Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/s1WBsZmCvpxfAJ1vJJDtQuy-bt0.roa
File:                     s1WBsZmCvpxfAJ1vJJDtQuy-bt0.roa (raw, json)
Hash identifier:          37rRFx3/Lv4ZcyFAYCNrObPBAqt1uY6LJHANmBRt9VQ=
Subject key identifier:   B3:55:81:B1:99:82:BE:9C:5F:00:9D:6F:24:90:ED:42:EC:BE:6E:DD
Certificate issuer:       /CN=d709c9021e40af92a208de35024ca70663d734e4
Certificate serial:       018D211EA0BA3B1233F0A5A173758CF93E40
Authority key identifier: D7:09:C9:02:1E:40:AF:92:A2:08:DE:35:02:4C:A7:06:63:D7:34:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1wnJAh5Ar5KiCN41AkynBmPXNOQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/s1WBsZmCvpxfAJ1vJJDtQuy-bt0.roa
Signing time:             Fri 19 Jan 2024 09:47:51 +0000
ROA not before:           Fri 19 Jan 2024 09:47:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207817
IP address blocks:        2a0d:9900::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/1wnJAh5Ar5KiCN41AkynBmPXNOQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/1wnJAh5Ar5KiCN41AkynBmPXNOQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1wnJAh5Ar5KiCN41AkynBmPXNOQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 07:03:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:21:1e:a0:ba:3b:12:33:f0:a5:a1:73:75:8c:f9:3e:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d709c9021e40af92a208de35024ca70663d734e4
        Validity
            Not Before: Jan 19 09:47:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b35581b19982be9c5f009d6f2490ed42ecbe6edd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:13:6d:ac:1d:30:a6:68:e2:21:14:80:54:6b:
                    c2:89:0b:be:e3:dc:3c:b7:c7:12:85:db:9c:76:d9:
                    c9:7a:23:5e:70:5d:de:13:16:3b:31:59:ad:07:82:
                    a6:20:b4:78:1d:3a:a8:6c:bc:14:38:96:94:2a:97:
                    c5:c7:33:7d:db:9b:e9:c5:2a:25:86:81:ff:c3:e4:
                    be:68:b2:5c:df:b8:6f:8a:1b:8e:03:b8:82:0e:1d:
                    55:7d:ee:7c:e9:f9:77:cb:0b:8b:c6:2f:9f:f0:1d:
                    0e:a4:54:21:b3:ef:49:0e:d3:2d:e5:06:22:11:8b:
                    6c:e9:f2:f0:b9:38:02:4e:9c:63:8d:c7:cf:1b:8c:
                    f4:90:45:53:fd:13:2e:1d:6e:a6:b7:61:d9:dc:29:
                    3f:7d:8f:b3:35:51:6d:ba:ab:3a:24:ce:ee:46:ea:
                    f9:c3:99:f7:0c:00:2c:5d:ce:fc:d9:a7:96:f0:96:
                    27:9e:83:38:9d:10:4b:1e:9f:1a:90:6f:eb:94:da:
                    64:4c:0c:76:ba:fb:ef:14:f5:5f:80:63:3f:40:4e:
                    c8:dc:ec:5b:e8:4b:97:37:4e:c2:b4:55:c9:3d:46:
                    a7:2e:51:a3:87:0c:d2:b5:87:25:83:5f:7f:66:ec:
                    97:f4:34:d8:90:38:c2:21:50:e4:26:16:9e:62:99:
                    d9:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:55:81:B1:99:82:BE:9C:5F:00:9D:6F:24:90:ED:42:EC:BE:6E:DD
            X509v3 Authority Key Identifier:
                keyid:D7:09:C9:02:1E:40:AF:92:A2:08:DE:35:02:4C:A7:06:63:D7:34:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wnJAh5Ar5KiCN41AkynBmPXNOQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/s1WBsZmCvpxfAJ1vJJDtQuy-bt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/1wnJAh5Ar5KiCN41AkynBmPXNOQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:9900::/29

    Signature Algorithm: sha256WithRSAEncryption
         4b:ba:c4:f2:5e:66:b3:d9:59:89:d7:c4:ff:22:2a:a0:80:98:
         a7:d3:58:98:11:5c:a6:03:89:cc:b0:df:f6:c1:7e:8e:23:c6:
         cc:c3:9b:f7:43:00:09:95:57:a5:fc:72:27:05:eb:75:2a:db:
         9b:6e:3b:5b:e7:42:3a:fa:15:4e:56:05:37:73:14:7f:54:51:
         62:98:a6:2d:60:79:b6:78:3a:26:64:18:92:33:b2:9f:bc:57:
         a5:ee:00:7a:a0:da:0d:60:65:4f:8e:56:c4:e4:9b:30:a2:e3:
         06:74:d9:4d:81:2b:35:9e:4c:3c:28:16:b1:d2:db:ab:8d:8d:
         a0:cb:4b:45:21:c0:65:64:c6:6f:fa:38:2e:16:84:0e:ee:ca:
         fa:0a:61:07:db:43:37:81:17:78:11:9b:7e:0c:db:b4:ba:a6:
         1a:70:a5:93:62:59:35:61:7c:8b:1c:3a:c6:a5:69:6d:56:9d:
         a9:32:35:89:ea:4e:97:e5:82:5b:22:31:77:ca:59:5b:58:4b:
         28:d2:c8:be:a1:c6:7f:16:b0:20:c2:36:4d:d1:38:4c:a9:93:
         e9:ec:1a:f1:a6:c4:a8:57:8b:a5:a5:92:7a:ba:55:14:17:84:
         45:1d:78:d5:58:f7:f9:3b:93:9c:46:c6:90:d0:36:d6:07:b1:
         04:bb:6b:6f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY0hHqC6OxIz8KWhc3WM+T5AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDljOTAyMWU0MGFmOTJhMjA4ZGUzNTAyNGNhNzA2NjNk
NzM0ZTQwHhcNMjQwMTE5MDk0NzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzU1ODFiMTk5ODJiZTljNWYwMDlkNmYyNDkwZWQ0MmVjYmU2ZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRNtrB0wpmjiIRSAVGvCiQu+49w8
t8cShducdtnJeiNecF3eExY7MVmtB4KmILR4HTqobLwUOJaUKpfFxzN925vpxSol
hoH/w+S+aLJc37hvihuOA7iCDh1Vfe586fl3ywuLxi+f8B0OpFQhs+9JDtMt5QYi
EYts6fLwuTgCTpxjjcfPG4z0kEVT/RMuHW6mt2HZ3Ck/fY+zNVFtuqs6JM7uRur5
w5n3DAAsXc782aeW8JYnnoM4nRBLHp8akG/rlNpkTAx2uvvvFPVfgGM/QE7I3Oxb
6EuXN07CtFXJPUanLlGjhwzStYclg19/ZuyX9DTYkDjCIVDkJhaeYpnZZwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLNVgbGZgr6cXwCdbySQ7ULsvm7dMB8GA1UdIwQY
MBaAFNcJyQIeQK+SogjeNQJMpwZj1zTkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXduSkFoNUFyNUtpQ040MUFreW5CbVBYTk9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9mNzNjZGItODI3My00ZjQzLTlmNjEt
OGFhN2M0Y2I3MTlmLzEvczFXQnNabUN2cHhmQUoxdkpKRHRRdXktYnQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9mNzNjZGItODI3My00ZjQzLTlmNjEtOGFhN2M0Y2I3MTlm
LzEvMXduSkFoNUFyNUtpQ040MUFreW5CbVBYTk9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg2ZADAN
BgkqhkiG9w0BAQsFAAOCAQEAS7rE8l5ms9lZidfE/yIqoICYp9NYmBFcpgOJzLDf
9sF+jiPGzMOb90MACZVXpfxyJwXrdSrbm247W+dCOvoVTlYFN3MUf1RRYpimLWB5
tng6JmQYkjOyn7xXpe4AeqDaDWBlT45WxOSbMKLjBnTZTYErNZ5MPCgWsdLbq42N
oMtLRSHAZWTGb/o4LhaEDu7K+gphB9tDN4EXeBGbfgzbtLqmGnClk2JZNWF8ixw6
xqVpbVadqTI1iepOl+WCWyIxd8pZW1hLKNLIvqHGfxawIMI2TdE4TKmT6ewa8abE
qFeLpaWSerpVFBeERR141Vj3+TuTnEbGkNA21gexBLtrbw==
-----END CERTIFICATE-----