Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/8rlaDiP_it2N0vLEvdVXTQMb4b0.roa
File:                     8rlaDiP_it2N0vLEvdVXTQMb4b0.roa (raw, json)
Hash identifier:          lCrip8Nc6vSGAGnSdCD8I+v+Gy/M2qu2ACQDWy8nQS4=
Subject key identifier:   F2:B9:5A:0E:23:FF:8A:DD:8D:D2:F2:C4:BD:D5:57:4D:03:1B:E1:BD
Certificate issuer:       /CN=b2c0bdafadea78dce312f862ddf42b1bd4c4f645
Certificate serial:       018CCA2B622A5B895882964687E6F97EF766
Authority key identifier: B2:C0:BD:AF:AD:EA:78:DC:E3:12:F8:62:DD:F4:2B:1B:D4:C4:F6:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ssC9r63qeNzjEvhi3fQrG9TE9kU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/8rlaDiP_it2N0vLEvdVXTQMb4b0.roa
Signing time:             Tue 02 Jan 2024 12:34:49 +0000
ROA not before:           Tue 02 Jan 2024 12:34:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207459
IP address blocks:        2a10:9f80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/ssC9r63qeNzjEvhi3fQrG9TE9kU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/ssC9r63qeNzjEvhi3fQrG9TE9kU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ssC9r63qeNzjEvhi3fQrG9TE9kU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 06:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:62:2a:5b:89:58:82:96:46:87:e6:f9:7e:f7:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2c0bdafadea78dce312f862ddf42b1bd4c4f645
        Validity
            Not Before: Jan  2 12:34:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2b95a0e23ff8add8dd2f2c4bdd5574d031be1bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ab:6a:d9:a3:85:74:ef:c8:a1:1c:32:c6:25:
                    bf:5a:43:8e:1e:73:4f:bf:38:20:42:da:22:47:e0:
                    7e:52:cb:b8:17:d9:2d:7e:31:de:6d:8d:4b:f6:b6:
                    76:38:f1:12:fb:a1:24:5c:5d:bf:ad:c1:6c:7e:31:
                    13:10:9f:30:93:ce:68:83:e5:14:ab:00:61:dd:34:
                    6c:f0:b2:dd:5a:9d:44:90:d0:53:c4:cc:11:52:2d:
                    28:b9:03:36:32:0d:03:d7:16:9e:01:78:6c:e1:0a:
                    80:f4:07:cd:1f:d3:e1:4a:6a:fc:69:84:74:f7:75:
                    ea:49:5e:ae:3c:22:c7:29:8c:4b:f0:13:b1:72:d2:
                    ae:08:18:f9:db:63:fe:07:e0:aa:28:ef:fb:3c:46:
                    62:08:5d:35:8c:dc:47:2d:3e:4b:68:08:2d:98:2e:
                    1e:2b:30:1a:3e:16:08:56:40:65:de:35:07:bb:80:
                    40:f1:05:d2:4d:b3:b7:8c:1f:6b:ef:1a:34:29:e7:
                    07:8f:2f:fc:94:3c:6b:ba:66:20:37:b3:fa:3f:ba:
                    f0:91:5c:a7:35:bb:d4:23:cb:c4:63:8b:f9:f0:29:
                    12:f1:e5:08:6e:63:2a:9a:3e:33:5c:4a:3e:64:c7:
                    94:9f:f4:bd:8c:06:81:e0:c8:c8:52:43:43:9b:70:
                    87:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:B9:5A:0E:23:FF:8A:DD:8D:D2:F2:C4:BD:D5:57:4D:03:1B:E1:BD
            X509v3 Authority Key Identifier:
                keyid:B2:C0:BD:AF:AD:EA:78:DC:E3:12:F8:62:DD:F4:2B:1B:D4:C4:F6:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ssC9r63qeNzjEvhi3fQrG9TE9kU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/8rlaDiP_it2N0vLEvdVXTQMb4b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/1f3712-cf2c-486e-95b3-fcc336eed8d7/1/ssC9r63qeNzjEvhi3fQrG9TE9kU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:9f80::/32

    Signature Algorithm: sha256WithRSAEncryption
         94:47:b0:e9:37:f4:4d:7f:21:b8:6a:6e:7f:43:81:46:2d:ef:
         f7:5d:10:b4:07:ab:0f:79:63:f9:be:12:0b:eb:c1:23:46:20:
         2a:08:db:41:af:9f:b8:16:46:93:c7:5f:62:c5:6a:fd:41:2b:
         47:52:8b:2f:10:c9:a3:16:58:4d:8a:4c:83:63:c4:07:69:53:
         c5:d0:bc:af:b7:da:3e:fc:26:51:4b:e8:c1:01:95:67:3d:c4:
         d5:f0:a7:32:16:d8:3e:34:e7:45:32:b0:c9:07:96:7e:09:45:
         95:39:d3:7d:71:e1:4e:09:b9:63:61:31:bd:c1:4b:4f:69:f6:
         bc:c7:c6:d8:4d:58:ac:71:56:2e:7d:dc:63:dc:61:f9:8f:81:
         b2:b6:d5:75:00:dc:f3:d0:d0:a4:85:43:98:ad:9c:c1:10:85:
         15:6a:3b:a1:b8:09:6a:3e:40:07:0d:b3:cd:35:f1:a7:3b:10:
         06:4c:2e:2d:1f:dd:da:da:11:ee:bc:c7:2b:28:1e:cf:0f:e8:
         2e:fd:3b:3c:3c:7b:fb:36:69:1a:a6:7d:87:50:11:73:89:38:
         f5:ee:ab:dc:26:36:d0:db:ab:9a:7d:4f:90:88:cc:c5:e5:f5:
         52:bf:91:3c:a0:12:da:9d:56:03:fe:05:60:d5:92:af:c9:e6:
         bc:78:7a:82
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKK2IqW4lYgpZGh+b5fvdmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYzBiZGFmYWRlYTc4ZGNlMzEyZjg2MmRkZjQyYjFiZDRj
NGY2NDUwHhcNMjQwMTAyMTIzNDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmI5NWEwZTIzZmY4YWRkOGRkMmYyYzRiZGQ1NTc0ZDAzMWJlMWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6tq2aOFdO/IoRwyxiW/WkOOHnNP
vzggQtoiR+B+Usu4F9ktfjHebY1L9rZ2OPES+6EkXF2/rcFsfjETEJ8wk85og+UU
qwBh3TRs8LLdWp1EkNBTxMwRUi0ouQM2Mg0D1xaeAXhs4QqA9AfNH9PhSmr8aYR0
93XqSV6uPCLHKYxL8BOxctKuCBj522P+B+CqKO/7PEZiCF01jNxHLT5LaAgtmC4e
KzAaPhYIVkBl3jUHu4BA8QXSTbO3jB9r7xo0KecHjy/8lDxrumYgN7P6P7rwkVyn
NbvUI8vEY4v58CkS8eUIbmMqmj4zXEo+ZMeUn/S9jAaB4MjIUkNDm3CHxwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPK5Wg4j/4rdjdLyxL3VV00DG+G9MB8GA1UdIwQY
MBaAFLLAva+t6njc4xL4Yt30KxvUxPZFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3NDOXI2M3FlTnpqRXZoaTNmUXJHOVRFOWtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8xZjM3MTItY2YyYy00ODZlLTk1YjMt
ZmNjMzM2ZWVkOGQ3LzEvOHJsYURpUF9pdDJOMHZMRXZkVlhUUU1iNGIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8xZjM3MTItY2YyYy00ODZlLTk1YjMtZmNjMzM2ZWVkOGQ3
LzEvc3NDOXI2M3FlTnpqRXZoaTNmUXJHOVRFOWtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhCfgDAN
BgkqhkiG9w0BAQsFAAOCAQEAlEew6Tf0TX8huGpuf0OBRi3v910QtAerD3lj+b4S
C+vBI0YgKgjbQa+fuBZGk8dfYsVq/UErR1KLLxDJoxZYTYpMg2PEB2lTxdC8r7fa
PvwmUUvowQGVZz3E1fCnMhbYPjTnRTKwyQeWfglFlTnTfXHhTgm5Y2ExvcFLT2n2
vMfG2E1YrHFWLn3cY9xh+Y+BsrbVdQDc89DQpIVDmK2cwRCFFWo7obgJaj5ABw2z
zTXxpzsQBkwuLR/d2toR7rzHKygezw/oLv07PDx7+zZpGqZ9h1ARc4k49e6r3CY2
0Nurmn1PkIjMxeX1Ur+RPKAS2p1WA/4FYNWSr8nmvHh6gg==
-----END CERTIFICATE-----