Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/R2W8Nq6246WMpjEyUKm_NsQAx6k.roa
File:                     R2W8Nq6246WMpjEyUKm_NsQAx6k.roa (raw, json)
Hash identifier:          Vp/uLLgwcLbp7RDu9MXrJ+hFhcQuNqcxTWIXP0ukL5k=
Subject key identifier:   47:65:BC:36:AE:B6:E3:A5:8C:A6:31:32:50:A9:BF:36:C4:00:C7:A9
Certificate issuer:       /CN=e1e8f41f6b02b93f85d1a7b48b48cfa322f088f8
Certificate serial:       018CC801538FB18C71582F1EECA645DB0EEF
Authority key identifier: E1:E8:F4:1F:6B:02:B9:3F:85:D1:A7:B4:8B:48:CF:A3:22:F0:88:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4ej0H2sCuT-F0ae0i0jPoyLwiPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/R2W8Nq6246WMpjEyUKm_NsQAx6k.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8990
IP address blocks:        2a01:7d80:a000::/35 maxlen: 35
                          2a01:7d80:2000::/35 maxlen: 35

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/4ej0H2sCuT-F0ae0i0jPoyLwiPg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/4ej0H2sCuT-F0ae0i0jPoyLwiPg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4ej0H2sCuT-F0ae0i0jPoyLwiPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:53:8f:b1:8c:71:58:2f:1e:ec:a6:45:db:0e:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1e8f41f6b02b93f85d1a7b48b48cfa322f088f8
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4765bc36aeb6e3a58ca6313250a9bf36c400c7a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:61:be:77:9f:65:c8:69:c2:76:69:d3:52:dd:
                    ef:8b:dc:f7:8b:cc:c2:4b:0f:61:ae:f1:7c:5d:ca:
                    d9:4f:f4:9d:76:23:3d:2a:6b:41:7e:6d:30:80:d4:
                    5f:97:25:25:f6:7c:62:20:25:ef:4d:08:22:ae:09:
                    fc:d3:09:ff:17:8e:13:b1:8b:89:1f:f0:f8:b6:90:
                    9a:4d:f8:10:59:97:58:2a:cf:4f:a3:2b:0b:55:60:
                    da:0e:5b:09:eb:aa:fa:9d:f1:94:50:60:5b:31:72:
                    ff:fc:76:30:ae:37:bc:7d:a7:c0:e0:1c:c9:f0:99:
                    b4:7e:31:4e:8c:27:a6:b2:9b:3d:f4:0b:60:e9:05:
                    70:85:1c:09:8f:32:de:28:fa:75:34:ba:82:fa:67:
                    1b:15:46:a1:b2:1f:b7:fd:8c:b1:1d:e2:2f:8c:94:
                    9c:f8:dd:38:f3:67:28:48:0c:bd:31:b7:ad:18:73:
                    eb:4a:0b:13:3b:68:fd:3d:0d:cb:f2:dc:1b:70:6b:
                    b7:8d:13:c0:9f:9a:bf:68:1f:d1:2c:ac:0b:77:f1:
                    cb:6e:e6:da:bf:35:b2:c3:db:40:f9:e5:00:c8:d3:
                    92:e9:01:b8:a7:22:21:a0:aa:1e:95:38:e6:c0:0d:
                    e9:10:54:1d:7e:b6:57:6e:12:54:ae:a7:12:9b:93:
                    1c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:65:BC:36:AE:B6:E3:A5:8C:A6:31:32:50:A9:BF:36:C4:00:C7:A9
            X509v3 Authority Key Identifier:
                keyid:E1:E8:F4:1F:6B:02:B9:3F:85:D1:A7:B4:8B:48:CF:A3:22:F0:88:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4ej0H2sCuT-F0ae0i0jPoyLwiPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/R2W8Nq6246WMpjEyUKm_NsQAx6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/4ej0H2sCuT-F0ae0i0jPoyLwiPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:7d80:2000::/35
                  2a01:7d80:a000::/35

    Signature Algorithm: sha256WithRSAEncryption
         0a:1c:74:83:7e:05:3e:9a:8a:4a:39:83:00:e3:0c:ed:ff:37:
         4f:a9:d3:38:50:b1:5b:27:48:c7:ab:34:c0:39:65:05:a5:d2:
         21:8f:d6:b1:f9:ce:20:97:24:d7:4c:cf:8b:7f:54:78:32:76:
         80:db:f3:25:33:84:c9:9b:cd:45:09:94:0f:d2:d6:38:90:b2:
         59:1b:35:fb:cc:f3:ed:87:db:7d:f4:97:20:66:d4:8c:28:f2:
         f8:a3:a1:99:5f:9a:eb:05:a9:55:f6:9c:b2:1d:8a:51:90:94:
         bf:25:ac:36:5f:12:16:f5:89:40:e9:2a:ed:03:a6:83:d8:dc:
         fe:93:0b:9a:d7:1c:5c:21:9d:0d:cf:f0:e0:ed:91:e9:71:90:
         65:93:36:9c:b1:3d:f1:eb:f1:59:67:db:21:ba:2a:8e:d9:7c:
         a2:10:0e:77:6a:51:8d:88:69:d4:f7:54:f5:f1:93:20:02:c8:
         94:de:ac:b6:a2:0d:6e:74:10:7f:14:91:08:e6:09:f5:d1:26:
         a0:e4:e0:7e:f4:00:d6:83:b8:32:29:98:06:f1:86:a9:25:04:
         2c:fa:40:45:ef:fd:ba:94:f2:eb:47:99:51:5b:2b:ec:ea:b7:
         87:4a:d4:60:36:04:34:49:a1:08:09:5b:e9:c6:a2:56:74:39:
         dc:55:99:e7
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYzIAVOPsYxxWC8e7KZF2w7vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZThmNDFmNmIwMmI5M2Y4NWQxYTdiNDhiNDhjZmEzMjJm
MDg4ZjgwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzY1YmMzNmFlYjZlM2E1OGNhNjMxMzI1MGE5YmYzNmM0MDBjN2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmG+d59lyGnCdmnTUt3vi9z3i8zC
Sw9hrvF8XcrZT/SddiM9KmtBfm0wgNRflyUl9nxiICXvTQgirgn80wn/F44TsYuJ
H/D4tpCaTfgQWZdYKs9PoysLVWDaDlsJ66r6nfGUUGBbMXL//HYwrje8fafA4BzJ
8Jm0fjFOjCemsps99Atg6QVwhRwJjzLeKPp1NLqC+mcbFUahsh+3/YyxHeIvjJSc
+N0482coSAy9MbetGHPrSgsTO2j9PQ3L8twbcGu3jRPAn5q/aB/RLKwLd/HLbuba
vzWyw9tA+eUAyNOS6QG4pyIhoKoelTjmwA3pEFQdfrZXbhJUrqcSm5MckwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFEdlvDautuOljKYxMlCpvzbEAMepMB8GA1UdIwQY
MBaAFOHo9B9rArk/hdGntItIz6Mi8Ij4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGVqMEgyc0N1VC1GMGFlMGkwalBveUx3aVBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85YmE5NDAtMDA3OC00ZmQwLWFmZGUt
NTM3YTJiMGI0ZGRhLzEvUjJXOE5xNjI0NldNcGpFeVVLbV9Oc1FBeDZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85YmE5NDAtMDA3OC00ZmQwLWFmZGUtNTM3YTJiMGI0ZGRh
LzEvNGVqMEgyc0N1VC1GMGFlMGkwalBveUx3aVBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYFKgF9gCAD
BgUqAX2AoDANBgkqhkiG9w0BAQsFAAOCAQEAChx0g34FPpqKSjmDAOMM7f83T6nT
OFCxWydIx6s0wDllBaXSIY/WsfnOIJck10zPi39UeDJ2gNvzJTOEyZvNRQmUD9LW
OJCyWRs1+8zz7YfbffSXIGbUjCjy+KOhmV+a6wWpVfacsh2KUZCUvyWsNl8SFvWJ
QOkq7QOmg9jc/pMLmtccXCGdDc/w4O2R6XGQZZM2nLE98evxWWfbIboqjtl8ohAO
d2pRjYhp1PdU9fGTIALIlN6stqINbnQQfxSRCOYJ9dEmoOTgfvQA1oO4MimYBvGG
qSUELPpARe/9upTy60eZUVsr7Oq3h0rUYDYENEmhCAlb6caiVnQ53FWZ5w==
-----END CERTIFICATE-----