Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/kBViyr5yGJFsHmc7FZeceyGkQOE.roa
File:                     kBViyr5yGJFsHmc7FZeceyGkQOE.roa (raw, json)
Hash identifier:          IF/jwV5BYFaipFzwpESRFaQsC9FcetdyGnrqOzSWFoI=
Subject key identifier:   90:15:62:CA:BE:72:18:91:6C:1E:67:3B:15:97:9C:7B:21:A4:40:E1
Certificate issuer:       /CN=ee31367df6d1861071c92bae726523326f45ba2a
Certificate serial:       018CC80165A936E558A950972BA40EB9D69D
Authority key identifier: EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/kBViyr5yGJFsHmc7FZeceyGkQOE.roa
Signing time:             Tue 02 Jan 2024 02:29:43 +0000
ROA not before:           Tue 02 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200325
IP address blocks:        2a0e:1cc0:4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:65:a9:36:e5:58:a9:50:97:2b:a4:0e:b9:d6:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee31367df6d1861071c92bae726523326f45ba2a
        Validity
            Not Before: Jan  2 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=901562cabe7218916c1e673b15979c7b21a440e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:65:ad:43:4b:7b:c1:9e:65:a6:49:19:29:96:
                    ef:3b:be:a6:1b:ff:55:e8:cc:17:b2:f0:ac:8b:9f:
                    45:5c:bb:4f:1f:c1:72:f9:31:70:d9:59:0b:eb:58:
                    f1:53:d2:43:02:ac:27:eb:57:4f:a7:6b:72:43:46:
                    5e:5e:f1:ab:f7:f5:71:e3:35:79:d6:52:f8:22:9e:
                    7e:41:28:35:64:46:8c:22:85:90:02:1e:f8:cc:38:
                    a3:ae:ba:1b:51:76:ee:74:eb:36:76:0a:a0:2b:53:
                    f7:c9:57:62:92:48:08:a6:76:e4:fe:48:2c:7c:7e:
                    ba:00:dd:33:15:b2:a1:4c:cb:66:71:7e:69:82:4f:
                    82:ce:81:60:d2:78:dc:ee:3a:8f:05:40:08:74:22:
                    3d:6d:67:46:2a:6c:69:19:f6:15:0a:33:2d:fd:bb:
                    10:de:9b:b0:ed:07:14:51:42:d2:a1:db:2c:1f:64:
                    d0:99:ed:9e:ad:6b:71:00:90:2a:57:55:d5:3a:56:
                    cf:fc:28:02:d3:90:19:43:57:5a:84:cd:ef:f1:34:
                    d1:81:f0:88:05:b9:9a:af:74:c7:e8:17:4e:6a:20:
                    97:d7:2a:02:f5:d9:01:ed:bc:b7:d4:42:fa:a0:a2:
                    43:5f:a0:2e:8b:5d:7d:42:b6:42:bb:90:04:20:05:
                    f2:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:15:62:CA:BE:72:18:91:6C:1E:67:3B:15:97:9C:7B:21:A4:40:E1
            X509v3 Authority Key Identifier:
                keyid:EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/kBViyr5yGJFsHmc7FZeceyGkQOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1cc0:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         cc:35:a8:42:5b:68:23:59:fb:42:37:bc:55:2c:a0:1f:4e:0a:
         b5:1f:e8:35:e3:bb:21:96:bb:93:3d:a7:1e:5b:fc:f9:2a:70:
         9c:9b:7a:51:6c:70:be:6a:e6:72:49:95:04:43:86:12:b5:fa:
         77:fa:07:35:b2:23:06:71:69:7e:9b:81:ad:ac:7f:89:2b:8e:
         b1:f0:8f:3f:b2:f0:24:34:95:53:48:13:4f:72:57:04:56:42:
         14:0d:ba:2c:03:99:98:29:e3:13:71:3d:39:7f:56:b6:5f:06:
         9f:00:37:0b:13:5f:59:ea:c9:fa:24:24:c5:2f:14:47:e8:cf:
         da:79:f0:46:98:32:30:9d:cb:44:55:13:b9:4b:d7:d8:b2:f1:
         1a:2c:fe:82:6f:db:4b:85:ca:b5:9d:c8:12:6f:e0:48:ed:56:
         a3:c6:6b:6f:84:8a:cb:f0:11:49:58:73:2a:8a:dc:0f:b3:ee:
         55:37:24:7e:a8:96:a6:3c:b8:56:32:23:e0:c9:c7:a2:3a:25:
         0b:2e:98:fb:4f:3b:92:3a:e2:09:2a:81:78:c3:7d:29:c3:26:
         db:c9:37:74:f4:41:ce:a7:6d:74:d9:ff:43:93:8b:0c:2e:21:
         00:67:75:bc:c1:2e:97:a3:76:80:b4:f1:dc:b7:fb:23:e0:26:
         20:91:5c:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWWpNuVYqVCXK6QOudadMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMzEzNjdkZjZkMTg2MTA3MWM5MmJhZTcyNjUyMzMyNmY0
NWJhMmEwHhcNMjQwMTAyMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDE1NjJjYWJlNzIxODkxNmMxZTY3M2IxNTk3OWM3YjIxYTQ0MGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGWtQ0t7wZ5lpkkZKZbvO76mG/9V
6MwXsvCsi59FXLtPH8Fy+TFw2VkL61jxU9JDAqwn61dPp2tyQ0ZeXvGr9/Vx4zV5
1lL4Ip5+QSg1ZEaMIoWQAh74zDijrrobUXbudOs2dgqgK1P3yVdikkgIpnbk/kgs
fH66AN0zFbKhTMtmcX5pgk+CzoFg0njc7jqPBUAIdCI9bWdGKmxpGfYVCjMt/bsQ
3puw7QcUUULSodssH2TQme2erWtxAJAqV1XVOlbP/CgC05AZQ1dahM3v8TTRgfCI
Bbmar3TH6BdOaiCX1yoC9dkB7by31EL6oKJDX6Aui119QrZCu5AEIAXyWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJAVYsq+chiRbB5nOxWXnHshpEDhMB8GA1UdIwQY
MBaAFO4xNn320YYQcckrrnJlIzJvRboqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2It
MTE1OWRiZmJlZDU0LzEva0JWaXlyNXlHSkZzSG1jN0ZaZWNleUdrUU9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2ItMTE1OWRiZmJlZDU0
LzEvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg4cwAAE
MA0GCSqGSIb3DQEBCwUAA4IBAQDMNahCW2gjWftCN7xVLKAfTgq1H+g147shlruT
PaceW/z5KnCcm3pRbHC+auZySZUEQ4YStfp3+gc1siMGcWl+m4GtrH+JK46x8I8/
svAkNJVTSBNPclcEVkIUDbosA5mYKeMTcT05f1a2XwafADcLE19Z6sn6JCTFLxRH
6M/aefBGmDIwnctEVRO5S9fYsvEaLP6Cb9tLhcq1ncgSb+BI7VajxmtvhIrL8BFJ
WHMqitwPs+5VNyR+qJamPLhWMiPgyceiOiULLpj7TzuSOuIJKoF4w30pwybbyTd0
9EHOp2102f9Dk4sMLiEAZ3W8wS6Xo3aAtPHct/sj4CYgkVwL
-----END CERTIFICATE-----