Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/9be5rMEKimneri1deEslqY33Yn0.roa
File:                     9be5rMEKimneri1deEslqY33Yn0.roa (raw, json)
Hash identifier:          AWEygOk4oNfeJ8K3ik7DaQ1Im9SXRaeqKAe2TLs/dAw=
Subject key identifier:   F5:B7:B9:AC:C1:0A:8A:69:DE:AE:2D:5D:78:4B:25:A9:8D:F7:62:7D
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       018CC727574B980B4A5DED59EFEB7D3CEC69
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/9be5rMEKimneri1deEslqY33Yn0.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207080
IP address blocks:        2a0b:6b86:400::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:57:4b:98:0b:4a:5d:ed:59:ef:eb:7d:3c:ec:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5b7b9acc10a8a69deae2d5d784b25a98df7627d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b1:e2:99:90:53:75:61:51:12:f0:43:5f:eb:
                    54:67:c6:1e:bc:75:20:e2:13:bd:83:7d:19:77:8a:
                    b1:c6:bd:69:16:61:14:c1:1d:75:31:61:05:e7:ec:
                    e9:44:5e:d5:b3:ce:f2:d6:32:9a:1c:90:36:4c:d6:
                    47:a1:13:98:be:54:08:94:b8:aa:2a:34:59:16:8f:
                    67:6e:eb:f0:ef:f0:11:54:98:a1:6c:0d:10:90:73:
                    1a:a6:a6:af:76:4f:23:96:2f:b3:08:aa:ce:87:f2:
                    ca:9f:d6:54:09:69:16:f6:4f:75:b6:c0:51:ce:b1:
                    68:ab:ae:85:15:30:1c:2a:7c:1c:a5:98:c6:5a:6d:
                    73:bb:2a:1a:2b:4b:1c:f5:b1:9d:3e:d6:18:3b:77:
                    e8:a1:74:5e:23:32:bc:51:2d:10:8d:13:b5:7f:f0:
                    a0:87:03:09:ec:d3:e1:82:ac:89:bf:c8:31:25:f0:
                    7f:a7:04:71:ee:86:05:33:c6:6f:bd:6f:a7:e5:7b:
                    1d:ea:90:be:ae:dc:64:49:21:0d:bd:40:de:66:9e:
                    24:c9:b7:b6:ca:c6:77:b9:44:e2:34:fa:57:b2:40:
                    2d:f0:19:6c:91:fe:21:31:99:c7:e9:95:70:33:04:
                    17:26:5b:75:e2:3c:18:0b:95:b8:1c:86:7b:2e:ff:
                    7d:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:B7:B9:AC:C1:0A:8A:69:DE:AE:2D:5D:78:4B:25:A9:8D:F7:62:7D
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/9be5rMEKimneri1deEslqY33Yn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:400::/40

    Signature Algorithm: sha256WithRSAEncryption
         86:36:da:c8:da:94:05:70:0c:2a:97:c7:cb:4c:a1:84:dd:6a:
         50:81:a9:07:7e:d0:5d:1a:c7:19:d3:cb:9d:07:40:92:4c:bc:
         f2:b1:dc:26:db:67:56:4a:1d:99:b1:12:a6:6e:1e:62:75:49:
         b6:16:b6:44:5f:bd:09:7e:03:bc:6a:7f:3d:e2:8d:82:bd:61:
         a4:6a:6b:9e:31:33:9a:f9:52:9d:37:1b:af:33:68:49:0d:a8:
         61:2f:a7:4b:3a:40:1f:d3:58:5d:8d:a3:35:85:b4:d2:b6:1c:
         3d:e7:d2:8a:28:81:77:16:ea:da:cd:ab:81:d7:6e:86:10:84:
         8c:0b:0f:d4:43:f8:27:65:f6:ec:8d:f2:9d:5b:26:a8:64:e4:
         d6:c4:e5:6e:c5:80:56:b2:d7:25:39:fd:f7:8b:e7:0d:bf:a1:
         e0:9a:1d:72:a3:38:3b:85:21:c5:24:f6:2a:ec:10:51:1f:4f:
         12:c5:0e:14:59:22:0f:f9:f6:68:32:8c:6a:2f:e8:63:f8:0a:
         f2:03:90:b9:cd:12:81:f3:77:84:33:4e:53:bb:dd:71:4d:df:
         e2:08:e4:9f:77:f7:03:f6:30:86:df:e3:67:5f:80:b3:8b:5e:
         be:b4:02:17:b5:df:fc:a0:de:18:06:5d:99:ad:cb:9f:8b:99:
         99:c5:8b:e3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHJ1dLmAtKXe1Z7+t9POxpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWI3YjlhY2MxMGE4YTY5ZGVhZTJkNWQ3ODRiMjVhOThkZjc2MjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrHimZBTdWFREvBDX+tUZ8YevHUg
4hO9g30Zd4qxxr1pFmEUwR11MWEF5+zpRF7Vs87y1jKaHJA2TNZHoROYvlQIlLiq
KjRZFo9nbuvw7/ARVJihbA0QkHMapqavdk8jli+zCKrOh/LKn9ZUCWkW9k91tsBR
zrFoq66FFTAcKnwcpZjGWm1zuyoaK0sc9bGdPtYYO3fooXReIzK8US0QjRO1f/Cg
hwMJ7NPhgqyJv8gxJfB/pwRx7oYFM8ZvvW+n5Xsd6pC+rtxkSSENvUDeZp4kybe2
ysZ3uUTiNPpXskAt8Blskf4hMZnH6ZVwMwQXJlt14jwYC5W4HIZ7Lv99iwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPW3uazBCopp3q4tXXhLJamN92J9MB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvOWJlNXJNRUtpbW5lcmkxZGVFc2xxWTMzWW4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgtrhgQw
DQYJKoZIhvcNAQELBQADggEBAIY22sjalAVwDCqXx8tMoYTdalCBqQd+0F0axxnT
y50HQJJMvPKx3CbbZ1ZKHZmxEqZuHmJ1SbYWtkRfvQl+A7xqfz3ijYK9YaRqa54x
M5r5Up03G68zaEkNqGEvp0s6QB/TWF2NozWFtNK2HD3n0ooogXcW6trNq4HXboYQ
hIwLD9RD+Cdl9uyN8p1bJqhk5NbE5W7FgFay1yU5/feL5w2/oeCaHXKjODuFIcUk
9irsEFEfTxLFDhRZIg/59mgyjGov6GP4CvIDkLnNEoHzd4QzTlO73XFN3+II5J93
9wP2MIbf42dfgLOLXr60Ahe13/yg3hgGXZmty5+LmZnFi+M=
-----END CERTIFICATE-----