Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1-XQfAkC3TNAZzg1Qywrr46EgEU8.roa
File:                     1-XQfAkC3TNAZzg1Qywrr46EgEU8.roa (raw, json)
Hash identifier:          alatXEsVmXUA7I6/NwbJ87hYvjnh6WNxXXFFbyOEJAg=
Subject key identifier:   F9:74:1F:02:40:B7:4C:D0:19:CE:0D:50:CB:0A:EB:E3:A1:20:11:4F
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       01931B5FE732391E2C61232C11681D141B6F
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1-XQfAkC3TNAZzg1Qywrr46EgEU8.roa
Signing time:             Mon 11 Nov 2024 13:18:10 +0000
ROA not before:           Mon 11 Nov 2024 13:18:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20485
IP address blocks:        2a09:6286::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1b:5f:e7:32:39:1e:2c:61:23:2c:11:68:1d:14:1b:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Nov 11 13:18:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9741f0240b74cd019ce0d50cb0aebe3a120114f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:10:2f:62:d6:99:03:5b:1e:59:97:4c:5c:09:
                    fd:d3:79:70:07:09:8a:0b:4f:b4:88:50:fe:3a:2b:
                    33:2d:d0:70:ce:45:70:f8:c8:80:96:ef:ed:2f:dd:
                    89:8c:07:ec:25:b2:1e:da:10:9a:1f:69:b0:a9:cc:
                    e7:af:0a:13:e1:9c:98:4e:8c:42:96:5d:1f:40:c9:
                    02:6e:78:74:72:d9:a6:1e:b0:4e:17:94:92:69:d2:
                    f7:6d:d2:5a:78:4d:99:f5:23:ad:07:d9:d5:b4:43:
                    07:bc:70:50:49:4f:21:7d:64:d3:25:56:f8:e4:96:
                    d8:cf:0d:f5:c9:9e:2c:e7:56:98:ba:a1:18:ea:d6:
                    d9:23:17:8b:64:23:da:43:91:85:40:be:e0:0d:78:
                    e2:9a:79:c7:78:e2:00:53:4f:6e:eb:3a:72:ad:3d:
                    8f:9d:5d:e9:f9:cd:54:a4:08:6d:f6:83:81:a8:d1:
                    e5:44:80:61:e5:07:21:e2:37:4c:88:cc:39:6b:cc:
                    09:be:a6:d8:01:65:c9:07:4c:15:57:f8:91:56:50:
                    d3:f3:e3:7f:58:21:8d:a1:ce:55:4b:df:d5:74:79:
                    8c:64:1c:b6:56:81:03:c7:93:90:ef:91:d5:34:dd:
                    f3:a6:56:78:65:18:c1:70:6c:d1:cf:29:95:7a:8f:
                    c8:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:74:1F:02:40:B7:4C:D0:19:CE:0D:50:CB:0A:EB:E3:A1:20:11:4F
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1-XQfAkC3TNAZzg1Qywrr46EgEU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6286::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:cd:d0:b8:d4:cc:88:13:4f:8b:e4:c7:cf:ec:00:d9:34:3d:
         80:66:86:5c:14:e6:0c:3c:0b:51:07:7f:ee:e4:76:2d:dd:1b:
         d9:40:b5:97:f3:58:98:3a:5d:50:8f:3e:29:eb:03:55:94:9b:
         4e:a4:6a:78:1d:10:43:d6:2d:7a:2a:a5:44:22:d6:34:7b:67:
         e6:2a:76:a5:70:6e:17:13:57:70:14:26:d0:be:61:d6:8b:fa:
         0a:df:b2:b7:78:74:db:8b:15:f6:07:df:c1:eb:40:bc:31:87:
         dc:73:17:36:15:3f:30:79:1c:14:df:2d:e9:46:d8:bd:43:ef:
         44:b7:19:1c:cc:a4:d7:f0:14:f0:a2:0e:13:2f:03:12:a5:d6:
         88:44:60:87:8d:d4:a2:18:d0:0e:45:f7:4a:77:86:ea:ae:0e:
         24:44:1b:9e:db:e4:f2:40:e8:c9:e9:1d:2e:a3:74:62:de:23:
         12:a3:a9:dd:52:bd:73:59:c1:8a:16:a1:c8:5e:42:1c:b6:67:
         42:1c:6e:4b:2b:8d:06:ff:4f:22:8f:56:2a:5c:36:16:b0:60:
         d1:3b:ca:ee:d9:7e:77:76:41:6e:ad:08:d5:c5:a6:30:95:24:
         05:55:98:2f:36:19:b1:e2:d4:6f:80:cd:08:61:8b:f8:bf:64:
         0e:64:0c:2f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZMbX+cyOR4sYSMsEWgdFBtvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQxMTExMTMxODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTc0MWYwMjQwYjc0Y2QwMTljZTBkNTBjYjBhZWJlM2ExMjAxMTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihAvYtaZA1seWZdMXAn903lwBwmK
C0+0iFD+OiszLdBwzkVw+MiAlu/tL92JjAfsJbIe2hCaH2mwqcznrwoT4ZyYToxC
ll0fQMkCbnh0ctmmHrBOF5SSadL3bdJaeE2Z9SOtB9nVtEMHvHBQSU8hfWTTJVb4
5JbYzw31yZ4s51aYuqEY6tbZIxeLZCPaQ5GFQL7gDXjimnnHeOIAU09u6zpyrT2P
nV3p+c1UpAht9oOBqNHlRIBh5Qch4jdMiMw5a8wJvqbYAWXJB0wVV/iRVlDT8+N/
WCGNoc5VS9/VdHmMZBy2VoEDx5OQ75HVNN3zplZ4ZRjBcGzRzymVeo/I6wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPl0HwJAt0zQGc4NUMsK6+OhIBFPMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvMS1YUWZBa0MzVE5BWnpnMVF5d3JyNDZFZ0VVOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmUvMWZhNmEzLThkYzUtNGMzNS1hNDliLTE3MWMzNjdiZTc4
Mi8xL2RRaEhYX0RZN0pZRE5nRnVEZ1FpR3BqbDdQSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoJYoYw
DQYJKoZIhvcNAQELBQADggEBAEzN0LjUzIgTT4vkx8/sANk0PYBmhlwU5gw8C1EH
f+7kdi3dG9lAtZfzWJg6XVCPPinrA1WUm06kangdEEPWLXoqpUQi1jR7Z+YqdqVw
bhcTV3AUJtC+YdaL+grfsrd4dNuLFfYH38HrQLwxh9xzFzYVPzB5HBTfLelG2L1D
70S3GRzMpNfwFPCiDhMvAxKl1ohEYIeN1KIY0A5F90p3huquDiREG57b5PJA6Mnp
HS6jdGLeIxKjqd1SvXNZwYoWocheQhy2Z0IcbksrjQb/TyKPVipcNhawYNE7yu7Z
fnd2QW6tCNXFpjCVJAVVmC82GbHi1G+AzQhhi/i/ZA5kDC8=
-----END CERTIFICATE-----