Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/bl3h6ZfVwEVOk_eL1exW7PNMl50.roa
File:                     bl3h6ZfVwEVOk_eL1exW7PNMl50.roa (raw, json)
Hash identifier:          M12cQClWea/9NN++58y0yTG/Rzc4VSzz8tlCaFI/s2E=
Subject key identifier:   6E:5D:E1:E9:97:D5:C0:45:4E:93:F7:8B:D5:EC:56:EC:F3:4C:97:9D
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018CC348C5CF827E02591528545A48168A6E
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/bl3h6ZfVwEVOk_eL1exW7PNMl50.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57831
IP address blocks:        2a07:8f40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c5:cf:82:7e:02:59:15:28:54:5a:48:16:8a:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e5de1e997d5c0454e93f78bd5ec56ecf34c979d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:79:6e:92:c9:dd:ff:6d:09:17:2d:1f:1a:cd:
                    b8:b9:aa:0a:ad:6b:14:71:28:e1:b4:ac:d9:f0:0d:
                    f8:44:c1:7d:2a:8a:a1:fe:2c:ec:0e:9c:12:c7:4b:
                    d8:01:cf:91:5a:1a:9f:70:b5:ef:1b:c4:18:91:f6:
                    f6:4f:87:93:6f:e0:47:c5:43:0e:e6:05:c0:03:b2:
                    74:fc:3a:c8:42:3f:80:5f:fa:be:d5:3b:c2:c4:53:
                    15:03:9a:d1:22:36:9a:e9:4e:6c:7b:c9:0e:a0:63:
                    4b:77:93:89:e8:80:63:83:b3:77:b3:a0:7e:c4:30:
                    9f:3a:5d:0f:67:76:2b:54:a5:0e:66:44:86:59:92:
                    74:13:ac:68:32:61:6b:3f:8f:81:df:2b:8f:dd:13:
                    b6:28:df:eb:20:c9:10:60:aa:3a:3c:cd:b6:81:79:
                    6e:78:31:ee:fd:6a:dc:48:69:60:db:d6:dd:ec:4e:
                    23:1b:bd:da:e4:c8:ed:c5:29:57:47:d9:0f:66:71:
                    af:a6:30:2c:2e:7d:b8:67:b6:89:ad:78:be:10:6f:
                    87:ad:75:0b:bb:b5:76:e5:79:04:bd:e8:25:ab:d1:
                    09:d5:ff:89:7d:14:0e:c0:2f:df:9a:11:12:5f:c0:
                    f8:a9:34:dd:1b:25:5e:b8:90:f8:dd:ba:86:79:cd:
                    0b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:5D:E1:E9:97:D5:C0:45:4E:93:F7:8B:D5:EC:56:EC:F3:4C:97:9D
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/bl3h6ZfVwEVOk_eL1exW7PNMl50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:8f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         87:5e:96:8e:93:8a:ec:85:f3:4e:02:19:98:9f:a7:e5:54:8e:
         e9:aa:5d:f2:2c:18:d1:c9:c5:56:81:ad:84:07:b3:f0:0c:7f:
         81:b5:73:2d:a7:16:41:2e:58:22:0d:e9:c3:b1:2d:1b:0f:7e:
         fb:28:37:2a:df:b3:82:49:f8:0d:6e:e8:5f:57:05:47:bf:67:
         91:06:26:84:c8:07:7a:be:3b:cb:e3:28:a1:79:4d:d8:a1:f1:
         04:6f:93:6b:a1:d6:c6:0b:38:dc:55:6b:36:6e:34:4d:73:a6:
         b6:6c:6d:bc:21:e8:3f:01:95:61:47:33:1c:7f:8c:64:b7:79:
         e4:94:79:ac:aa:b7:f9:d2:da:e6:8d:50:2c:35:3e:98:1f:42:
         67:d1:ec:88:2b:2f:d7:da:25:58:96:7f:30:12:48:ef:44:c2:
         2c:8c:78:af:26:37:e4:4c:99:0a:af:04:4c:5b:19:73:cb:55:
         69:ac:c5:a1:7c:32:09:99:b6:3f:c2:cc:6a:b5:a4:d4:d5:29:
         6e:f2:c8:25:64:3d:14:f5:64:37:5b:e0:de:dc:a3:92:dd:f8:
         55:19:e0:f4:86:67:28:45:50:84:af:e7:33:83:44:bc:29:a4:
         15:d4:4d:85:88:ac:99:45:04:ca:7c:77:b3:37:3c:f9:a1:4c:
         f6:2b:98:17
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSMXPgn4CWRUoVFpIFopuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTVkZTFlOTk3ZDVjMDQ1NGU5M2Y3OGJkNWVjNTZlY2YzNGM5NzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0nluksnd/20JFy0fGs24uaoKrWsU
cSjhtKzZ8A34RMF9Koqh/izsDpwSx0vYAc+RWhqfcLXvG8QYkfb2T4eTb+BHxUMO
5gXAA7J0/DrIQj+AX/q+1TvCxFMVA5rRIjaa6U5se8kOoGNLd5OJ6IBjg7N3s6B+
xDCfOl0PZ3YrVKUOZkSGWZJ0E6xoMmFrP4+B3yuP3RO2KN/rIMkQYKo6PM22gXlu
eDHu/WrcSGlg29bd7E4jG73a5MjtxSlXR9kPZnGvpjAsLn24Z7aJrXi+EG+HrXUL
u7V25XkEveglq9EJ1f+JfRQOwC/fmhESX8D4qTTdGyVeuJD43bqGec0L/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG5d4emX1cBFTpP3i9XsVuzzTJedMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvYmwzaDZaZlZ3RVZPa19lTDFleFc3UE5NbDUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgePQDAN
BgkqhkiG9w0BAQsFAAOCAQEAh16WjpOK7IXzTgIZmJ+n5VSO6apd8iwY0cnFVoGt
hAez8Ax/gbVzLacWQS5YIg3pw7EtGw9++yg3Kt+zgkn4DW7oX1cFR79nkQYmhMgH
er47y+MooXlN2KHxBG+Ta6HWxgs43FVrNm40TXOmtmxtvCHoPwGVYUczHH+MZLd5
5JR5rKq3+dLa5o1QLDU+mB9CZ9HsiCsv19olWJZ/MBJI70TCLIx4ryY35EyZCq8E
TFsZc8tVaazFoXwyCZm2P8LMarWk1NUpbvLIJWQ9FPVkN1vg3tyjkt34VRng9IZn
KEVQhK/nM4NEvCmkFdRNhYismUUEynx3szc8+aFM9iuYFw==
-----END CERTIFICATE-----