Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/EeiIs_qTza4SaH54w9xe8DA4dIQ.roa
File:                     EeiIs_qTza4SaH54w9xe8DA4dIQ.roa (raw, json)
Hash identifier:          XPZEeRp6yEa0s5luy3JRpMmNGl0Zukb0NZUFzR4YLPo=
Subject key identifier:   11:E8:88:B3:FA:93:CD:AE:12:68:7E:78:C3:DC:5E:F0:30:38:74:84
Certificate issuer:       /CN=b0f619ef200840dfa8fd43567c7a978c15312d7f
Certificate serial:       018CF0102BD8EE1372D389353A6365972E23
Authority key identifier: B0:F6:19:EF:20:08:40:DF:A8:FD:43:56:7C:7A:97:8C:15:31:2D:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/EeiIs_qTza4SaH54w9xe8DA4dIQ.roa
Signing time:             Tue 09 Jan 2024 21:10:40 +0000
ROA not before:           Tue 09 Jan 2024 21:10:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44812
IP address blocks:        2a11:f184::/32 maxlen: 32
                          2a11:8f86::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f0:10:2b:d8:ee:13:72:d3:89:35:3a:63:65:97:2e:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0f619ef200840dfa8fd43567c7a978c15312d7f
        Validity
            Not Before: Jan  9 21:10:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11e888b3fa93cdae12687e78c3dc5ef030387484
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:96:98:34:25:23:11:4b:16:93:c7:53:cc:0b:
                    50:9b:8d:4e:08:21:21:b4:8f:be:9d:5f:32:78:79:
                    e1:43:25:3e:a2:9a:b6:09:cd:8b:53:5c:a1:d8:a2:
                    5d:e4:90:92:13:d1:41:5b:68:68:54:1d:b5:bf:8c:
                    c8:27:34:83:bb:7a:f0:7a:5f:bd:e2:7e:6a:d3:64:
                    0c:49:b2:7f:a4:80:f6:64:1b:ef:e9:8e:73:5c:ef:
                    ab:c6:d8:de:db:9d:48:24:6e:d2:0e:66:50:c5:96:
                    e7:32:18:64:92:0c:06:d6:b8:7e:f5:15:aa:ac:13:
                    8a:a5:f6:5c:c1:0f:2e:fc:d3:6f:ad:76:1d:22:3c:
                    b8:b3:c0:d4:c7:ae:d9:a5:ce:33:7c:a6:15:f7:cd:
                    0c:d3:5f:e4:2e:59:48:10:2d:19:55:9a:33:68:b3:
                    13:02:86:2c:d5:75:2e:0d:90:91:60:67:8f:45:47:
                    b4:db:d0:9c:a4:26:fe:d4:b6:3f:5d:95:46:9f:e3:
                    c4:90:d2:df:98:71:1c:e7:74:cf:bd:7c:3f:33:15:
                    e9:1d:35:b7:ca:62:1d:21:f8:e1:a3:ba:db:eb:14:
                    b8:f1:96:b5:82:22:26:e8:4e:4b:5c:27:47:05:ce:
                    bd:6f:28:06:e6:f7:55:15:52:e8:0d:63:0f:2c:c7:
                    38:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:E8:88:B3:FA:93:CD:AE:12:68:7E:78:C3:DC:5E:F0:30:38:74:84
            X509v3 Authority Key Identifier:
                keyid:B0:F6:19:EF:20:08:40:DF:A8:FD:43:56:7C:7A:97:8C:15:31:2D:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/EeiIs_qTza4SaH54w9xe8DA4dIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:8f86::/32
                  2a11:f184::/32

    Signature Algorithm: sha256WithRSAEncryption
         a7:6f:9a:44:d3:59:5b:13:b2:d8:b4:32:64:5c:eb:d5:b2:ed:
         fa:95:a8:db:34:55:d3:d4:a8:ab:04:7e:14:df:dc:af:1b:c9:
         7a:98:b5:8f:64:12:67:89:68:d2:46:75:81:d3:8f:f2:b4:f5:
         01:63:68:1d:7d:da:58:01:b9:cf:c9:6c:2e:f0:6f:b6:01:d3:
         59:41:ba:f6:fd:08:a2:77:21:99:7c:14:a6:7b:30:23:16:a7:
         cd:2d:79:e3:4b:47:18:08:38:40:55:67:ec:5a:d7:89:a5:46:
         86:c1:10:23:c0:9a:a3:9b:df:e8:30:5a:5f:57:c8:73:44:8c:
         aa:52:e9:e5:7b:3e:1b:bc:a8:a9:04:55:31:8c:d5:97:97:39:
         02:d6:c3:21:76:46:9a:5e:e6:34:e1:a5:8e:9b:28:c0:11:f6:
         cc:7d:7d:69:c2:7f:32:f9:e4:9b:6e:df:4a:63:1c:3e:86:94:
         cf:b5:f9:2d:b2:69:55:4f:36:e1:a3:ed:31:34:9f:1a:d7:bf:
         8e:30:44:ec:21:80:e1:88:79:aa:12:83:08:e0:52:48:18:18:
         a7:d8:6d:a4:89:d2:bc:b1:73:47:e1:b5:08:0a:de:93:78:2f:
         c0:23:3a:78:21:e3:8b:26:19:21:79:aa:c0:0c:56:5b:93:db:
         93:d0:81:b6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzwECvY7hNy04k1OmNlly4jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwZjYxOWVmMjAwODQwZGZhOGZkNDM1NjdjN2E5NzhjMTUz
MTJkN2YwHhcNMjQwMTA5MjExMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWU4ODhiM2ZhOTNjZGFlMTI2ODdlNzhjM2RjNWVmMDMwMzg3NDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJaYNCUjEUsWk8dTzAtQm41OCCEh
tI++nV8yeHnhQyU+opq2Cc2LU1yh2KJd5JCSE9FBW2hoVB21v4zIJzSDu3rwel+9
4n5q02QMSbJ/pID2ZBvv6Y5zXO+rxtje251IJG7SDmZQxZbnMhhkkgwG1rh+9RWq
rBOKpfZcwQ8u/NNvrXYdIjy4s8DUx67Zpc4zfKYV980M01/kLllIEC0ZVZozaLMT
AoYs1XUuDZCRYGePRUe029CcpCb+1LY/XZVGn+PEkNLfmHEc53TPvXw/MxXpHTW3
ymIdIfjho7rb6xS48Za1giIm6E5LXCdHBc69bygG5vdVFVLoDWMPLMc4KwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBHoiLP6k82uEmh+eMPcXvAwOHSEMB8GA1UdIwQY
MBaAFLD2Ge8gCEDfqP1DVnx6l4wVMS1/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1BZWjd5QUlRTi1vX1VOV2ZIcVhqQlV4TFg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wZTE4ZDItZDgwYi00YWEwLWFhZWYt
MDY5NjYxNjc1MTA2LzEvRWVpSXNfcVR6YTRTYUg1NHc5eGU4REE0ZElRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wZTE4ZDItZDgwYi00YWEwLWFhZWYtMDY5NjYxNjc1MTA2
LzEvc1BZWjd5QUlRTi1vX1VOV2ZIcVhqQlV4TFg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhGPhgMF
ACoR8YQwDQYJKoZIhvcNAQELBQADggEBAKdvmkTTWVsTsti0MmRc69Wy7fqVqNs0
VdPUqKsEfhTf3K8byXqYtY9kEmeJaNJGdYHTj/K09QFjaB192lgBuc/JbC7wb7YB
01lBuvb9CKJ3IZl8FKZ7MCMWp80teeNLRxgIOEBVZ+xa14mlRobBECPAmqOb3+gw
Wl9XyHNEjKpS6eV7Phu8qKkEVTGM1ZeXOQLWwyF2Rppe5jThpY6bKMAR9sx9fWnC
fzL55Jtu30pjHD6GlM+1+S2yaVVPNuGj7TE0nxrXv44wROwhgOGIeaoSgwjgUkgY
GKfYbaSJ0ryxc0fhtQgK3pN4L8AjOngh44smGSF5qsAMVluT25PQgbY=
-----END CERTIFICATE-----