Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/RuSR5j58BZO671JQZDsJI3x-4V0.roa
File:                     RuSR5j58BZO671JQZDsJI3x-4V0.roa (raw, json)
Hash identifier:          GhK8qrVUIacjC6eNrQzbq3mbtWDqKXfYDU4u8AsyYhE=
Subject key identifier:   46:E4:91:E6:3E:7C:05:93:BA:EF:52:50:64:3B:09:23:7C:7E:E1:5D
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       018FF2F8E2630CE32848CC93B43842DFCEFA
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/RuSR5j58BZO671JQZDsJI3x-4V0.roa
Signing time:             Fri 07 Jun 2024 13:52:28 +0000
ROA not before:           Fri 07 Jun 2024 13:52:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201380
IP address blocks:        2a10:59c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f2:f8:e2:63:0c:e3:28:48:cc:93:b4:38:42:df:ce:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Jun  7 13:52:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46e491e63e7c0593baef5250643b09237c7ee15d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:5f:e2:1f:1c:a7:29:a7:12:15:ee:15:09:3b:
                    98:5e:6d:1c:5e:81:59:02:5b:7a:99:5a:2b:a4:ca:
                    a5:81:67:39:34:19:3e:e6:59:70:74:da:6f:b6:cd:
                    a3:91:d0:91:8d:23:f2:c4:c8:8f:68:07:52:5b:e7:
                    90:41:e7:22:68:f7:28:ab:2a:38:c0:8c:f3:73:d1:
                    17:85:ac:0e:79:01:dd:e7:17:38:da:46:0e:7f:20:
                    45:15:60:ff:d5:41:cc:75:63:00:bb:1b:9f:50:d8:
                    51:a8:25:ef:44:3a:62:52:a8:ee:8a:72:15:25:82:
                    29:2e:cb:b8:b8:42:43:94:15:6a:5f:ad:b3:76:d1:
                    6a:ce:89:de:c0:9a:56:d4:d0:18:74:05:6e:a8:ef:
                    ef:5b:20:6e:1a:90:9f:08:36:68:fe:70:b3:e6:6c:
                    00:ad:02:f9:1b:15:93:d1:c9:9f:19:9f:76:01:bc:
                    cb:17:bf:7e:bf:b9:fb:e6:ec:a9:78:72:88:2e:76:
                    2e:e2:3a:f6:75:ec:a3:ac:28:e9:2a:b9:c8:f0:99:
                    32:b9:eb:6d:69:5e:a9:81:cb:e9:73:56:9a:8f:53:
                    67:8f:43:40:dd:d9:cd:54:2a:24:1c:e8:0b:c5:3d:
                    3e:14:9c:ac:f2:fc:ff:c2:45:d8:88:5e:95:ca:b5:
                    ff:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:E4:91:E6:3E:7C:05:93:BA:EF:52:50:64:3B:09:23:7C:7E:E1:5D
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/RuSR5j58BZO671JQZDsJI3x-4V0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:59c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:41:50:bf:00:3a:2a:b3:97:65:d2:e9:a9:59:dc:b0:d4:9c:
         8a:ac:ba:31:8c:23:f7:36:2d:27:8d:76:a9:51:15:ac:61:15:
         1d:1f:8a:f9:cf:5a:d3:10:f0:93:eb:7e:63:9b:a3:5b:c9:3d:
         e0:77:6c:e8:f1:13:1b:44:e8:8a:a8:66:37:98:bc:d7:4b:15:
         4a:1e:0a:9a:6c:03:80:00:3a:7d:4a:51:45:68:aa:fa:dd:83:
         1d:e4:f2:5d:36:50:98:2c:3d:3b:97:c9:c5:db:5e:a9:49:8e:
         76:32:2f:1f:ed:ce:e2:c5:44:d1:d5:24:b1:60:d4:2d:77:23:
         51:eb:56:27:7e:71:a3:e8:59:d7:e4:9d:a8:cd:e9:05:17:ad:
         9a:ab:35:f3:ab:59:00:d5:28:2c:9a:fd:73:e8:47:df:32:3a:
         0c:2d:26:df:4e:86:15:4c:6d:64:43:80:5a:7c:64:3d:46:db:
         b0:d3:a5:8b:3e:09:e4:2a:d4:19:60:a3:ce:cf:c2:dd:0a:43:
         99:85:eb:c3:8c:c9:bb:f8:e4:c0:3a:ef:f7:64:f1:ec:b3:7f:
         dd:d6:33:61:51:b4:4e:a2:1b:e0:d4:4a:a1:8b:6e:b4:08:e6:
         8b:cb:ba:50:94:6d:11:fd:3b:39:06:35:63:b7:25:b7:47:bc:
         02:0a:76:15
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY/y+OJjDOMoSMyTtDhC3876MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQwNjA3MTM1MjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmU0OTFlNjNlN2MwNTkzYmFlZjUyNTA2NDNiMDkyMzdjN2VlMTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA81/iHxynKacSFe4VCTuYXm0cXoFZ
Alt6mVorpMqlgWc5NBk+5llwdNpvts2jkdCRjSPyxMiPaAdSW+eQQeciaPcoqyo4
wIzzc9EXhawOeQHd5xc42kYOfyBFFWD/1UHMdWMAuxufUNhRqCXvRDpiUqjuinIV
JYIpLsu4uEJDlBVqX62zdtFqzonewJpW1NAYdAVuqO/vWyBuGpCfCDZo/nCz5mwA
rQL5GxWT0cmfGZ92AbzLF79+v7n75uypeHKILnYu4jr2deyjrCjpKrnI8Jkyuett
aV6pgcvpc1aaj1Nnj0NA3dnNVCokHOgLxT0+FJys8vz/wkXYiF6VyrX/0wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEbkkeY+fAWTuu9SUGQ7CSN8fuFdMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvUnVTUjVqNThCWk82NzFKUVpEc0pJM3gtNFYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhBZwDAN
BgkqhkiG9w0BAQsFAAOCAQEAKUFQvwA6KrOXZdLpqVncsNSciqy6MYwj9zYtJ412
qVEVrGEVHR+K+c9a0xDwk+t+Y5ujW8k94Hds6PETG0ToiqhmN5i810sVSh4KmmwD
gAA6fUpRRWiq+t2DHeTyXTZQmCw9O5fJxdteqUmOdjIvH+3O4sVE0dUksWDULXcj
UetWJ35xo+hZ1+SdqM3pBRetmqs186tZANUoLJr9c+hH3zI6DC0m306GFUxtZEOA
WnxkPUbbsNOliz4J5CrUGWCjzs/C3QpDmYXrw4zJu/jkwDrv92Tx7LN/3dYzYVG0
TqIb4NRKoYtutAjmi8u6UJRtEf07OQY1Y7clt0e8Agp2FQ==
-----END CERTIFICATE-----