Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/CXOqpXIu797G4q3_opfAwyQkIAI.roa
File:                     CXOqpXIu797G4q3_opfAwyQkIAI.roa (raw, json)
Hash identifier:          JVZW1+1joqRQDzmfNezI0yBUSWzBf1mJVJ7n6rgTr7k=
Subject key identifier:   09:73:AA:A5:72:2E:EF:DE:C6:E2:AD:FF:A2:97:C0:C3:24:24:20:02
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       01934E38E00457D43D50FE7D045689C7369B
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/CXOqpXIu797G4q3_opfAwyQkIAI.roa
Signing time:             Thu 21 Nov 2024 10:16:10 +0000
ROA not before:           Thu 21 Nov 2024 10:16:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12389
IP address blocks:        2a09:6285::/32 maxlen: 32
                          2a12:a346::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4e:38:e0:04:57:d4:3d:50:fe:7d:04:56:89:c7:36:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Nov 21 10:16:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0973aaa5722eefdec6e2adffa297c0c324242002
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:4b:d8:6f:9f:a6:29:1f:79:8f:b7:14:5e:c4:
                    fb:8c:bd:6d:4b:11:08:9d:d1:51:7f:49:b2:3f:bf:
                    7f:2a:37:9d:3b:fe:e3:28:d1:54:6e:f3:1c:f5:6e:
                    15:64:de:4c:88:c6:80:37:93:c9:6e:2f:78:ad:ba:
                    a9:03:73:59:09:7d:16:d0:07:7b:af:9b:f8:9d:46:
                    97:f2:cd:57:a4:6d:56:56:4b:c0:f9:e0:12:07:59:
                    be:b0:8f:58:06:69:6f:47:a1:0b:03:fe:22:9d:72:
                    95:88:8a:1f:89:63:94:8b:65:4c:eb:cb:53:3d:a6:
                    a1:6b:1a:00:82:49:06:f7:a9:7c:6f:dd:ed:db:52:
                    30:dd:c3:a1:48:b7:48:93:95:be:d4:4b:3c:f3:00:
                    0d:ac:2f:2d:dd:2a:24:98:fa:5c:d7:29:2f:b9:e7:
                    1e:d3:ad:22:9a:e4:94:e2:44:16:17:61:b6:e5:d5:
                    8c:25:55:a5:4b:38:14:44:52:88:b6:19:2d:87:ce:
                    c7:09:41:f0:98:45:8d:2e:2f:b6:ea:66:3a:7a:d9:
                    aa:98:c4:63:77:1b:0f:db:b6:f3:bf:ba:bf:3a:ca:
                    52:03:17:ee:40:19:72:a9:7f:5b:4a:8b:5b:c0:d7:
                    5f:e7:2d:a4:ca:6c:91:74:c0:8f:60:10:bf:2b:22:
                    1a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:73:AA:A5:72:2E:EF:DE:C6:E2:AD:FF:A2:97:C0:C3:24:24:20:02
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/CXOqpXIu797G4q3_opfAwyQkIAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6285::/32
                  2a12:a346::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:e6:5f:e5:32:a7:5c:2f:6e:b6:8b:11:b0:ec:59:d2:8f:77:
         90:4d:39:f8:b2:81:24:df:45:c7:0b:35:de:e6:84:18:28:84:
         4e:f2:36:64:b5:d1:80:08:63:8a:a3:52:b8:e4:cd:6a:16:f0:
         ae:74:ce:89:ec:27:8b:17:92:9b:44:b8:03:66:a3:f3:b0:46:
         2d:7e:ad:75:20:8e:b9:5a:76:ea:c4:be:a9:35:a0:4f:d3:1b:
         64:44:68:fb:5e:4b:91:03:49:03:f9:48:10:39:c4:e5:6b:1b:
         93:a6:e0:4d:90:4d:99:8c:ff:96:3c:fd:c4:40:90:28:59:a2:
         88:07:13:0f:77:cb:e8:9a:83:38:bf:cb:da:da:d9:b0:ea:e6:
         90:3e:2f:29:87:56:51:de:e5:65:b0:b6:61:2a:94:a1:84:23:
         c4:b0:e5:f2:cb:35:45:f5:f0:44:a7:b8:5f:df:75:4a:f5:14:
         4c:30:e4:56:4d:45:ae:2c:9e:d4:4b:79:e3:4a:30:98:a8:4e:
         0b:fe:09:81:fa:04:70:59:67:02:08:2f:01:c0:24:61:32:d8:
         32:0a:4c:ad:8b:af:a7:f0:e3:12:54:59:b9:ab:f8:71:d8:2d:
         60:ec:d0:86:57:dd:a8:1e:67:25:92:b0:14:a7:10:c0:35:48:
         0b:a2:34:6d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZNOOOAEV9Q9UP59BFaJxzabMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQxMTIxMTAxNjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTczYWFhNTcyMmVlZmRlYzZlMmFkZmZhMjk3YzBjMzI0MjQyMDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0vYb5+mKR95j7cUXsT7jL1tSxEI
ndFRf0myP79/KjedO/7jKNFUbvMc9W4VZN5MiMaAN5PJbi94rbqpA3NZCX0W0Ad7
r5v4nUaX8s1XpG1WVkvA+eASB1m+sI9YBmlvR6ELA/4inXKViIofiWOUi2VM68tT
PaahaxoAgkkG96l8b93t21Iw3cOhSLdIk5W+1Es88wANrC8t3SokmPpc1ykvuece
060imuSU4kQWF2G25dWMJVWlSzgURFKIthkth87HCUHwmEWNLi+26mY6etmqmMRj
dxsP27bzv7q/OspSAxfuQBlyqX9bSotbwNdf5y2kymyRdMCPYBC/KyIaBwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAlzqqVyLu/exuKt/6KXwMMkJCACMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvQ1hPcXBYSXU3OTdHNHEzX29wZkF3eVFrSUFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKglihQMF
ACoSo0YwDQYJKoZIhvcNAQELBQADggEBAI3mX+Uyp1wvbraLEbDsWdKPd5BNOfiy
gSTfRccLNd7mhBgohE7yNmS10YAIY4qjUrjkzWoW8K50zonsJ4sXkptEuANmo/Ow
Ri1+rXUgjrladurEvqk1oE/TG2REaPteS5EDSQP5SBA5xOVrG5Om4E2QTZmM/5Y8
/cRAkChZoogHEw93y+iagzi/y9ra2bDq5pA+LymHVlHe5WWwtmEqlKGEI8Sw5fLL
NUX18ESnuF/fdUr1FEww5FZNRa4sntRLeeNKMJioTgv+CYH6BHBZZwIILwHAJGEy
2DIKTK2Lr6fw4xJUWbmr+HHYLWDs0IZX3ageZyWSsBSnEMA1SAuiNG0=
-----END CERTIFICATE-----