Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/31eeed-388d-40c0-b17d-f553ddd9ed1a/1/a8nLb-56yG7lMJx2_bNxYmi8bLA.roa
File:                     a8nLb-56yG7lMJx2_bNxYmi8bLA.roa (raw, json)
Hash identifier:          TdOPC9pAWEE8SK7zAzhZdkwSQCquFpVxL6BazQayFEo=
Subject key identifier:   6B:C9:CB:6F:EE:7A:C8:6E:E5:30:9C:76:FD:B3:71:62:68:BC:6C:B0
Certificate issuer:       /CN=c1bea8393f6a1d37991989dd875fc531e4084031
Certificate serial:       018CC794C6097B17F9A89273E30F5758430B
Authority key identifier: C1:BE:A8:39:3F:6A:1D:37:99:19:89:DD:87:5F:C5:31:E4:08:40:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wb6oOT9qHTeZGYndh1_FMeQIQDE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/31eeed-388d-40c0-b17d-f553ddd9ed1a/1/a8nLb-56yG7lMJx2_bNxYmi8bLA.roa
Signing time:             Tue 02 Jan 2024 00:31:05 +0000
ROA not before:           Tue 02 Jan 2024 00:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212129
IP address blocks:        2001:67c:2b2c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/31eeed-388d-40c0-b17d-f553ddd9ed1a/1/wb6oOT9qHTeZGYndh1_FMeQIQDE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/31eeed-388d-40c0-b17d-f553ddd9ed1a/1/wb6oOT9qHTeZGYndh1_FMeQIQDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wb6oOT9qHTeZGYndh1_FMeQIQDE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:c6:09:7b:17:f9:a8:92:73:e3:0f:57:58:43:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1bea8393f6a1d37991989dd875fc531e4084031
        Validity
            Not Before: Jan  2 00:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bc9cb6fee7ac86ee5309c76fdb3716268bc6cb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:24:c1:e3:20:bf:cc:d5:d1:69:3d:3f:6b:01:
                    80:22:38:65:cf:95:9d:46:ce:56:cb:a7:b1:ab:9e:
                    38:26:48:0f:8a:c5:20:8b:9d:39:75:24:be:ee:b7:
                    8e:ac:99:17:b0:ae:3f:1a:fe:02:52:01:79:65:c3:
                    b2:24:5f:68:d7:b8:e1:59:55:e5:d0:b8:cb:81:fc:
                    a5:ea:20:ad:43:2b:0b:1c:c6:9e:aa:4c:c9:62:0f:
                    de:d3:2c:99:23:55:a8:60:d7:06:27:58:06:d3:54:
                    19:90:09:88:fb:49:f2:34:3f:f3:28:ac:db:d8:16:
                    90:3d:6d:4f:d1:01:02:26:18:f6:f7:be:60:13:d8:
                    72:11:07:27:dd:99:e4:71:1c:d4:32:1d:05:56:d0:
                    7a:9b:7d:0c:70:30:8c:8c:8b:02:76:49:8f:57:fa:
                    cc:2e:60:24:96:d4:06:c8:46:c8:57:be:9f:5d:b5:
                    78:39:e0:9a:6a:df:1f:6e:1a:7b:bd:2b:cb:61:8a:
                    e7:d6:2e:a6:48:8d:6b:f3:c5:01:0c:db:b6:33:a3:
                    ec:27:b5:9b:c9:c9:71:43:c7:01:4e:8c:4d:45:38:
                    08:b1:02:f9:01:5e:e5:6d:99:a3:a3:e1:c9:b7:96:
                    9d:ee:d7:83:d3:88:16:22:fa:39:92:cb:42:c6:70:
                    5b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:C9:CB:6F:EE:7A:C8:6E:E5:30:9C:76:FD:B3:71:62:68:BC:6C:B0
            X509v3 Authority Key Identifier:
                keyid:C1:BE:A8:39:3F:6A:1D:37:99:19:89:DD:87:5F:C5:31:E4:08:40:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wb6oOT9qHTeZGYndh1_FMeQIQDE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/31eeed-388d-40c0-b17d-f553ddd9ed1a/1/a8nLb-56yG7lMJx2_bNxYmi8bLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/31eeed-388d-40c0-b17d-f553ddd9ed1a/1/wb6oOT9qHTeZGYndh1_FMeQIQDE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2b2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:12:33:4d:fd:63:70:69:a2:03:b1:87:d3:9d:52:44:a8:1b:
         5d:aa:59:9a:7d:84:6f:54:0d:b8:bc:a2:6f:3e:33:e9:8e:d4:
         a5:51:c5:b4:dc:cd:62:7a:5a:1a:66:bf:33:a5:bc:45:13:5e:
         a5:f1:ed:3d:7e:e0:61:70:fc:fa:04:d9:b0:46:23:32:8d:0d:
         4c:8e:4d:91:8c:14:06:81:7f:33:86:03:3b:37:af:c8:a6:5d:
         41:e1:90:7b:82:00:84:ac:73:7b:ce:e6:34:2b:9c:70:ad:24:
         43:ef:48:b2:64:ad:09:a3:f0:1a:c7:76:98:fe:76:b2:24:09:
         59:03:d4:4e:b7:76:8b:d1:db:d7:27:a6:f5:b2:b5:92:c3:f0:
         26:51:b1:e9:bd:4c:57:7a:b1:10:f4:da:44:d3:b1:72:d4:8b:
         4b:21:a9:59:d7:6d:3e:b3:fd:91:49:79:93:04:97:00:2b:71:
         e8:6e:a6:45:d0:3d:37:fc:c3:ee:98:e2:54:ef:90:91:65:b6:
         9e:22:dd:48:04:8e:f6:ab:b8:86:fb:78:08:30:88:16:e9:4e:
         70:be:a3:f7:3a:c5:12:93:69:8c:81:75:c4:ad:7d:09:20:ce:
         99:4d:7a:6a:7b:e9:ef:72:c7:5f:8a:b5:f2:03:20:11:fc:0d:
         0b:f2:f7:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlMYJexf5qJJz4w9XWEMLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYmVhODM5M2Y2YTFkMzc5OTE5ODlkZDg3NWZjNTMxZTQw
ODQwMzEwHhcNMjQwMTAyMDAzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmM5Y2I2ZmVlN2FjODZlZTUzMDljNzZmZGIzNzE2MjY4YmM2Y2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSTB4yC/zNXRaT0/awGAIjhlz5Wd
Rs5Wy6exq544JkgPisUgi505dSS+7reOrJkXsK4/Gv4CUgF5ZcOyJF9o17jhWVXl
0LjLgfyl6iCtQysLHMaeqkzJYg/e0yyZI1WoYNcGJ1gG01QZkAmI+0nyND/zKKzb
2BaQPW1P0QECJhj2975gE9hyEQcn3ZnkcRzUMh0FVtB6m30McDCMjIsCdkmPV/rM
LmAkltQGyEbIV76fXbV4OeCaat8fbhp7vSvLYYrn1i6mSI1r88UBDNu2M6PsJ7Wb
yclxQ8cBToxNRTgIsQL5AV7lbZmjo+HJt5ad7teD04gWIvo5kstCxnBbmwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGvJy2/ueshu5TCcdv2zcWJovGywMB8GA1UdIwQY
MBaAFMG+qDk/ah03mRmJ3YdfxTHkCEAxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2I2b09UOXFIVGVaR1luZGgxX0ZNZVFJUURFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zMWVlZWQtMzg4ZC00MGMwLWIxN2Qt
ZjU1M2RkZDllZDFhLzEvYThuTGItNTZ5RzdsTUp4Ml9iTnhZbWk4YkxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zMWVlZWQtMzg4ZC00MGMwLWIxN2QtZjU1M2RkZDllZDFh
LzEvd2I2b09UOXFIVGVaR1luZGgxX0ZNZVFJUURFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCss
MA0GCSqGSIb3DQEBCwUAA4IBAQApEjNN/WNwaaIDsYfTnVJEqBtdqlmafYRvVA24
vKJvPjPpjtSlUcW03M1ieloaZr8zpbxFE16l8e09fuBhcPz6BNmwRiMyjQ1Mjk2R
jBQGgX8zhgM7N6/Ipl1B4ZB7ggCErHN7zuY0K5xwrSRD70iyZK0Jo/Aax3aY/nay
JAlZA9ROt3aL0dvXJ6b1srWSw/AmUbHpvUxXerEQ9NpE07Fy1ItLIalZ120+s/2R
SXmTBJcAK3HobqZF0D03/MPumOJU75CRZbaeIt1IBI72q7iG+3gIMIgW6U5wvqP3
OsUSk2mMgXXErX0JIM6ZTXpqe+nvcsdfirXyAyAR/A0L8vez
-----END CERTIFICATE-----