Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/sfEGHGTrRXskkJnbvYNIOwMi4Ts.roa
File:                     sfEGHGTrRXskkJnbvYNIOwMi4Ts.roa (raw, json)
Hash identifier:          vAEx0AsWOAiBV/SJi1we037cUXeW6hY3X2zSP1HV1qk=
Subject key identifier:   B1:F1:06:1C:64:EB:45:7B:24:90:99:DB:BD:83:48:3B:03:22:E1:3B
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       018CC727578BB08CCCB89DE81F803B84E313
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/sfEGHGTrRXskkJnbvYNIOwMi4Ts.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208249
IP address blocks:        2a0b:6b83::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:57:8b:b0:8c:cc:b8:9d:e8:1f:80:3b:84:e3:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1f1061c64eb457b249099dbbd83483b0322e13b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:6d:c8:e6:75:2b:d8:b9:da:ef:2b:03:b7:f3:
                    55:8d:52:33:cf:b0:b0:00:6c:d9:dc:64:36:53:25:
                    0a:6c:72:5a:cc:f3:21:70:54:f4:7e:a8:a9:9b:25:
                    dc:c4:a7:13:5a:6d:cc:66:23:f1:1b:f4:00:28:c8:
                    7b:23:46:19:a3:95:af:f7:85:25:55:6e:ce:fe:0a:
                    f0:0f:ec:46:c8:ad:6e:ff:98:bd:51:d1:90:b3:9f:
                    26:be:09:99:21:91:4d:67:96:a5:81:c8:ba:5e:97:
                    2f:f1:ae:0e:df:f3:72:04:68:c4:cf:35:93:b6:81:
                    cd:5a:0e:3d:89:59:84:82:f7:83:ab:01:b6:55:c4:
                    2f:45:77:cd:10:d9:4c:d0:4d:76:7e:32:ae:21:14:
                    d5:e0:d9:e0:90:74:8c:7b:5a:59:79:b8:e4:40:83:
                    83:04:e6:cf:c4:27:7c:84:d4:e4:f9:37:15:6a:e4:
                    7c:dd:d9:7a:7e:eb:90:83:cb:dd:2d:af:0a:42:c6:
                    f4:5d:5d:cc:62:74:d3:8b:a0:53:83:1b:df:bf:ef:
                    2b:e5:45:5a:09:74:e4:d2:11:9c:14:6d:50:d3:dd:
                    36:2a:c4:62:e8:f7:81:c9:c3:b9:62:f1:0d:02:a7:
                    e9:76:5f:f7:5d:d4:26:ef:48:63:22:40:76:5e:8b:
                    13:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F1:06:1C:64:EB:45:7B:24:90:99:DB:BD:83:48:3B:03:22:E1:3B
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/sfEGHGTrRXskkJnbvYNIOwMi4Ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b83::/32

    Signature Algorithm: sha256WithRSAEncryption
         bc:42:66:36:22:60:ef:e2:fa:dc:84:01:26:69:c6:3a:03:a5:
         ac:d0:f7:08:80:71:49:76:9a:43:8a:9c:de:86:02:1f:91:e7:
         4a:93:68:95:4e:8e:60:6f:8e:91:28:58:ed:70:98:f0:99:83:
         a9:c9:0c:b4:04:ad:7b:4e:aa:e5:1f:e9:9c:b5:e9:fd:28:d1:
         54:23:36:4b:6d:a8:cd:3c:26:92:c6:aa:75:66:a5:5f:3b:18:
         2b:09:66:43:1e:9d:19:fd:d8:da:6f:15:04:c3:86:f2:87:55:
         52:5a:15:fd:3c:5e:d7:06:ca:ce:a8:50:46:5a:ad:a5:1e:37:
         c3:34:f6:5d:f0:e7:14:aa:eb:1f:73:75:cb:d5:9c:9a:93:32:
         29:04:24:11:73:29:a7:1c:e3:e9:1c:af:be:1d:e7:fd:20:f0:
         f7:c0:36:e5:0e:a0:ff:cb:bf:b8:5d:60:e0:ba:81:ab:f7:71:
         23:8e:76:cb:dd:fc:ff:41:a9:03:f3:56:b1:f4:a9:92:2a:c3:
         6a:e6:cd:94:b6:e4:84:cb:23:1a:2c:2b:e6:b6:61:07:6d:93:
         48:0e:0a:57:94:01:37:76:69:8f:85:7c:c7:7b:29:17:0c:60:
         a5:b1:5b:5d:aa:88:18:65:57:61:5b:59:a7:03:f4:9b:15:a9:
         75:29:59:45
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJ1eLsIzMuJ3oH4A7hOMTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWYxMDYxYzY0ZWI0NTdiMjQ5MDk5ZGJiZDgzNDgzYjAzMjJlMTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjG3I5nUr2Lna7ysDt/NVjVIzz7Cw
AGzZ3GQ2UyUKbHJazPMhcFT0fqipmyXcxKcTWm3MZiPxG/QAKMh7I0YZo5Wv94Ul
VW7O/grwD+xGyK1u/5i9UdGQs58mvgmZIZFNZ5algci6Xpcv8a4O3/NyBGjEzzWT
toHNWg49iVmEgveDqwG2VcQvRXfNENlM0E12fjKuIRTV4NngkHSMe1pZebjkQIOD
BObPxCd8hNTk+TcVauR83dl6fuuQg8vdLa8KQsb0XV3MYnTTi6BTgxvfv+8r5UVa
CXTk0hGcFG1Q0902KsRi6PeBycO5YvENAqfpdl/3XdQm70hjIkB2XosTvQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLHxBhxk60V7JJCZ272DSDsDIuE7MB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvc2ZFR0hHVHJSWHNra0puYnZZTklPd01pNFRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgtrgzAN
BgkqhkiG9w0BAQsFAAOCAQEAvEJmNiJg7+L63IQBJmnGOgOlrND3CIBxSXaaQ4qc
3oYCH5HnSpNolU6OYG+OkShY7XCY8JmDqckMtASte06q5R/pnLXp/SjRVCM2S22o
zTwmksaqdWalXzsYKwlmQx6dGf3Y2m8VBMOG8odVUloV/Txe1wbKzqhQRlqtpR43
wzT2XfDnFKrrH3N1y9WcmpMyKQQkEXMppxzj6Ryvvh3n/SDw98A25Q6g/8u/uF1g
4LqBq/dxI452y938/0GpA/NWsfSpkirDaubNlLbkhMsjGiwr5rZhB22TSA4KV5QB
N3Zpj4V8x3spFwxgpbFbXaqIGGVXYVtZpwP0mxWpdSlZRQ==
-----END CERTIFICATE-----