Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/B9kGfz1x0mVJ0xmS4q-fV002H9o.roa
File:                     B9kGfz1x0mVJ0xmS4q-fV002H9o.roa (raw, json)
Hash identifier:          YiBM36nqsfwsCIhZSpb1SxhnxY63dHN+aDAalp60EwE=
Subject key identifier:   07:D9:06:7F:3D:71:D2:65:49:D3:19:92:E2:AF:9F:57:4D:36:1F:DA
Certificate issuer:       /CN=b2e448b4a08f0e4c58a283d80735a8a803e10d4e
Certificate serial:       018CC26D83D51217437E3F9B27D3C6D6FB22
Authority key identifier: B2:E4:48:B4:A0:8F:0E:4C:58:A2:83:D8:07:35:A8:A8:03:E1:0D:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/suRItKCPDkxYooPYBzWoqAPhDU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/B9kGfz1x0mVJ0xmS4q-fV002H9o.roa
Signing time:             Mon 01 Jan 2024 00:30:06 +0000
ROA not before:           Mon 01 Jan 2024 00:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44921
IP address blocks:        2a00:1908:e100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/suRItKCPDkxYooPYBzWoqAPhDU4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/suRItKCPDkxYooPYBzWoqAPhDU4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/suRItKCPDkxYooPYBzWoqAPhDU4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 07:03:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:83:d5:12:17:43:7e:3f:9b:27:d3:c6:d6:fb:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2e448b4a08f0e4c58a283d80735a8a803e10d4e
        Validity
            Not Before: Jan  1 00:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07d9067f3d71d26549d31992e2af9f574d361fda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:4a:f4:33:12:5e:f6:d9:1a:d2:af:50:bb:3f:
                    66:78:fd:36:31:14:7f:30:14:5b:5e:b7:1a:b0:5e:
                    f4:6a:cb:80:0a:15:1b:e1:f8:27:bc:dc:c8:d7:e3:
                    a0:37:4d:4a:10:66:78:37:e0:e2:12:cb:e2:9b:63:
                    2f:5f:b5:10:ed:46:2e:f4:b3:9f:4f:57:fa:a6:5d:
                    33:99:01:29:dd:d2:9d:25:92:45:34:1c:22:bf:ea:
                    23:1d:bb:fb:e0:76:d6:62:c4:16:44:31:ed:80:15:
                    01:b7:9d:14:12:be:4b:ee:a1:71:12:e5:54:f7:94:
                    42:64:69:36:db:3d:67:bc:00:d6:68:a3:7c:0c:e5:
                    39:59:ee:fe:30:10:c8:d5:04:0b:88:48:91:67:98:
                    36:93:9a:81:23:2e:72:21:dc:be:56:91:a9:be:23:
                    b9:e1:ac:c9:c9:26:10:05:f1:18:83:64:c4:a5:04:
                    f3:7a:65:01:7e:74:8a:f3:cd:e5:1a:f0:c2:84:80:
                    3f:8b:f1:fe:8e:d8:d4:e4:16:12:89:9c:02:74:e4:
                    c6:9b:d2:e9:04:2b:70:99:ef:3f:bf:f9:41:77:67:
                    48:cc:b5:fa:bf:3e:7a:76:cd:d2:f1:78:f6:65:76:
                    ef:d0:c6:08:9a:3e:2a:ec:99:92:62:a2:8e:99:cb:
                    5e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:D9:06:7F:3D:71:D2:65:49:D3:19:92:E2:AF:9F:57:4D:36:1F:DA
            X509v3 Authority Key Identifier:
                keyid:B2:E4:48:B4:A0:8F:0E:4C:58:A2:83:D8:07:35:A8:A8:03:E1:0D:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/suRItKCPDkxYooPYBzWoqAPhDU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/B9kGfz1x0mVJ0xmS4q-fV002H9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/suRItKCPDkxYooPYBzWoqAPhDU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1908:e100::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:c5:63:03:f5:36:f8:f3:d4:aa:69:d1:cc:6f:4a:1a:e4:5a:
         c0:ad:66:39:64:5b:ae:fa:1c:c6:e6:5e:69:0c:cc:38:e8:69:
         47:41:d5:6a:4d:c2:f2:8a:a1:1c:ee:52:04:6a:ba:88:89:06:
         19:ac:a6:3b:9d:a4:41:49:db:0e:4d:8f:18:1d:8c:9f:66:82:
         40:1a:f6:33:66:0d:09:45:b7:a0:0f:66:79:e2:e8:03:3a:45:
         1c:b7:68:71:18:a1:58:dc:ff:e4:74:e0:bf:61:bd:39:b0:00:
         f6:50:a4:84:1a:05:95:e6:ef:a8:6e:39:bc:1c:6e:de:4b:8f:
         bf:c1:b8:f9:b0:23:23:c6:8e:f4:a9:c8:2a:8c:67:e1:de:53:
         5d:2a:19:54:eb:24:17:67:56:60:d6:37:72:4f:a8:f6:12:08:
         50:3c:44:f3:89:6c:63:62:56:7c:b7:9b:c9:30:29:64:1b:36:
         a6:83:06:ce:c6:6b:e8:ab:7f:36:d5:8c:32:0e:2e:3f:52:6b:
         65:8c:85:63:3a:09:41:06:64:8c:29:52:e6:bb:90:13:d7:ed:
         98:6a:63:f7:aa:d6:14:3d:a1:dd:4c:4e:17:28:90:86:58:38:
         78:5e:79:27:0d:d5:30:db:f0:b3:bd:80:a3:c0:a0:3e:38:46:
         c7:69:3a:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbYPVEhdDfj+bJ9PG1vsiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZTQ0OGI0YTA4ZjBlNGM1OGEyODNkODA3MzVhOGE4MDNl
MTBkNGUwHhcNMjQwMTAxMDAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2Q5MDY3ZjNkNzFkMjY1NDlkMzE5OTJlMmFmOWY1NzRkMzYxZmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUr0MxJe9tka0q9Quz9meP02MRR/
MBRbXrcasF70asuAChUb4fgnvNzI1+OgN01KEGZ4N+DiEsvim2MvX7UQ7UYu9LOf
T1f6pl0zmQEp3dKdJZJFNBwiv+ojHbv74HbWYsQWRDHtgBUBt50UEr5L7qFxEuVU
95RCZGk22z1nvADWaKN8DOU5We7+MBDI1QQLiEiRZ5g2k5qBIy5yIdy+VpGpviO5
4azJySYQBfEYg2TEpQTzemUBfnSK883lGvDChIA/i/H+jtjU5BYSiZwCdOTGm9Lp
BCtwme8/v/lBd2dIzLX6vz56ds3S8Xj2ZXbv0MYImj4q7JmSYqKOmctemwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAfZBn89cdJlSdMZkuKvn1dNNh/aMB8GA1UdIwQY
MBaAFLLkSLSgjw5MWKKD2Ac1qKgD4Q1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3VSSXRLQ1BEa3hZb29QWUJ6V29xQVBoRFU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9hNzA2OGEtOTJiYS00MmVhLTk5NjYt
MjA1NGQ0ZTkwM2JjLzEvQjlrR2Z6MXgwbVZKMHhtUzRxLWZWMDAySDlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9hNzA2OGEtOTJiYS00MmVhLTk5NjYtMjA1NGQ0ZTkwM2Jj
LzEvc3VSSXRLQ1BEa3hZb29QWUJ6V29xQVBoRFU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAZCOEA
MA0GCSqGSIb3DQEBCwUAA4IBAQAgxWMD9Tb489SqadHMb0oa5FrArWY5ZFuu+hzG
5l5pDMw46GlHQdVqTcLyiqEc7lIEarqIiQYZrKY7naRBSdsOTY8YHYyfZoJAGvYz
Zg0JRbegD2Z54ugDOkUct2hxGKFY3P/kdOC/Yb05sAD2UKSEGgWV5u+objm8HG7e
S4+/wbj5sCMjxo70qcgqjGfh3lNdKhlU6yQXZ1Zg1jdyT6j2EghQPETziWxjYlZ8
t5vJMClkGzamgwbOxmvoq3821YwyDi4/UmtljIVjOglBBmSMKVLmu5AT1+2YamP3
qtYUPaHdTE4XKJCGWDh4XnknDdUw2/CzvYCjwKA+OEbHaTrE
-----END CERTIFICATE-----