Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/SD0VWpxpY79sGu0ivm2pu_Bnwqo.roa
File:                     SD0VWpxpY79sGu0ivm2pu_Bnwqo.roa (raw, json)
Hash identifier:          S1kQSQd6L+ZAG3tyBv8RRSdP0jJ6/sV9/VOhpqn3fwk=
Subject key identifier:   48:3D:15:5A:9C:69:63:BF:6C:1A:ED:22:BE:6D:A9:BB:F0:67:C2:AA
Certificate issuer:       /CN=7c3b8877e1a130fe50386c610d6ead5641b97ba6
Certificate serial:       018CC8714AC1B02F3EF29898EA7B05DC0ABD
Authority key identifier: 7C:3B:88:77:E1:A1:30:FE:50:38:6C:61:0D:6E:AD:56:41:B9:7B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDuId-GhMP5QOGxhDW6tVkG5e6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/SD0VWpxpY79sGu0ivm2pu_Bnwqo.roa
Signing time:             Tue 02 Jan 2024 04:31:57 +0000
ROA not before:           Tue 02 Jan 2024 04:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199221
IP address blocks:        2a06:9687::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/fDuId-GhMP5QOGxhDW6tVkG5e6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/fDuId-GhMP5QOGxhDW6tVkG5e6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fDuId-GhMP5QOGxhDW6tVkG5e6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:4a:c1:b0:2f:3e:f2:98:98:ea:7b:05:dc:0a:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3b8877e1a130fe50386c610d6ead5641b97ba6
        Validity
            Not Before: Jan  2 04:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=483d155a9c6963bf6c1aed22be6da9bbf067c2aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:25:31:76:cc:ea:77:f8:ce:c4:48:7a:e2:1d:
                    66:f3:ec:9b:08:bf:a8:c4:bc:59:b2:03:91:ee:0c:
                    1b:f2:aa:32:a7:70:90:2a:8c:dd:3f:df:fb:e3:06:
                    bb:5c:a1:9e:45:2d:fe:56:76:88:c8:8b:88:5e:57:
                    a9:41:32:2e:ff:f8:39:54:51:90:d1:04:55:06:43:
                    cd:ad:72:11:ca:ec:97:5f:17:90:df:1e:9f:91:bf:
                    78:61:52:11:65:0d:90:43:e7:49:cd:03:6a:39:00:
                    40:5c:2b:b6:62:b0:5b:55:32:17:9f:5d:c9:30:0f:
                    28:1c:98:22:d4:8f:58:97:a4:7f:f3:44:f8:88:76:
                    aa:4e:9c:8d:e1:ee:80:e4:6b:25:03:b0:28:6d:6c:
                    ef:99:1f:01:ca:82:82:3b:26:15:a4:47:fc:a6:da:
                    f0:d2:70:2d:52:c3:8c:a6:12:fd:73:b6:98:7f:80:
                    7d:83:2e:c2:9e:9a:55:49:be:7d:15:95:b4:b3:1b:
                    41:24:1a:74:a2:5e:32:a6:69:af:ea:e9:7f:20:8b:
                    11:7e:e3:73:8c:61:61:d0:03:a5:11:65:79:35:39:
                    e3:85:66:cc:da:0f:2f:2e:c2:01:c7:85:2d:d9:97:
                    58:a7:c9:60:b6:42:1b:ff:88:96:b5:bd:17:f4:bf:
                    80:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:3D:15:5A:9C:69:63:BF:6C:1A:ED:22:BE:6D:A9:BB:F0:67:C2:AA
            X509v3 Authority Key Identifier:
                keyid:7C:3B:88:77:E1:A1:30:FE:50:38:6C:61:0D:6E:AD:56:41:B9:7B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDuId-GhMP5QOGxhDW6tVkG5e6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/SD0VWpxpY79sGu0ivm2pu_Bnwqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/fDuId-GhMP5QOGxhDW6tVkG5e6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9687::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:58:85:02:e2:11:27:7c:00:dd:5e:0a:e3:5b:18:2b:b0:cf:
         e2:07:b1:ac:7b:94:42:c8:07:77:a2:ab:93:a4:43:8e:82:78:
         6f:67:49:e9:a3:7e:19:44:b9:85:8d:61:5d:b2:ec:d1:75:10:
         72:75:93:f6:8a:9c:c9:81:32:96:59:fa:43:40:1d:9e:f1:4c:
         d6:2d:78:17:a0:dd:08:52:e6:75:8b:c6:32:ff:18:a9:d5:10:
         92:2f:88:f5:88:c0:3e:31:ca:a0:16:46:61:f7:a1:97:ac:a8:
         84:2a:f9:1f:cc:e1:6a:a3:5f:db:57:55:c2:fd:1d:d9:e1:ba:
         a7:70:74:68:c8:f3:96:64:34:98:7c:2b:94:ef:32:26:01:1c:
         a8:f0:be:7d:79:86:bc:d6:6b:05:6f:b5:9b:9f:c5:56:5b:ed:
         8c:13:9d:05:39:fe:4e:c6:20:74:5d:a6:ab:21:1c:2c:ff:33:
         86:5d:99:ec:57:21:3f:7c:16:40:de:25:e4:a3:4d:60:97:58:
         b3:ba:7d:52:9a:1c:46:db:0f:aa:8b:46:97:33:e2:7b:4e:2c:
         0a:ac:e5:c2:1c:49:fb:08:a5:88:fc:78:45:43:c6:0f:92:b8:
         ae:26:b0:21:3a:b6:22:19:5a:b9:31:63:36:b0:98:d5:0c:78:
         65:93:f9:8b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIcUrBsC8+8piY6nsF3Aq9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2I4ODc3ZTFhMTMwZmU1MDM4NmM2MTBkNmVhZDU2NDFi
OTdiYTYwHhcNMjQwMTAyMDQzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODNkMTU1YTljNjk2M2JmNmMxYWVkMjJiZTZkYTliYmYwNjdjMmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiUxdszqd/jOxEh64h1m8+ybCL+o
xLxZsgOR7gwb8qoyp3CQKozdP9/74wa7XKGeRS3+VnaIyIuIXlepQTIu//g5VFGQ
0QRVBkPNrXIRyuyXXxeQ3x6fkb94YVIRZQ2QQ+dJzQNqOQBAXCu2YrBbVTIXn13J
MA8oHJgi1I9Yl6R/80T4iHaqTpyN4e6A5GslA7AobWzvmR8ByoKCOyYVpEf8ptrw
0nAtUsOMphL9c7aYf4B9gy7CnppVSb59FZW0sxtBJBp0ol4ypmmv6ul/IIsRfuNz
jGFh0AOlEWV5NTnjhWbM2g8vLsIBx4Ut2ZdYp8lgtkIb/4iWtb0X9L+AgQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEg9FVqcaWO/bBrtIr5tqbvwZ8KqMB8GA1UdIwQY
MBaAFHw7iHfhoTD+UDhsYQ1urVZBuXumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR1SWQtR2hNUDVRT0d4aERXNnRWa0c1ZTZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8xN2E3MTItNGU1YS00MGM1LWEzYTIt
MTIwMjVjNTRmNDg0LzEvU0QwVldweHBZNzlzR3UwaXZtMnB1X0Jud3FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8xN2E3MTItNGU1YS00MGM1LWEzYTItMTIwMjVjNTRmNDg0
LzEvZkR1SWQtR2hNUDVRT0d4aERXNnRWa0c1ZTZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgaWhzAN
BgkqhkiG9w0BAQsFAAOCAQEAG1iFAuIRJ3wA3V4K41sYK7DP4gexrHuUQsgHd6Kr
k6RDjoJ4b2dJ6aN+GUS5hY1hXbLs0XUQcnWT9oqcyYEylln6Q0AdnvFM1i14F6Dd
CFLmdYvGMv8YqdUQki+I9YjAPjHKoBZGYfehl6yohCr5H8zhaqNf21dVwv0d2eG6
p3B0aMjzlmQ0mHwrlO8yJgEcqPC+fXmGvNZrBW+1m5/FVlvtjBOdBTn+TsYgdF2m
qyEcLP8zhl2Z7FchP3wWQN4l5KNNYJdYs7p9UpocRtsPqotGlzPie04sCqzlwhxJ
+wiliPx4RUPGD5K4riawITq2IhlauTFjNrCY1Qx4ZZP5iw==
-----END CERTIFICATE-----