Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/cJfy5t-6ngE8M8Xv2CyiDGzIJu8.roa
File:                     cJfy5t-6ngE8M8Xv2CyiDGzIJu8.roa (raw, json)
Hash identifier:          4mwQR1Fs2XPMSZGTAbNb1uO3WtHn+HYQUW3BzhiZVQU=
Subject key identifier:   70:97:F2:E6:DF:BA:9E:01:3C:33:C5:EF:D8:2C:A2:0C:6C:C8:26:EF
Certificate issuer:       /CN=97530cab3bae5b529fabeb9979bd685f7b2bdab3
Certificate serial:       018E13BD0F899AB24D7FFFBFAAFE2897ECD9
Authority key identifier: 97:53:0C:AB:3B:AE:5B:52:9F:AB:EB:99:79:BD:68:5F:7B:2B:DA:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/cJfy5t-6ngE8M8Xv2CyiDGzIJu8.roa
Signing time:             Wed 06 Mar 2024 12:29:01 +0000
ROA not before:           Wed 06 Mar 2024 12:29:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215655
IP address blocks:        2a05:7a80:ffff::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:13:bd:0f:89:9a:b2:4d:7f:ff:bf:aa:fe:28:97:ec:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97530cab3bae5b529fabeb9979bd685f7b2bdab3
        Validity
            Not Before: Mar  6 12:29:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7097f2e6dfba9e013c33c5efd82ca20c6cc826ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ec:0f:55:93:c7:64:30:59:68:65:20:5b:1d:
                    5a:0f:fb:24:0d:c2:73:38:b9:6d:37:63:d3:9f:d5:
                    a9:fc:6d:dd:8a:3a:c3:8e:4f:06:ff:01:69:7e:c0:
                    6d:10:f4:0b:b9:e0:3d:b1:5d:4a:5f:92:0f:51:bc:
                    1c:d8:75:10:6a:15:46:9e:00:55:1c:82:2f:1a:6f:
                    62:ae:11:74:94:a3:49:f3:b1:ab:c0:d5:72:04:b6:
                    dd:c8:13:4c:4a:c2:6a:81:66:31:28:81:cd:69:41:
                    32:60:8b:2c:b3:f9:60:e7:60:4a:96:cc:2c:34:4e:
                    b8:21:88:f7:5d:5d:53:a4:83:a5:dc:90:29:1d:6d:
                    dd:29:11:a4:0a:19:11:ef:63:12:49:ac:7e:e5:ca:
                    8a:f3:6c:1e:40:94:d6:75:8d:35:62:97:d2:91:2f:
                    9a:04:93:fe:73:e0:08:87:d0:61:09:ce:8e:89:5b:
                    4b:c2:1b:fd:f7:21:80:3d:e6:a5:fc:0a:e6:ef:3e:
                    6f:3c:88:0c:9c:21:d8:2f:8b:0f:a4:fe:1d:ad:dd:
                    4c:16:28:17:f5:72:23:5e:6b:57:06:02:dc:ab:d5:
                    f4:14:a9:b3:e6:03:4c:30:b6:08:de:49:d7:ee:9a:
                    59:7c:55:d8:55:69:10:14:f6:4a:4a:14:86:d8:8e:
                    3b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:97:F2:E6:DF:BA:9E:01:3C:33:C5:EF:D8:2C:A2:0C:6C:C8:26:EF
            X509v3 Authority Key Identifier:
                keyid:97:53:0C:AB:3B:AE:5B:52:9F:AB:EB:99:79:BD:68:5F:7B:2B:DA:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/cJfy5t-6ngE8M8Xv2CyiDGzIJu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:7a80:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:50:5a:8d:7b:56:7d:c3:d7:45:38:c6:69:74:74:da:49:85:
         48:82:2a:4f:1d:0b:9b:50:36:1a:40:ad:b0:fa:d5:95:c8:63:
         5e:77:98:95:f2:d8:d7:c9:53:49:ad:98:5d:ae:5f:ff:27:a7:
         49:da:a5:8c:43:f2:e0:19:ce:99:d8:d4:97:44:37:2f:bc:47:
         64:8d:37:da:f9:fa:c9:da:53:28:07:31:e1:3d:f7:c9:8f:75:
         e7:c3:74:38:4a:91:83:0d:bf:c2:29:25:12:44:3e:54:ee:c0:
         ed:6a:91:46:01:b7:dd:30:db:d0:62:a8:08:b7:3d:ea:4b:10:
         3e:a5:a8:d2:11:a3:24:8e:51:7f:18:5a:d3:07:16:49:5d:8f:
         21:a2:b7:0b:ec:57:a4:cb:85:f3:00:21:7f:2e:c7:cf:0f:4e:
         29:44:07:b9:d7:ca:e9:62:d7:a9:4a:a4:4b:7a:3e:73:2b:a4:
         e0:4d:b8:3d:2e:a9:1a:82:33:0b:ff:35:0c:ee:c2:85:64:b7:
         de:25:28:98:af:94:80:17:bd:fd:1a:e3:df:0e:27:75:cf:6d:
         cd:e0:5d:02:6b:0a:b9:47:8d:5e:e9:83:c4:9c:56:de:db:23:
         98:fa:d0:a7:d9:9f:b3:30:62:54:4f:b6:82:c9:d5:7c:ac:74:
         3b:2d:85:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4TvQ+JmrJNf/+/qv4ol+zZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NTMwY2FiM2JhZTViNTI5ZmFiZWI5OTc5YmQ2ODVmN2Iy
YmRhYjMwHhcNMjQwMzA2MTIyOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDk3ZjJlNmRmYmE5ZTAxM2MzM2M1ZWZkODJjYTIwYzZjYzgyNmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+wPVZPHZDBZaGUgWx1aD/skDcJz
OLltN2PTn9Wp/G3dijrDjk8G/wFpfsBtEPQLueA9sV1KX5IPUbwc2HUQahVGngBV
HIIvGm9irhF0lKNJ87GrwNVyBLbdyBNMSsJqgWYxKIHNaUEyYIsss/lg52BKlsws
NE64IYj3XV1TpIOl3JApHW3dKRGkChkR72MSSax+5cqK82weQJTWdY01YpfSkS+a
BJP+c+AIh9BhCc6OiVtLwhv99yGAPeal/Arm7z5vPIgMnCHYL4sPpP4drd1MFigX
9XIjXmtXBgLcq9X0FKmz5gNMMLYI3knX7ppZfFXYVWkQFPZKShSG2I47oQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHCX8ubfup4BPDPF79gsogxsyCbvMB8GA1UdIwQY
MBaAFJdTDKs7rltSn6vrmXm9aF97K9qzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDFNTXF6dXVXMUtmcS11WmViMW9YM3NyMnJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS82MjUyZjktNjc4Ny00MDZhLWI5MWYt
OWNmYTJjN2Q4MTZlLzEvY0pmeTV0LTZuZ0U4TThYdjJDeWlER3pJSnU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS82MjUyZjktNjc4Ny00MDZhLWI5MWYtOWNmYTJjN2Q4MTZl
LzEvbDFNTXF6dXVXMUtmcS11WmViMW9YM3NyMnJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgV6gP//
MA0GCSqGSIb3DQEBCwUAA4IBAQCOUFqNe1Z9w9dFOMZpdHTaSYVIgipPHQubUDYa
QK2w+tWVyGNed5iV8tjXyVNJrZhdrl//J6dJ2qWMQ/LgGc6Z2NSXRDcvvEdkjTfa
+frJ2lMoBzHhPffJj3Xnw3Q4SpGDDb/CKSUSRD5U7sDtapFGAbfdMNvQYqgItz3q
SxA+pajSEaMkjlF/GFrTBxZJXY8horcL7Feky4XzACF/LsfPD04pRAe518rpYtep
SqRLej5zK6TgTbg9LqkagjML/zUM7sKFZLfeJSiYr5SAF739GuPfDid1z23N4F0C
awq5R41e6YPEnFbe2yOY+tCn2Z+zMGJUT7aCydV8rHQ7LYVK
-----END CERTIFICATE-----