Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/R0ReoQbqDH6FfeYwns9V34UdN7E.roa
File:                     R0ReoQbqDH6FfeYwns9V34UdN7E.roa (raw, json)
Hash identifier:          AvejWIfE0gmVad6xw3lVtCXpD7bWuI2e0QLPAeVe3mo=
Subject key identifier:   47:44:5E:A1:06:EA:0C:7E:85:7D:E6:30:9E:CF:55:DF:85:1D:37:B1
Certificate issuer:       /CN=ee31367df6d1861071c92bae726523326f45ba2a
Certificate serial:       018CC80165477D106D9A8E23E96B5E23281A
Authority key identifier: EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/R0ReoQbqDH6FfeYwns9V34UdN7E.roa
Signing time:             Tue 02 Jan 2024 02:29:43 +0000
ROA not before:           Tue 02 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133480
IP address blocks:        2a0e:1cc0:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:65:47:7d:10:6d:9a:8e:23:e9:6b:5e:23:28:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee31367df6d1861071c92bae726523326f45ba2a
        Validity
            Not Before: Jan  2 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47445ea106ea0c7e857de6309ecf55df851d37b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:dd:f2:92:8c:0b:2b:18:06:bb:2b:fb:da:64:
                    06:9c:53:ef:40:f4:10:a8:88:d8:8e:4e:67:83:9c:
                    c0:6d:f7:2f:fe:cd:c5:c4:68:27:2e:78:87:88:9f:
                    9d:ea:d8:5b:cb:8f:f2:cf:ca:55:a8:16:4d:20:70:
                    4f:4b:93:ef:f7:92:f8:76:97:51:a1:29:5a:60:c7:
                    12:fb:2f:dd:aa:37:8a:bc:8e:bb:5a:ee:4a:6d:f2:
                    61:29:90:e6:c7:3f:e5:d4:c6:ac:79:a0:29:08:fd:
                    2a:0d:f2:bf:c5:d9:d0:00:b3:90:bf:c6:bd:68:fc:
                    e4:6f:d7:f2:8b:fe:f0:1f:da:cc:46:89:b0:ef:05:
                    57:fe:a9:45:b1:4a:a2:e8:d5:67:47:ce:19:6c:4e:
                    51:6d:f0:86:51:81:7b:a6:d8:d5:f7:9b:d8:25:a8:
                    d1:d6:50:4f:ee:23:76:24:ee:7e:8b:fd:42:f9:c8:
                    6c:6b:a6:d7:e2:ea:81:5c:0a:ae:31:8e:eb:2b:0c:
                    ed:13:b0:6f:46:b8:fd:3b:8a:90:fd:15:be:ac:7a:
                    ad:41:a8:09:6d:5e:60:1c:ba:61:63:84:d3:7b:7a:
                    3a:1e:ab:81:60:cf:93:52:ec:af:d4:e3:75:94:08:
                    25:96:0b:68:b2:05:ad:22:a0:ab:0a:ce:b5:2f:67:
                    6b:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:44:5E:A1:06:EA:0C:7E:85:7D:E6:30:9E:CF:55:DF:85:1D:37:B1
            X509v3 Authority Key Identifier:
                keyid:EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/R0ReoQbqDH6FfeYwns9V34UdN7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1cc0:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:55:a8:bd:02:4e:95:6d:90:da:36:19:77:64:64:ca:3d:d6:
         e0:9b:fa:41:51:bf:f7:39:7a:77:ad:6b:3f:48:ae:a4:1d:5a:
         c3:49:7d:f8:e8:b0:b0:8e:21:94:2a:70:9a:ae:1c:92:aa:5c:
         1c:f5:5c:2e:27:c3:fa:83:91:08:2d:3f:b8:05:85:d0:b8:bb:
         e5:2d:3a:72:ad:33:62:07:cc:41:43:dd:3f:45:23:84:f4:8b:
         42:d0:69:3a:7c:01:46:6f:9c:bf:80:8e:4a:9d:80:57:a7:d2:
         94:a3:44:13:fb:4b:bd:4f:b6:8d:79:35:d1:4b:1e:6d:33:75:
         ff:c8:48:62:be:f3:6c:e8:91:f4:09:c7:84:09:07:99:0a:16:
         0d:94:c9:4f:28:c0:57:e8:6c:90:d8:7d:90:a5:d5:1a:b5:4e:
         47:2c:e7:b2:0a:8c:81:c4:f3:b4:66:fe:37:a7:8c:67:e6:14:
         f9:e0:99:a9:94:dd:cb:c7:a2:3f:d1:3a:5b:b7:23:7c:37:20:
         b3:34:e3:dd:a0:72:9f:b0:6f:b2:06:d5:43:72:7c:ec:eb:39:
         1f:dd:d4:01:0a:f5:6b:c5:6b:0d:20:cd:ce:3d:c4:84:84:1f:
         f3:42:52:57:98:23:fd:fd:b5:60:13:cc:71:be:1f:33:e7:8a:
         de:6e:c2:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWVHfRBtmo4j6WteIygaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMzEzNjdkZjZkMTg2MTA3MWM5MmJhZTcyNjUyMzMyNmY0
NWJhMmEwHhcNMjQwMTAyMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzQ0NWVhMTA2ZWEwYzdlODU3ZGU2MzA5ZWNmNTVkZjg1MWQzN2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnt3ykowLKxgGuyv72mQGnFPvQPQQ
qIjYjk5ng5zAbfcv/s3FxGgnLniHiJ+d6thby4/yz8pVqBZNIHBPS5Pv95L4dpdR
oSlaYMcS+y/dqjeKvI67Wu5KbfJhKZDmxz/l1MaseaApCP0qDfK/xdnQALOQv8a9
aPzkb9fyi/7wH9rMRomw7wVX/qlFsUqi6NVnR84ZbE5RbfCGUYF7ptjV95vYJajR
1lBP7iN2JO5+i/1C+chsa6bX4uqBXAquMY7rKwztE7BvRrj9O4qQ/RW+rHqtQagJ
bV5gHLphY4TTe3o6HquBYM+TUuyv1ON1lAgllgtosgWtIqCrCs61L2dr0wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEdEXqEG6gx+hX3mMJ7PVd+FHTexMB8GA1UdIwQY
MBaAFO4xNn320YYQcckrrnJlIzJvRboqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2It
MTE1OWRiZmJlZDU0LzEvUjBSZW9RYnFESDZGZmVZd25zOVYzNFVkTjdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2ItMTE1OWRiZmJlZDU0
LzEvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg4cwAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQBAVai9Ak6VbZDaNhl3ZGTKPdbgm/pBUb/3OXp3
rWs/SK6kHVrDSX346LCwjiGUKnCarhySqlwc9VwuJ8P6g5EILT+4BYXQuLvlLTpy
rTNiB8xBQ90/RSOE9ItC0Gk6fAFGb5y/gI5KnYBXp9KUo0QT+0u9T7aNeTXRSx5t
M3X/yEhivvNs6JH0CceECQeZChYNlMlPKMBX6GyQ2H2QpdUatU5HLOeyCoyBxPO0
Zv43p4xn5hT54JmplN3Lx6I/0TpbtyN8NyCzNOPdoHKfsG+yBtVDcnzs6zkf3dQB
CvVrxWsNIM3OPcSEhB/zQlJXmCP9/bVgE8xxvh8z54rebsIF
-----END CERTIFICATE-----