Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/ljOECjxCaKi4YYx04AHYCJJ3dBI.roa
File:                     ljOECjxCaKi4YYx04AHYCJJ3dBI.roa (raw, json)
Hash identifier:          3CTGo4lSOvxCSvwiolFrIYiJHbPjbzKfZDCNaquXDaw=
Subject key identifier:   96:33:84:0A:3C:42:68:A8:B8:61:8C:74:E0:01:D8:08:92:77:74:12
Certificate issuer:       /CN=7021d7528be713a4ba2cb4db5e58d64d882eb555
Certificate serial:       019001D2402DB827CC878BFEAB74579E772D
Authority key identifier: 70:21:D7:52:8B:E7:13:A4:BA:2C:B4:DB:5E:58:D6:4D:88:2E:B5:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/ljOECjxCaKi4YYx04AHYCJJ3dBI.roa
Signing time:             Mon 10 Jun 2024 11:04:34 +0000
ROA not before:           Mon 10 Jun 2024 11:04:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207459
IP address blocks:        2a0f:bf00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:50:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:01:d2:40:2d:b8:27:cc:87:8b:fe:ab:74:57:9e:77:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7021d7528be713a4ba2cb4db5e58d64d882eb555
        Validity
            Not Before: Jun 10 11:04:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9633840a3c4268a8b8618c74e001d80892777412
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a3:90:8e:26:63:8b:07:ba:e8:d4:98:b2:37:
                    f8:33:3c:22:ee:65:72:da:7b:f4:cf:62:4b:63:8b:
                    f1:dc:55:37:3c:30:51:5d:8a:21:c5:8c:ef:25:bb:
                    75:c5:08:4d:9d:3e:a1:cd:53:bb:78:a9:39:4f:55:
                    b7:30:c8:a5:0d:50:23:99:f8:fc:bf:23:89:51:b0:
                    89:72:4f:a8:f1:1c:06:42:c8:e8:bf:38:74:c8:33:
                    ed:2e:5f:75:25:49:b3:8d:89:a3:79:b5:44:e7:c8:
                    56:d7:f3:3a:35:f0:f3:19:22:60:f0:32:52:20:c6:
                    72:65:87:5a:6f:a8:e3:a3:31:b3:f2:3c:7c:7b:e8:
                    47:16:98:3e:19:1b:10:51:90:b5:e1:a0:85:97:69:
                    21:76:87:ca:44:73:b6:e5:76:00:c3:fa:63:8d:b7:
                    c6:0b:39:f5:3a:90:f7:8f:77:75:f4:60:d6:db:f1:
                    7c:a9:c3:e3:0a:68:d3:22:01:be:9b:0e:57:cf:d5:
                    f7:db:ee:e8:11:d0:be:a7:af:6d:c2:5b:7b:f2:06:
                    b1:a8:db:82:39:5b:2d:0e:ac:47:6f:34:a3:41:33:
                    aa:0a:8e:99:7f:ba:8f:41:96:9f:53:7a:f1:25:17:
                    e0:5d:f5:cd:f7:87:37:5b:77:94:35:bc:69:bc:61:
                    dc:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:33:84:0A:3C:42:68:A8:B8:61:8C:74:E0:01:D8:08:92:77:74:12
            X509v3 Authority Key Identifier:
                keyid:70:21:D7:52:8B:E7:13:A4:BA:2C:B4:DB:5E:58:D6:4D:88:2E:B5:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/ljOECjxCaKi4YYx04AHYCJJ3dBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:bf00::/32

    Signature Algorithm: sha256WithRSAEncryption
         af:49:8a:c6:72:05:05:4b:d8:69:34:a1:0a:34:16:95:b7:1f:
         5a:e6:ed:1c:7a:85:ce:a5:96:e4:2a:3a:25:92:4f:af:6f:62:
         2b:f0:95:64:eb:48:5d:f4:d5:4a:67:e9:00:8b:44:87:6d:4a:
         32:5a:83:00:e2:e0:72:7e:a5:83:59:e0:a0:d0:30:14:ab:3d:
         4b:cb:1d:7a:56:b2:88:67:8e:12:5b:e2:b7:c8:7b:92:66:c0:
         03:a0:99:1b:16:d3:c7:92:92:1d:b8:f6:b5:b1:05:dd:29:98:
         fb:42:d9:91:29:33:b3:44:24:2e:30:3d:77:e3:74:f0:55:6a:
         90:3d:04:2c:c5:5c:42:37:4d:89:4a:68:d6:22:c6:99:e0:52:
         ec:06:f1:fd:aa:f1:bd:1a:ff:c2:7a:c6:f2:86:49:54:d4:5f:
         26:d6:9c:97:31:c9:1a:f7:5a:c7:1e:9b:82:1f:42:9a:e0:ed:
         33:bc:13:05:a6:67:8b:f7:de:3a:97:bd:26:a0:6d:73:24:97:
         47:ab:1a:1b:4f:fc:c0:b8:b8:8f:f8:4f:49:00:29:8d:e2:83:
         db:18:41:eb:d8:71:ed:93:33:81:13:70:1e:98:86:b7:85:f5:
         ee:aa:d6:42:52:09:f8:d1:2a:96:12:5c:f9:f4:a5:95:07:34:
         bb:e6:7d:09
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZAB0kAtuCfMh4v+q3RXnnctMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMjFkNzUyOGJlNzEzYTRiYTJjYjRkYjVlNThkNjRkODgy
ZWI1NTUwHhcNMjQwNjEwMTEwNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjMzODQwYTNjNDI2OGE4Yjg2MThjNzRlMDAxZDgwODkyNzc3NDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKOQjiZjiwe66NSYsjf4Mzwi7mVy
2nv0z2JLY4vx3FU3PDBRXYohxYzvJbt1xQhNnT6hzVO7eKk5T1W3MMilDVAjmfj8
vyOJUbCJck+o8RwGQsjovzh0yDPtLl91JUmzjYmjebVE58hW1/M6NfDzGSJg8DJS
IMZyZYdab6jjozGz8jx8e+hHFpg+GRsQUZC14aCFl2khdofKRHO25XYAw/pjjbfG
Czn1OpD3j3d19GDW2/F8qcPjCmjTIgG+mw5Xz9X32+7oEdC+p69twlt78gaxqNuC
OVstDqxHbzSjQTOqCo6Zf7qPQZafU3rxJRfgXfXN94c3W3eUNbxpvGHc5QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJYzhAo8QmiouGGMdOAB2AiSd3QSMB8GA1UdIwQY
MBaAFHAh11KL5xOkuiy0215Y1k2ILrVVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0NIWFVvdm5FNlM2TExUYlhsaldUWWd1dFZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8wMWIwYzAtMWI4Ny00ZDZmLTllOTAt
OTI4MWYwZDIzZGJmLzEvbGpPRUNqeENhS2k0WVl4MDRBSFlDSkozZEJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8wMWIwYzAtMWI4Ny00ZDZmLTllOTAtOTI4MWYwZDIzZGJm
LzEvY0NIWFVvdm5FNlM2TExUYlhsaldUWWd1dFZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg+/ADAN
BgkqhkiG9w0BAQsFAAOCAQEAr0mKxnIFBUvYaTShCjQWlbcfWubtHHqFzqWW5Co6
JZJPr29iK/CVZOtIXfTVSmfpAItEh21KMlqDAOLgcn6lg1ngoNAwFKs9S8sdelay
iGeOElvit8h7kmbAA6CZGxbTx5KSHbj2tbEF3SmY+0LZkSkzs0QkLjA9d+N08FVq
kD0ELMVcQjdNiUpo1iLGmeBS7Abx/arxvRr/wnrG8oZJVNRfJtaclzHJGvdaxx6b
gh9CmuDtM7wTBaZni/feOpe9JqBtcySXR6saG0/8wLi4j/hPSQApjeKD2xhB69hx
7ZMzgRNwHpiGt4X17qrWQlIJ+NEqlhJc+fSllQc0u+Z9CQ==
-----END CERTIFICATE-----