Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/6UijgvbojW5kb6rnEkqL4RJXcmg.roa
File:                     6UijgvbojW5kb6rnEkqL4RJXcmg.roa (raw, json)
Hash identifier:          DZ1usarxkmmuCyed5pXk8jq/8+sEHU0LWKQLEmdTLX8=
Subject key identifier:   E9:48:A3:82:F6:E8:8D:6E:64:6F:AA:E7:12:4A:8B:E1:12:57:72:68
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       018CC2DB6113B0F2FA467187414B8C9BCC4F
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/6UijgvbojW5kb6rnEkqL4RJXcmg.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213189
IP address blocks:        2a07:22c0:c000::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 22:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:61:13:b0:f2:fa:46:71:87:41:4b:8c:9b:cc:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e948a382f6e88d6e646faae7124a8be112577268
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:3e:a2:7a:51:4c:98:8c:b0:ee:1c:e3:49:00:
                    34:9f:14:ad:44:79:ce:13:40:b6:3d:1b:c1:e1:ba:
                    7b:2b:01:b3:3e:d8:77:73:06:15:87:cb:ac:99:2d:
                    dc:11:2b:86:63:2b:8f:cb:53:c0:11:bf:e7:92:ba:
                    61:e7:f4:bd:fa:3e:fb:7a:aa:18:c2:5f:53:db:cb:
                    c9:af:97:ee:ca:b9:1b:b7:09:c2:39:d5:bb:80:80:
                    19:3a:a8:1c:88:f1:98:4e:2b:49:98:f4:9d:65:06:
                    6d:11:76:b4:3d:27:ae:dc:ba:7c:c6:5e:31:c3:cf:
                    f4:de:1f:6c:d8:22:89:a2:96:ff:e1:09:59:63:54:
                    b1:cb:e7:c2:d8:7a:8f:f5:81:79:b7:13:97:a9:a5:
                    02:93:a7:62:86:66:58:a7:c3:9e:70:57:20:8f:16:
                    c0:35:11:2c:53:15:cf:8c:11:e2:bd:31:42:85:19:
                    04:8f:20:b7:5c:b4:d2:3b:5a:45:a3:65:a6:df:52:
                    53:1d:99:02:4a:b3:24:be:76:9e:4b:82:d0:9c:98:
                    d1:6f:e3:fe:b6:52:42:ab:25:60:40:7d:10:78:fd:
                    33:0d:7d:1f:78:99:b3:d2:b9:b5:02:a5:79:d0:4d:
                    81:55:fa:a0:46:4a:78:ac:0b:10:f6:e2:d5:93:58:
                    de:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:48:A3:82:F6:E8:8D:6E:64:6F:AA:E7:12:4A:8B:E1:12:57:72:68
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/6UijgvbojW5kb6rnEkqL4RJXcmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:22c0:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         93:d4:78:2e:1c:bc:9a:b5:a1:ae:fc:2a:1e:99:cd:f1:86:ba:
         49:ed:df:5c:c8:45:af:9f:ae:9c:28:75:45:a7:49:14:d0:a1:
         60:db:91:56:2b:e1:34:d6:a1:47:f5:04:ca:d4:32:76:6c:f4:
         fd:b2:ac:c9:5a:0d:7d:87:ae:45:c1:fa:47:e4:b8:24:8c:85:
         36:f9:e1:d9:1e:2c:d2:cf:fa:dc:f4:3b:d7:41:20:53:7f:0b:
         80:07:02:7c:44:d9:26:75:59:c8:cd:d3:09:6c:65:48:91:f1:
         a4:b5:36:c1:70:15:34:5f:52:a3:38:33:6a:43:69:84:47:18:
         b7:c3:17:13:0d:a3:0a:6b:64:c9:52:b7:58:3d:26:e4:9b:32:
         8f:10:4b:e4:0e:f2:1b:08:cc:cd:9c:c7:8c:66:71:8f:7e:3e:
         88:69:15:5a:4a:a2:56:d6:7b:c9:44:73:6b:e7:bb:18:72:2d:
         9a:35:5b:e8:c3:95:32:89:c5:6e:54:a4:a2:bf:df:71:5d:21:
         c8:4e:8b:53:a8:cc:c1:64:9e:27:6a:76:9c:c6:fb:2b:3f:13:
         f5:fb:16:4f:6d:3d:5f:1d:2b:af:49:95:24:53:5d:5e:24:a4:
         e9:07:94:d1:f0:3d:38:83:81:9a:5a:17:86:1c:68:77:e2:5b:
         24:ac:7a:1c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzC22ETsPL6RnGHQUuMm8xPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTQ4YTM4MmY2ZTg4ZDZlNjQ2ZmFhZTcxMjRhOGJlMTEyNTc3MjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnz6ielFMmIyw7hzjSQA0nxStRHnO
E0C2PRvB4bp7KwGzPth3cwYVh8usmS3cESuGYyuPy1PAEb/nkrph5/S9+j77eqoY
wl9T28vJr5fuyrkbtwnCOdW7gIAZOqgciPGYTitJmPSdZQZtEXa0PSeu3Lp8xl4x
w8/03h9s2CKJopb/4QlZY1Sxy+fC2HqP9YF5txOXqaUCk6dihmZYp8OecFcgjxbA
NREsUxXPjBHivTFChRkEjyC3XLTSO1pFo2Wm31JTHZkCSrMkvnaeS4LQnJjRb+P+
tlJCqyVgQH0QeP0zDX0feJmz0rm1AqV50E2BVfqgRkp4rAsQ9uLVk1jeOQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOlIo4L26I1uZG+q5xJKi+ESV3JoMB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEvNlVpamd2Ym9qVzVrYjZybkVrcUw0UkpYY21nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgciwMAw
DQYJKoZIhvcNAQELBQADggEBAJPUeC4cvJq1oa78Kh6ZzfGGuknt31zIRa+frpwo
dUWnSRTQoWDbkVYr4TTWoUf1BMrUMnZs9P2yrMlaDX2HrkXB+kfkuCSMhTb54dke
LNLP+tz0O9dBIFN/C4AHAnxE2SZ1WcjN0wlsZUiR8aS1NsFwFTRfUqM4M2pDaYRH
GLfDFxMNowprZMlSt1g9JuSbMo8QS+QO8hsIzM2cx4xmcY9+PohpFVpKolbWe8lE
c2vnuxhyLZo1W+jDlTKJxW5UpKK/33FdIchOi1OozMFknidqdpzG+ys/E/X7Fk9t
PV8dK69JlSRTXV4kpOkHlNHwPTiDgZpaF4YcaHfiWySsehw=
-----END CERTIFICATE-----