Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/49cdENjMpoUYds5dDvmRpWfryvw.roa
File:                     49cdENjMpoUYds5dDvmRpWfryvw.roa (raw, json)
Hash identifier:          12RxbVu0gNsipK+hZOMveduCCo6fTnTyQ2i0JXoSOUw=
Subject key identifier:   E3:D7:1D:10:D8:CC:A6:85:18:76:CE:5D:0E:F9:91:A5:67:EB:CA:FC
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A5788F1819DAE42B985B1F8521B58
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/49cdENjMpoUYds5dDvmRpWfryvw.roa
Signing time:             Tue 02 Jan 2024 12:33:41 +0000
ROA not before:           Tue 02 Jan 2024 12:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207748
IP address blocks:        2a06:e881:7100::/46 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:57:88:f1:81:9d:ae:42:b9:85:b1:f8:52:1b:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3d71d10d8cca6851876ce5d0ef991a567ebcafc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:1a:e1:44:b0:86:dd:f5:1e:17:39:a8:d9:0b:
                    8b:d5:26:61:b8:03:09:13:a3:d8:8c:32:28:31:54:
                    54:7d:2c:2b:d4:a7:5a:a8:b7:ad:86:db:3f:cb:42:
                    87:8f:53:43:eb:76:90:33:9e:19:1f:fd:22:bf:bb:
                    29:d3:99:fb:04:a1:c1:aa:f3:48:0e:2a:ae:4e:96:
                    71:04:13:49:b3:0e:8f:3c:44:9b:9e:d8:ff:df:96:
                    b6:cc:be:c2:ec:82:e2:1f:89:33:e9:52:0a:b8:29:
                    88:14:1c:13:f3:bb:d1:88:e3:7d:ce:05:5d:48:39:
                    ef:b6:ed:29:a2:47:ce:71:c7:ba:9e:ff:cb:b1:b7:
                    3d:6b:dd:a3:5b:80:36:42:45:ae:c5:14:55:a5:6b:
                    b1:f6:21:5d:c7:40:20:7d:2e:04:b6:63:4a:f4:67:
                    9a:69:d1:f0:c1:74:14:34:0a:f6:e3:ab:3b:3b:07:
                    27:a2:8e:ec:16:da:47:a6:6f:35:e9:14:8f:9e:27:
                    24:37:88:35:b1:7e:68:fc:1a:0a:71:be:64:e4:5e:
                    24:64:c7:5a:47:99:a8:ab:a9:3e:4b:72:2e:93:4c:
                    f8:38:80:21:1f:14:fd:b6:84:fc:53:71:b0:c0:97:
                    57:de:a4:16:de:15:a7:30:9a:84:ad:fd:5e:bf:0e:
                    66:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:D7:1D:10:D8:CC:A6:85:18:76:CE:5D:0E:F9:91:A5:67:EB:CA:FC
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/49cdENjMpoUYds5dDvmRpWfryvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:7100::/46

    Signature Algorithm: sha256WithRSAEncryption
         17:81:02:ae:03:5f:a7:3a:5c:72:1d:7d:0a:96:b4:33:db:06:
         dd:0f:45:dc:8a:bd:51:ed:93:b6:fa:10:e2:97:3d:2a:fa:0d:
         e4:8a:2a:2d:98:44:dd:4f:94:b2:b0:e4:40:47:60:a0:82:c7:
         02:b1:c0:ea:bd:b6:fc:4d:5c:01:f4:ea:ef:fe:e6:28:5f:88:
         d9:20:a6:1c:06:20:42:21:6a:7c:35:37:12:f4:8d:a3:b5:1f:
         99:13:3a:82:9b:b7:45:37:b7:65:2e:49:e2:28:ab:a3:34:1b:
         1d:18:58:a7:81:a9:64:a9:94:a5:b6:a7:78:af:cf:5f:f3:b9:
         57:79:9c:16:b5:78:8e:66:76:3e:24:99:b4:e8:99:77:29:2b:
         70:ac:ac:46:75:df:65:ba:18:c4:d6:b7:06:a8:cf:91:26:3a:
         16:20:04:98:8d:e8:4e:bb:9b:9c:e5:50:66:2c:11:de:cb:ac:
         81:70:d3:d0:de:48:7d:be:0d:41:72:a9:b1:a9:8f:05:8d:25:
         0d:09:48:37:56:9f:f2:98:5c:95:4a:16:6f:92:f7:49:b0:52:
         d5:9d:91:b2:24:97:28:78:58:81:30:92:89:42:1e:69:ba:63:
         28:09:16:a8:12:56:65:16:a3:ab:2a:68:4d:e5:89:09:1b:83:
         ad:86:3d:c0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKleI8YGdrkK5hbH4UhtYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2Q3MWQxMGQ4Y2NhNjg1MTg3NmNlNWQwZWY5OTFhNTY3ZWJjYWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRrhRLCG3fUeFzmo2QuL1SZhuAMJ
E6PYjDIoMVRUfSwr1KdaqLethts/y0KHj1ND63aQM54ZH/0iv7sp05n7BKHBqvNI
DiquTpZxBBNJsw6PPESbntj/35a2zL7C7ILiH4kz6VIKuCmIFBwT87vRiON9zgVd
SDnvtu0pokfOcce6nv/Lsbc9a92jW4A2QkWuxRRVpWux9iFdx0AgfS4EtmNK9Gea
adHwwXQUNAr246s7Owcnoo7sFtpHpm816RSPnickN4g1sX5o/BoKcb5k5F4kZMda
R5moq6k+S3Iuk0z4OIAhHxT9toT8U3GwwJdX3qQW3hWnMJqErf1evw5mvwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOPXHRDYzKaFGHbOXQ75kaVn68r8MB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvNDljZEVOak1wb1VZZHM1ZER2bVJwV2ZyeXZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgbogXEA
MA0GCSqGSIb3DQEBCwUAA4IBAQAXgQKuA1+nOlxyHX0KlrQz2wbdD0Xcir1R7ZO2
+hDilz0q+g3kiiotmETdT5SysORAR2CggscCscDqvbb8TVwB9Orv/uYoX4jZIKYc
BiBCIWp8NTcS9I2jtR+ZEzqCm7dFN7dlLkniKKujNBsdGFingalkqZSltqd4r89f
87lXeZwWtXiOZnY+JJm06Jl3KStwrKxGdd9luhjE1rcGqM+RJjoWIASYjehOu5uc
5VBmLBHey6yBcNPQ3kh9vg1BcqmxqY8FjSUNCUg3Vp/ymFyVShZvkvdJsFLVnZGy
JJcoeFiBMJKJQh5pumMoCRaoElZlFqOrKmhN5YkJG4Othj3A
-----END CERTIFICATE-----