Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/bOO9l7bJ1THRYR2RSXoaD8fqWY0.roa
File:                     bOO9l7bJ1THRYR2RSXoaD8fqWY0.roa (raw, json)
Hash identifier:          zqlRXPQZ0PUUJSp/4FKSJl64B5z68U8lg9WF2d5tXsU=
Subject key identifier:   6C:E3:BD:97:B6:C9:D5:31:D1:61:1D:91:49:7A:1A:0F:C7:EA:59:8D
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       018CC5DC0D267ACE33F8C205E59A86B62417
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/bOO9l7bJ1THRYR2RSXoaD8fqWY0.roa
Signing time:             Mon 01 Jan 2024 16:29:41 +0000
ROA not before:           Mon 01 Jan 2024 16:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205432
IP address blocks:        2a05:b0c6::/31 maxlen: 31
                          2a05:b0c6::/32 maxlen: 32
                          2a05:b0c6:400::/40 maxlen: 40
                          2a05:b0c7::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:0d:26:7a:ce:33:f8:c2:05:e5:9a:86:b6:24:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Jan  1 16:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ce3bd97b6c9d531d1611d91497a1a0fc7ea598d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:34:e6:32:65:9f:4c:fa:b9:55:36:bb:b4:92:
                    15:8e:15:5b:4d:7d:fe:78:82:5d:e7:fc:ce:66:7c:
                    7b:a0:08:41:c8:09:76:28:f7:da:28:44:03:6d:47:
                    b6:9d:5a:e6:be:11:a3:ec:c5:51:5a:a2:24:0f:ba:
                    2f:6a:d1:95:b7:4e:18:46:d9:01:bd:c5:d4:ea:22:
                    e3:4c:c2:13:f1:88:e4:4f:cb:2a:bf:30:1a:d7:d0:
                    d6:5a:03:34:a8:01:95:b4:4b:f7:d9:d6:a2:1f:14:
                    05:6e:44:7a:c4:b7:b5:bf:95:74:49:14:15:03:5c:
                    14:ab:10:6a:4f:be:e7:07:a5:45:1c:23:06:72:02:
                    2e:9d:8b:87:a1:97:85:de:67:05:2e:c7:8b:98:9f:
                    03:79:ae:bc:36:93:38:98:12:dd:5b:e4:09:0a:4f:
                    c2:10:c6:84:d4:e4:3f:fe:0f:ac:ee:4e:e4:e6:5f:
                    0c:4b:5c:6f:21:73:c6:96:42:51:d6:7d:eb:9b:e5:
                    d8:6c:19:63:2e:fe:43:bd:97:46:94:94:85:46:9e:
                    69:3e:71:4d:1b:dc:3b:99:45:ab:1c:59:2e:9a:34:
                    46:de:3b:f2:5c:59:3d:ce:1c:ff:19:70:5d:e9:28:
                    59:10:54:da:5b:33:73:5c:86:cf:32:fe:d4:13:1d:
                    b8:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E3:BD:97:B6:C9:D5:31:D1:61:1D:91:49:7A:1A:0F:C7:EA:59:8D
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/bOO9l7bJ1THRYR2RSXoaD8fqWY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b0c6::/31

    Signature Algorithm: sha256WithRSAEncryption
         77:62:05:c4:b0:30:cb:60:30:63:aa:10:cc:be:40:b5:15:91:
         4c:05:27:3c:56:bc:eb:12:64:38:da:e7:95:27:b6:51:15:8d:
         71:03:0c:8c:30:4e:21:03:b3:d6:74:cd:5a:15:55:c5:34:94:
         bd:4c:58:03:1a:da:f6:30:50:a4:42:f8:23:5a:d3:10:af:eb:
         c7:23:02:9c:10:f5:27:f6:61:f1:ec:ba:3f:fb:2c:df:7b:ae:
         f3:bb:d2:a2:7e:ec:62:28:80:6a:ab:60:4b:c6:b7:e6:6e:26:
         69:c6:df:bc:42:30:e1:c7:18:80:cd:1b:d1:8a:67:7d:ea:bd:
         48:02:bb:34:ff:10:94:9c:42:80:c9:45:e1:80:85:51:ce:87:
         82:f6:21:0e:81:e2:34:29:23:a5:69:77:b2:83:40:82:dc:99:
         5a:24:77:0d:b6:8b:43:58:ad:15:96:6c:e4:7f:1f:3b:32:53:
         18:76:40:ff:ac:02:9e:f9:4a:a2:bd:5f:42:9f:cb:aa:a2:ec:
         8f:e5:b1:3f:41:88:a8:cf:6b:b5:e0:39:5d:74:40:67:ec:80:
         af:50:73:7f:f3:c6:cf:82:35:46:43:a0:66:80:df:93:32:c1:
         10:2e:25:77:5c:c0:ff:6b:18:a0:22:97:1a:ce:c3:46:47:4f:
         d8:8a:80:01
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF3A0mes4z+MIF5ZqGtiQXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwMTAxMTYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2UzYmQ5N2I2YzlkNTMxZDE2MTFkOTE0OTdhMWEwZmM3ZWE1OThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jTmMmWfTPq5VTa7tJIVjhVbTX3+
eIJd5/zOZnx7oAhByAl2KPfaKEQDbUe2nVrmvhGj7MVRWqIkD7ovatGVt04YRtkB
vcXU6iLjTMIT8YjkT8sqvzAa19DWWgM0qAGVtEv32daiHxQFbkR6xLe1v5V0SRQV
A1wUqxBqT77nB6VFHCMGcgIunYuHoZeF3mcFLseLmJ8Dea68NpM4mBLdW+QJCk/C
EMaE1OQ//g+s7k7k5l8MS1xvIXPGlkJR1n3rm+XYbBljLv5DvZdGlJSFRp5pPnFN
G9w7mUWrHFkumjRG3jvyXFk9zhz/GXBd6ShZEFTaWzNzXIbPMv7UEx24uwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGzjvZe2ydUx0WEdkUl6Gg/H6lmNMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvYk9POWw3YkoxVEhSWVIyUlNYb2FEOGZxV1kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKgWwxjAN
BgkqhkiG9w0BAQsFAAOCAQEAd2IFxLAwy2AwY6oQzL5AtRWRTAUnPFa86xJkONrn
lSe2URWNcQMMjDBOIQOz1nTNWhVVxTSUvUxYAxra9jBQpEL4I1rTEK/rxyMCnBD1
J/Zh8ey6P/ss33uu87vSon7sYiiAaqtgS8a35m4macbfvEIw4ccYgM0b0Ypnfeq9
SAK7NP8QlJxCgMlF4YCFUc6HgvYhDoHiNCkjpWl3soNAgtyZWiR3DbaLQ1itFZZs
5H8fOzJTGHZA/6wCnvlKor1fQp/LqqLsj+WxP0GIqM9rteA5XXRAZ+yAr1Bzf/PG
z4I1RkOgZoDfkzLBEC4ld1zA/2sYoCKXGs7DRkdP2IqAAQ==
-----END CERTIFICATE-----