Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/1-33G7DJmOz-Ii4rhY5VlXqQ_Guc.roa
File:                     1-33G7DJmOz-Ii4rhY5VlXqQ_Guc.roa (raw, json)
Hash identifier:          7nKpOPT9usV07iPDpjmDEBr8elDnMmppAgSWI1bg1Cg=
Subject key identifier:   FB:7D:C6:EC:32:66:3B:3F:88:8B:8A:E1:63:95:65:5E:A4:3F:1A:E7
Certificate issuer:       /CN=2b6d7e5191f81ff0a19f102b1718ab4f9e0ea3a0
Certificate serial:       018CC34935D08D6B5F50D619CEE166C7FB14
Authority key identifier: 2B:6D:7E:51:91:F8:1F:F0:A1:9F:10:2B:17:18:AB:4F:9E:0E:A3:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K21-UZH4H_ChnxArFxirT54Oo6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/1-33G7DJmOz-Ii4rhY5VlXqQ_Guc.roa
Signing time:             Mon 01 Jan 2024 04:30:04 +0000
ROA not before:           Mon 01 Jan 2024 04:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199009
IP address blocks:        2a0e:eac0:2020::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/K21-UZH4H_ChnxArFxirT54Oo6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/K21-UZH4H_ChnxArFxirT54Oo6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K21-UZH4H_ChnxArFxirT54Oo6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:35:d0:8d:6b:5f:50:d6:19:ce:e1:66:c7:fb:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b6d7e5191f81ff0a19f102b1718ab4f9e0ea3a0
        Validity
            Not Before: Jan  1 04:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb7dc6ec32663b3f888b8ae16395655ea43f1ae7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:06:cd:e7:8d:c4:2d:6e:da:b0:4d:f0:06:73:
                    9e:92:97:aa:7c:d0:25:39:73:e2:b9:59:3d:b1:1f:
                    36:c4:37:ca:8e:8e:f1:95:86:75:16:66:81:02:e0:
                    e7:bf:5c:1b:d8:20:40:a4:56:01:15:88:29:5c:15:
                    5f:44:ee:9d:70:28:9f:1f:58:b0:00:c2:4c:c3:60:
                    36:0d:07:d4:2d:79:3e:33:79:65:cc:10:5c:9a:90:
                    c6:14:69:21:1d:21:a2:96:12:9f:ee:33:bb:bf:d9:
                    cc:bb:cd:b0:f2:85:84:2b:9b:7e:8b:7d:4b:e8:cb:
                    dc:ff:34:5a:ea:5c:09:7e:f2:cf:e3:79:1d:44:76:
                    8a:2c:fd:db:58:d7:19:33:01:e4:53:e6:ce:de:54:
                    a2:88:75:e7:a0:2d:0d:47:95:be:a4:b8:b4:45:12:
                    0a:ae:4b:0d:b8:8f:be:f1:2d:23:d2:54:5b:f7:bb:
                    1d:af:28:03:0d:f6:82:1d:28:0b:75:9b:81:0e:96:
                    0a:1c:6a:7c:f6:1a:cc:09:31:ed:4e:75:f5:44:79:
                    89:2a:95:27:db:0d:91:f8:cc:0e:1e:55:70:94:b6:
                    f1:f1:32:57:7a:c1:a2:f6:84:fd:3a:b1:1b:67:e1:
                    20:50:2d:f8:67:79:a2:fe:d8:59:73:d1:bf:91:b9:
                    cd:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:7D:C6:EC:32:66:3B:3F:88:8B:8A:E1:63:95:65:5E:A4:3F:1A:E7
            X509v3 Authority Key Identifier:
                keyid:2B:6D:7E:51:91:F8:1F:F0:A1:9F:10:2B:17:18:AB:4F:9E:0E:A3:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K21-UZH4H_ChnxArFxirT54Oo6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/1-33G7DJmOz-Ii4rhY5VlXqQ_Guc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/K21-UZH4H_ChnxArFxirT54Oo6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:eac0:2020::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:36:77:67:d2:cc:59:3d:b4:b9:91:74:f4:a1:38:66:9e:56:
         c7:7f:d0:8f:48:ed:36:77:8c:e6:c9:2d:fc:0a:a6:bc:15:c9:
         2d:23:b1:29:c8:ee:16:fb:9a:32:9c:78:a7:cf:3d:87:fe:64:
         5c:77:b2:c2:49:78:36:e3:a9:13:6b:8b:83:8e:d8:04:b7:9e:
         f5:2f:95:8d:84:be:98:40:c1:9f:54:e1:15:cf:a0:71:fc:c4:
         69:65:ec:d5:88:49:1f:80:72:b6:e4:26:09:a0:a4:2f:2d:8e:
         c8:ad:94:80:ce:57:40:e9:4f:a3:24:aa:96:ec:4e:39:85:5b:
         49:f3:df:40:7d:d0:f7:69:70:5a:76:a3:83:4d:b9:15:92:76:
         b9:77:96:46:26:8a:cb:7c:43:da:47:d4:98:79:b9:b8:57:f4:
         f4:48:69:3d:8d:aa:fa:78:1c:eb:91:ea:78:b2:08:2e:1c:55:
         be:12:9f:7a:2e:59:38:1a:a9:a5:64:bc:5c:de:86:8f:a8:b4:
         1a:ae:0c:3d:3a:93:b4:b3:5d:a4:88:ee:26:4b:69:1e:e8:07:
         ac:45:86:87:2b:96:c7:19:f7:3c:ff:f1:f9:75:9a:b4:cd:7b:
         55:ef:73:4b:22:3c:86:ce:85:9e:44:4a:c2:fe:ac:7e:70:1f:
         1f:a0:19:87
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzDSTXQjWtfUNYZzuFmx/sUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNmQ3ZTUxOTFmODFmZjBhMTlmMTAyYjE3MThhYjRmOWUw
ZWEzYTAwHhcNMjQwMTAxMDQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjdkYzZlYzMyNjYzYjNmODg4YjhhZTE2Mzk1NjU1ZWE0M2YxYWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQbN543ELW7asE3wBnOekpeqfNAl
OXPiuVk9sR82xDfKjo7xlYZ1FmaBAuDnv1wb2CBApFYBFYgpXBVfRO6dcCifH1iw
AMJMw2A2DQfULXk+M3llzBBcmpDGFGkhHSGilhKf7jO7v9nMu82w8oWEK5t+i31L
6Mvc/zRa6lwJfvLP43kdRHaKLP3bWNcZMwHkU+bO3lSiiHXnoC0NR5W+pLi0RRIK
rksNuI++8S0j0lRb97sdrygDDfaCHSgLdZuBDpYKHGp89hrMCTHtTnX1RHmJKpUn
2w2R+MwOHlVwlLbx8TJXesGi9oT9OrEbZ+EgUC34Z3mi/thZc9G/kbnNVQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPt9xuwyZjs/iIuK4WOVZV6kPxrnMB8GA1UdIwQY
MBaAFCttflGR+B/woZ8QKxcYq0+eDqOgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzIxLVVaSDRIX0NobnhBckZ4aXJUNTRPbzZBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hYjMxNTYtYjA2MS00OWZjLWIxZjAt
MDBjYTMxMjZiM2ZlLzEvMS0zM0c3REptT3otSWk0cmhZNVZsWHFRX0d1Yy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2QvYWIzMTU2LWIwNjEtNDlmYy1iMWYwLTAwY2EzMTI2YjNm
ZS8xL0syMS1VWkg0SF9DaG54QXJGeGlyVDU0T282QS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoO6sAg
IDANBgkqhkiG9w0BAQsFAAOCAQEAJDZ3Z9LMWT20uZF09KE4Zp5Wx3/Qj0jtNneM
5skt/AqmvBXJLSOxKcjuFvuaMpx4p889h/5kXHeywkl4NuOpE2uLg47YBLee9S+V
jYS+mEDBn1ThFc+gcfzEaWXs1YhJH4BytuQmCaCkLy2OyK2UgM5XQOlPoySqluxO
OYVbSfPfQH3Q92lwWnajg025FZJ2uXeWRiaKy3xD2kfUmHm5uFf09EhpPY2q+ngc
65HqeLIILhxVvhKfei5ZOBqppWS8XN6Gj6i0Gq4MPTqTtLNdpIjuJktpHugHrEWG
hyuWxxn3PP/x+XWatM17Ve9zSyI8hs6FnkRKwv6sfnAfH6AZhw==
-----END CERTIFICATE-----