Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/I_aaeVvnKgshB7KF5lbcb6DusVY.roa
File:                     I_aaeVvnKgshB7KF5lbcb6DusVY.roa (raw, json)
Hash identifier:          UbnYr3Vs5XE11hZtsD667pafCpJHsLcFULsP3T6sqDA=
Subject key identifier:   23:F6:9A:79:5B:E7:2A:0B:21:07:B2:85:E6:56:DC:6F:A0:EE:B1:56
Certificate issuer:       /CN=d3abf8f4cdf8963a182da0cdf908c38447fa7a09
Certificate serial:       0190B557E485E4F4279414B893CFAC339624
Authority key identifier: D3:AB:F8:F4:CD:F8:96:3A:18:2D:A0:CD:F9:08:C3:84:47:FA:7A:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/I_aaeVvnKgshB7KF5lbcb6DusVY.roa
Signing time:             Mon 15 Jul 2024 07:42:34 +0000
ROA not before:           Mon 15 Jul 2024 07:42:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211895
IP address blocks:        2a07:52c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b5:57:e4:85:e4:f4:27:94:14:b8:93:cf:ac:33:96:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3abf8f4cdf8963a182da0cdf908c38447fa7a09
        Validity
            Not Before: Jul 15 07:42:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23f69a795be72a0b2107b285e656dc6fa0eeb156
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d4:d5:70:9b:94:3b:02:f7:77:c5:39:94:69:
                    cc:9e:bd:c1:8f:6d:3e:4b:8c:4e:a9:18:b0:54:c5:
                    a7:3b:f7:6b:76:e8:14:27:a6:80:d5:88:f0:13:72:
                    c6:84:6f:a2:8d:ec:e6:fb:94:dc:69:c6:97:d5:e7:
                    c3:2a:84:a1:9c:bc:ec:7d:e5:3d:f5:6a:24:15:47:
                    37:ad:2a:48:fa:09:25:2b:8d:ee:03:66:bb:fc:d1:
                    bc:09:9e:c0:cc:8c:c3:b8:e4:e4:18:8c:31:e7:6d:
                    1e:38:8a:00:e4:16:e2:96:52:15:d9:b5:bf:ff:04:
                    39:de:f6:94:9e:fc:90:cb:90:1a:1c:30:fd:c4:0d:
                    3d:b0:16:0e:e1:d9:83:f8:2e:1e:bf:70:ed:b2:eb:
                    bd:97:ac:ae:38:95:c1:f5:41:01:76:fd:cf:12:7a:
                    9f:34:39:66:9e:10:fe:37:9d:1b:7f:e7:cb:ef:21:
                    96:08:38:f1:0f:c8:9b:74:0d:63:6b:47:6a:eb:36:
                    ee:f1:aa:1f:90:aa:66:3d:9a:27:d5:be:b3:26:b0:
                    6d:80:87:98:60:6f:ac:2d:39:4e:03:52:1f:14:9e:
                    f8:85:02:9e:0e:dc:d3:d3:85:53:d6:1b:8f:65:1a:
                    19:8f:d9:77:17:b9:8a:5e:61:c7:87:91:41:96:4e:
                    72:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:F6:9A:79:5B:E7:2A:0B:21:07:B2:85:E6:56:DC:6F:A0:EE:B1:56
            X509v3 Authority Key Identifier:
                keyid:D3:AB:F8:F4:CD:F8:96:3A:18:2D:A0:CD:F9:08:C3:84:47:FA:7A:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/I_aaeVvnKgshB7KF5lbcb6DusVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:52c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a1:cc:8f:2b:c6:56:18:71:d1:72:bc:be:25:c8:01:b1:f7:17:
         54:8f:37:b4:3f:fd:e9:8c:73:d5:13:be:8b:59:31:eb:a3:30:
         ba:5d:67:c6:fa:8d:6c:c4:da:a8:71:8c:b9:cf:26:28:82:e3:
         74:10:a7:50:1b:e4:85:62:48:e1:31:7f:28:67:09:49:88:9a:
         08:b2:67:25:77:da:a4:9a:ec:3e:8f:54:47:e5:17:6c:8c:0f:
         b1:87:9b:5c:05:b3:2a:9e:c2:6e:3e:a0:4b:8f:e9:ea:24:4f:
         fd:86:0c:b0:0d:d7:9f:75:f2:e8:3f:47:9e:ba:ac:35:51:f9:
         27:04:2b:b9:6f:07:7a:0b:de:8c:60:14:7b:36:7a:2a:c0:61:
         c1:05:28:b3:17:45:cb:1d:22:b3:5b:5c:2d:8c:ca:0d:ad:a6:
         f6:a7:77:40:e0:6c:2c:07:d7:41:19:cf:43:c8:38:1c:90:d7:
         90:71:46:ff:cd:3d:56:34:8e:27:f2:45:2c:f4:18:39:98:f8:
         72:ec:66:c9:28:18:06:97:a6:be:9c:25:8e:85:75:3f:ba:61:
         cd:59:20:06:32:3d:12:71:dc:aa:45:89:ec:fd:27:32:31:ea:
         bc:5a:68:68:cd:15:95:db:b4:4f:53:74:e5:e7:d8:ca:47:28:
         5b:82:ad:7b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZC1V+SF5PQnlBS4k8+sM5YkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYWJmOGY0Y2RmODk2M2ExODJkYTBjZGY5MDhjMzg0NDdm
YTdhMDkwHhcNMjQwNzE1MDc0MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2Y2OWE3OTViZTcyYTBiMjEwN2IyODVlNjU2ZGM2ZmEwZWViMTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstTVcJuUOwL3d8U5lGnMnr3Bj20+
S4xOqRiwVMWnO/drdugUJ6aA1YjwE3LGhG+ijezm+5TcacaX1efDKoShnLzsfeU9
9WokFUc3rSpI+gklK43uA2a7/NG8CZ7AzIzDuOTkGIwx520eOIoA5BbillIV2bW/
/wQ53vaUnvyQy5AaHDD9xA09sBYO4dmD+C4ev3Dtsuu9l6yuOJXB9UEBdv3PEnqf
NDlmnhD+N50bf+fL7yGWCDjxD8ibdA1ja0dq6zbu8aofkKpmPZon1b6zJrBtgIeY
YG+sLTlOA1IfFJ74hQKeDtzT04VT1huPZRoZj9l3F7mKXmHHh5FBlk5y8QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCP2mnlb5yoLIQeyheZW3G+g7rFWMB8GA1UdIwQY
MBaAFNOr+PTN+JY6GC2gzfkIw4RH+noJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDZ2NDlNMzRsam9ZTGFETi1RakRoRWY2ZWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yNmQxOTMtNDBjMi00MTdiLWJkNTIt
NWMxMGJkYjg2NmUwLzEvSV9hYWVWdm5LZ3NoQjdLRjVsYmNiNkR1c1ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yNmQxOTMtNDBjMi00MTdiLWJkNTItNWMxMGJkYjg2NmUw
LzEvMDZ2NDlNMzRsam9ZTGFETi1RakRoRWY2ZWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgdSwDAN
BgkqhkiG9w0BAQsFAAOCAQEAocyPK8ZWGHHRcry+JcgBsfcXVI83tD/96Yxz1RO+
i1kx66Mwul1nxvqNbMTaqHGMuc8mKILjdBCnUBvkhWJI4TF/KGcJSYiaCLJnJXfa
pJrsPo9UR+UXbIwPsYebXAWzKp7Cbj6gS4/p6iRP/YYMsA3Xn3Xy6D9HnrqsNVH5
JwQruW8HegvejGAUezZ6KsBhwQUosxdFyx0is1tcLYzKDa2m9qd3QOBsLAfXQRnP
Q8g4HJDXkHFG/809VjSOJ/JFLPQYOZj4cuxmySgYBpemvpwljoV1P7phzVkgBjI9
EnHcqkWJ7P0nMjHqvFpoaM0Vldu0T1N05efYykcoW4Ktew==
-----END CERTIFICATE-----