Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/1W3m_IYINd5Xhaz7-aJRFWGmrkE.roa
File:                     1W3m_IYINd5Xhaz7-aJRFWGmrkE.roa (raw, json)
Hash identifier:          YlEUvJC3GNQMDL8daTTD37drf5HwN9bKJD5MbjJadvE=
Subject key identifier:   D5:6D:E6:FC:86:08:35:DE:57:85:AC:FB:F9:A2:51:15:61:A6:AE:41
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A54CF45E2739DCF5C1E3979E58E2E
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/1W3m_IYINd5Xhaz7-aJRFWGmrkE.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206479
IP address blocks:        2a06:e881:2100::/44 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:54:cf:45:e2:73:9d:cf:5c:1e:39:79:e5:8e:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d56de6fc860835de5785acfbf9a2511561a6ae41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:db:da:16:48:54:44:38:97:e1:1e:fe:b6:34:
                    69:e2:1c:0c:78:0a:e8:3b:35:12:59:5b:51:4c:4c:
                    34:77:6b:a8:38:37:0d:43:7a:0f:de:c2:36:29:33:
                    7e:e1:71:b0:cf:59:43:e5:7a:a3:e9:0c:17:1b:fc:
                    09:09:8e:76:27:4a:65:83:c3:52:41:7e:f0:4e:91:
                    7f:df:4c:18:61:06:38:cf:00:d8:f8:b3:7f:69:10:
                    23:04:59:8f:67:85:07:b8:84:ed:6a:a8:d7:0e:05:
                    ff:ac:48:47:33:d8:92:ff:d9:49:d7:c4:24:dd:b3:
                    95:3a:d3:27:91:2b:d3:ee:17:2a:20:ea:5c:ce:e5:
                    3a:b0:b9:30:2f:20:c0:62:9c:4f:42:d2:be:ef:c3:
                    6c:6d:e9:1b:b1:a8:20:56:fc:20:5f:c1:7c:ca:2d:
                    a1:56:05:eb:ab:e2:b2:0f:86:82:16:0a:25:de:3a:
                    06:6f:dd:43:58:c0:c7:c0:fb:1c:39:0f:d0:b8:4e:
                    10:bd:ac:92:8d:75:e1:04:a9:ca:7b:6c:e6:7f:f4:
                    f2:2a:d6:48:da:2d:f1:16:ab:f3:5d:5f:0b:9a:fb:
                    bf:d3:b5:bc:c3:43:9e:b6:98:24:7e:a2:00:03:53:
                    5b:d3:71:6e:40:fb:3d:ed:08:3e:06:9e:97:f1:40:
                    1f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:6D:E6:FC:86:08:35:DE:57:85:AC:FB:F9:A2:51:15:61:A6:AE:41
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/1W3m_IYINd5Xhaz7-aJRFWGmrkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:2100::/44

    Signature Algorithm: sha256WithRSAEncryption
         83:e2:f4:89:cd:9d:a1:65:c5:d9:35:b6:7f:cd:98:84:9d:ec:
         46:73:be:4b:7c:41:84:f2:93:b0:0b:b5:7f:4d:de:a4:2a:b9:
         b3:94:d8:ab:8e:77:9b:f4:d3:e2:8a:b0:5c:fe:f5:31:52:3f:
         e0:43:b5:6d:82:3f:6a:f8:0e:6f:5b:8a:48:45:9f:fc:d9:60:
         bc:fc:11:93:5b:fb:ea:62:f0:36:35:1a:6a:a2:32:0f:60:13:
         41:d5:23:db:b7:96:5d:b6:79:c8:9c:fb:23:34:15:3b:30:0f:
         65:96:82:e0:15:84:66:3a:d3:7a:04:ba:95:34:a1:69:f9:32:
         eb:33:df:bd:95:c3:3b:bf:59:11:1c:f2:16:0a:ec:88:d1:1c:
         d6:68:72:fc:aa:17:5c:69:8e:b0:63:eb:d4:d3:8e:27:4d:9e:
         38:d6:3a:ad:4f:a0:69:c8:32:72:f9:00:a6:25:bf:3d:8a:4d:
         1b:c2:e6:cd:a3:bb:bf:4f:d1:24:00:7a:73:25:46:02:da:3d:
         ac:49:24:6f:b9:f8:9b:6f:7d:89:bd:e5:ec:2a:be:b4:c8:51:
         c3:79:25:d2:b6:1e:b0:0c:d5:bc:ef:f7:41:4c:2d:98:aa:dc:
         c8:c2:27:f6:c5:f8:54:27:7f:30:22:e8:14:01:69:0a:9a:6a:
         02:8c:e9:5e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKlTPReJznc9cHjl55Y4uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTZkZTZmYzg2MDgzNWRlNTc4NWFjZmJmOWEyNTExNTYxYTZhZTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9vaFkhURDiX4R7+tjRp4hwMeAro
OzUSWVtRTEw0d2uoODcNQ3oP3sI2KTN+4XGwz1lD5Xqj6QwXG/wJCY52J0plg8NS
QX7wTpF/30wYYQY4zwDY+LN/aRAjBFmPZ4UHuITtaqjXDgX/rEhHM9iS/9lJ18Qk
3bOVOtMnkSvT7hcqIOpczuU6sLkwLyDAYpxPQtK+78NsbekbsaggVvwgX8F8yi2h
VgXrq+KyD4aCFgol3joGb91DWMDHwPscOQ/QuE4QvaySjXXhBKnKe2zmf/TyKtZI
2i3xFqvzXV8Lmvu/07W8w0OetpgkfqIAA1Nb03FuQPs97Qg+Bp6X8UAfUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNVt5vyGCDXeV4Ws+/miURVhpq5BMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvMVczbV9JWUlOZDVYaGF6Ny1hSlJGV0dtcmtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbogSEA
MA0GCSqGSIb3DQEBCwUAA4IBAQCD4vSJzZ2hZcXZNbZ/zZiEnexGc75LfEGE8pOw
C7V/Td6kKrmzlNirjneb9NPiirBc/vUxUj/gQ7Vtgj9q+A5vW4pIRZ/82WC8/BGT
W/vqYvA2NRpqojIPYBNB1SPbt5ZdtnnInPsjNBU7MA9lloLgFYRmOtN6BLqVNKFp
+TLrM9+9lcM7v1kRHPIWCuyI0RzWaHL8qhdcaY6wY+vU044nTZ441jqtT6BpyDJy
+QCmJb89ik0bwubNo7u/T9EkAHpzJUYC2j2sSSRvufibb32JveXsKr60yFHDeSXS
th6wDNW87/dBTC2YqtzIwif2xfhUJ38wIugUAWkKmmoCjOle
-----END CERTIFICATE-----