Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/ZMDJLv4Y8VtCjJbeH4FbPVdrRgM.roa
File:                     ZMDJLv4Y8VtCjJbeH4FbPVdrRgM.roa (raw, json)
Hash identifier:          XFa79dR2HfqIG9iS2oZn0cVoBhHSVMXw7jwd5N/Gq4k=
Subject key identifier:   64:C0:C9:2E:FE:18:F1:5B:42:8C:96:DE:1F:81:5B:3D:57:6B:46:03
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A50677EDC9403E58B1A8A50522556
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/ZMDJLv4Y8VtCjJbeH4FbPVdrRgM.roa
Signing time:             Tue 02 Jan 2024 12:33:39 +0000
ROA not before:           Tue 02 Jan 2024 12:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58057
IP address blocks:        2a06:e881:7700::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:50:67:7e:dc:94:03:e5:8b:1a:8a:50:52:25:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64c0c92efe18f15b428c96de1f815b3d576b4603
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ba:f9:ca:e6:ef:83:c7:2e:e8:aa:6c:f9:91:
                    ee:3e:07:be:07:f1:ea:af:b1:75:bf:9a:15:a6:a6:
                    d6:86:63:a5:ee:69:47:82:44:ad:66:f1:2a:4b:e8:
                    13:72:93:3e:37:17:c9:38:25:21:ff:17:45:97:78:
                    54:66:84:15:99:7c:c4:36:d0:8d:88:d0:d6:c9:d7:
                    2f:c2:d0:ed:74:77:a2:cc:b7:55:ae:4d:15:01:52:
                    90:5b:51:27:b5:da:98:86:38:45:fe:62:91:c3:7d:
                    d9:0a:75:f6:23:a7:72:e8:98:fb:f5:c8:c1:ea:c7:
                    07:cc:14:c5:cd:2f:2a:3e:30:9f:28:99:5c:59:30:
                    9b:97:bb:8c:7f:f9:40:a5:1d:fb:c0:9e:b1:de:7c:
                    4e:a6:2e:b1:af:09:cc:09:85:3b:6b:27:5b:ff:af:
                    fd:6e:a4:e7:a7:52:f1:b5:6e:73:cc:57:25:94:d3:
                    ab:aa:97:7e:35:2a:28:10:a7:20:a1:68:e9:fd:95:
                    65:2b:dc:a3:46:c6:0e:8b:58:5f:78:0d:e0:2a:4f:
                    46:23:8d:37:ed:80:c7:ae:f4:7d:11:d6:32:56:00:
                    83:de:e3:2c:bd:3f:69:d6:43:e4:9c:41:3d:0b:cd:
                    4c:2a:75:4a:f8:0c:e3:0c:d6:02:bf:d0:7a:54:8b:
                    45:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:C0:C9:2E:FE:18:F1:5B:42:8C:96:DE:1F:81:5B:3D:57:6B:46:03
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/ZMDJLv4Y8VtCjJbeH4FbPVdrRgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:7700::/40

    Signature Algorithm: sha256WithRSAEncryption
         76:43:09:11:74:37:b2:0f:b5:75:24:3b:c5:43:3e:da:31:4a:
         a7:5a:34:07:a4:b2:76:df:6e:ba:33:5f:53:f4:dd:1c:24:ce:
         0f:da:b4:cc:a9:e7:d2:e8:b3:f2:33:91:dd:49:8a:23:af:62:
         00:08:1b:1d:b1:88:12:ed:f4:26:4f:e2:55:e5:89:bc:3a:6a:
         7b:89:34:91:9f:7a:6f:21:b8:09:f0:64:10:15:55:85:6f:cb:
         09:a3:8c:c5:7b:a0:c9:3f:4a:b5:af:b2:9b:44:27:3d:7d:f0:
         f4:3c:da:bd:f5:2f:5f:c8:fc:58:f7:0c:7e:1f:82:d0:8e:a3:
         54:ac:63:3a:cc:6c:42:63:5a:02:10:60:e6:f7:7f:64:54:9e:
         11:4e:86:9c:18:e7:ff:e6:a8:94:bb:fa:c0:3b:68:38:a6:4f:
         79:6e:fd:43:2f:b0:11:8d:f3:7b:32:f2:79:08:d8:86:b2:7d:
         02:32:ec:ce:75:b9:35:ac:f3:aa:73:ce:4f:1e:9a:08:a9:23:
         d9:f0:af:88:88:31:6e:ec:08:85:4d:1e:88:33:7f:7b:d0:66:
         86:8a:03:d8:13:15:8d:b2:fe:a8:e1:bd:48:2e:e5:d1:76:bb:
         10:7a:5e:c8:2b:54:8d:b5:3c:d4:31:12:cd:9d:63:59:d4:0b:
         54:51:d0:44
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKKlBnftyUA+WLGopQUiVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGMwYzkyZWZlMThmMTViNDI4Yzk2ZGUxZjgxNWIzZDU3NmI0NjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbr5yubvg8cu6Kps+ZHuPge+B/Hq
r7F1v5oVpqbWhmOl7mlHgkStZvEqS+gTcpM+NxfJOCUh/xdFl3hUZoQVmXzENtCN
iNDWydcvwtDtdHeizLdVrk0VAVKQW1EntdqYhjhF/mKRw33ZCnX2I6dy6Jj79cjB
6scHzBTFzS8qPjCfKJlcWTCbl7uMf/lApR37wJ6x3nxOpi6xrwnMCYU7aydb/6/9
bqTnp1LxtW5zzFcllNOrqpd+NSooEKcgoWjp/ZVlK9yjRsYOi1hfeA3gKk9GI403
7YDHrvR9EdYyVgCD3uMsvT9p1kPknEE9C81MKnVK+AzjDNYCv9B6VItFpwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGTAyS7+GPFbQoyW3h+BWz1Xa0YDMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvWk1ESkx2NFk4VnRDakpiZUg0RmJQVmRyUmdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgbogXcw
DQYJKoZIhvcNAQELBQADggEBAHZDCRF0N7IPtXUkO8VDPtoxSqdaNAeksnbfbroz
X1P03Rwkzg/atMyp59Los/Izkd1JiiOvYgAIGx2xiBLt9CZP4lXlibw6anuJNJGf
em8huAnwZBAVVYVvywmjjMV7oMk/SrWvsptEJz198PQ82r31L1/I/Fj3DH4fgtCO
o1SsYzrMbEJjWgIQYOb3f2RUnhFOhpwY5//mqJS7+sA7aDimT3lu/UMvsBGN83sy
8nkI2IayfQIy7M51uTWs86pzzk8emgipI9nwr4iIMW7sCIVNHogzf3vQZoaKA9gT
FY2y/qjhvUgu5dF2uxB6XsgrVI21PNQxEs2dY1nUC1RR0EQ=
-----END CERTIFICATE-----