Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/oempqTGTuDtc3IUP17tA6nlInBk.roa
File:                     oempqTGTuDtc3IUP17tA6nlInBk.roa (raw, json)
Hash identifier:          yXDYT4gWgyBOD+syD1Q1qRIVAClXv/dFw7PzP+1qzsA=
Subject key identifier:   A1:E9:A9:A9:31:93:B8:3B:5C:DC:85:0F:D7:BB:40:EA:79:48:9C:19
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       01917015CCFB3A074BBBC0C83C32B6EDF746
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/oempqTGTuDtc3IUP17tA6nlInBk.roa
Signing time:             Tue 20 Aug 2024 13:59:22 +0000
ROA not before:           Tue 20 Aug 2024 13:59:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34907
IP address blocks:        2a06:5cc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:70:15:cc:fb:3a:07:4b:bb:c0:c8:3c:32:b6:ed:f7:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Aug 20 13:59:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1e9a9a93193b83b5cdc850fd7bb40ea79489c19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:6b:90:16:30:a5:bc:0f:6a:6b:bd:bd:96:6e:
                    ab:36:2f:67:a5:a8:6d:28:34:3e:32:b5:59:17:a9:
                    fc:51:68:16:6d:af:c9:24:62:df:39:72:26:20:30:
                    fa:e6:71:fb:97:67:bc:d5:ad:02:bc:e6:a2:85:b9:
                    97:4c:a1:cd:10:1c:af:d5:a9:f7:bc:25:78:dd:e1:
                    c9:8f:70:f3:83:02:5a:2e:e0:43:8f:ad:80:80:6c:
                    86:e4:3a:7c:c6:37:bd:c0:7b:10:e3:22:03:c2:73:
                    3d:27:cf:79:f8:25:00:e5:7f:75:52:26:17:16:91:
                    74:e0:a9:1a:2d:a8:68:9b:7e:1f:bb:62:2f:9d:bd:
                    05:fb:ce:b0:f5:31:67:e5:50:c4:6a:ab:b9:9c:35:
                    43:a0:9f:d1:bb:31:af:be:b7:8f:db:d1:73:61:c5:
                    d0:76:5f:a7:62:d9:b0:21:cb:e1:5c:c7:38:63:e0:
                    b7:cb:62:f4:6f:42:81:a5:d8:7a:1e:07:66:3e:90:
                    36:6c:f2:c1:be:ba:b8:94:43:62:e3:4e:46:90:fe:
                    79:30:cf:4a:1c:8e:51:77:2f:11:ae:fb:c1:cb:eb:
                    1c:19:84:54:64:60:43:65:9d:e3:15:19:db:b6:20:
                    90:7d:47:68:25:af:a5:a5:a9:02:c3:e8:8a:e9:6c:
                    a0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:E9:A9:A9:31:93:B8:3B:5C:DC:85:0F:D7:BB:40:EA:79:48:9C:19
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/oempqTGTuDtc3IUP17tA6nlInBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:5cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:61:4a:8d:ee:39:17:39:b8:08:51:61:27:16:ca:7f:d6:31:
         b5:25:1f:9f:31:7b:88:a4:d8:8c:71:06:6a:50:dd:39:2f:fc:
         49:12:53:b3:16:e4:a3:be:f6:32:5c:80:ba:4a:8a:b3:6c:f9:
         dd:59:65:8f:dd:61:2e:a7:1c:16:44:b3:79:35:9e:99:60:45:
         1e:14:1c:72:3f:ff:dd:40:48:dd:20:e9:11:98:80:50:c4:00:
         d1:91:82:ad:1c:32:41:3c:ec:37:a5:53:54:7f:d8:a7:82:48:
         88:2f:e1:e8:c3:78:6d:d5:41:99:d9:0f:91:ef:e6:2d:64:9b:
         72:a6:44:bf:fd:2d:9b:6a:cd:04:bd:8f:f4:d5:7a:86:4f:c4:
         b0:81:e9:32:30:b0:a0:ea:91:18:ae:b8:aa:ff:e1:95:be:10:
         1f:3d:87:99:1f:57:4d:58:0c:61:eb:5e:69:a7:3c:fe:a6:f7:
         00:49:03:ba:48:e0:2c:08:3a:85:31:ec:ba:8c:5c:e1:3b:18:
         4a:6f:a5:fd:8d:43:59:d0:74:72:bd:ae:b6:a9:9d:c0:4d:a9:
         eb:86:7f:cd:dc:d0:7f:b5:dc:ab:d6:04:6e:e5:08:57:52:5d:
         69:8f:c3:83:b5:e7:d2:c2:b7:f8:6c:60:d2:13:4b:f4:46:ab:
         c7:a8:2b:34
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZFwFcz7OgdLu8DIPDK27fdGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQwODIwMTM1OTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWU5YTlhOTMxOTNiODNiNWNkYzg1MGZkN2JiNDBlYTc5NDg5YzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9WuQFjClvA9qa729lm6rNi9npaht
KDQ+MrVZF6n8UWgWba/JJGLfOXImIDD65nH7l2e81a0CvOaihbmXTKHNEByv1an3
vCV43eHJj3DzgwJaLuBDj62AgGyG5Dp8xje9wHsQ4yIDwnM9J895+CUA5X91UiYX
FpF04KkaLahom34fu2Ivnb0F+86w9TFn5VDEaqu5nDVDoJ/RuzGvvreP29FzYcXQ
dl+nYtmwIcvhXMc4Y+C3y2L0b0KBpdh6HgdmPpA2bPLBvrq4lENi405GkP55MM9K
HI5Rdy8RrvvBy+scGYRUZGBDZZ3jFRnbtiCQfUdoJa+lpakCw+iK6WygBQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKHpqakxk7g7XNyFD9e7QOp5SJwZMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvb2VtcHFUR1R1RHRjM0lVUDE3dEE2bmxJbkJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgZcwDAN
BgkqhkiG9w0BAQsFAAOCAQEAMWFKje45Fzm4CFFhJxbKf9YxtSUfnzF7iKTYjHEG
alDdOS/8SRJTsxbko772MlyAukqKs2z53Vllj91hLqccFkSzeTWemWBFHhQccj//
3UBI3SDpEZiAUMQA0ZGCrRwyQTzsN6VTVH/Yp4JIiC/h6MN4bdVBmdkPke/mLWSb
cqZEv/0tm2rNBL2P9NV6hk/EsIHpMjCwoOqRGK64qv/hlb4QHz2HmR9XTVgMYete
aac8/qb3AEkDukjgLAg6hTHsuoxc4TsYSm+l/Y1DWdB0cr2utqmdwE2p64Z/zdzQ
f7Xcq9YEbuUIV1JdaY/Dg7Xn0sK3+Gxg0hNL9Earx6grNA==
-----END CERTIFICATE-----