Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/sBkk6oLGkazee8Yysm5wLMmATt0.roa
File:                     sBkk6oLGkazee8Yysm5wLMmATt0.roa (raw, json)
Hash identifier:          QFFjeD3Z7jhQc1gZJ8JsRntyWU3PqFb5r7bokBRG6LI=
Subject key identifier:   B0:19:24:EA:82:C6:91:AC:DE:7B:C6:32:B2:6E:70:2C:C9:80:4E:DD
Certificate issuer:       /CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
Certificate serial:       018CC94DA37DEA4964DA738A3EEDB411B7B7
Authority key identifier: DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/sBkk6oLGkazee8Yysm5wLMmATt0.roa
Signing time:             Tue 02 Jan 2024 08:32:37 +0000
ROA not before:           Tue 02 Jan 2024 08:32:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142418
IP address blocks:        2a0f:ca81:6960::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 10:03:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:a3:7d:ea:49:64:da:73:8a:3e:ed:b4:11:b7:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
        Validity
            Not Before: Jan  2 08:32:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b01924ea82c691acde7bc632b26e702cc9804edd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:66:e2:1c:2e:2d:59:b9:0e:00:61:b1:4e:e6:
                    95:1d:0d:1d:10:0b:5f:3e:6b:9e:7c:4d:33:ab:9f:
                    77:0d:48:bc:d8:26:7a:83:50:3d:87:61:a9:08:0f:
                    7a:e9:93:77:d3:fb:09:3b:22:d4:b0:8d:97:eb:3b:
                    1d:45:d9:2a:5e:e3:0c:50:f5:99:31:a6:2f:90:8d:
                    d9:7f:e4:92:50:56:fe:20:2a:19:52:73:33:de:87:
                    89:37:ac:9b:63:58:61:30:c6:61:ee:65:9b:39:b1:
                    a9:8f:72:59:91:dd:89:c9:59:e2:d3:5f:5e:64:98:
                    ab:51:49:c2:47:2e:f5:64:23:91:5a:ab:26:98:47:
                    a1:6b:3b:47:e9:0e:2a:53:fa:fc:7b:32:8b:d9:58:
                    a7:71:d0:10:d8:0e:b2:8b:5c:e8:05:5f:55:ee:84:
                    c2:57:4d:da:97:10:36:cf:fb:14:26:7c:16:48:2a:
                    6f:4d:a3:29:a6:e7:b1:f5:ee:9b:9f:4b:c7:72:44:
                    5a:80:7b:3d:af:5a:1b:04:51:ea:46:a2:26:99:f2:
                    56:61:55:99:76:c1:a3:48:f0:5b:ba:f1:13:55:b4:
                    a3:34:1b:46:9c:cd:08:70:2f:72:c1:fe:12:63:64:
                    60:a1:cc:bf:39:81:dc:cb:d1:59:63:99:27:a6:13:
                    aa:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:19:24:EA:82:C6:91:AC:DE:7B:C6:32:B2:6E:70:2C:C9:80:4E:DD
            X509v3 Authority Key Identifier:
                keyid:DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/sBkk6oLGkazee8Yysm5wLMmATt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ca81:6960::/44

    Signature Algorithm: sha256WithRSAEncryption
         30:28:8f:86:04:74:e6:29:0d:87:7a:51:63:99:61:7e:16:c3:
         ed:15:6e:8a:7b:db:6d:ac:d9:2a:fd:29:d3:34:64:cb:33:b8:
         94:21:09:be:62:1d:0b:1e:cc:ce:b1:90:0f:4c:a5:c3:49:2a:
         57:63:52:b0:b1:0a:69:66:bd:59:bd:5a:e6:0f:ca:20:56:af:
         32:f2:65:69:5a:92:fe:ce:f2:29:0e:5b:ca:b7:82:5b:0e:6f:
         56:0f:e4:c4:5f:41:a4:cf:25:83:84:fa:4b:41:1a:1d:b5:d1:
         d7:34:16:99:41:e9:36:3e:4a:9b:a5:e4:8d:ff:0f:64:27:f9:
         fe:3d:c7:6c:4e:52:4b:fb:14:09:78:61:15:f9:b8:07:71:6e:
         e6:a0:40:da:a7:e6:c5:d1:4a:92:b5:30:11:49:2e:9e:66:5f:
         48:19:16:1c:41:9c:0a:05:21:e4:af:db:53:ad:f8:34:2d:10:
         8b:25:ce:6f:8b:46:cb:be:f4:2c:5f:f7:4a:77:5f:22:b7:3b:
         79:da:a0:f5:41:eb:0c:54:5f:5d:4c:a2:ba:7d:46:9a:9a:9f:
         68:a3:af:04:a5:ce:7e:33:c8:28:8d:49:82:99:62:9a:12:d1:
         11:30:2e:10:1a:2f:aa:f8:79:98:91:76:af:74:ee:b1:9b:88:
         c2:b9:e4:73
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTaN96klk2nOKPu20Ebe3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZTZhYjhlMGM0NmU4NDFiNDRkMmI5YzZiMDNiYjY1ZjU2
MjFkYjEwHhcNMjQwMTAyMDgzMjM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDE5MjRlYTgyYzY5MWFjZGU3YmM2MzJiMjZlNzAyY2M5ODA0ZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmbiHC4tWbkOAGGxTuaVHQ0dEAtf
PmuefE0zq593DUi82CZ6g1A9h2GpCA966ZN30/sJOyLUsI2X6zsdRdkqXuMMUPWZ
MaYvkI3Zf+SSUFb+ICoZUnMz3oeJN6ybY1hhMMZh7mWbObGpj3JZkd2JyVni019e
ZJirUUnCRy71ZCORWqsmmEehaztH6Q4qU/r8ezKL2VincdAQ2A6yi1zoBV9V7oTC
V03alxA2z/sUJnwWSCpvTaMppuex9e6bn0vHckRagHs9r1obBFHqRqImmfJWYVWZ
dsGjSPBbuvETVbSjNBtGnM0IcC9ywf4SY2Rgocy/OYHcy9FZY5knphOqXQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLAZJOqCxpGs3nvGMrJucCzJgE7dMB8GA1UdIwQY
MBaAFNvmq44MRuhBtE0rnGsDu2X1Yh2xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2Mt
ZmIxMDMwNjUxMDY3LzEvc0JrazZvTEdrYXplZThZeXNtNXdMTW1BVHQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2MtZmIxMDMwNjUxMDY3
LzEvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg/KgWlg
MA0GCSqGSIb3DQEBCwUAA4IBAQAwKI+GBHTmKQ2HelFjmWF+FsPtFW6Ke9ttrNkq
/SnTNGTLM7iUIQm+Yh0LHszOsZAPTKXDSSpXY1KwsQppZr1ZvVrmD8ogVq8y8mVp
WpL+zvIpDlvKt4JbDm9WD+TEX0GkzyWDhPpLQRodtdHXNBaZQek2PkqbpeSN/w9k
J/n+PcdsTlJL+xQJeGEV+bgHcW7moEDap+bF0UqStTARSS6eZl9IGRYcQZwKBSHk
r9tTrfg0LRCLJc5vi0bLvvQsX/dKd18itzt52qD1QesMVF9dTKK6fUaamp9oo68E
pc5+M8gojUmCmWKaEtERMC4QGi+q+HmYkXavdO6xm4jCueRz
-----END CERTIFICATE-----