Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/bAe6HmBc8Hy2C6CCKxnCvNGEHek.roa
File:                     bAe6HmBc8Hy2C6CCKxnCvNGEHek.roa (raw, json)
Hash identifier:          KCrqW2Y9DO7cmWhpF2Ep36tW7jbmFKd5CaGpdXTzcQ4=
Subject key identifier:   6C:07:BA:1E:60:5C:F0:7C:B6:0B:A0:82:2B:19:C2:BC:D1:84:1D:E9
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       018CC7948E72B352B282A7B13F12FB557644
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/bAe6HmBc8Hy2C6CCKxnCvNGEHek.roa
Signing time:             Tue 02 Jan 2024 00:30:50 +0000
ROA not before:           Tue 02 Jan 2024 00:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204790
IP address blocks:        2a0e:4200::/29 maxlen: 29
                          2a10:2380::/29 maxlen: 29
                          2a10:3e40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 11:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:8e:72:b3:52:b2:82:a7:b1:3f:12:fb:55:76:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jan  2 00:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c07ba1e605cf07cb60ba0822b19c2bcd1841de9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:4c:a9:eb:d7:af:f2:46:b4:47:9c:50:5f:ab:
                    a9:07:e0:d7:c6:93:0f:df:4a:8a:8f:05:49:87:aa:
                    11:09:7e:c8:53:70:29:28:5a:54:d4:15:38:6a:13:
                    60:bf:71:0e:dd:35:5f:ea:e8:3e:87:a6:8d:9b:09:
                    f0:47:35:a3:ae:f3:09:4f:90:0d:e0:51:4d:36:3f:
                    9e:e6:bc:1f:53:22:29:92:19:e1:69:38:c1:9d:d1:
                    5b:8e:1e:ad:53:8c:07:49:a0:73:4e:af:b1:3a:9e:
                    76:ec:d3:50:98:54:12:77:bb:8e:bf:c9:b4:48:8b:
                    c3:73:0f:27:89:54:98:bc:35:34:be:b3:d7:ca:ce:
                    92:d0:5f:68:19:80:eb:ee:cb:93:91:70:fb:dd:c2:
                    8b:ca:e4:8c:a0:39:e7:e5:15:b8:d0:5b:4d:00:9a:
                    6d:c2:12:27:68:5f:18:2f:d9:a8:c4:ca:22:b5:5c:
                    ce:01:a7:3f:a8:9b:c2:da:0a:18:4d:36:5a:4e:0b:
                    c8:6b:b7:f2:14:7a:82:15:16:5f:25:d5:e0:1f:ab:
                    5a:0a:5c:54:47:94:76:96:df:27:0e:f5:55:fa:02:
                    19:a3:b1:a6:ad:4e:a2:ce:00:da:b5:f0:87:7e:95:
                    1b:c1:f1:46:4f:9e:77:94:fa:c9:f6:0f:6c:78:40:
                    d5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:07:BA:1E:60:5C:F0:7C:B6:0B:A0:82:2B:19:C2:BC:D1:84:1D:E9
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/bAe6HmBc8Hy2C6CCKxnCvNGEHek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4200::/29
                  2a10:2380::/29
                  2a10:3e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:f9:67:d6:52:be:0b:38:2a:0d:fe:38:2e:a9:9d:ff:53:5d:
         89:e6:fd:eb:03:a3:0f:37:50:f9:55:b8:4d:49:45:18:1f:91:
         d3:b7:32:0a:44:2a:e2:54:55:d4:c2:bd:1f:d8:74:a4:d9:fd:
         3b:ba:1f:e6:35:92:a1:27:ab:dd:3d:1b:ca:79:8a:2f:90:ba:
         f1:c3:6c:2b:5d:2c:4d:76:95:10:71:f4:15:63:72:38:d5:f6:
         e9:66:6c:2b:12:c1:74:97:2d:4c:48:99:e6:2a:c8:1c:fc:6e:
         24:51:6a:5a:da:45:e5:d4:88:cb:c6:f5:1d:d1:10:68:22:5a:
         64:a3:13:b0:fb:ea:09:20:ce:0c:0b:f8:52:99:c5:0f:bc:3c:
         8a:4e:42:ef:b2:1a:76:1a:f0:43:18:66:bc:b5:fa:7f:3f:c9:
         a7:2e:81:ba:87:e7:e5:52:4d:62:d0:a8:e1:e8:19:d0:79:69:
         6c:a9:e2:0a:75:51:5c:f0:de:44:9f:a5:d0:a4:14:69:be:74:
         a7:3e:17:1d:0c:5f:3f:ee:82:f2:5d:4a:5a:9c:33:95:98:c4:
         cd:c0:de:6d:ea:80:d0:f0:95:3b:f6:14:fa:c6:8f:4a:3c:68:
         03:d6:35:cc:d1:f8:52:ea:a7:8f:29:a8:3b:e4:41:66:5a:91:
         5e:d8:74:52
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlI5ys1KygqexPxL7VXZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjQwMTAyMDAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzA3YmExZTYwNWNmMDdjYjYwYmEwODIyYjE5YzJiY2QxODQxZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUyp69ev8ka0R5xQX6upB+DXxpMP
30qKjwVJh6oRCX7IU3ApKFpU1BU4ahNgv3EO3TVf6ug+h6aNmwnwRzWjrvMJT5AN
4FFNNj+e5rwfUyIpkhnhaTjBndFbjh6tU4wHSaBzTq+xOp527NNQmFQSd7uOv8m0
SIvDcw8niVSYvDU0vrPXys6S0F9oGYDr7suTkXD73cKLyuSMoDnn5RW40FtNAJpt
whInaF8YL9moxMoitVzOAac/qJvC2goYTTZaTgvIa7fyFHqCFRZfJdXgH6taClxU
R5R2lt8nDvVV+gIZo7GmrU6izgDatfCHfpUbwfFGT553lPrJ9g9seEDVxwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGwHuh5gXPB8tguggisZwrzRhB3pMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvYkFlNkhtQmM4SHkyQzZDQ0t4bkN2TkdFSGVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKg5CAAMF
AyoQI4ADBQMqED5AMA0GCSqGSIb3DQEBCwUAA4IBAQBV+WfWUr4LOCoN/jguqZ3/
U12J5v3rA6MPN1D5VbhNSUUYH5HTtzIKRCriVFXUwr0f2HSk2f07uh/mNZKhJ6vd
PRvKeYovkLrxw2wrXSxNdpUQcfQVY3I41fbpZmwrEsF0ly1MSJnmKsgc/G4kUWpa
2kXl1IjLxvUd0RBoIlpkoxOw++oJIM4MC/hSmcUPvDyKTkLvshp2GvBDGGa8tfp/
P8mnLoG6h+flUk1i0Kjh6BnQeWlsqeIKdVFc8N5En6XQpBRpvnSnPhcdDF8/7oLy
XUpanDOVmMTNwN5t6oDQ8JU79hT6xo9KPGgD1jXM0fhS6qePKag75EFmWpFe2HRS
-----END CERTIFICATE-----