Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/EZjNPSWNGPVVS-6n9nceVDK7b10.roa
File:                     EZjNPSWNGPVVS-6n9nceVDK7b10.roa (raw, json)
Hash identifier:          oTOngt7eC8fskQ8hkYCSiUXsH5/nE3Q/QEuF616MV/g=
Subject key identifier:   11:98:CD:3D:25:8D:18:F5:55:4B:EE:A7:F6:77:1E:54:32:BB:6F:5D
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A50D99204036D9CFFC226172F1802
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/EZjNPSWNGPVVS-6n9nceVDK7b10.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137909
IP address blocks:        2a06:e881:1600::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:50:d9:92:04:03:6d:9c:ff:c2:26:17:2f:18:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1198cd3d258d18f5554beea7f6771e5432bb6f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:5d:c4:e0:19:e9:76:3f:5f:3c:4c:17:48:15:
                    b9:21:8b:b3:4f:ff:41:f8:59:de:74:3b:86:a0:26:
                    c3:cf:1a:eb:c7:d4:94:54:23:77:d9:65:89:4e:a9:
                    83:26:bc:c0:5b:a9:f6:e7:c0:a8:2a:6e:79:a3:70:
                    12:7d:ac:61:94:f1:51:6a:37:2a:42:05:16:c6:96:
                    73:28:72:03:71:f4:97:d7:67:52:a6:1c:35:53:b6:
                    41:38:e1:46:01:1e:fb:de:84:84:91:bf:72:e6:a7:
                    51:e8:77:61:3a:94:32:21:f8:ca:00:68:f2:37:e4:
                    e9:4f:05:7b:90:23:ad:15:fb:bf:13:93:f8:79:bb:
                    7b:3c:dc:ea:c4:a4:ce:d2:a3:bc:c5:50:df:9b:31:
                    6c:5c:f2:13:e2:a4:54:36:3a:60:e6:d0:2d:ee:3d:
                    1a:01:b4:fc:97:ff:a8:c6:74:27:a6:4f:80:de:80:
                    3f:7a:35:b5:86:2b:4d:90:e2:2b:2f:18:cf:c2:a5:
                    d1:e5:e9:d7:a8:16:51:b0:ba:01:7b:2d:a5:21:b8:
                    ce:84:08:12:51:db:41:c8:c3:f4:55:c6:96:08:1c:
                    1d:8a:7d:40:21:f7:6b:9e:29:1d:6e:cc:77:9d:91:
                    69:d3:7b:c7:7e:7a:d2:d3:37:04:70:a7:9e:65:ac:
                    dc:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:98:CD:3D:25:8D:18:F5:55:4B:EE:A7:F6:77:1E:54:32:BB:6F:5D
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/EZjNPSWNGPVVS-6n9nceVDK7b10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:1600::/44

    Signature Algorithm: sha256WithRSAEncryption
         a8:26:f5:26:47:32:8a:68:7d:35:03:06:25:db:77:88:39:f3:
         ba:8e:1d:43:9c:0e:db:8d:ab:f0:12:d2:42:3a:e9:02:4d:31:
         e3:8f:af:6e:65:72:b5:60:c6:48:90:ad:b3:62:42:45:18:ff:
         ce:1f:a3:66:47:e7:a0:21:e8:3d:8d:80:66:cc:dc:84:03:ba:
         ff:70:35:00:f5:d6:a8:c5:e3:01:9e:9c:88:92:c5:2b:c7:28:
         9a:81:c7:a4:de:a4:01:e7:7c:38:8c:b3:79:78:61:c5:c1:f7:
         09:71:a4:02:06:7b:08:a1:26:5d:43:85:38:44:50:81:7f:16:
         53:08:57:bd:9b:da:cb:0f:5c:a7:a3:fc:fe:8c:8f:07:94:9b:
         a2:e4:41:a8:d0:63:c5:07:c0:c7:68:5a:d1:62:30:49:a0:6c:
         89:dc:ae:a0:20:20:45:8f:8c:d4:bf:d8:5c:4c:aa:25:32:77:
         28:3e:d9:c3:2f:a4:b9:a2:0e:2c:0d:a7:a6:05:6d:78:aa:0c:
         b0:32:35:dc:ae:2d:73:78:57:f6:fc:68:b1:69:d0:91:28:8a:
         b5:0f:f9:a7:ef:4c:c5:55:d5:4e:3f:45:a1:ec:fd:7c:31:c1:
         dc:41:97:96:5d:0d:7a:eb:54:26:fb:68:d3:15:38:9f:d0:50:
         93:c9:bd:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKlDZkgQDbZz/wiYXLxgCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTk4Y2QzZDI1OGQxOGY1NTU0YmVlYTdmNjc3MWU1NDMyYmI2ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh13E4Bnpdj9fPEwXSBW5IYuzT/9B
+FnedDuGoCbDzxrrx9SUVCN32WWJTqmDJrzAW6n258CoKm55o3ASfaxhlPFRajcq
QgUWxpZzKHIDcfSX12dSphw1U7ZBOOFGAR773oSEkb9y5qdR6HdhOpQyIfjKAGjy
N+TpTwV7kCOtFfu/E5P4ebt7PNzqxKTO0qO8xVDfmzFsXPIT4qRUNjpg5tAt7j0a
AbT8l/+oxnQnpk+A3oA/ejW1hitNkOIrLxjPwqXR5enXqBZRsLoBey2lIbjOhAgS
UdtByMP0VcaWCBwdin1AIfdrnikdbsx3nZFp03vHfnrS0zcEcKeeZazczQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBGYzT0ljRj1VUvup/Z3HlQyu29dMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvRVpqTlBTV05HUFZWUy02bjluY2VWREs3YjEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbogRYA
MA0GCSqGSIb3DQEBCwUAA4IBAQCoJvUmRzKKaH01AwYl23eIOfO6jh1DnA7bjavw
EtJCOukCTTHjj69uZXK1YMZIkK2zYkJFGP/OH6NmR+egIeg9jYBmzNyEA7r/cDUA
9daoxeMBnpyIksUrxyiagcek3qQB53w4jLN5eGHFwfcJcaQCBnsIoSZdQ4U4RFCB
fxZTCFe9m9rLD1yno/z+jI8HlJui5EGo0GPFB8DHaFrRYjBJoGyJ3K6gICBFj4zU
v9hcTKolMncoPtnDL6S5og4sDaemBW14qgywMjXcri1zeFf2/GixadCRKIq1D/mn
70zFVdVOP0Wh7P18McHcQZeWXQ1661Qm+2jTFTif0FCTyb0N
-----END CERTIFICATE-----