Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/bWyL-RkHVuCQuEOPn-059MYVYvo.roa
File:                     bWyL-RkHVuCQuEOPn-059MYVYvo.roa (raw, json)
Hash identifier:          8Vvk40S0yKVsQ2fXdPgSWBrDvxjs9RU/ghuZQahVdTI=
Subject key identifier:   6D:6C:8B:F9:19:07:56:E0:90:B8:43:8F:9F:ED:39:F4:C6:15:62:FA
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC34899062AC971AC57ED327E2F362906
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/bWyL-RkHVuCQuEOPn-059MYVYvo.roa
Signing time:             Mon 01 Jan 2024 04:29:23 +0000
ROA not before:           Mon 01 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212008
IP address blocks:        2a05:1082::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 20:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:99:06:2a:c9:71:ac:57:ed:32:7e:2f:36:29:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d6c8bf9190756e090b8438f9fed39f4c61562fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:09:dd:92:37:71:a0:03:d0:a3:b7:dc:89:a3:
                    11:65:cc:91:0f:15:34:65:a3:ba:e9:97:59:6b:6c:
                    72:a7:93:66:80:0e:c7:d1:b4:65:31:0a:39:6a:c5:
                    c2:8b:c9:2c:17:9a:69:28:78:97:8d:9a:b6:9e:25:
                    0c:4c:40:6f:b3:b6:ce:2a:31:17:92:af:b4:f3:b9:
                    f0:de:43:76:e7:80:de:40:72:25:df:50:33:5b:34:
                    06:1c:99:fe:a9:d8:c0:d1:91:cb:67:37:c8:d7:77:
                    6f:c5:71:31:34:54:b4:f8:c2:12:5f:49:ca:f8:16:
                    07:fd:23:37:21:0f:c0:52:93:c1:b0:c9:13:d6:d1:
                    98:91:01:80:05:1e:fc:45:bd:05:9d:44:08:5b:1b:
                    21:d9:18:46:38:54:a8:dc:46:7b:66:88:e0:47:bc:
                    c4:5a:75:12:5d:68:69:41:b7:39:57:7c:5e:d4:20:
                    79:54:74:08:f8:45:1e:8f:60:ba:86:10:e5:ed:cb:
                    74:1c:76:57:05:3e:78:3a:ba:0f:00:2c:82:21:b2:
                    c8:b3:c4:45:aa:9a:66:a6:fb:f8:32:2d:27:0a:6e:
                    51:d8:4d:1c:46:d1:67:e6:f8:7f:19:80:78:f1:8e:
                    81:1c:62:67:51:87:c9:92:01:4c:6e:85:c1:93:1c:
                    c2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:6C:8B:F9:19:07:56:E0:90:B8:43:8F:9F:ED:39:F4:C6:15:62:FA
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/bWyL-RkHVuCQuEOPn-059MYVYvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:1082::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:95:9e:c4:c1:0a:ab:80:db:b8:59:92:e1:b5:bc:c6:35:2c:
         8f:ee:ea:12:2d:d9:5e:66:1c:0c:2f:d5:87:50:df:13:45:5a:
         85:b7:2f:42:4e:ed:de:01:d1:86:40:81:e3:8f:e5:61:d5:11:
         20:cf:e7:a5:6d:42:67:eb:1c:35:80:e5:c9:97:24:ec:0d:94:
         db:1a:a0:05:f5:f6:55:0d:75:9c:58:78:51:39:92:0a:5f:0e:
         d2:e7:4a:5c:08:23:67:57:a8:b4:be:7b:6a:91:41:0f:f6:46:
         b4:cb:a9:3d:7f:3e:3d:23:19:2f:63:66:ba:14:80:2a:dd:1b:
         3a:6d:da:66:5a:3f:44:79:ad:37:bf:eb:0c:ab:c1:f9:27:bc:
         f8:ac:d8:2d:62:66:e8:a0:c7:37:25:53:9d:23:6f:c2:3f:63:
         0b:cb:2e:a3:4c:76:ae:87:0e:6d:b6:96:a8:81:c6:ec:25:ed:
         d8:da:4a:58:cf:63:e9:ec:32:33:1b:39:09:94:e6:5b:ae:01:
         3a:f8:01:1e:2a:56:50:01:4c:5e:eb:6c:9f:e9:22:1d:60:18:
         ab:65:cd:4c:f7:41:58:13:2d:ee:f0:5f:e3:66:5c:b2:d2:df:
         89:88:fe:9d:69:53:ad:ce:48:a4:eb:51:c7:9d:74:1d:78:48:
         c6:8a:4e:4e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSJkGKslxrFftMn4vNikGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDZjOGJmOTE5MDc1NmUwOTBiODQzOGY5ZmVkMzlmNGM2MTU2MmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQndkjdxoAPQo7fciaMRZcyRDxU0
ZaO66ZdZa2xyp5NmgA7H0bRlMQo5asXCi8ksF5ppKHiXjZq2niUMTEBvs7bOKjEX
kq+087nw3kN254DeQHIl31AzWzQGHJn+qdjA0ZHLZzfI13dvxXExNFS0+MISX0nK
+BYH/SM3IQ/AUpPBsMkT1tGYkQGABR78Rb0FnUQIWxsh2RhGOFSo3EZ7ZojgR7zE
WnUSXWhpQbc5V3xe1CB5VHQI+EUej2C6hhDl7ct0HHZXBT54OroPACyCIbLIs8RF
qppmpvv4Mi0nCm5R2E0cRtFn5vh/GYB48Y6BHGJnUYfJkgFMboXBkxzC6QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG1si/kZB1bgkLhDj5/tOfTGFWL6MB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvYld5TC1Sa0hWdUNRdUVPUG4tMDU5TVlWWXZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgUQgjAN
BgkqhkiG9w0BAQsFAAOCAQEAd5WexMEKq4DbuFmS4bW8xjUsj+7qEi3ZXmYcDC/V
h1DfE0VahbcvQk7t3gHRhkCB44/lYdURIM/npW1CZ+scNYDlyZck7A2U2xqgBfX2
VQ11nFh4UTmSCl8O0udKXAgjZ1eotL57apFBD/ZGtMupPX8+PSMZL2NmuhSAKt0b
Om3aZlo/RHmtN7/rDKvB+Se8+KzYLWJm6KDHNyVTnSNvwj9jC8suo0x2rocObbaW
qIHG7CXt2NpKWM9j6ewyMxs5CZTmW64BOvgBHipWUAFMXutsn+kiHWAYq2XNTPdB
WBMt7vBf42ZcstLfiYj+nWlTrc5IpOtRx510HXhIxopOTg==
-----END CERTIFICATE-----