Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/M0tZkzEB-l6x3EnB5p7mc2j91X8.roa
File:                     M0tZkzEB-l6x3EnB5p7mc2j91X8.roa (raw, json)
Hash identifier:          SNi1TbU6dM9XMLc93mDEYrtbjMTIMhyhyeG5hAbx344=
Subject key identifier:   33:4B:59:93:31:01:FA:5E:B1:DC:49:C1:E6:9E:E6:73:68:FD:D5:7F
Certificate issuer:       /CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
Certificate serial:       018CC501099731ECEE2A7ED9D5BDCFEC9951
Authority key identifier: AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/M0tZkzEB-l6x3EnB5p7mc2j91X8.roa
Signing time:             Mon 01 Jan 2024 12:30:28 +0000
ROA not before:           Mon 01 Jan 2024 12:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43067
IP address blocks:        2a04:a900:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:09:97:31:ec:ee:2a:7e:d9:d5:bd:cf:ec:99:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
        Validity
            Not Before: Jan  1 12:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=334b59933101fa5eb1dc49c1e69ee67368fdd57f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:0a:a1:c0:0c:8a:60:50:f6:93:b6:0b:cd:c1:
                    a7:37:5f:25:96:c0:9e:e8:f4:37:89:3c:0d:f8:56:
                    e6:7f:4c:d3:e7:23:38:7c:38:16:b0:f5:7f:b1:4a:
                    fa:4a:c0:bb:87:da:f8:ca:1c:13:fe:50:5c:76:f2:
                    c2:fc:8f:fa:86:d2:a8:57:b9:c6:1f:33:ab:2f:2f:
                    e9:e8:64:13:61:30:4c:01:eb:49:54:e2:20:45:e8:
                    38:5b:e7:bc:c9:4b:ba:05:c2:4e:58:a7:5f:f6:92:
                    0b:0a:3c:24:c1:75:29:73:5e:14:ec:ef:ed:2c:a0:
                    45:c7:eb:b9:59:ff:59:e3:71:d4:33:44:77:57:50:
                    7a:80:0d:61:95:82:25:6f:4e:55:04:7b:0a:ac:1b:
                    9a:a2:ca:cf:fa:c6:13:4c:01:f2:87:6e:62:e2:0f:
                    6b:1f:14:bb:4f:7d:e1:12:c5:90:4c:6c:c9:fa:7e:
                    7b:0c:58:ae:7f:e0:80:3e:cb:71:ec:ea:ac:83:5d:
                    34:c3:ca:d7:fa:4d:dc:33:8b:21:3b:28:13:9f:55:
                    0c:b9:4e:f8:84:8b:7f:b9:3f:b6:2c:ef:67:ab:53:
                    a0:df:1e:f3:ad:29:d7:72:70:88:d2:be:5b:a8:12:
                    3e:89:7a:cb:68:bd:c5:38:26:94:5a:39:aa:22:56:
                    aa:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:4B:59:93:31:01:FA:5E:B1:DC:49:C1:E6:9E:E6:73:68:FD:D5:7F
            X509v3 Authority Key Identifier:
                keyid:AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/M0tZkzEB-l6x3EnB5p7mc2j91X8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:a900:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:65:11:ea:a8:1d:b1:ed:0e:93:ef:7b:37:56:4d:c6:62:5a:
         89:8b:22:79:98:e3:6a:1d:f1:9f:c5:26:a4:0d:eb:0b:1a:2b:
         a4:41:52:58:dd:6b:04:fe:04:c2:64:93:64:51:9a:0e:52:72:
         b6:c6:b7:f8:65:7a:40:04:7d:7d:ac:f2:4d:de:b9:a1:13:f0:
         f6:87:e6:94:b8:9d:6e:0d:7f:15:95:72:6a:98:5c:fe:44:00:
         e5:c7:4f:af:d2:41:b5:f4:30:ca:25:ca:0a:c3:c6:d5:22:05:
         c1:cc:97:69:c9:4d:1a:43:88:b9:4b:14:24:79:b8:62:29:6f:
         ab:11:d1:46:97:d4:22:6a:69:94:46:93:06:77:89:76:87:d1:
         4e:99:22:90:fe:3a:2b:90:a4:90:42:7c:22:11:f4:2a:f9:93:
         04:de:98:eb:c7:de:e9:f0:c5:b4:99:2b:1e:3e:60:a7:fe:51:
         0e:67:73:2c:f7:ba:93:5c:ff:00:78:25:1d:03:f4:58:5c:d4:
         03:c0:2d:8e:21:f3:20:fd:40:1b:2a:04:0e:6c:24:87:fd:4a:
         d9:d0:6b:c4:1a:d5:45:9d:44:40:e0:00:a0:35:e3:cb:cf:de:
         11:be:54:8c:5e:e1:81:bf:fa:8c:57:f3:10:63:48:aa:3d:60:
         1a:e1:1f:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAQmXMezuKn7Z1b3P7JlRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzhkYmU1MjA4M2FkMzM1YzlmMWZkZTYwMTZlYzhiNDky
OTMxNDAwHhcNMjQwMTAxMTIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzRiNTk5MzMxMDFmYTVlYjFkYzQ5YzFlNjllZTY3MzY4ZmRkNTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gqhwAyKYFD2k7YLzcGnN18llsCe
6PQ3iTwN+Fbmf0zT5yM4fDgWsPV/sUr6SsC7h9r4yhwT/lBcdvLC/I/6htKoV7nG
HzOrLy/p6GQTYTBMAetJVOIgReg4W+e8yUu6BcJOWKdf9pILCjwkwXUpc14U7O/t
LKBFx+u5Wf9Z43HUM0R3V1B6gA1hlYIlb05VBHsKrBuaosrP+sYTTAHyh25i4g9r
HxS7T33hEsWQTGzJ+n57DFiuf+CAPstx7Oqsg100w8rX+k3cM4shOygTn1UMuU74
hIt/uT+2LO9nq1Og3x7zrSnXcnCI0r5bqBI+iXrLaL3FOCaUWjmqIlaqDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDNLWZMxAfpesdxJweae5nNo/dV/MB8GA1UdIwQY
MBaAFKvI2+Ugg60zXJ8f3mAW7ItJKTFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2Qt
MzA1NmFmOWEzMzVlLzEvTTB0Wmt6RUItbDZ4M0VuQjVwN21jMmo5MVg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2QtMzA1NmFmOWEzMzVl
LzEvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgSpAAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCpZRHqqB2x7Q6T73s3Vk3GYlqJiyJ5mONqHfGf
xSakDesLGiukQVJY3WsE/gTCZJNkUZoOUnK2xrf4ZXpABH19rPJN3rmhE/D2h+aU
uJ1uDX8VlXJqmFz+RADlx0+v0kG19DDKJcoKw8bVIgXBzJdpyU0aQ4i5SxQkebhi
KW+rEdFGl9QiammURpMGd4l2h9FOmSKQ/jorkKSQQnwiEfQq+ZME3pjrx97p8MW0
mSsePmCn/lEOZ3Ms97qTXP8AeCUdA/RYXNQDwC2OIfMg/UAbKgQObCSH/UrZ0GvE
GtVFnURA4ACgNePLz94RvlSMXuGBv/qMV/MQY0iqPWAa4R/R
-----END CERTIFICATE-----