Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/y78aXxmWAjVwZU66dZwKeK5p8fA.roa
File:                     y78aXxmWAjVwZU66dZwKeK5p8fA.roa (raw, json)
Hash identifier:          pzN7ebygW+8/Ppklp6WoTmcinhYqYxNsH+e5w8fd0xs=
Subject key identifier:   CB:BF:1A:5F:19:96:02:35:70:65:4E:BA:75:9C:0A:78:AE:69:F1:F0
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       018D01BBCAB81D4D807BDF1E180B4B9F89EE
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/y78aXxmWAjVwZU66dZwKeK5p8fA.roa
Signing time:             Sat 13 Jan 2024 07:31:40 +0000
ROA not before:           Sat 13 Jan 2024 07:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56815
IP address blocks:        2a05:a6c7:ffff:ff00::/56 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:01:bb:ca:b8:1d:4d:80:7b:df:1e:18:0b:4b:9f:89:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: Jan 13 07:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbbf1a5f1996023570654eba759c0a78ae69f1f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:19:f5:52:a8:66:b5:9b:3d:e9:10:3b:df:78:
                    d8:1f:63:4a:57:ac:c0:fc:66:da:2f:16:a9:06:5d:
                    db:41:b8:2c:a0:9e:22:a5:db:c3:76:e8:e5:89:9a:
                    1a:72:94:ba:ff:82:5a:f3:15:cf:df:09:61:15:ca:
                    94:03:8e:95:c8:5e:bf:e5:f9:0b:db:70:5d:b2:bd:
                    12:b5:ba:ee:af:79:23:a4:65:24:f2:69:bc:52:f5:
                    1f:b8:1c:16:fd:e9:5d:07:20:69:fc:50:72:15:9f:
                    c2:73:c5:3a:48:0a:61:a3:bf:74:a4:b4:27:21:cc:
                    4d:ad:8d:fc:98:3c:81:5d:ff:7a:ac:a5:c7:f6:a1:
                    3b:4a:ad:da:f4:03:ed:d5:ab:34:71:85:76:e4:ed:
                    f6:4d:06:86:fd:3e:50:db:e2:96:f7:c6:35:76:6b:
                    f6:e0:75:b6:23:a1:ed:45:52:6b:76:d1:ef:da:71:
                    d7:48:57:bc:8a:91:c5:57:3b:1d:4b:de:93:9d:a7:
                    73:d0:66:41:ef:33:58:99:5e:db:29:a6:89:b4:fc:
                    7a:22:bb:76:ad:34:62:19:1a:4c:75:f0:81:aa:3f:
                    ac:3f:df:dd:a3:2f:c6:5d:7b:d1:77:98:a9:6a:0a:
                    79:87:69:1a:d4:69:17:bd:1c:63:bc:4f:61:aa:b0:
                    9d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:BF:1A:5F:19:96:02:35:70:65:4E:BA:75:9C:0A:78:AE:69:F1:F0
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/y78aXxmWAjVwZU66dZwKeK5p8fA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:a6c7:ffff:ff00::/56

    Signature Algorithm: sha256WithRSAEncryption
         7b:df:21:eb:1b:7d:ff:be:b3:17:83:9b:d1:5e:b0:ce:6b:a6:
         f3:29:f0:bc:78:db:bc:d5:34:eb:d6:bf:0f:14:cc:d4:62:39:
         e9:d3:d3:41:51:25:72:5a:35:e5:95:cf:d0:5e:e7:67:6e:e6:
         1e:f4:40:9c:e0:ec:23:a8:4e:58:18:5d:da:fe:5b:84:a9:d5:
         ab:c6:c4:3a:9a:37:e8:e0:da:11:cd:36:7b:49:ea:76:cd:b9:
         d6:93:c9:b5:e6:67:fc:b1:82:e2:e0:c7:16:70:dc:49:c7:f4:
         5f:9b:8e:5c:48:e4:2c:15:44:e6:36:97:01:e6:0c:2e:14:a3:
         0a:ff:9e:b0:07:d1:63:66:a2:58:da:e8:87:2a:41:89:f9:75:
         28:54:8c:35:f8:dd:92:39:ee:f5:00:03:ac:22:f5:c6:5a:4a:
         67:a2:a5:34:89:6a:d4:17:df:1a:9e:0d:b2:b9:fb:97:33:1c:
         39:50:5e:50:92:26:43:08:44:bf:2b:c7:0a:a9:e1:7c:24:21:
         31:c0:5a:01:50:ae:6d:1a:bb:99:21:77:29:44:91:4a:34:ff:
         79:9d:2a:6c:c4:78:5d:b9:52:24:c4:68:75:78:7a:81:0e:04:
         4e:76:69:16:20:53:dd:8e:c1:7c:dc:f2:b7:3d:c5:1d:a2:bc:
         65:e2:50:1b
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAY0Bu8q4HU2Ae98eGAtLn4nuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjQwMTEzMDczMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmJmMWE1ZjE5OTYwMjM1NzA2NTRlYmE3NTljMGE3OGFlNjlmMWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hn1UqhmtZs96RA733jYH2NKV6zA
/GbaLxapBl3bQbgsoJ4ipdvDdujliZoacpS6/4Ja8xXP3wlhFcqUA46VyF6/5fkL
23Bdsr0Stbrur3kjpGUk8mm8UvUfuBwW/eldByBp/FByFZ/Cc8U6SApho790pLQn
IcxNrY38mDyBXf96rKXH9qE7Sq3a9APt1as0cYV25O32TQaG/T5Q2+KW98Y1dmv2
4HW2I6HtRVJrdtHv2nHXSFe8ipHFVzsdS96Tnadz0GZB7zNYmV7bKaaJtPx6Irt2
rTRiGRpMdfCBqj+sP9/doy/GXXvRd5ipagp5h2ka1GkXvRxjvE9hqrCdDQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFMu/Gl8ZlgI1cGVOunWcCniuafHwMB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEveTc4YVh4bVdBalZ3WlU2NmRad0tlSzVwOGZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAAjAKAwgAKgWmx///
/zANBgkqhkiG9w0BAQsFAAOCAQEAe98h6xt9/76zF4Ob0V6wzmum8ynwvHjbvNU0
69a/DxTM1GI56dPTQVElclo15ZXP0F7nZ27mHvRAnODsI6hOWBhd2v5bhKnVq8bE
Opo36ODaEc02e0nqds251pPJteZn/LGC4uDHFnDcScf0X5uOXEjkLBVE5jaXAeYM
LhSjCv+esAfRY2aiWNrohypBifl1KFSMNfjdkjnu9QADrCL1xlpKZ6KlNIlq1Bff
Gp4Nsrn7lzMcOVBeUJImQwhEvyvHCqnhfCQhMcBaAVCubRq7mSF3KUSRSjT/eZ0q
bMR4XblSJMRodXh6gQ4ETnZpFiBT3Y7BfNzytz3FHaK8ZeJQGw==
-----END CERTIFICATE-----