Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/TD0aSrLNrllwgkA_NWFucjotAqY.roa
File:                     TD0aSrLNrllwgkA_NWFucjotAqY.roa (raw, json)
Hash identifier:          zTQpdcnSDpb2vLnVLynKg4Q+QPlrOGPQyCQz6ygOsbE=
Subject key identifier:   4C:3D:1A:4A:B2:CD:AE:59:70:82:40:3F:35:61:6E:72:3A:2D:02:A6
Certificate issuer:       /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial:       01903AE612722725B762B83A6135932598B6
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/TD0aSrLNrllwgkA_NWFucjotAqY.roa
Signing time:             Fri 21 Jun 2024 13:04:34 +0000
ROA not before:           Fri 21 Jun 2024 13:04:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209235
IP address blocks:        2a09:c0c0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 22:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3a:e6:12:72:27:25:b7:62:b8:3a:61:35:93:25:98:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
        Validity
            Not Before: Jun 21 13:04:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c3d1a4ab2cdae597082403f35616e723a2d02a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:7d:51:2b:41:fa:50:a0:84:84:e8:15:e4:27:
                    50:31:af:e1:1f:15:cb:3a:ac:da:6a:f0:fd:f0:bf:
                    88:32:91:60:3b:ba:4e:eb:25:c9:30:47:e1:52:f2:
                    0e:5a:a0:82:07:00:cc:bf:f4:db:d3:e5:fb:78:d2:
                    79:c0:e8:c9:dd:eb:a0:e3:85:87:8d:7b:d0:19:25:
                    6c:bc:4a:01:d7:24:bf:ef:3a:09:96:ca:8c:ed:2b:
                    66:42:8b:fd:9b:94:8e:9f:36:9b:ca:3d:f2:cd:28:
                    1b:46:b1:68:99:9a:65:5e:dc:ef:49:ae:3f:1f:5b:
                    88:d8:fe:18:21:59:b7:b1:90:8b:55:44:c9:42:92:
                    3f:be:28:6c:d2:12:c7:53:f6:6f:3f:cf:32:a0:b6:
                    c9:93:47:01:97:0a:65:2d:e7:05:97:3a:38:d3:ac:
                    e6:14:ca:76:59:94:f8:db:ee:8a:58:ce:30:7f:09:
                    da:31:ba:ba:1b:22:2a:e5:90:a3:20:4d:3e:05:41:
                    f2:cb:06:3f:61:b8:a2:5e:b0:c8:06:eb:b0:e8:4e:
                    c0:84:f0:73:15:a5:c0:b9:cb:46:7c:bf:ae:b9:3f:
                    5c:fd:cb:c9:1a:9d:2d:b6:89:ef:00:95:48:72:19:
                    f2:3a:0f:13:86:7a:7e:82:ae:20:6e:59:77:da:14:
                    7d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:3D:1A:4A:B2:CD:AE:59:70:82:40:3F:35:61:6E:72:3A:2D:02:A6
            X509v3 Authority Key Identifier:
                keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/TD0aSrLNrllwgkA_NWFucjotAqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:c0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:97:83:23:c4:05:05:42:f6:50:3d:33:88:e4:55:1d:b1:f3:
         5c:e3:24:7f:39:6e:60:0e:50:cd:b6:79:fe:17:04:f7:20:a9:
         62:87:3c:b7:03:1d:c5:0d:71:bb:26:83:5f:52:3e:e3:1b:df:
         16:49:53:86:ac:9b:11:9c:87:bb:04:fe:92:07:a8:d8:c2:ec:
         57:f6:f8:a0:24:b2:b7:f9:a5:a8:45:d9:57:4c:c4:6a:0f:52:
         18:dc:91:09:a0:52:da:76:00:98:fe:39:90:0d:cf:21:bf:d9:
         3a:3e:32:b9:31:b0:e2:81:3a:fa:82:60:bb:8c:4c:91:5b:ee:
         60:45:c6:84:cd:0a:e5:78:ec:9b:3b:6e:21:13:01:64:49:a5:
         ce:4d:56:74:cc:4d:2c:c9:85:a5:40:1c:68:59:b0:5f:f9:0d:
         71:61:84:a9:5e:8c:51:da:40:05:3e:81:13:7e:9c:d1:ff:40:
         ed:4d:a8:bf:c5:64:08:52:43:72:c6:ce:50:b9:7f:10:1e:76:
         c8:1a:03:36:b2:bd:04:6a:25:36:2d:9f:43:1c:03:10:7c:c7:
         10:de:0f:eb:06:44:29:88:6d:0c:5a:89:e7:27:e5:82:e3:b9:
         27:b2:ea:1b:40:9a:fe:b4:23:cc:6f:13:ed:61:72:17:ea:be:
         4a:ba:6c:e4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZA65hJyJyW3Yrg6YTWTJZi2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjQwNjIxMTMwNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzNkMWE0YWIyY2RhZTU5NzA4MjQwM2YzNTYxNmU3MjNhMmQwMmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzH1RK0H6UKCEhOgV5CdQMa/hHxXL
OqzaavD98L+IMpFgO7pO6yXJMEfhUvIOWqCCBwDMv/Tb0+X7eNJ5wOjJ3eug44WH
jXvQGSVsvEoB1yS/7zoJlsqM7StmQov9m5SOnzabyj3yzSgbRrFomZplXtzvSa4/
H1uI2P4YIVm3sZCLVUTJQpI/vihs0hLHU/ZvP88yoLbJk0cBlwplLecFlzo406zm
FMp2WZT42+6KWM4wfwnaMbq6GyIq5ZCjIE0+BUHyywY/YbiiXrDIBuuw6E7AhPBz
FaXAuctGfL+uuT9c/cvJGp0ttonvAJVIchnyOg8Thnp+gq4gbll32hR9ewIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEw9Gkqyza5ZcIJAPzVhbnI6LQKmMB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEvVEQwYVNyTE5ybGx3Z2tBX05XRnVjam90QXFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgnAwDAN
BgkqhkiG9w0BAQsFAAOCAQEAXJeDI8QFBUL2UD0ziORVHbHzXOMkfzluYA5QzbZ5
/hcE9yCpYoc8twMdxQ1xuyaDX1I+4xvfFklThqybEZyHuwT+kgeo2MLsV/b4oCSy
t/mlqEXZV0zEag9SGNyRCaBS2nYAmP45kA3PIb/ZOj4yuTGw4oE6+oJgu4xMkVvu
YEXGhM0K5XjsmztuIRMBZEmlzk1WdMxNLMmFpUAcaFmwX/kNcWGEqV6MUdpABT6B
E36c0f9A7U2ov8VkCFJDcsbOULl/EB52yBoDNrK9BGolNi2fQxwDEHzHEN4P6wZE
KYhtDFqJ5yflguO5J7LqG0Ca/rQjzG8T7WFyF+q+Srps5A==
-----END CERTIFICATE-----