Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/ucH7IeIWTX6RVcP_anDxrMhkplo.roa
File:                     ucH7IeIWTX6RVcP_anDxrMhkplo.roa (raw, json)
Hash identifier:          cBNoIGHr8LbNGj9a6kRhTTmCpwzcmwsWD4LP8P5es7w=
Subject key identifier:   B9:C1:FB:21:E2:16:4D:7E:91:55:C3:FF:6A:70:F1:AC:C8:64:A6:5A
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       0194221F5212112A975FD379F5E4E7FE1F3D
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/ucH7IeIWTX6RVcP_anDxrMhkplo.roa
Signing time:             Wed 01 Jan 2025 13:47:45 +0000
ROA not before:           Wed 01 Jan 2025 13:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        2a0e:4206::/32 maxlen: 48
                          2a0e:4207::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:52:12:11:2a:97:5f:d3:79:f5:e4:e7:fe:1f:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jan  1 13:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9c1fb21e2164d7e9155c3ff6a70f1acc864a65a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:dd:7a:0b:26:5c:b0:09:f0:d6:b1:e4:15:1b:
                    2e:be:4f:ba:6d:97:4b:24:a3:a1:3c:d8:35:1c:85:
                    01:8e:60:8f:f4:5a:7b:9b:a1:93:a2:bf:b8:2d:42:
                    fb:9b:df:fd:ef:4f:bf:07:50:50:14:54:e1:57:ae:
                    65:50:d1:72:b3:02:e0:c7:f2:6c:91:9a:82:5d:d6:
                    60:61:27:09:0e:cc:3c:93:36:fb:f0:0e:bd:19:5c:
                    13:c2:30:87:fd:6d:01:42:bc:21:ac:c9:df:63:03:
                    9d:2c:09:78:35:91:5c:3e:74:69:6f:c1:95:32:0f:
                    3f:f1:89:28:5a:cf:cc:8a:0b:4e:00:aa:48:bc:f8:
                    d9:88:fc:24:cc:82:d1:64:c9:86:c0:f4:b5:b0:1c:
                    db:b4:dc:64:19:58:6a:6c:ae:41:df:cf:5f:41:09:
                    71:ad:e5:0b:fc:81:4e:49:ee:69:69:57:cb:20:0e:
                    7f:00:e9:e8:f9:9b:c0:93:95:7a:67:ed:e0:3c:e3:
                    ea:1a:7c:9f:8d:71:71:f3:82:e3:5a:6e:6f:6b:91:
                    ab:a1:4e:73:74:2c:f8:5b:a9:12:97:25:bd:ae:1c:
                    f9:c4:11:81:14:c1:83:c5:f6:e6:e3:28:6a:0d:6d:
                    98:8b:40:ce:71:3f:a8:d9:12:68:7b:50:c6:c9:df:
                    fb:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:C1:FB:21:E2:16:4D:7E:91:55:C3:FF:6A:70:F1:AC:C8:64:A6:5A
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/ucH7IeIWTX6RVcP_anDxrMhkplo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4206::/31

    Signature Algorithm: sha256WithRSAEncryption
         7e:ec:0a:1d:b4:bc:42:71:63:e4:57:d0:de:c0:11:9f:f8:39:
         45:d2:89:1b:1e:2b:b0:b6:f8:bc:e7:87:2d:9e:5e:2e:7c:d8:
         91:98:cf:df:4e:e6:ae:82:3f:1d:e4:e7:f9:1e:a7:a1:54:fa:
         e7:8d:46:a5:e4:b6:ab:d6:17:73:cd:df:a4:be:6b:9f:6a:23:
         1b:13:4d:91:a6:d0:84:60:4f:23:c6:14:36:e5:59:46:72:a0:
         6a:6d:67:72:c4:66:aa:0e:e5:bb:d1:16:d8:69:0e:5e:2c:39:
         54:7f:b1:16:72:fe:24:1d:35:fb:62:85:75:29:eb:7d:e6:ab:
         30:81:8d:9c:56:80:4e:16:55:ed:86:3b:29:f0:86:f5:fd:ea:
         58:ae:df:85:dc:88:d8:c6:3e:57:fd:3d:2a:db:9f:88:fe:12:
         e9:d2:0b:c2:23:f2:13:cd:e5:96:91:e8:76:1f:0b:3e:60:2b:
         45:84:80:01:d8:fd:70:63:b7:94:5d:d7:0d:ef:f3:cb:34:5f:
         ae:0a:45:40:8f:b3:1b:f7:ed:5d:32:8b:56:9a:be:48:ec:69:
         2d:57:44:6b:4e:55:fb:73:21:42:47:ab:0b:c3:a6:33:db:87:
         55:8f:f4:5e:c2:f9:a7:c3:16:f3:27:07:db:ed:56:59:62:70:
         06:5c:f4:89
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQiH1ISESqXX9N59eTn/h89MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjUwMTAxMTM0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWMxZmIyMWUyMTY0ZDdlOTE1NWMzZmY2YTcwZjFhY2M4NjRhNjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1d16CyZcsAnw1rHkFRsuvk+6bZdL
JKOhPNg1HIUBjmCP9Fp7m6GTor+4LUL7m9/970+/B1BQFFThV65lUNFyswLgx/Js
kZqCXdZgYScJDsw8kzb78A69GVwTwjCH/W0BQrwhrMnfYwOdLAl4NZFcPnRpb8GV
Mg8/8YkoWs/MigtOAKpIvPjZiPwkzILRZMmGwPS1sBzbtNxkGVhqbK5B389fQQlx
reUL/IFOSe5paVfLIA5/AOno+ZvAk5V6Z+3gPOPqGnyfjXFx84LjWm5va5GroU5z
dCz4W6kSlyW9rhz5xBGBFMGDxfbm4yhqDW2Yi0DOcT+o2RJoe1DGyd/7LQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLnB+yHiFk1+kVXD/2pw8azIZKZaMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvdWNIN0llSVdUWDZSVmNQX2FuRHhyTWhrcGxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKg5CBjAN
BgkqhkiG9w0BAQsFAAOCAQEAfuwKHbS8QnFj5FfQ3sARn/g5RdKJGx4rsLb4vOeH
LZ5eLnzYkZjP307mroI/HeTn+R6noVT6541GpeS2q9YXc83fpL5rn2ojGxNNkabQ
hGBPI8YUNuVZRnKgam1ncsRmqg7lu9EW2GkOXiw5VH+xFnL+JB01+2KFdSnrfear
MIGNnFaAThZV7YY7KfCG9f3qWK7fhdyI2MY+V/09KtufiP4S6dILwiPyE83llpHo
dh8LPmArRYSAAdj9cGO3lF3XDe/zyzRfrgpFQI+zG/ftXTKLVpq+SOxpLVdEa05V
+3MhQkerC8OmM9uHVY/0XsL5p8MW8ycH2+1WWWJwBlz0iQ==
-----END CERTIFICATE-----