Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/2_J9mL3XgD_kRv43Zxb1qpgeusY.roa
File:                     2_J9mL3XgD_kRv43Zxb1qpgeusY.roa (raw, json)
Hash identifier:          BT4ikVgRDIfMHyLN6PDoERnZXkSxffK0jAs/wXbsVwI=
Subject key identifier:   DB:F2:7D:98:BD:D7:80:3F:E4:46:FE:37:67:16:F5:AA:98:1E:BA:C6
Certificate issuer:       /CN=ee31367df6d1861071c92bae726523326f45ba2a
Certificate serial:       018CC80168CFE0874EC95AEE289027CB2507
Authority key identifier: EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/2_J9mL3XgD_kRv43Zxb1qpgeusY.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211998
IP address blocks:        2a0e:1cc0:5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:68:cf:e0:87:4e:c9:5a:ee:28:90:27:cb:25:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee31367df6d1861071c92bae726523326f45ba2a
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbf27d98bdd7803fe446fe376716f5aa981ebac6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ab:69:9c:cc:66:56:e6:7b:09:40:ab:b2:e3:
                    97:89:5b:1b:18:48:a2:58:84:c9:20:94:80:1c:79:
                    fb:7f:95:ef:20:2c:77:6b:15:ac:00:95:e5:80:c2:
                    38:c4:f8:8b:25:8f:a6:03:af:65:58:c8:ba:e5:b7:
                    85:15:56:91:cf:e8:69:cd:c6:f8:ec:c5:c4:ce:25:
                    b4:05:bf:b5:2d:5d:df:ec:5f:27:4d:b0:ea:63:1b:
                    95:9a:93:ca:e5:fc:dc:ed:41:f3:61:1c:1a:48:ed:
                    82:17:f9:02:38:0d:9b:61:07:40:85:98:a3:75:44:
                    98:fb:5b:ee:ec:c9:a6:d3:6a:2a:58:b2:49:d9:f1:
                    e9:c8:70:18:8e:eb:17:1f:85:59:62:f9:1d:d6:73:
                    6e:65:ed:43:df:f1:95:24:52:bf:5f:fc:61:45:6f:
                    5e:9e:f1:34:fb:79:e3:ee:b4:23:2a:d1:e4:75:83:
                    67:cf:b6:a9:82:ac:e8:de:cf:9e:c4:80:f1:00:7b:
                    95:d7:a2:3c:8d:09:b3:ac:eb:6c:cf:6d:8e:99:ef:
                    b1:41:b5:46:00:9c:be:5f:ca:1d:48:d5:07:66:4a:
                    87:d9:b5:b1:49:6b:84:0b:7f:e2:03:f8:94:b5:b3:
                    93:c3:57:ec:2e:2c:6c:0d:28:63:43:b2:80:c7:0a:
                    2d:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:F2:7D:98:BD:D7:80:3F:E4:46:FE:37:67:16:F5:AA:98:1E:BA:C6
            X509v3 Authority Key Identifier:
                keyid:EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/2_J9mL3XgD_kRv43Zxb1qpgeusY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1cc0:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:d6:94:45:a4:b4:7c:32:7e:94:1b:fe:08:c6:03:02:32:c7:
         bb:6c:91:f8:9b:f9:2e:03:19:84:3b:61:68:08:e0:be:f1:98:
         39:91:b9:e9:c7:ac:ee:c7:0f:0a:da:c1:c5:0f:89:0f:43:c9:
         b0:69:a0:2f:07:00:45:2e:d3:d9:1f:8f:a6:43:b3:33:bd:7b:
         6b:01:b6:44:77:27:c0:1e:b2:7a:58:5d:ce:3a:86:62:5b:44:
         a3:6e:c6:71:06:e6:db:2f:43:5b:67:a7:3b:e0:26:75:89:4a:
         16:4e:77:7b:f3:9c:25:fd:00:42:4d:ce:46:df:a0:02:57:19:
         cc:ab:41:39:0b:3a:d6:be:47:4b:16:52:25:48:60:7f:a9:86:
         af:7c:91:50:e3:a4:82:c9:30:dd:07:27:ee:42:d6:ac:04:39:
         f8:44:23:6d:50:08:1c:01:51:7a:74:54:d8:25:04:e1:6d:49:
         d5:e6:0a:de:14:10:f0:14:a3:6a:a1:3b:c4:db:6e:74:13:4c:
         37:f0:63:f2:dd:8b:e8:83:08:a6:07:18:3b:31:a0:ef:22:d3:
         4d:25:a1:4a:86:cd:f4:c3:14:de:2b:8c:18:2a:e3:b2:19:a2:
         be:66:d3:4e:0f:f3:1b:1d:5e:15:91:04:09:c6:3f:7c:46:c3:
         1d:80:c0:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWjP4IdOyVruKJAnyyUHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMzEzNjdkZjZkMTg2MTA3MWM5MmJhZTcyNjUyMzMyNmY0
NWJhMmEwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmYyN2Q5OGJkZDc4MDNmZTQ0NmZlMzc2NzE2ZjVhYTk4MWViYWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqtpnMxmVuZ7CUCrsuOXiVsbGEii
WITJIJSAHHn7f5XvICx3axWsAJXlgMI4xPiLJY+mA69lWMi65beFFVaRz+hpzcb4
7MXEziW0Bb+1LV3f7F8nTbDqYxuVmpPK5fzc7UHzYRwaSO2CF/kCOA2bYQdAhZij
dUSY+1vu7Mmm02oqWLJJ2fHpyHAYjusXH4VZYvkd1nNuZe1D3/GVJFK/X/xhRW9e
nvE0+3nj7rQjKtHkdYNnz7apgqzo3s+exIDxAHuV16I8jQmzrOtsz22Ome+xQbVG
AJy+X8odSNUHZkqH2bWxSWuEC3/iA/iUtbOTw1fsLixsDShjQ7KAxwot1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNvyfZi914A/5Eb+N2cW9aqYHrrGMB8GA1UdIwQY
MBaAFO4xNn320YYQcckrrnJlIzJvRboqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2It
MTE1OWRiZmJlZDU0LzEvMl9KOW1MM1hnRF9rUnY0M1p4YjFxcGdldXNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2ItMTE1OWRiZmJlZDU0
LzEvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg4cwAAF
MA0GCSqGSIb3DQEBCwUAA4IBAQCU1pRFpLR8Mn6UG/4IxgMCMse7bJH4m/kuAxmE
O2FoCOC+8Zg5kbnpx6zuxw8K2sHFD4kPQ8mwaaAvBwBFLtPZH4+mQ7MzvXtrAbZE
dyfAHrJ6WF3OOoZiW0SjbsZxBubbL0NbZ6c74CZ1iUoWTnd785wl/QBCTc5G36AC
VxnMq0E5CzrWvkdLFlIlSGB/qYavfJFQ46SCyTDdByfuQtasBDn4RCNtUAgcAVF6
dFTYJQThbUnV5greFBDwFKNqoTvE2250E0w38GPy3YvogwimBxg7MaDvItNNJaFK
hs30wxTeK4wYKuOyGaK+ZtNOD/MbHV4VkQQJxj98RsMdgMB3
-----END CERTIFICATE-----