Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/6U9fmG9AK5i2irSVP7PNutKCp14.roa
File:                     6U9fmG9AK5i2irSVP7PNutKCp14.roa (raw, json)
Hash identifier:          +PqH4BgCUb96osKcUjxV8pD5M0HAKS5Fq7FgnwuKF48=
Subject key identifier:   E9:4F:5F:98:6F:40:2B:98:B6:8A:B4:95:3F:B3:CD:BA:D2:82:A7:5E
Certificate issuer:       /CN=ee31367df6d1861071c92bae726523326f45ba2a
Certificate serial:       018CC80167946EC554A498E4F97FA3FC9384
Authority key identifier: EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/6U9fmG9AK5i2irSVP7PNutKCp14.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207960
IP address blocks:        2a0e:1cc1::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:67:94:6e:c5:54:a4:98:e4:f9:7f:a3:fc:93:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee31367df6d1861071c92bae726523326f45ba2a
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e94f5f986f402b98b68ab4953fb3cdbad282a75e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:df:91:38:25:97:6b:7e:c3:d6:21:63:71:9e:
                    45:83:a7:84:b6:cf:a1:c9:26:a7:e7:e1:b5:f1:e1:
                    fc:35:c5:09:ae:29:d2:e5:3d:8b:25:c3:78:79:91:
                    b9:2a:ed:47:02:d6:56:68:80:12:bd:9f:87:53:27:
                    da:59:5e:a6:b9:6e:7f:55:fb:cb:88:d7:7d:75:44:
                    cf:67:57:e4:ae:af:86:91:39:d1:b9:0b:21:fe:8f:
                    a1:11:92:88:54:8d:78:17:74:65:c1:03:12:d4:e2:
                    46:98:b1:3a:ed:7b:0b:75:a6:71:c9:58:9e:bf:82:
                    8c:3d:35:00:3d:39:8f:ec:dc:5b:ee:05:4a:9a:dd:
                    ee:32:14:74:4d:eb:85:07:f8:fd:57:e3:e9:aa:81:
                    47:f0:5f:fb:e7:60:5a:5c:50:96:aa:98:bc:5f:43:
                    b5:63:3b:e5:f2:5c:ac:db:fe:8d:f2:9a:d6:b2:fd:
                    2b:b7:f9:ff:c0:8b:ff:99:d6:99:e0:eb:f1:94:bb:
                    d6:0d:a0:af:fc:6f:29:af:40:c7:cf:54:10:ab:34:
                    8f:5e:1d:08:e4:56:08:1b:f0:02:74:d2:88:c7:e4:
                    98:4f:3f:37:7a:5b:49:63:53:03:61:4d:43:20:6f:
                    3d:69:a0:4f:c7:0a:28:1c:99:ea:2c:e4:75:d7:a0:
                    31:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:4F:5F:98:6F:40:2B:98:B6:8A:B4:95:3F:B3:CD:BA:D2:82:A7:5E
            X509v3 Authority Key Identifier:
                keyid:EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/6U9fmG9AK5i2irSVP7PNutKCp14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1cc1::/40

    Signature Algorithm: sha256WithRSAEncryption
         7e:bf:11:49:51:ef:7a:34:e8:b0:f8:d9:a5:89:9a:42:3a:2c:
         e3:d3:9f:ec:67:24:c7:c4:6e:0b:1a:da:59:0c:dd:3d:a2:22:
         6f:bf:26:35:b3:1f:5a:fe:ef:31:a0:4b:78:fe:84:f5:30:34:
         e8:fc:ac:ab:48:01:89:0c:ce:8a:42:32:2b:8c:7a:52:3e:97:
         5e:28:eb:f7:c7:cd:de:14:f0:d0:16:6b:ef:1f:d6:b3:f1:dc:
         0f:9f:18:2a:5f:af:cf:e2:c8:f9:13:0e:8f:4d:4d:de:95:03:
         a2:e4:e4:4a:b6:04:e9:7e:fc:41:76:00:49:60:c8:e8:5d:30:
         93:27:ba:ff:71:9a:45:d7:2d:ff:4d:1b:10:92:27:e5:28:6e:
         03:09:1e:7c:a4:71:6b:c8:17:a8:cc:f1:e4:98:5a:c3:72:df:
         ac:59:a1:d5:48:e7:d1:c9:c2:59:89:05:75:40:93:38:09:44:
         78:d5:22:cf:b8:34:14:56:5b:dd:3a:b5:1b:73:e4:b5:0d:63:
         0f:f5:2e:1a:70:d6:87:a7:29:b5:81:e9:9f:4b:ce:e9:81:84:
         10:75:19:ba:59:ef:e2:19:dd:d4:c5:dc:03:8c:aa:f0:bc:a6:
         c0:cb:d1:93:fa:53:60:a7:3f:50:19:1a:7e:a0:e0:f9:9f:76:
         a8:36:19:ff
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIAWeUbsVUpJjk+X+j/JOEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMzEzNjdkZjZkMTg2MTA3MWM5MmJhZTcyNjUyMzMyNmY0
NWJhMmEwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTRmNWY5ODZmNDAyYjk4YjY4YWI0OTUzZmIzY2RiYWQyODJhNzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiN+ROCWXa37D1iFjcZ5Fg6eEts+h
ySan5+G18eH8NcUJrinS5T2LJcN4eZG5Ku1HAtZWaIASvZ+HUyfaWV6muW5/VfvL
iNd9dUTPZ1fkrq+GkTnRuQsh/o+hEZKIVI14F3RlwQMS1OJGmLE67XsLdaZxyVie
v4KMPTUAPTmP7Nxb7gVKmt3uMhR0TeuFB/j9V+PpqoFH8F/752BaXFCWqpi8X0O1
Yzvl8lys2/6N8prWsv0rt/n/wIv/mdaZ4OvxlLvWDaCv/G8pr0DHz1QQqzSPXh0I
5FYIG/ACdNKIx+SYTz83eltJY1MDYU1DIG89aaBPxwooHJnqLOR116AxeQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOlPX5hvQCuYtoq0lT+zzbrSgqdeMB8GA1UdIwQY
MBaAFO4xNn320YYQcckrrnJlIzJvRboqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2It
MTE1OWRiZmJlZDU0LzEvNlU5Zm1HOUFLNWkyaXJTVlA3UE51dEtDcDE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2ItMTE1OWRiZmJlZDU0
LzEvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg4cwQAw
DQYJKoZIhvcNAQELBQADggEBAH6/EUlR73o06LD42aWJmkI6LOPTn+xnJMfEbgsa
2lkM3T2iIm+/JjWzH1r+7zGgS3j+hPUwNOj8rKtIAYkMzopCMiuMelI+l14o6/fH
zd4U8NAWa+8f1rPx3A+fGCpfr8/iyPkTDo9NTd6VA6Lk5Eq2BOl+/EF2AElgyOhd
MJMnuv9xmkXXLf9NGxCSJ+UobgMJHnykcWvIF6jM8eSYWsNy36xZodVI59HJwlmJ
BXVAkzgJRHjVIs+4NBRWW906tRtz5LUNYw/1Lhpw1oenKbWB6Z9LzumBhBB1GbpZ
7+IZ3dTF3AOMqvC8psDL0ZP6U2CnP1AZGn6g4Pmfdqg2Gf8=
-----END CERTIFICATE-----