Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/ab3f36-7850-4266-b67a-023cc1fc1910/1/9wUo-5Us6Bd2F54HoqAXzoRUlls.roa
File:                     9wUo-5Us6Bd2F54HoqAXzoRUlls.roa (raw, json)
Hash identifier:          U/1Lcq/tG+SNCtM+mXPQRM4DFim3q6jog0Fv/psttzo=
Subject key identifier:   F7:05:28:FB:95:2C:E8:17:76:17:9E:07:A2:A0:17:CE:84:54:96:5B
Certificate issuer:       /CN=3b95aebaca73316dc4680c808b793e6a09565f1b
Certificate serial:       018FEDACFAD7B8F9C3C9390313DFC086B0E7
Authority key identifier: 3B:95:AE:BA:CA:73:31:6D:C4:68:0C:80:8B:79:3E:6A:09:56:5F:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O5WuuspzMW3EaAyAi3k-aglWXxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/ab3f36-7850-4266-b67a-023cc1fc1910/1/9wUo-5Us6Bd2F54HoqAXzoRUlls.roa
Signing time:             Thu 06 Jun 2024 13:11:27 +0000
ROA not before:           Thu 06 Jun 2024 13:11:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204662
IP address blocks:        2a07:8d40:1::/48 maxlen: 48
                          2a07:8d40:2001::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/ab3f36-7850-4266-b67a-023cc1fc1910/1/O5WuuspzMW3EaAyAi3k-aglWXxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/ab3f36-7850-4266-b67a-023cc1fc1910/1/O5WuuspzMW3EaAyAi3k-aglWXxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O5WuuspzMW3EaAyAi3k-aglWXxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ed:ac:fa:d7:b8:f9:c3:c9:39:03:13:df:c0:86:b0:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b95aebaca73316dc4680c808b793e6a09565f1b
        Validity
            Not Before: Jun  6 13:11:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f70528fb952ce81776179e07a2a017ce8454965b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:9c:1c:0c:cc:65:ce:ca:00:3a:0e:6a:ae:ea:
                    1b:a4:14:bc:70:85:3b:cd:2b:2d:df:0f:fd:8b:d0:
                    d9:7d:c1:d5:6a:70:2e:fa:b3:99:e9:97:8c:7e:17:
                    73:a5:5f:e8:e7:fe:05:1c:9f:f7:27:12:0c:17:fb:
                    e6:99:50:3f:ba:1b:57:40:c0:90:50:69:c5:ec:c6:
                    32:d3:1d:26:76:cd:a0:22:4c:81:b8:9d:f6:70:cb:
                    40:84:4e:b3:3f:0b:49:4a:c4:7f:cc:16:dd:2c:f9:
                    91:1f:3b:fa:a8:a5:df:08:d1:39:a3:4f:e5:25:c4:
                    c7:1d:4e:8e:f7:16:7b:44:28:18:ba:76:58:fa:ec:
                    cf:9e:63:d8:15:c3:51:2a:d7:fc:78:df:3a:6e:84:
                    33:35:dc:8f:db:e1:53:13:eb:10:8f:97:b1:e7:83:
                    a9:b4:5a:85:36:bc:d7:3e:6d:25:e6:b9:3f:3c:68:
                    55:51:e1:e3:84:a1:51:74:82:b7:0f:60:f1:52:01:
                    8a:05:d0:a7:e1:ab:d2:0f:76:65:bd:9b:b2:53:30:
                    62:bd:05:c7:25:4f:ba:b4:9f:5b:cc:ea:d6:68:b0:
                    b8:82:fb:fc:bc:d0:f4:13:da:0a:0f:9a:56:56:be:
                    42:8f:0e:b2:15:68:0a:b8:18:be:99:6e:46:4b:a0:
                    e6:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:05:28:FB:95:2C:E8:17:76:17:9E:07:A2:A0:17:CE:84:54:96:5B
            X509v3 Authority Key Identifier:
                keyid:3B:95:AE:BA:CA:73:31:6D:C4:68:0C:80:8B:79:3E:6A:09:56:5F:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O5WuuspzMW3EaAyAi3k-aglWXxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/ab3f36-7850-4266-b67a-023cc1fc1910/1/9wUo-5Us6Bd2F54HoqAXzoRUlls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/ab3f36-7850-4266-b67a-023cc1fc1910/1/O5WuuspzMW3EaAyAi3k-aglWXxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:8d40:1::/48
                  2a07:8d40:2001::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:fa:6e:36:3a:dc:30:9f:14:02:8c:ff:d4:b5:e3:1e:b1:99:
         28:9a:65:00:6c:fe:e6:ab:89:2e:cb:e6:b6:af:b0:db:6d:62:
         29:44:bd:b6:74:e5:15:62:1b:1a:38:a4:5a:03:75:d0:1b:84:
         75:90:2b:ba:7a:04:1f:55:2e:b6:af:c6:e3:23:e9:1e:c6:10:
         c7:09:ae:b1:5f:e1:00:75:4d:90:7d:c2:1f:6c:b6:a9:f9:2b:
         0f:59:53:ea:9f:20:14:35:c5:ec:d9:36:97:fc:c8:57:b9:59:
         f1:e8:ca:a4:0c:db:46:23:a1:3d:4d:7d:27:38:a6:e9:ec:37:
         79:e2:76:ae:ca:18:b6:19:3c:65:43:6a:f6:15:64:19:1f:6e:
         37:cc:10:be:e6:78:60:26:e3:b6:fe:66:88:88:cd:9c:db:24:
         26:53:b9:c8:c0:cf:32:38:7c:1b:5a:39:10:72:91:45:b0:8f:
         98:37:81:2b:43:56:ab:d1:3b:0a:65:d6:67:e8:44:e2:fe:84:
         eb:38:e4:40:56:11:c4:f9:67:8b:d5:ca:27:fd:06:15:aa:05:
         b4:ab:67:85:c3:38:55:d2:83:d2:55:d5:c0:e3:80:ca:a0:30:
         b4:f4:cc:10:1f:bf:08:e4:03:65:5f:4d:e9:37:56:8a:ca:bb:
         f3:7e:a6:0c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY/trPrXuPnDyTkDE9/AhrDnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiOTVhZWJhY2E3MzMxNmRjNDY4MGM4MDhiNzkzZTZhMDk1
NjVmMWIwHhcNMjQwNjA2MTMxMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzA1MjhmYjk1MmNlODE3NzYxNzllMDdhMmEwMTdjZTg0NTQ5NjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpwcDMxlzsoAOg5qruobpBS8cIU7
zSst3w/9i9DZfcHVanAu+rOZ6ZeMfhdzpV/o5/4FHJ/3JxIMF/vmmVA/uhtXQMCQ
UGnF7MYy0x0mds2gIkyBuJ32cMtAhE6zPwtJSsR/zBbdLPmRHzv6qKXfCNE5o0/l
JcTHHU6O9xZ7RCgYunZY+uzPnmPYFcNRKtf8eN86boQzNdyP2+FTE+sQj5ex54Op
tFqFNrzXPm0l5rk/PGhVUeHjhKFRdIK3D2DxUgGKBdCn4avSD3ZlvZuyUzBivQXH
JU+6tJ9bzOrWaLC4gvv8vND0E9oKD5pWVr5Cjw6yFWgKuBi+mW5GS6DmJQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPcFKPuVLOgXdheeB6KgF86EVJZbMB8GA1UdIwQY
MBaAFDuVrrrKczFtxGgMgIt5PmoJVl8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzVXdXVzcHpNVzNFYUF5QWkzay1hZ2xXWHhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9hYjNmMzYtNzg1MC00MjY2LWI2N2Et
MDIzY2MxZmMxOTEwLzEvOXdVby01VXM2QmQyRjU0SG9xQVh6b1JVbGxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9hYjNmMzYtNzg1MC00MjY2LWI2N2EtMDIzY2MxZmMxOTEw
LzEvTzVXdXVzcHpNVzNFYUF5QWkzay1hZ2xXWHhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgeNQAAB
AwcAKgeNQCABMA0GCSqGSIb3DQEBCwUAA4IBAQAg+m42OtwwnxQCjP/UteMesZko
mmUAbP7mq4kuy+a2r7DbbWIpRL22dOUVYhsaOKRaA3XQG4R1kCu6egQfVS62r8bj
I+kexhDHCa6xX+EAdU2QfcIfbLap+SsPWVPqnyAUNcXs2TaX/MhXuVnx6MqkDNtG
I6E9TX0nOKbp7Dd54nauyhi2GTxlQ2r2FWQZH243zBC+5nhgJuO2/maIiM2c2yQm
U7nIwM8yOHwbWjkQcpFFsI+YN4ErQ1ar0TsKZdZn6ETi/oTrOORAVhHE+WeL1con
/QYVqgW0q2eFwzhV0oPSVdXA44DKoDC09MwQH78I5ANlX03pN1aKyrvzfqYM
-----END CERTIFICATE-----