Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/urI6w4lcuL5MUh4vBh5msdDgtGE.roa
File:                     urI6w4lcuL5MUh4vBh5msdDgtGE.roa (raw, json)
Hash identifier:          zE/tzb5Aunx0JblQYmEwgyjRrxSL/C5yzAmIII7Yu64=
Subject key identifier:   BA:B2:3A:C3:89:5C:B8:BE:4C:52:1E:2F:06:1E:66:B1:D0:E0:B4:61
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018D351DA559F48A5E5AAD96D71BFF8631E8
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/urI6w4lcuL5MUh4vBh5msdDgtGE.roa
Signing time:             Tue 23 Jan 2024 06:59:11 +0000
ROA not before:           Tue 23 Jan 2024 06:59:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215674
IP address blocks:        2a0a:280:2000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:35:1d:a5:59:f4:8a:5e:5a:ad:96:d7:1b:ff:86:31:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan 23 06:59:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bab23ac3895cb8be4c521e2f061e66b1d0e0b461
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:ec:dc:60:06:c8:e3:2a:57:2a:ba:39:10:ba:
                    b4:54:77:4a:7b:90:35:7c:f5:d6:a8:a3:8f:1a:b2:
                    da:8c:fd:8c:d0:e2:91:ba:53:60:0b:22:df:a7:bf:
                    f5:07:2d:cb:dd:c5:df:62:27:eb:d0:e5:7f:98:ed:
                    f2:bd:30:60:7d:77:fe:7e:ca:ed:f0:1c:49:f4:de:
                    9e:4a:38:b1:8a:48:61:c2:ad:e8:14:6e:80:62:fe:
                    39:b6:3f:46:e3:0e:ea:13:b0:d7:d3:c9:99:69:5e:
                    c1:26:ff:61:3c:ac:ca:6d:32:35:cb:b6:f6:2c:04:
                    dd:9b:e6:3d:a2:2c:ac:ff:01:8f:38:63:f9:2a:08:
                    f8:81:96:02:b5:d9:01:db:21:53:6e:45:36:f4:ac:
                    29:6a:d0:63:c9:8a:7b:28:ed:68:2b:05:0e:c6:46:
                    1c:8a:fb:71:6c:71:40:d3:3a:01:24:65:16:79:7b:
                    1a:70:c1:b9:81:35:41:37:95:0c:fe:6e:6c:3e:03:
                    99:6e:74:73:a7:ad:c3:4f:a3:ac:38:1f:99:3d:0f:
                    ca:d0:da:69:5f:08:dc:bc:05:17:e2:80:5b:6b:f4:
                    be:74:59:90:93:9a:87:b4:b7:7a:fb:3d:25:7d:d6:
                    17:fb:d1:62:06:86:63:da:f9:3e:32:04:62:4c:0e:
                    4f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:B2:3A:C3:89:5C:B8:BE:4C:52:1E:2F:06:1E:66:B1:D0:E0:B4:61
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/urI6w4lcuL5MUh4vBh5msdDgtGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4a:ab:50:96:ad:64:b9:f1:6b:c3:de:c9:fc:1b:9e:ab:bc:9e:
         2f:e9:65:cc:ce:8c:72:0f:f9:72:7c:47:f6:bb:bd:5a:09:e2:
         42:73:ac:15:c8:62:ab:71:16:a6:19:0c:3c:94:e3:e4:6a:a6:
         62:87:4b:91:55:ba:05:4b:d9:9c:2a:4d:7e:f5:63:73:57:4e:
         86:e0:1c:54:87:c3:f2:57:2c:ac:14:ca:99:f8:93:6c:60:83:
         1f:ef:c6:a5:73:b7:22:8c:45:05:58:88:88:2f:63:e0:ca:bd:
         1e:b0:ad:15:74:5a:17:5c:99:7e:d7:63:9b:d1:fe:93:a5:92:
         1d:e2:7e:5f:87:f7:05:0a:c0:77:9b:9f:39:d3:26:19:f5:9b:
         fb:b1:8d:69:8c:c9:3f:9f:ea:fa:3a:ea:41:86:c5:e0:1b:01:
         9c:df:53:81:1b:36:30:e7:60:ee:5e:1e:9d:fa:34:36:b2:92:
         76:d5:55:2f:2c:1c:3b:d1:13:89:c7:ef:da:47:67:8a:eb:4d:
         73:ad:61:07:66:5b:49:8d:31:83:6f:7e:2a:a5:26:2f:1e:bb:
         5d:4b:37:5b:e7:8f:b3:88:d7:df:74:86:12:1c:15:9f:63:d5:
         2f:07:fb:7c:f8:cd:e8:44:0c:84:56:e9:55:84:71:e1:4b:a3:
         a9:80:bc:99
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY01HaVZ9IpeWq2W1xv/hjHoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTIzMDY1OTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWIyM2FjMzg5NWNiOGJlNGM1MjFlMmYwNjFlNjZiMWQwZTBiNDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3uzcYAbI4ypXKro5ELq0VHdKe5A1
fPXWqKOPGrLajP2M0OKRulNgCyLfp7/1By3L3cXfYifr0OV/mO3yvTBgfXf+fsrt
8BxJ9N6eSjixikhhwq3oFG6AYv45tj9G4w7qE7DX08mZaV7BJv9hPKzKbTI1y7b2
LATdm+Y9oiys/wGPOGP5Kgj4gZYCtdkB2yFTbkU29KwpatBjyYp7KO1oKwUOxkYc
ivtxbHFA0zoBJGUWeXsacMG5gTVBN5UM/m5sPgOZbnRzp63DT6OsOB+ZPQ/K0Npp
XwjcvAUX4oBba/S+dFmQk5qHtLd6+z0lfdYX+9FiBoZj2vk+MgRiTA5PSwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLqyOsOJXLi+TFIeLwYeZrHQ4LRhMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvdXJJNnc0bGN1TDVNVWg0dkJoNW1zZERndEdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgCAw
DQYJKoZIhvcNAQELBQADggEBAEqrUJatZLnxa8Peyfwbnqu8ni/pZczOjHIP+XJ8
R/a7vVoJ4kJzrBXIYqtxFqYZDDyU4+RqpmKHS5FVugVL2ZwqTX71Y3NXTobgHFSH
w/JXLKwUypn4k2xggx/vxqVztyKMRQVYiIgvY+DKvR6wrRV0WhdcmX7XY5vR/pOl
kh3ifl+H9wUKwHebnznTJhn1m/uxjWmMyT+f6vo66kGGxeAbAZzfU4EbNjDnYO5e
Hp36NDayknbVVS8sHDvRE4nH79pHZ4rrTXOtYQdmW0mNMYNvfiqlJi8eu11LN1vn
j7OI1990hhIcFZ9j1S8H+3z4zehEDIRW6VWEceFLo6mAvJk=
-----END CERTIFICATE-----