Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/2AEW19bdoSxd4y98JVksbLqRp-4.roa
File:                     2AEW19bdoSxd4y98JVksbLqRp-4.roa (raw, json)
Hash identifier:          XVt7+rROxym1n3iFPnlvkZ3fCknAeLjK+VqzFKULh2E=
Subject key identifier:   D8:01:16:D7:D6:DD:A1:2C:5D:E3:2F:7C:25:59:2C:6C:BA:91:A7:EE
Certificate issuer:       /CN=b0f619ef200840dfa8fd43567c7a978c15312d7f
Certificate serial:       018CC79474C34C274860E6523C04BEA8A6F4
Authority key identifier: B0:F6:19:EF:20:08:40:DF:A8:FD:43:56:7C:7A:97:8C:15:31:2D:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/2AEW19bdoSxd4y98JVksbLqRp-4.roa
Signing time:             Tue 02 Jan 2024 00:30:44 +0000
ROA not before:           Tue 02 Jan 2024 00:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        2a0a:f581::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:74:c3:4c:27:48:60:e6:52:3c:04:be:a8:a6:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0f619ef200840dfa8fd43567c7a978c15312d7f
        Validity
            Not Before: Jan  2 00:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d80116d7d6dda12c5de32f7c25592c6cba91a7ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:bd:37:1b:62:18:f1:4b:bc:b3:42:7f:a6:19:
                    16:f1:2d:f2:23:70:28:db:cb:90:94:33:73:d2:b6:
                    7e:89:59:0d:d0:87:19:a3:da:03:c8:72:66:c0:aa:
                    d5:8a:13:2d:29:c5:45:31:f3:6a:f6:5b:34:9a:57:
                    f5:29:f0:c6:ba:2a:9c:ae:48:69:af:84:57:d0:bf:
                    94:a7:b0:db:bf:b4:85:39:af:d1:cd:4c:61:bb:47:
                    d1:38:1b:8f:59:c7:b4:5f:eb:f9:0f:16:88:82:c9:
                    19:5d:73:97:16:6b:9b:4c:fe:04:da:fb:40:cd:0a:
                    53:68:69:24:dd:61:6d:5f:e8:3b:a6:05:4c:8e:8a:
                    08:44:b8:ba:2c:0a:ae:17:06:cb:ee:51:6c:ac:f0:
                    a7:34:6f:a7:3a:80:d5:05:21:8f:dd:b8:5d:20:bc:
                    9d:67:80:22:b8:b8:18:9e:e5:99:c4:65:59:75:d2:
                    41:1d:cf:ab:34:d8:01:cf:38:f5:ec:23:69:f5:cb:
                    98:43:cf:91:b9:3e:07:3a:a7:e6:6d:da:42:05:13:
                    7e:6f:18:5c:40:64:4b:d5:71:b4:82:e5:7a:cb:ef:
                    40:7b:f8:93:91:2e:ac:8a:d4:e0:4d:13:d7:af:55:
                    4e:80:8f:bd:ac:71:50:a7:ba:b9:fe:12:33:02:a2:
                    d6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:01:16:D7:D6:DD:A1:2C:5D:E3:2F:7C:25:59:2C:6C:BA:91:A7:EE
            X509v3 Authority Key Identifier:
                keyid:B0:F6:19:EF:20:08:40:DF:A8:FD:43:56:7C:7A:97:8C:15:31:2D:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/2AEW19bdoSxd4y98JVksbLqRp-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:f581::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:32:d6:74:85:76:98:d2:64:f9:49:0c:76:0d:0c:a3:69:a8:
         81:d7:ea:ab:a8:a5:7d:25:1b:26:45:8b:ac:93:b6:e4:77:83:
         70:fe:91:46:88:fc:6f:ec:8a:f4:13:d1:4a:bb:1a:10:31:8b:
         27:31:45:a7:20:f8:2a:3c:4a:22:35:f1:6f:62:c2:b8:5f:90:
         70:84:74:9e:d7:7b:a2:bc:53:6c:39:b8:33:ee:9b:9f:e3:be:
         54:9b:cf:10:0d:52:de:23:7d:e7:ad:57:26:9a:52:1b:04:bb:
         f9:25:a3:ea:ca:bc:4c:1b:c2:40:81:31:90:38:5e:1b:c6:00:
         04:97:f1:73:d2:a2:d6:5e:60:06:3a:54:ad:09:ae:b3:cf:fd:
         d8:40:61:24:2b:0e:24:32:1d:93:0d:c6:c9:5e:55:09:22:7d:
         bd:ca:c0:1d:30:4b:1b:37:d9:7a:94:c0:ba:d4:0e:90:ed:33:
         c0:4b:d1:35:05:a4:7f:63:d5:aa:39:dd:16:b6:18:d1:87:fa:
         e2:a6:7b:7a:e4:13:29:88:09:0e:88:37:23:9f:43:22:cf:6d:
         84:b5:ce:de:a5:5b:b4:d6:64:74:2a:94:af:c0:71:2d:1b:f2:
         63:a8:25:4f:9a:b1:f7:a0:7a:6a:b9:cc:d2:90:4e:c0:2a:33:
         8c:46:02:31
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlHTDTCdIYOZSPAS+qKb0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwZjYxOWVmMjAwODQwZGZhOGZkNDM1NjdjN2E5NzhjMTUz
MTJkN2YwHhcNMjQwMTAyMDAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODAxMTZkN2Q2ZGRhMTJjNWRlMzJmN2MyNTU5MmM2Y2JhOTFhN2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAir03G2IY8Uu8s0J/phkW8S3yI3Ao
28uQlDNz0rZ+iVkN0IcZo9oDyHJmwKrVihMtKcVFMfNq9ls0mlf1KfDGuiqcrkhp
r4RX0L+Up7Dbv7SFOa/RzUxhu0fROBuPWce0X+v5DxaIgskZXXOXFmubTP4E2vtA
zQpTaGkk3WFtX+g7pgVMjooIRLi6LAquFwbL7lFsrPCnNG+nOoDVBSGP3bhdILyd
Z4AiuLgYnuWZxGVZddJBHc+rNNgBzzj17CNp9cuYQ8+RuT4HOqfmbdpCBRN+bxhc
QGRL1XG0guV6y+9Ae/iTkS6sitTgTRPXr1VOgI+9rHFQp7q5/hIzAqLWdwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNgBFtfW3aEsXeMvfCVZLGy6kafuMB8GA1UdIwQY
MBaAFLD2Ge8gCEDfqP1DVnx6l4wVMS1/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1BZWjd5QUlRTi1vX1VOV2ZIcVhqQlV4TFg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wZTE4ZDItZDgwYi00YWEwLWFhZWYt
MDY5NjYxNjc1MTA2LzEvMkFFVzE5YmRvU3hkNHk5OEpWa3NiTHFScC00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wZTE4ZDItZDgwYi00YWEwLWFhZWYtMDY5NjYxNjc1MTA2
LzEvc1BZWjd5QUlRTi1vX1VOV2ZIcVhqQlV4TFg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgr1gTAN
BgkqhkiG9w0BAQsFAAOCAQEAKjLWdIV2mNJk+UkMdg0Mo2mogdfqq6ilfSUbJkWL
rJO25HeDcP6RRoj8b+yK9BPRSrsaEDGLJzFFpyD4KjxKIjXxb2LCuF+QcIR0ntd7
orxTbDm4M+6bn+O+VJvPEA1S3iN9561XJppSGwS7+SWj6sq8TBvCQIExkDheG8YA
BJfxc9Ki1l5gBjpUrQmus8/92EBhJCsOJDIdkw3GyV5VCSJ9vcrAHTBLGzfZepTA
utQOkO0zwEvRNQWkf2PVqjndFrYY0Yf64qZ7euQTKYgJDog3I59DIs9thLXO3qVb
tNZkdCqUr8BxLRvyY6glT5qx96B6arnM0pBOwCozjEYCMQ==
-----END CERTIFICATE-----