:5f:3a:
                    2d:49:8c:9e:a3:aa:a0:f6:30:25:e9:99:1f:70:20:
                    70:3f:9a:ef:9b:ca:c3:92:4b:81:98:5e:2f:91:55:
                    43:73:ed:45:f8:c2:2e:e5:39:a8:d1:46:cc:63:9b:
                    ec:77:d0:67:b2:ad:34:a9:d0:d1:fc:3b:8b:17:dd:
                    5e:1e:3d:61:59:13:dd:5d:2c:01:7b:6e:b3:37:02:
                    af:bc:a0:28:9a:46:d0:6f:f2:35:16:fe:02:74:3d:
                    3a:ea:93:76:4c:bd:21:7d:08:f2:7b:7f:ad:ef:b0:
                    bf:34:f7:8f:c4:07:f5:54:ee:3f:53:73:5b:a5:cd:
                    b9:41:c4:e5:4a:13:af:33:8c:5a:4c:43:86:48:26:
                    a0:dd:b9:cc:86:6d:c5:e5:dd:f0:35:cf:a9:d4:65:
                    14:d6:a8:bc:12:b1:78:ed:39:71:4b:21:43:17:cf:
                    55:f5:0d:27:93:8e:c4:72:36:e3:15:60:7a:59:43:
                    f8:c5:d2:40:ff:04:cd:cb:d0:bd:78:80:99:57:6d:
                    d2:c5:df:5f:16:49:62:dd:60:9e:a7:b1:b5:b3:64:
                    c1:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:6F:6D:2D:E9:34:CE:F6:30:B9:45:CD:C0:1A:66:20:0C:5E:20:C1
            X509v3 Authority Key Identifier:
                keyid:09:35:09:E7:EC:68:FE:2D:94:34:07:D5:DD:12:6A:0F:59:6F:2A:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTUJ5-xo_i2UNAfV3RJqD1lvKrU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/dfb94c-fdf4-4972-9ad8-7d697337137b/1/km9tLek0zvYwuUXNwBpmIAxeIME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/dfb94c-fdf4-4972-9ad8-7d697337137b/1/CTUJ5-xo_i2UNAfV3RJqD1lvKrU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:0a:90:27:f8:e7:45:07:d6:c3:cd:37:e7:48:09:3a:dc:86:
         16:1c:e0:1e:07:35:15:48:05:b9:2c:4e:5c:38:78:b1:08:25:
         4a:8d:47:42:e7:97:7f:8b:e7:7b:c0:c2:6d:79:b4:f9:91:81:
         65:26:26:be:e1:64:90:4f:1b:08:96:1e:aa:01:b3:f4:27:b3:
         72:99:3b:f4:0c:28:a1:00:01:b2:20:fd:e0:13:96:c9:3f:95:
         1b:5d:69:a9:4c:be:26:86:f0:37:33:fe:0c:4e:c6:fa:ac:a2:
         e0:ea:4d:26:5d:1a:7d:02:50:f4:29:b9:87:b8:e3:71:30:13:
         db:6c:47:d6:a2:fd:a6:a3:13:74:a1:5f:13:cc:60:34:47:15:
         5a:3e:85:e3:f0:89:8d:5b:58:45:21:ba:17:2e:f0:4e:97:99:
         05:fa:73:b9:15:d8:41:ef:dd:93:7d:a0:d5:3d:5c:8b:1e:68:
         0c:41:6f:7e:e7:82:87:03:b1:78:4a:89:7d:b8:0b:67:a5:62:
         e3:75:a5:21:10:20:a7:27:e6:82:63:d4:fd:7b:d6:78:7b:14:
         3f:8e:e9:62:bd:fc:b2:64:a2:dd:ad:d9:7e:65:fc:39:17:15:
         ce:76:e0:5a:bb:c0:b6:8d:c4:39:c2:f8:96:b5:1a:42:ff:1b:
         9b:d9:f2:e0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8y71omNZlMhF6N7GiiOHoAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzUwOWU3ZWM2OGZlMmQ5NDM0MDdkNWRkMTI2YTBmNTk2
ZjJhYjUwHhcNMjQwNTAxMDY1NDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjZmNmQyZGU5MzRjZWY2MzBiOTQ1Y2RjMDFhNjYyMDBjNWUyMGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9p8Julr9J/Thp7ESVoIZ7yl9ic0
Nzl/K86gA8vXxGIYL4uWX7dtS9auXzotSYyeo6qg9jAl6ZkfcCBwP5rvm8rDkkuB
mF4vkVVDc+1F+MIu5Tmo0UbMY5vsd9Bnsq00qdDR/DuLF91eHj1hWRPdXSwBe26z
NwKvvKAomkbQb/I1Fv4CdD066pN2TL0hfQjye3+t77C/NPePxAf1VO4/U3Nbpc25
QcTlShOvM4xaTEOGSCag3bnMhm3F5d3wNc+p1GUU1qi8ErF47TlxSyFDF89V9Q0n
k47EcjbjFWB6WUP4xdJA/wTNy9C9eICZV23Sxd9fFkli3WCep7G1s2TBjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJJvbS3pNM72MLlFzcAaZiAMXiDBMB8GA1UdIwQY
MBaAFAk1CefsaP4tlDQH1d0Sag9Zbyq1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1RVSjUteG9faTJVTkFmVjNSSnFEMWx2S3JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9kZmI5NGMtZmRmNC00OTcyLTlhZDgt
N2Q2OTczMzcxMzdiLzEva205dExlazB6dll3dVVYTndCcG1JQXhlSU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9kZmI5NGMtZmRmNC00OTcyLTlhZDgtN2Q2OTczMzcxMzdi
LzEvQ1RVSjUteG9faTJVTkFmVjNSSnFEMWx2S3JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgAbgDAN
BgkqhkiG9w0BAQsFAAOCAQEAXwqQJ/jnRQfWw80350gJOtyGFhzgHgc1FUgFuSxO
XDh4sQglSo1HQueXf4vne8DCbXm0+ZGBZSYmvuFkkE8bCJYeqgGz9Cezcpk79Awo
oQABsiD94BOWyT+VG11pqUy+JobwNzP+DE7G+qyi4OpNJl0afQJQ9Cm5h7jjcTAT
22xH1qL9pqMTdKFfE8xgNEcVWj6F4/CJjVtYRSG6Fy7wTpeZBfpzuRXYQe/dk32g
1T1cix5oDEFvfueChwOxeEqJfbgLZ6Vi43WlIRAgpyfmgmPU/XvWeHsUP47pYr38
smSi3a3ZfmX8ORcVznbgWrvAto3EOcL4lrUaQv8bm9ny4A==
-----END CERTIFICATE-----