Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/IvAIrY-43NLO7b07M_7WpIt9X-A.roa
File:                     IvAIrY-43NLO7b07M_7WpIt9X-A.roa (raw, json)
Hash identifier:          C+nQnSs6T5wjrIXsg1Gw40opD35Y1GJYzPnuiuj6zTg=
Subject key identifier:   22:F0:08:AD:8F:B8:DC:D2:CE:ED:BD:3B:33:FE:D6:A4:8B:7D:5F:E0
Certificate issuer:       /CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
Certificate serial:       019025489E0A8B0BF609538F26F39BB60484
Authority key identifier: 25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/IvAIrY-43NLO7b07M_7WpIt9X-A.roa
Signing time:             Mon 17 Jun 2024 08:20:34 +0000
ROA not before:           Mon 17 Jun 2024 08:20:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62610
IP address blocks:        2a0b:21c1:600c::/46 maxlen: 46

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:25:48:9e:0a:8b:0b:f6:09:53:8f:26:f3:9b:b6:04:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
        Validity
            Not Before: Jun 17 08:20:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22f008ad8fb8dcd2ceedbd3b33fed6a48b7d5fe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:48:93:0a:e6:07:bb:49:8a:b6:be:a9:f2:d5:
                    f9:e3:8d:d7:78:76:37:53:44:cc:c6:c8:b4:b4:25:
                    3d:72:52:01:fc:62:26:ff:d8:c8:c5:46:4b:e3:7e:
                    ba:91:43:63:9e:01:b3:20:b8:9d:e6:3b:33:a8:99:
                    d4:3e:6e:a5:76:15:be:66:b1:7a:2f:b5:bc:c0:4e:
                    c0:94:51:e8:05:48:f6:d7:44:34:ba:01:10:ee:cd:
                    a1:3c:f5:00:7b:59:7b:fe:13:7e:90:07:10:b9:08:
                    df:cc:6d:d4:31:83:fe:c7:54:46:e0:83:f0:75:b8:
                    f6:ac:6d:87:23:3f:7c:9d:fc:ca:9c:6d:70:cd:b4:
                    50:0c:c7:7c:8c:e5:7c:37:c5:ec:53:66:d6:ad:96:
                    87:00:e2:28:9c:90:3a:6b:7d:44:23:80:0c:11:2f:
                    7d:a9:c8:eb:b8:7f:4a:a3:31:09:b1:8c:a5:cf:48:
                    1c:58:3f:9c:4a:69:36:fb:c4:98:b8:54:d8:21:81:
                    2c:35:32:1d:59:2e:8a:62:a1:c3:ae:b7:5f:db:5a:
                    37:44:fd:6e:8e:f5:fa:f3:95:84:c4:27:41:ee:80:
                    83:85:f8:db:45:ed:6d:d8:33:f7:1a:2d:06:1d:74:
                    42:2d:fe:c7:2d:0f:5c:65:35:c6:bb:7f:0b:e8:84:
                    ef:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:F0:08:AD:8F:B8:DC:D2:CE:ED:BD:3B:33:FE:D6:A4:8B:7D:5F:E0
            X509v3 Authority Key Identifier:
                keyid:25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/IvAIrY-43NLO7b07M_7WpIt9X-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:21c1:600c::/46

    Signature Algorithm: sha256WithRSAEncryption
         6a:3d:d7:cb:fa:29:22:2f:a1:bd:04:64:e0:bd:85:e4:73:40:
         2e:bd:32:55:bc:bd:28:72:9c:a1:1e:9c:4a:40:d3:b3:d4:26:
         2d:d4:dd:b6:18:3c:5c:da:76:36:90:ec:d0:d9:07:72:ef:e3:
         af:af:85:eb:80:1d:1e:15:37:0d:6c:7a:bd:a9:61:c1:50:21:
         c4:84:8b:40:48:10:3f:c4:7d:93:57:ee:c3:f3:f3:c8:4c:4c:
         f5:49:db:4c:c1:0e:c3:f1:4d:f8:5f:06:8d:3d:1e:88:ee:38:
         c4:1c:1d:53:6d:c1:00:5b:87:8b:d0:d2:c5:45:b3:64:d2:21:
         41:41:a5:59:94:d6:b0:fa:4b:22:53:98:08:12:51:2a:65:e3:
         a3:b0:fb:ee:e9:58:b4:21:f2:76:bb:bb:b2:c4:bb:fa:85:fe:
         1a:09:6e:fc:b1:cf:aa:15:6b:62:bf:e2:a0:52:a6:07:94:7a:
         c6:57:19:6c:ea:85:33:3c:8e:d5:75:0b:96:fa:ea:96:b9:54:
         86:f7:c1:0f:f4:8b:c7:19:97:f5:16:4c:8e:dc:72:d3:56:85:
         0e:76:fb:61:95:34:16:28:52:91:5f:2a:94:7b:eb:75:91:24:
         59:b2:00:4f:62:e9:00:30:0d:05:83:d8:f3:78:31:cb:b4:dd:
         4d:03:5e:a9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAlSJ4Kiwv2CVOPJvObtgSEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Nzc2Yzc3ZjhlYmU3MDk0Y2EwMDdhY2UxYTljMGJmZGMy
YjNhZWMwHhcNMjQwNjE3MDgyMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmYwMDhhZDhmYjhkY2QyY2VlZGJkM2IzM2ZlZDZhNDhiN2Q1ZmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEiTCuYHu0mKtr6p8tX5443XeHY3
U0TMxsi0tCU9clIB/GIm/9jIxUZL4366kUNjngGzILid5jszqJnUPm6ldhW+ZrF6
L7W8wE7AlFHoBUj210Q0ugEQ7s2hPPUAe1l7/hN+kAcQuQjfzG3UMYP+x1RG4IPw
dbj2rG2HIz98nfzKnG1wzbRQDMd8jOV8N8XsU2bWrZaHAOIonJA6a31EI4AMES99
qcjruH9KozEJsYylz0gcWD+cSmk2+8SYuFTYIYEsNTIdWS6KYqHDrrdf21o3RP1u
jvX685WExCdB7oCDhfjbRe1t2DP3Gi0GHXRCLf7HLQ9cZTXGu38L6ITv+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCLwCK2PuNzSzu29OzP+1qSLfV/gMB8GA1UdIwQY
MBaAFCV3bHf46+cJTKAHrOGpwL/cKzrsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQt
ZTdkYWVjMTk0YTY5LzEvSXZBSXJZLTQzTkxPN2IwN01fN1dwSXQ5WC1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQtZTdkYWVjMTk0YTY5
LzEvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgshwWAM
MA0GCSqGSIb3DQEBCwUAA4IBAQBqPdfL+ikiL6G9BGTgvYXkc0AuvTJVvL0ocpyh
HpxKQNOz1CYt1N22GDxc2nY2kOzQ2Qdy7+Ovr4XrgB0eFTcNbHq9qWHBUCHEhItA
SBA/xH2TV+7D8/PITEz1SdtMwQ7D8U34XwaNPR6I7jjEHB1TbcEAW4eL0NLFRbNk
0iFBQaVZlNaw+ksiU5gIElEqZeOjsPvu6Vi0IfJ2u7uyxLv6hf4aCW78sc+qFWti
v+KgUqYHlHrGVxls6oUzPI7VdQuW+uqWuVSG98EP9IvHGZf1FkyO3HLTVoUOdvth
lTQWKFKRXyqUe+t1kSRZsgBPYukAMA0Fg9jzeDHLtN1NA16p
-----END CERTIFICATE-----