Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/Zouv1hLQdDMasxP0oUDJ7U6hCoM.roa
File:                     Zouv1hLQdDMasxP0oUDJ7U6hCoM.roa (raw, json)
Hash identifier:          A07pntAkAtGcNlmErF6oFdLrg8LX3MQGvHJ2nrcJGiU=
Subject key identifier:   66:8B:AF:D6:12:D0:74:33:1A:B3:13:F4:A1:40:C9:ED:4E:A1:0A:83
Certificate issuer:       /CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
Certificate serial:       018F291832E732B69E4018CE3FF4DB774DDE
Authority key identifier: EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/Zouv1hLQdDMasxP0oUDJ7U6hCoM.roa
Signing time:             Mon 29 Apr 2024 09:03:22 +0000
ROA not before:           Mon 29 Apr 2024 09:03:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204093
IP address blocks:        2a0a:db80::/29 maxlen: 40
                          2a0a:db80:f00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 13:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:29:18:32:e7:32:b6:9e:40:18:ce:3f:f4:db:77:4d:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
        Validity
            Not Before: Apr 29 09:03:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=668bafd612d074331ab313f4a140c9ed4ea10a83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c4:43:cf:18:15:a2:63:9b:9d:d8:c0:39:94:
                    bf:8a:85:36:fa:63:4e:f4:ee:3c:ae:30:80:99:d2:
                    39:7c:7d:27:68:b6:9d:a6:81:4b:13:ea:14:a3:9c:
                    9a:a7:87:86:30:af:c2:f8:21:17:94:d5:99:17:92:
                    4b:c2:72:01:51:f9:75:65:df:86:fd:eb:68:02:94:
                    1b:35:87:5b:84:62:3b:2c:3f:e9:47:8f:8f:38:45:
                    6f:1b:73:49:77:32:02:38:2c:0e:c7:2c:82:bd:2f:
                    b3:1b:9b:f8:bb:db:66:65:b6:3f:ca:c5:ed:e5:6c:
                    e5:ee:01:a4:4c:78:4d:27:65:13:11:64:79:1f:86:
                    ea:34:b2:c0:ac:1d:b9:ec:a3:75:d2:1e:d4:73:e9:
                    a1:79:9f:12:f9:b6:8e:cb:ed:84:32:95:e9:a8:1d:
                    2c:f1:4c:fd:5f:ee:d1:0e:c2:3e:5e:d0:92:f1:71:
                    c5:28:a4:a5:e7:d3:aa:41:0c:ef:fd:2f:42:ed:c2:
                    0a:40:11:1c:2a:5e:eb:16:82:e2:49:58:03:57:ac:
                    3c:d8:72:8b:9b:50:63:7c:d6:d7:ce:de:36:00:d9:
                    c7:1f:77:54:1d:18:18:7b:c6:1c:82:c0:63:96:e0:
                    9d:e7:47:ca:55:d7:9a:82:0b:bc:d1:2d:8d:91:a9:
                    c3:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:8B:AF:D6:12:D0:74:33:1A:B3:13:F4:A1:40:C9:ED:4E:A1:0A:83
            X509v3 Authority Key Identifier:
                keyid:EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/Zouv1hLQdDMasxP0oUDJ7U6hCoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:db80::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:dd:bb:b0:2c:39:ff:27:b3:57:61:98:83:22:b0:ba:ae:7a:
         10:07:17:33:86:26:7c:56:9e:79:09:7a:ea:50:7b:08:fb:a4:
         d7:d5:22:26:12:8f:33:0c:85:cc:03:b8:e6:11:df:af:bb:44:
         96:79:6e:0e:3b:1c:80:ff:f7:d1:b0:ea:32:68:c6:34:87:ab:
         6f:a3:32:d9:f7:e7:35:01:35:7c:2c:6f:b3:35:d3:3b:35:a2:
         68:1c:5e:79:df:5a:9a:c3:ba:47:5d:bc:37:bf:14:d0:f1:aa:
         82:79:04:bf:39:2a:f8:15:9b:18:08:50:04:66:c6:96:36:62:
         9e:7a:1e:8a:5c:ce:6a:d1:ff:0d:5b:3f:bc:f6:a6:78:6c:3e:
         65:aa:55:76:0d:90:ea:44:56:c0:89:f0:5b:ff:36:bc:bb:d7:
         1e:aa:77:50:47:b9:d1:c0:5b:3c:7d:49:21:6a:ec:65:7c:3e:
         be:33:72:c1:64:4d:38:76:94:7b:06:aa:eb:30:6b:87:61:fe:
         83:6d:c1:ae:1b:0d:a8:8a:b3:95:34:18:ac:2a:b7:f6:f3:98:
         65:96:23:07:d7:77:41:87:91:76:b8:34:8a:36:b1:34:74:06:
         7b:7f:09:52:2c:88:49:3b:cf:9a:26:6f:aa:fd:d9:ab:4f:80:
         91:87:ec:41
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8pGDLnMraeQBjOP/Tbd03eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNmI0MjAyMTg4NmQ4ZWVkYmFlOTBkOWU2YWIxZGU1MzNj
NTBkMjAwHhcNMjQwNDI5MDkwMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjhiYWZkNjEyZDA3NDMzMWFiMzEzZjRhMTQwYzllZDRlYTEwYTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscRDzxgVomObndjAOZS/ioU2+mNO
9O48rjCAmdI5fH0naLadpoFLE+oUo5yap4eGMK/C+CEXlNWZF5JLwnIBUfl1Zd+G
/etoApQbNYdbhGI7LD/pR4+POEVvG3NJdzICOCwOxyyCvS+zG5v4u9tmZbY/ysXt
5Wzl7gGkTHhNJ2UTEWR5H4bqNLLArB257KN10h7Uc+mheZ8S+baOy+2EMpXpqB0s
8Uz9X+7RDsI+XtCS8XHFKKSl59OqQQzv/S9C7cIKQBEcKl7rFoLiSVgDV6w82HKL
m1BjfNbXzt42ANnHH3dUHRgYe8YcgsBjluCd50fKVdeaggu80S2NkanDHQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGaLr9YS0HQzGrMT9KFAye1OoQqDMB8GA1UdIwQY
MBaAFOxrQgIYhtju266Q2earHeUzxQ0gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQt
YTY4NzNiMzc0ZTI2LzEvWm91djFoTFFkRE1hc3hQMG9VREo3VTZoQ29NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQtYTY4NzNiMzc0ZTI2
LzEvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgrbgDAN
BgkqhkiG9w0BAQsFAAOCAQEAB927sCw5/yezV2GYgyKwuq56EAcXM4YmfFaeeQl6
6lB7CPuk19UiJhKPMwyFzAO45hHfr7tElnluDjscgP/30bDqMmjGNIerb6My2ffn
NQE1fCxvszXTOzWiaBxeed9amsO6R128N78U0PGqgnkEvzkq+BWbGAhQBGbGljZi
nnoeilzOatH/DVs/vPameGw+ZapVdg2Q6kRWwInwW/82vLvXHqp3UEe50cBbPH1J
IWrsZXw+vjNywWRNOHaUewaq6zBrh2H+g23BrhsNqIqzlTQYrCq39vOYZZYjB9d3
QYeRdrg0ijaxNHQGe38JUiyISTvPmiZvqv3Zq0+AkYfsQQ==
-----END CERTIFICATE-----