Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/i8JnVO3qTSfTf7GxiaWwj2BEwP0.roa
File:                     i8JnVO3qTSfTf7GxiaWwj2BEwP0.roa (raw, json)
Hash identifier:          /0D/hojkRveZWRVdhzpV0k68d4w6PnhL8Yx27xpOUAE=
Subject key identifier:   8B:C2:67:54:ED:EA:4D:27:D3:7F:B1:B1:89:A5:B0:8F:60:44:C0:FD
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       018CC72756FB4DE74E81489EC7DAE7D473CB
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/i8JnVO3qTSfTf7GxiaWwj2BEwP0.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206699
IP address blocks:        2a0b:6b86:b00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:56:fb:4d:e7:4e:81:48:9e:c7:da:e7:d4:73:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bc26754edea4d27d37fb1b189a5b08f6044c0fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d7:c4:ab:18:19:63:e8:f0:76:ac:47:c1:83:
                    29:c9:ed:3c:16:5f:d0:b5:d8:66:2b:25:49:34:1b:
                    ba:4f:79:f8:73:78:4e:66:bd:1a:8b:f0:af:4e:ac:
                    1a:e0:17:a1:37:69:d0:09:cd:4b:9f:1e:87:16:d3:
                    84:52:2c:9b:29:03:5a:d4:20:20:9f:8b:f7:b5:bf:
                    51:80:14:fc:40:15:f1:d3:ae:a1:73:32:1c:d8:4a:
                    94:55:27:60:8a:02:b1:3c:c5:83:56:26:d7:5c:df:
                    2f:9a:a3:d7:a0:fe:11:2f:a0:45:27:56:23:9d:cf:
                    90:40:50:11:3b:4b:09:42:d8:d5:f4:ac:0e:e0:f0:
                    51:2a:d9:83:b4:d1:61:4a:00:38:94:74:75:e3:06:
                    86:c2:2b:52:db:cf:fa:b9:57:18:32:55:46:69:7a:
                    e0:b8:2a:86:3b:e0:79:99:ba:1c:b6:85:f6:23:52:
                    07:21:51:fd:cb:25:84:b8:42:db:9e:25:86:11:04:
                    8f:a2:8e:93:d6:41:a1:f5:8d:e3:3b:27:24:6b:b6:
                    8f:5d:0f:91:ae:d6:bb:b5:7a:5c:df:62:24:b6:41:
                    eb:bf:b0:98:0b:e1:0f:73:89:9a:76:b7:d6:6a:2c:
                    b9:06:ef:51:f7:27:dc:b4:2c:9f:a5:ee:89:fd:6e:
                    cf:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:C2:67:54:ED:EA:4D:27:D3:7F:B1:B1:89:A5:B0:8F:60:44:C0:FD
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/i8JnVO3qTSfTf7GxiaWwj2BEwP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:b00::/40

    Signature Algorithm: sha256WithRSAEncryption
         aa:58:3d:dd:2f:b2:ae:8b:8a:79:05:cc:b2:56:6b:09:6c:a5:
         43:05:62:70:2b:8c:6a:38:b9:e5:1b:d9:09:b3:56:83:a0:9d:
         0a:d8:c6:a1:cc:90:6c:ac:cc:bb:b8:bc:ca:db:c1:c6:c3:29:
         fc:63:bd:5b:92:b9:08:4b:e8:91:03:ca:e5:36:1d:58:3a:34:
         29:07:1f:a0:1f:b2:dd:36:ff:a1:8f:5c:7a:b6:27:bc:6d:96:
         61:8f:2b:2a:4a:d1:3b:34:66:6e:f7:03:99:60:4b:70:9f:bd:
         1b:d1:40:5d:53:93:a7:c9:1b:3e:9f:de:bf:94:8b:b8:06:75:
         a9:f5:e9:35:67:62:b5:a0:0f:00:39:19:e1:4a:f5:ca:af:91:
         d5:60:b4:17:56:c4:4e:47:ba:d8:d5:c2:04:60:6b:6b:44:09:
         8d:6a:e7:47:7d:0a:eb:00:ea:ac:44:70:a5:97:79:01:4a:f2:
         9a:32:f0:e2:f5:6a:7b:ce:91:cb:de:b3:d4:35:d3:1d:93:48:
         7f:6d:66:7d:53:3c:0d:02:36:8e:c8:d2:e2:db:65:15:fb:17:
         d1:0f:8b:e3:77:a1:25:de:46:4d:79:2c:09:49:c6:b6:5f:62:
         da:d6:77:2b:31:c5:85:bd:5a:09:a6:35:11:82:af:92:92:df:
         10:f1:7f:a3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHJ1b7TedOgUiex9rn1HPLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmMyNjc1NGVkZWE0ZDI3ZDM3ZmIxYjE4OWE1YjA4ZjYwNDRjMGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNfEqxgZY+jwdqxHwYMpye08Fl/Q
tdhmKyVJNBu6T3n4c3hOZr0ai/CvTqwa4BehN2nQCc1Lnx6HFtOEUiybKQNa1CAg
n4v3tb9RgBT8QBXx066hczIc2EqUVSdgigKxPMWDVibXXN8vmqPXoP4RL6BFJ1Yj
nc+QQFARO0sJQtjV9KwO4PBRKtmDtNFhSgA4lHR14waGwitS28/6uVcYMlVGaXrg
uCqGO+B5mboctoX2I1IHIVH9yyWEuELbniWGEQSPoo6T1kGh9Y3jOycka7aPXQ+R
rta7tXpc32IktkHrv7CYC+EPc4madrfWaiy5Bu9R9yfctCyfpe6J/W7PqwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIvCZ1Tt6k0n03+xsYmlsI9gRMD9MB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvaThKblZPM3FUU2ZUZjdHeGlhV3dqMkJFd1AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgtrhgsw
DQYJKoZIhvcNAQELBQADggEBAKpYPd0vsq6LinkFzLJWawlspUMFYnArjGo4ueUb
2QmzVoOgnQrYxqHMkGyszLu4vMrbwcbDKfxjvVuSuQhL6JEDyuU2HVg6NCkHH6Af
st02/6GPXHq2J7xtlmGPKypK0Ts0Zm73A5lgS3CfvRvRQF1Tk6fJGz6f3r+Ui7gG
dan16TVnYrWgDwA5GeFK9cqvkdVgtBdWxE5HutjVwgRga2tECY1q50d9CusA6qxE
cKWXeQFK8poy8OL1anvOkcves9Q10x2TSH9tZn1TPA0CNo7I0uLbZRX7F9EPi+N3
oSXeRk15LAlJxrZfYtrWdysxxYW9WgmmNRGCr5KS3xDxf6M=
-----END CERTIFICATE-----