Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/HbLAQbzVxP7NmSfU2BWocHcWgH8.roa
File:                     HbLAQbzVxP7NmSfU2BWocHcWgH8.roa (raw, json)
Hash identifier:          uCmZLzSEDv1OrOb7ivl+q/7XaqHFErxgOfRa8TR/fjM=
Subject key identifier:   1D:B2:C0:41:BC:D5:C4:FE:CD:99:27:D4:D8:15:A8:70:77:16:80:7F
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A4F4B3AE1E8490CD11CF449F3DC67
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/HbLAQbzVxP7NmSfU2BWocHcWgH8.roa
Signing time:             Tue 02 Jan 2024 12:33:39 +0000
ROA not before:           Tue 02 Jan 2024 12:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53667
IP address blocks:        2a06:e881:9100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 02:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:4f:4b:3a:e1:e8:49:0c:d1:1c:f4:49:f3:dc:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1db2c041bcd5c4fecd9927d4d815a8707716807f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c7:31:eb:4d:3f:f5:d0:60:64:12:ee:d7:2e:
                    dd:98:61:d3:81:20:d8:46:21:73:a7:1b:d0:d3:22:
                    ea:f4:1b:56:26:d1:9f:09:20:53:77:29:7d:dc:aa:
                    01:ca:73:b2:16:07:d2:ea:7a:e1:27:e5:fa:47:d2:
                    37:d4:bc:66:69:46:1d:51:42:a6:42:52:30:a4:46:
                    14:45:53:4c:cb:7a:c8:14:cb:68:12:b4:ca:c9:d5:
                    ae:f7:6d:1b:df:6c:96:c6:11:21:23:7e:09:ad:e0:
                    dc:58:16:13:a5:d2:ab:34:c8:18:dd:65:64:05:d9:
                    81:47:1e:76:74:62:e9:9e:15:ff:1a:9c:bd:28:28:
                    75:31:89:af:db:2e:da:a9:65:3f:a9:fd:e1:c3:79:
                    3f:f9:06:69:5a:23:4a:f3:25:ed:ec:e2:fc:1f:4a:
                    ff:e2:14:2f:63:da:52:ee:f0:ea:5c:2a:dc:3f:77:
                    97:42:92:ca:83:0d:c9:e0:20:3a:34:8d:cb:ca:7f:
                    b4:fc:57:42:9d:8b:13:9f:af:52:b5:59:9e:62:b7:
                    4d:1e:0b:99:ac:a2:5e:ca:c8:36:2e:03:0e:8c:20:
                    f0:ed:5f:61:8a:b2:5e:75:d2:48:b8:f4:2e:fb:7e:
                    13:f0:64:9a:62:65:55:d1:56:6b:89:a5:0d:bd:0b:
                    60:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:B2:C0:41:BC:D5:C4:FE:CD:99:27:D4:D8:15:A8:70:77:16:80:7F
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/HbLAQbzVxP7NmSfU2BWocHcWgH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:9100::/40

    Signature Algorithm: sha256WithRSAEncryption
         34:1e:86:6f:9c:90:9f:e9:0c:ff:b4:69:45:ff:a4:d4:08:a4:
         8b:22:fc:a9:cf:cf:76:9c:2c:bd:64:97:72:44:2b:b6:7b:8e:
         6c:fb:4a:35:58:dd:dd:de:06:3b:10:00:99:66:33:a1:1c:fc:
         8d:13:ff:e9:45:f9:9e:c2:a2:93:1b:3d:3b:1f:f7:d9:7a:17:
         8d:c2:0b:0d:38:29:a6:f1:29:f6:11:75:30:4a:99:8c:1f:f0:
         00:89:46:0b:bc:c9:04:fe:b1:19:a4:72:b8:60:0f:48:1c:2c:
         65:52:8a:39:5e:33:a0:29:67:f9:24:07:27:85:81:96:6a:bf:
         31:e0:73:e4:09:d1:41:1d:b1:fc:6e:a5:86:ed:1b:5c:95:00:
         65:5f:b4:78:5e:17:4e:e8:0f:f1:af:18:fb:f7:28:22:42:41:
         8f:68:b7:cb:95:f0:ce:ab:d8:e5:9d:b9:c0:e2:55:2a:8a:d7:
         75:69:90:0d:25:32:08:3a:6e:83:f5:cc:77:54:30:8c:dd:74:
         88:8d:b0:cf:d1:51:09:97:c2:46:a9:4f:3b:75:91:5e:be:3e:
         b0:f3:15:d9:5b:90:ce:4f:4b:02:1c:07:e1:6b:c5:87:57:f0:
         49:c5:16:60:9d:56:67:83:b8:9f:79:f2:bc:81:67:3f:0e:e6:
         ca:eb:bf:2d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKKk9LOuHoSQzRHPRJ89xnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGIyYzA0MWJjZDVjNGZlY2Q5OTI3ZDRkODE1YTg3MDc3MTY4MDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApscx600/9dBgZBLu1y7dmGHTgSDY
RiFzpxvQ0yLq9BtWJtGfCSBTdyl93KoBynOyFgfS6nrhJ+X6R9I31LxmaUYdUUKm
QlIwpEYURVNMy3rIFMtoErTKydWu920b32yWxhEhI34JreDcWBYTpdKrNMgY3WVk
BdmBRx52dGLpnhX/Gpy9KCh1MYmv2y7aqWU/qf3hw3k/+QZpWiNK8yXt7OL8H0r/
4hQvY9pS7vDqXCrcP3eXQpLKgw3J4CA6NI3Lyn+0/FdCnYsTn69StVmeYrdNHguZ
rKJeysg2LgMOjCDw7V9hirJeddJIuPQu+34T8GSaYmVV0VZriaUNvQtgmQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFB2ywEG81cT+zZkn1NgVqHB3FoB/MB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvSGJMQVFielZ4UDdObVNmVTJCV29jSGNXZ0g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgbogZEw
DQYJKoZIhvcNAQELBQADggEBADQehm+ckJ/pDP+0aUX/pNQIpIsi/KnPz3acLL1k
l3JEK7Z7jmz7SjVY3d3eBjsQAJlmM6Ec/I0T/+lF+Z7CopMbPTsf99l6F43CCw04
KabxKfYRdTBKmYwf8ACJRgu8yQT+sRmkcrhgD0gcLGVSijleM6ApZ/kkByeFgZZq
vzHgc+QJ0UEdsfxupYbtG1yVAGVftHheF07oD/GvGPv3KCJCQY9ot8uV8M6r2OWd
ucDiVSqK13VpkA0lMgg6boP1zHdUMIzddIiNsM/RUQmXwkapTzt1kV6+PrDzFdlb
kM5PSwIcB+FrxYdX8EnFFmCdVmeDuJ958ryBZz8O5srrvy0=
-----END CERTIFICATE-----