Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/N8t9yoD9gE1jdH3VMF9UsEzYXQA.roa
File:                     N8t9yoD9gE1jdH3VMF9UsEzYXQA.roa (raw, json)
Hash identifier:          KKmJtyrM/M3IzFKPkfPdYiEpmbCfie1IvlT6qOEk+Xw=
Subject key identifier:   37:CB:7D:CA:80:FD:80:4D:63:74:7D:D5:30:5F:54:B0:4C:D8:5D:00
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       0193582AF3520089AB485E76A35773A226B7
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/N8t9yoD9gE1jdH3VMF9UsEzYXQA.roa
Signing time:             Sat 23 Nov 2024 08:37:10 +0000
ROA not before:           Sat 23 Nov 2024 08:37:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212165
IP address blocks:        2a0f:db80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:58:2a:f3:52:00:89:ab:48:5e:76:a3:57:73:a2:26:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Nov 23 08:37:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37cb7dca80fd804d63747dd5305f54b04cd85d00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6f:0e:cb:2e:ed:39:f2:1e:f1:e1:43:26:73:
                    f2:d4:83:b4:40:ee:df:15:2c:08:3d:b7:a3:25:eb:
                    5d:2e:bd:47:63:d1:50:a8:0f:a1:c8:00:57:95:5a:
                    91:98:3d:99:86:4a:13:15:f7:b8:60:9a:f4:8a:e6:
                    33:4b:2e:19:1e:aa:6b:90:30:0c:88:7b:02:e5:3e:
                    83:09:86:cd:2b:87:74:b2:a2:b7:21:ff:b7:1f:1e:
                    68:e5:2a:10:9b:9b:5a:92:c6:97:9b:37:cc:41:de:
                    43:2d:f8:d2:2f:30:4d:06:cc:36:11:29:dc:04:b0:
                    48:d7:7f:87:2f:ba:fc:49:33:a6:ee:f6:8b:d2:28:
                    ea:be:c6:3e:8d:2c:5b:46:fa:c7:8f:bb:5e:3d:78:
                    98:92:6e:a6:4b:5a:ae:0d:27:9d:b1:f2:16:11:61:
                    6d:5b:14:22:f1:bb:41:13:04:b0:ad:21:8b:cc:a8:
                    69:ca:73:bc:65:e3:da:7e:f1:5c:d4:11:35:ca:9d:
                    18:e5:11:58:23:b5:c4:cc:df:7e:87:fa:48:44:d2:
                    c8:52:60:4a:24:0d:eb:b6:34:6f:e2:e9:63:95:03:
                    96:1f:85:97:d0:77:e6:c3:c4:0b:cc:0b:4b:76:cb:
                    0d:92:2d:e8:9d:4d:c6:49:5d:88:ae:69:ee:8c:ec:
                    ff:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:CB:7D:CA:80:FD:80:4D:63:74:7D:D5:30:5F:54:B0:4C:D8:5D:00
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/N8t9yoD9gE1jdH3VMF9UsEzYXQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:db80::/29

    Signature Algorithm: sha256WithRSAEncryption
         d6:66:ed:5f:3a:ae:26:81:5b:fe:0c:f2:57:61:64:b8:e9:51:
         96:e3:a4:1a:28:7e:c3:58:9a:c6:f3:97:be:f5:92:ca:9e:5a:
         d1:f3:8a:15:ff:52:df:8c:1f:d3:4b:50:d1:38:ac:85:b7:c1:
         8a:96:32:64:e7:f6:58:a3:19:dc:dc:29:85:e5:62:61:71:b5:
         e9:a0:ba:b6:24:61:aa:af:84:f0:06:d6:27:3f:32:4c:07:b7:
         bf:3f:04:0e:78:6e:dc:12:77:53:69:98:f3:e2:a5:59:e1:b7:
         5e:8d:60:28:06:05:b9:64:79:17:b2:ed:f9:80:72:cb:77:11:
         44:a3:e1:9b:69:ea:ca:87:e9:21:85:4a:17:39:91:d4:4a:0d:
         f8:b8:71:7f:bc:82:9a:89:1d:80:83:7b:a2:1c:36:8a:d4:11:
         70:09:da:3c:46:8f:c9:20:1c:b0:3c:18:8d:11:12:62:45:1c:
         38:cf:59:e3:c6:ab:3f:2c:90:61:4d:88:ac:1f:ae:c0:77:a6:
         84:dd:c3:53:89:63:04:74:91:66:20:fb:cd:0b:7e:b6:8e:9c:
         94:3f:23:aa:70:6f:c0:8d:d9:c2:69:a3:a5:f9:d6:6b:d4:8c:
         35:33:de:61:13:d1:b6:59:48:f9:e4:be:e6:d4:ee:1a:0a:22:
         71:54:a9:90
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZNYKvNSAImrSF52o1dzoia3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQxMTIzMDgzNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2NiN2RjYTgwZmQ4MDRkNjM3NDdkZDUzMDVmNTRiMDRjZDg1ZDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu28Oyy7tOfIe8eFDJnPy1IO0QO7f
FSwIPbejJetdLr1HY9FQqA+hyABXlVqRmD2ZhkoTFfe4YJr0iuYzSy4ZHqprkDAM
iHsC5T6DCYbNK4d0sqK3If+3Hx5o5SoQm5taksaXmzfMQd5DLfjSLzBNBsw2ESnc
BLBI13+HL7r8STOm7vaL0ijqvsY+jSxbRvrHj7tePXiYkm6mS1quDSedsfIWEWFt
WxQi8btBEwSwrSGLzKhpynO8ZePafvFc1BE1yp0Y5RFYI7XEzN9+h/pIRNLIUmBK
JA3rtjRv4uljlQOWH4WX0Hfmw8QLzAtLdssNki3onU3GSV2IrmnujOz/PQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDfLfcqA/YBNY3R91TBfVLBM2F0AMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvTjh0OXlvRDlnRTFqZEgzVk1GOVVzRXpZWFFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg/bgDAN
BgkqhkiG9w0BAQsFAAOCAQEA1mbtXzquJoFb/gzyV2FkuOlRluOkGih+w1iaxvOX
vvWSyp5a0fOKFf9S34wf00tQ0TishbfBipYyZOf2WKMZ3NwpheViYXG16aC6tiRh
qq+E8AbWJz8yTAe3vz8EDnhu3BJ3U2mY8+KlWeG3Xo1gKAYFuWR5F7Lt+YByy3cR
RKPhm2nqyofpIYVKFzmR1EoN+Lhxf7yCmokdgIN7ohw2itQRcAnaPEaPySAcsDwY
jRESYkUcOM9Z48arPyyQYU2IrB+uwHemhN3DU4ljBHSRZiD7zQt+to6clD8jqnBv
wI3ZwmmjpfnWa9SMNTPeYRPRtllI+eS+5tTuGgoicVSpkA==
-----END CERTIFICATE-----