Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/MbamvFk7wAUBlLBnzulp-sg9U4U.roa
File:                     MbamvFk7wAUBlLBnzulp-sg9U4U.roa (raw, json)
Hash identifier:          /m6lpoIuChz6ShB3fybfOVCo9RboCCKQ2Xa+DHunh6k=
Subject key identifier:   31:B6:A6:BC:59:3B:C0:05:01:94:B0:67:CE:E9:69:FA:C8:3D:53:85
Certificate issuer:       /CN=eeb59b791c7a11d232a95c7ef169285caea695bc
Certificate serial:       018CC500669E25C2E794A24432334AD21EDA
Authority key identifier: EE:B5:9B:79:1C:7A:11:D2:32:A9:5C:7E:F1:69:28:5C:AE:A6:95:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rWbeRx6EdIyqVx-8WkoXK6mlbw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/MbamvFk7wAUBlLBnzulp-sg9U4U.roa
Signing time:             Mon 01 Jan 2024 12:29:46 +0000
ROA not before:           Mon 01 Jan 2024 12:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24641
IP address blocks:        2a02:6c20:819::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/7rWbeRx6EdIyqVx-8WkoXK6mlbw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/7rWbeRx6EdIyqVx-8WkoXK6mlbw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rWbeRx6EdIyqVx-8WkoXK6mlbw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:66:9e:25:c2:e7:94:a2:44:32:33:4a:d2:1e:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eeb59b791c7a11d232a95c7ef169285caea695bc
        Validity
            Not Before: Jan  1 12:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31b6a6bc593bc0050194b067cee969fac83d5385
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:52:59:6f:e0:be:ed:f5:a2:0c:2a:fe:1e:ec:
                    75:c7:1a:c8:fa:f3:9c:61:cc:e0:c5:aa:9b:f1:2e:
                    3c:19:88:62:64:80:c3:93:62:ec:a0:4a:8a:8e:b1:
                    8d:10:35:b7:f6:2a:f5:b2:d7:a9:8b:b1:5a:9c:22:
                    ed:21:ab:36:be:47:de:09:ba:de:40:bf:5e:f5:ad:
                    a3:51:34:52:c5:ee:41:c0:69:e4:c4:e3:9a:a9:32:
                    e9:5b:80:37:55:e2:37:23:fc:40:ed:f1:91:0b:8f:
                    e6:e9:34:82:aa:ba:5f:c6:f4:7b:2a:a8:1d:c9:7e:
                    26:f8:59:f2:c1:23:b4:06:c6:43:f9:ba:ee:93:23:
                    2e:86:6a:de:ae:d5:ef:72:ea:3b:55:2c:30:68:8f:
                    2f:c8:62:e2:e4:4c:da:d1:bd:b1:cd:21:75:5e:83:
                    c6:1b:4a:2a:01:f5:5b:6c:92:89:1a:df:e8:ec:44:
                    c1:ec:24:f5:e0:c2:b6:d1:c0:f3:41:8e:24:30:bf:
                    54:91:76:95:53:38:ea:3a:1b:99:51:9f:aa:8c:10:
                    2f:9b:db:27:2e:ab:7a:39:e9:f5:21:2e:77:0c:83:
                    84:fd:39:9f:cf:d7:ce:30:0e:dc:a6:58:54:57:c0:
                    3a:f4:b5:ca:71:1c:f6:34:e8:a1:bb:df:3c:45:5b:
                    0f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:B6:A6:BC:59:3B:C0:05:01:94:B0:67:CE:E9:69:FA:C8:3D:53:85
            X509v3 Authority Key Identifier:
                keyid:EE:B5:9B:79:1C:7A:11:D2:32:A9:5C:7E:F1:69:28:5C:AE:A6:95:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rWbeRx6EdIyqVx-8WkoXK6mlbw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/MbamvFk7wAUBlLBnzulp-sg9U4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/7rWbeRx6EdIyqVx-8WkoXK6mlbw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:6c20:819::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:0c:6f:50:7f:24:bd:97:ac:4d:ec:09:cf:3d:63:ab:56:4a:
         64:c1:f3:3c:92:f2:9f:b9:88:ba:78:48:b6:28:36:df:28:ce:
         4c:7b:17:a9:3e:b8:e3:53:74:af:dd:eb:55:63:ff:15:e1:f4:
         59:2a:75:87:9e:d6:64:b8:7f:7c:9c:d2:c5:84:20:70:1b:2b:
         78:f0:43:15:7e:16:2f:68:9e:18:72:19:0d:8a:81:f1:bd:aa:
         e2:b9:3e:02:46:2e:0e:53:ce:dc:39:7d:59:3e:72:c5:1f:5f:
         40:59:fd:93:47:ea:c0:1e:49:f3:5b:1f:b8:ad:f3:6d:63:bd:
         f3:2e:97:39:01:64:d5:5c:10:01:8d:70:78:57:c5:6c:09:8e:
         33:53:fd:02:c9:aa:15:0d:94:78:20:97:ee:3a:26:03:63:f7:
         1f:8f:db:ca:2c:aa:2c:b0:98:81:f3:10:18:ab:5a:01:13:e7:
         19:95:3f:63:17:63:5a:79:d5:4f:df:f4:3c:6a:01:01:2c:c5:
         80:83:e9:a1:43:a8:46:65:e1:ce:f4:84:88:64:b5:66:4c:8d:
         aa:0f:fa:e3:57:34:0b:ae:cb:71:a3:b2:66:2a:cc:05:74:7d:
         60:05:3d:f6:d7:6c:81:5f:82:c8:2f:ac:37:64:69:8b:e0:64:
         ba:f0:e3:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAGaeJcLnlKJEMjNK0h7aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYjU5Yjc5MWM3YTExZDIzMmE5NWM3ZWYxNjkyODVjYWVh
Njk1YmMwHhcNMjQwMTAxMTIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWI2YTZiYzU5M2JjMDA1MDE5NGIwNjdjZWU5NjlmYWM4M2Q1Mzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVJZb+C+7fWiDCr+Hux1xxrI+vOc
Yczgxaqb8S48GYhiZIDDk2LsoEqKjrGNEDW39ir1stepi7FanCLtIas2vkfeCbre
QL9e9a2jUTRSxe5BwGnkxOOaqTLpW4A3VeI3I/xA7fGRC4/m6TSCqrpfxvR7Kqgd
yX4m+FnywSO0BsZD+brukyMuhmrertXvcuo7VSwwaI8vyGLi5Eza0b2xzSF1XoPG
G0oqAfVbbJKJGt/o7ETB7CT14MK20cDzQY4kML9UkXaVUzjqOhuZUZ+qjBAvm9sn
Lqt6Oen1IS53DIOE/Tmfz9fOMA7cplhUV8A69LXKcRz2NOihu988RVsPMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDG2prxZO8AFAZSwZ87pafrIPVOFMB8GA1UdIwQY
MBaAFO61m3kcehHSMqlcfvFpKFyuppW8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3JXYmVSeDZFZEl5cVZ4LThXa29YSzZtbGJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lZmZmNzEtN2QxMS00YTFhLThhZDMt
YTY3ZDhjN2VkN2NhLzEvTWJhbXZGazd3QVVCbExCbnp1bHAtc2c5VTRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lZmZmNzEtN2QxMS00YTFhLThhZDMtYTY3ZDhjN2VkN2Nh
LzEvN3JXYmVSeDZFZEl5cVZ4LThXa29YSzZtbGJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgJsIAgZ
MA0GCSqGSIb3DQEBCwUAA4IBAQCDDG9QfyS9l6xN7AnPPWOrVkpkwfM8kvKfuYi6
eEi2KDbfKM5MexepPrjjU3Sv3etVY/8V4fRZKnWHntZkuH98nNLFhCBwGyt48EMV
fhYvaJ4YchkNioHxvariuT4CRi4OU87cOX1ZPnLFH19AWf2TR+rAHknzWx+4rfNt
Y73zLpc5AWTVXBABjXB4V8VsCY4zU/0CyaoVDZR4IJfuOiYDY/cfj9vKLKossJiB
8xAYq1oBE+cZlT9jF2NaedVP3/Q8agEBLMWAg+mhQ6hGZeHO9ISIZLVmTI2qD/rj
VzQLrstxo7JmKswFdH1gBT3212yBX4LIL6w3ZGmL4GS68ONy
-----END CERTIFICATE-----