Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/cA8AmP9V4ZSyl9h6GuuHAhvaOjQ.roa
File:                     cA8AmP9V4ZSyl9h6GuuHAhvaOjQ.roa (raw, json)
Hash identifier:          MJmzqvkWXA6PsO6NPhu5H6ZbcPzMgGv17dSYyd5Lgz8=
Subject key identifier:   70:0F:00:98:FF:55:E1:94:B2:97:D8:7A:1A:EB:87:02:1B:DA:3A:34
Certificate issuer:       /CN=ee31367df6d1861071c92bae726523326f45ba2a
Certificate serial:       018CC80167313D172BF6BFA6431ED11B8460
Authority key identifier: EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/cA8AmP9V4ZSyl9h6GuuHAhvaOjQ.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207846
IP address blocks:        2a0e:1cc0:9::/48 maxlen: 48
                          2a0e:1cc1:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:67:31:3d:17:2b:f6:bf:a6:43:1e:d1:1b:84:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee31367df6d1861071c92bae726523326f45ba2a
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=700f0098ff55e194b297d87a1aeb87021bda3a34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:bf:1e:cc:67:fb:e1:7f:a9:7a:c8:ff:71:de:
                    52:ec:42:d7:82:00:ba:76:87:52:cf:e3:b2:b6:da:
                    50:ed:70:3a:f2:e3:ee:78:fb:e7:bf:c7:a8:66:72:
                    80:20:7c:ab:f6:1a:51:32:5c:26:b7:03:9b:0d:95:
                    e7:fb:78:20:a3:a1:19:04:a1:4c:a0:61:94:2b:31:
                    e1:ed:88:9e:ab:a4:13:d0:71:40:05:0d:a1:e5:ec:
                    a4:3d:6f:e9:b1:e1:df:9c:0f:5f:58:a4:41:70:b7:
                    9a:fe:c6:c7:00:11:e4:73:0a:82:5f:95:31:1f:2e:
                    83:e4:88:b2:e0:4b:23:5c:47:95:04:ae:d0:a9:b7:
                    eb:bc:6e:63:1f:20:41:9e:b2:fd:4d:06:b6:f6:41:
                    14:d6:a1:40:4b:80:85:de:70:93:06:16:e4:ac:6c:
                    1f:43:98:5b:36:8f:38:b3:2e:71:34:44:15:c9:ef:
                    48:8c:10:84:18:10:f4:3c:c2:bb:f5:d2:53:a7:05:
                    43:7d:a7:70:ce:7c:30:39:c5:11:ac:18:e3:ff:ba:
                    35:92:79:6e:2a:59:48:57:28:78:56:8e:85:4a:d0:
                    7e:55:ba:7f:e6:62:36:da:a7:9f:20:90:a7:6c:6d:
                    0c:ac:ec:b6:8b:35:1b:b2:cb:4b:27:d1:5e:37:67:
                    52:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:0F:00:98:FF:55:E1:94:B2:97:D8:7A:1A:EB:87:02:1B:DA:3A:34
            X509v3 Authority Key Identifier:
                keyid:EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/cA8AmP9V4ZSyl9h6GuuHAhvaOjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1cc0:9::/48
                  2a0e:1cc1:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         dd:69:b9:c7:f0:40:b7:85:58:14:1f:a4:c4:61:55:1d:78:ee:
         35:72:47:42:98:12:8f:0b:cf:c3:e0:55:98:ae:13:1c:11:85:
         66:42:21:4e:bd:2c:39:da:93:02:e8:f5:99:7e:38:90:6f:0f:
         c5:53:a0:e2:e8:45:a4:d4:dc:64:2a:40:89:1b:1a:a3:e8:bd:
         8b:6e:1c:76:30:48:4d:8c:5f:32:e6:ec:76:e8:f9:d5:50:f4:
         83:61:5a:23:cd:35:b0:03:f4:82:b4:dd:9b:88:c3:95:60:44:
         f4:4e:85:ab:ba:b3:23:12:17:50:82:11:08:88:e5:6c:f6:b0:
         54:fe:11:67:56:a4:95:1c:46:26:a2:c5:99:6c:fb:a8:5b:ff:
         cf:90:18:3e:35:15:4d:7c:e4:47:6d:02:26:9d:59:38:a5:31:
         7a:0f:bc:b9:35:c4:a0:82:d8:ba:fa:88:20:a7:2e:0e:ed:13:
         05:f1:24:b7:48:ac:22:af:fe:c2:5e:80:b1:c4:cf:2b:c8:5a:
         f1:cb:6b:d1:e4:9a:54:3e:1f:6b:90:e9:80:b6:37:4e:73:84:
         1b:09:a0:15:11:4e:47:2d:e9:cd:b8:60:94:7b:36:6c:7e:3d:
         a1:ec:06:1a:f7:bd:f3:f7:5f:53:86:48:2b:37:9e:0f:bc:08:
         cc:6d:8a:70
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYzIAWcxPRcr9r+mQx7RG4RgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMzEzNjdkZjZkMTg2MTA3MWM5MmJhZTcyNjUyMzMyNmY0
NWJhMmEwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDBmMDA5OGZmNTVlMTk0YjI5N2Q4N2ExYWViODcwMjFiZGEzYTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhr8ezGf74X+pesj/cd5S7ELXggC6
dodSz+OyttpQ7XA68uPuePvnv8eoZnKAIHyr9hpRMlwmtwObDZXn+3ggo6EZBKFM
oGGUKzHh7Yieq6QT0HFABQ2h5eykPW/pseHfnA9fWKRBcLea/sbHABHkcwqCX5Ux
Hy6D5Iiy4EsjXEeVBK7QqbfrvG5jHyBBnrL9TQa29kEU1qFAS4CF3nCTBhbkrGwf
Q5hbNo84sy5xNEQVye9IjBCEGBD0PMK79dJTpwVDfadwznwwOcURrBjj/7o1knlu
KllIVyh4Vo6FStB+Vbp/5mI22qefIJCnbG0MrOy2izUbsstLJ9FeN2dSuQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFHAPAJj/VeGUspfYehrrhwIb2jo0MB8GA1UdIwQY
MBaAFO4xNn320YYQcckrrnJlIzJvRboqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2It
MTE1OWRiZmJlZDU0LzEvY0E4QW1QOVY0WlN5bDloNkd1dUhBaHZhT2pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2ItMTE1OWRiZmJlZDU0
LzEvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKg4cwAAJ
AwYAKg4cwQEwDQYJKoZIhvcNAQELBQADggEBAN1pucfwQLeFWBQfpMRhVR147jVy
R0KYEo8Lz8PgVZiuExwRhWZCIU69LDnakwLo9Zl+OJBvD8VToOLoRaTU3GQqQIkb
GqPovYtuHHYwSE2MXzLm7Hbo+dVQ9INhWiPNNbAD9IK03ZuIw5VgRPROhau6syMS
F1CCEQiI5Wz2sFT+EWdWpJUcRiaixZls+6hb/8+QGD41FU185EdtAiadWTilMXoP
vLk1xKCC2Lr6iCCnLg7tEwXxJLdIrCKv/sJegLHEzyvIWvHLa9HkmlQ+H2uQ6YC2
N05zhBsJoBURTkct6c24YJR7Nmx+PaHsBhr3vfP3X1OGSCs3ng+8CMxtinA=
-----END CERTIFICATE-----