Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/b2i0yJCTA3TbjyBhwiCPi6G1HcQ.roa
File:                     b2i0yJCTA3TbjyBhwiCPi6G1HcQ.roa (raw, json)
Hash identifier:          2enGwKWlzAj5IVLU1ZBT2R5DyQa6rmbo9jwkcO6am6s=
Subject key identifier:   6F:68:B4:C8:90:93:03:74:DB:8F:20:61:C2:20:8F:8B:A1:B5:1D:C4
Certificate issuer:       /CN=88e719f426793b1e9063771460abd311a3dff116
Certificate serial:       018CC49397237C3C373238D50BA6D1023996
Authority key identifier: 88:E7:19:F4:26:79:3B:1E:90:63:77:14:60:AB:D3:11:A3:DF:F1:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/b2i0yJCTA3TbjyBhwiCPi6G1HcQ.roa
Signing time:             Mon 01 Jan 2024 10:30:55 +0000
ROA not before:           Mon 01 Jan 2024 10:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25623
IP address blocks:        2a06:ee05::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:97:23:7c:3c:37:32:38:d5:0b:a6:d1:02:39:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88e719f426793b1e9063771460abd311a3dff116
        Validity
            Not Before: Jan  1 10:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f68b4c890930374db8f2061c2208f8ba1b51dc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:00:18:a3:98:78:d9:c7:4c:e7:47:4c:7f:01:
                    4e:1d:fe:62:b8:4c:78:28:f4:8c:d0:5a:0c:e0:5f:
                    b0:f9:a3:43:07:08:20:4d:1d:7c:0d:82:b9:1f:aa:
                    a0:55:55:aa:b7:6c:43:3e:50:c3:b5:e7:b8:c3:2d:
                    71:38:89:51:4c:b5:d8:1b:aa:e3:3f:a6:9c:d2:be:
                    de:9f:d3:2e:3b:d6:cf:01:32:b4:a6:12:93:6e:38:
                    ba:9f:ba:bb:3f:4c:81:1b:c9:91:05:c3:cf:3f:91:
                    04:06:c3:2e:2d:dc:ba:e6:88:3e:0f:4e:a1:6c:90:
                    87:8f:2b:51:29:cb:b5:62:bd:4c:d3:96:5a:a3:4b:
                    8a:56:e2:86:f2:fa:b4:13:7f:54:13:92:2e:ee:a8:
                    a4:79:4b:33:db:e5:d6:e2:82:fa:18:e3:01:fb:5f:
                    46:c3:85:8d:3a:ab:b5:c9:03:17:3a:d0:66:59:e6:
                    09:aa:c9:3d:f5:30:ce:ad:4f:06:26:56:31:1b:82:
                    43:a5:fa:89:ab:cc:7f:17:4c:c1:20:38:d8:10:ed:
                    68:9b:62:1b:f1:d4:b2:4e:35:da:17:22:00:21:39:
                    95:21:9a:cd:d6:78:a5:20:3d:d9:07:5a:61:ed:fc:
                    41:c0:0f:63:5b:6f:69:b1:9a:f8:ab:ac:5b:6c:16:
                    c8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:68:B4:C8:90:93:03:74:DB:8F:20:61:C2:20:8F:8B:A1:B5:1D:C4
            X509v3 Authority Key Identifier:
                keyid:88:E7:19:F4:26:79:3B:1E:90:63:77:14:60:AB:D3:11:A3:DF:F1:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/b2i0yJCTA3TbjyBhwiCPi6G1HcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/00d45d-5e48-458d-92f7-ae52e156b77e/1/iOcZ9CZ5Ox6QY3cUYKvTEaPf8RY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:ee05::/32

    Signature Algorithm: sha256WithRSAEncryption
         9f:3e:04:98:47:ab:74:01:6b:6e:91:89:8e:9a:2b:b0:53:53:
         19:a3:6e:15:b8:c9:ff:cb:c3:10:df:66:56:4f:d8:07:47:e0:
         4b:eb:38:6a:6d:55:36:82:ca:f9:78:27:22:a8:14:0e:e8:1b:
         29:95:9e:c2:10:c4:73:93:3d:58:24:7f:39:80:81:75:5b:f7:
         e7:c8:08:17:52:80:dc:99:3f:c7:82:de:8c:15:ef:40:49:69:
         50:39:58:48:f1:5a:99:05:4d:69:0c:b3:5b:79:2d:fa:33:f9:
         0d:2c:ce:97:60:9c:10:3d:71:36:1e:c9:12:88:3e:86:59:5e:
         cd:c4:05:97:f0:b0:10:2c:5b:50:8f:1f:a4:44:d6:1d:6a:76:
         0f:ca:2e:a9:a5:14:54:e0:5f:f9:ac:6d:fa:42:01:6e:5e:7f:
         02:66:b0:bf:4f:08:aa:cc:e2:02:04:7b:57:a0:7e:9d:6b:c3:
         c7:14:d5:4d:e5:fb:74:ac:b8:fb:7a:5e:0d:ee:05:09:df:e0:
         77:1a:9f:21:2f:b9:47:b2:52:2b:18:33:9f:9a:fa:53:c5:e8:
         cf:29:5c:2f:28:e2:a0:eb:ce:9a:fb:5b:9f:f3:30:d7:6d:0c:
         32:b9:10:b2:bb:a3:4e:c0:34:3e:24:f6:2f:c3:c8:b8:9c:5a:
         9e:fb:4c:c2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEk5cjfDw3MjjVC6bRAjmWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZTcxOWY0MjY3OTNiMWU5MDYzNzcxNDYwYWJkMzExYTNk
ZmYxMTYwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjY4YjRjODkwOTMwMzc0ZGI4ZjIwNjFjMjIwOGY4YmExYjUxZGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwAYo5h42cdM50dMfwFOHf5iuEx4
KPSM0FoM4F+w+aNDBwggTR18DYK5H6qgVVWqt2xDPlDDtee4wy1xOIlRTLXYG6rj
P6ac0r7en9MuO9bPATK0phKTbji6n7q7P0yBG8mRBcPPP5EEBsMuLdy65og+D06h
bJCHjytRKcu1Yr1M05Zao0uKVuKG8vq0E39UE5Iu7qikeUsz2+XW4oL6GOMB+19G
w4WNOqu1yQMXOtBmWeYJqsk99TDOrU8GJlYxG4JDpfqJq8x/F0zBIDjYEO1om2Ib
8dSyTjXaFyIAITmVIZrN1nilID3ZB1ph7fxBwA9jW29psZr4q6xbbBbIfwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG9otMiQkwN0248gYcIgj4uhtR3EMB8GA1UdIwQY
MBaAFIjnGfQmeTsekGN3FGCr0xGj3/EWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaU9jWjlDWjVPeDZRWTNjVVlLdlRFYVBmOFJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8wMGQ0NWQtNWU0OC00NThkLTkyZjct
YWU1MmUxNTZiNzdlLzEvYjJpMHlKQ1RBM1RianlCaHdpQ1BpNkcxSGNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8wMGQ0NWQtNWU0OC00NThkLTkyZjctYWU1MmUxNTZiNzdl
LzEvaU9jWjlDWjVPeDZRWTNjVVlLdlRFYVBmOFJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgbuBTAN
BgkqhkiG9w0BAQsFAAOCAQEAnz4EmEerdAFrbpGJjporsFNTGaNuFbjJ/8vDEN9m
Vk/YB0fgS+s4am1VNoLK+XgnIqgUDugbKZWewhDEc5M9WCR/OYCBdVv358gIF1KA
3Jk/x4LejBXvQElpUDlYSPFamQVNaQyzW3kt+jP5DSzOl2CcED1xNh7JEog+hlle
zcQFl/CwECxbUI8fpETWHWp2D8ouqaUUVOBf+axt+kIBbl5/Amawv08IqsziAgR7
V6B+nWvDxxTVTeX7dKy4+3peDe4FCd/gdxqfIS+5R7JSKxgzn5r6U8XozylcLyji
oOvOmvtbn/Mw120MMrkQsrujTsA0PiT2L8PIuJxanvtMwg==
-----END CERTIFICATE-----