Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/9BduRvxIOR1yntTqUTSKgdJRK2M.roa
File:                     9BduRvxIOR1yntTqUTSKgdJRK2M.roa (raw, json)
Hash identifier:          EfRF6+zzvlAGWvxX42aJAES9FQvKNn+2H28kMrWEd3Y=
Subject key identifier:   F4:17:6E:46:FC:48:39:1D:72:9E:D4:EA:51:34:8A:81:D2:51:2B:63
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A5C0F397959766E3DC04CB4819B40
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/9BduRvxIOR1yntTqUTSKgdJRK2M.roa
Signing time:             Tue 02 Jan 2024 12:33:42 +0000
ROA not before:           Tue 02 Jan 2024 12:33:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211230
IP address blocks:        2a06:e881:79ff::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:5c:0f:39:79:59:76:6e:3d:c0:4c:b4:81:9b:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4176e46fc48391d729ed4ea51348a81d2512b63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c4:04:53:70:62:6e:70:a2:5c:35:ef:69:3b:
                    61:b9:a9:c7:81:7c:00:08:39:d4:60:54:84:bc:d3:
                    d2:b8:f0:97:d9:3b:47:78:dc:08:4d:5b:9c:38:d1:
                    62:63:ee:40:63:c1:f6:53:f9:d8:f1:3d:ac:1e:c0:
                    08:ab:bf:98:66:39:a4:56:53:81:c1:4b:95:22:40:
                    1d:1a:15:c7:61:7e:1b:c1:4e:30:33:bb:bb:13:83:
                    fc:b7:21:3d:f8:b4:95:aa:99:2b:a4:4e:a1:21:69:
                    82:29:32:9f:5b:ee:0e:35:45:2d:82:ca:67:c0:44:
                    32:ae:b0:a2:bc:85:72:c3:49:07:7a:45:fe:e5:b3:
                    0c:bb:4d:93:6f:90:2e:67:e7:36:7e:34:1e:ef:23:
                    fd:a0:f7:18:d3:d0:96:a1:19:06:1f:ef:e1:87:f9:
                    79:9e:0f:ff:fb:a2:ea:a0:eb:14:d5:7c:79:b1:62:
                    12:62:5b:8c:8f:b0:b3:3c:ae:3c:cf:9d:49:15:ac:
                    c4:2e:8d:a0:ea:83:2c:1d:b2:bc:99:79:e8:1c:ab:
                    3f:29:38:f2:5c:6e:c2:82:54:a8:b5:53:d6:14:b0:
                    ed:91:13:34:df:c6:ad:44:06:74:8a:c7:cf:27:f5:
                    a1:f4:69:be:71:82:3d:ad:fb:e9:84:16:af:12:91:
                    3e:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:17:6E:46:FC:48:39:1D:72:9E:D4:EA:51:34:8A:81:D2:51:2B:63
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/9BduRvxIOR1yntTqUTSKgdJRK2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:79ff::/48

    Signature Algorithm: sha256WithRSAEncryption
         d6:a1:92:dd:b9:98:ad:3e:d8:46:79:08:53:ac:1e:14:c2:c4:
         60:10:e6:5f:6e:5c:9f:1a:ab:94:3e:8a:88:ae:49:04:0a:03:
         20:f5:a6:33:9d:bf:a5:57:7a:7e:09:d1:60:92:4c:e0:d1:79:
         5e:ff:a9:70:f9:8a:1b:66:6f:02:38:cd:8d:8f:25:1c:ca:36:
         ca:a3:37:94:2e:ff:66:23:e7:1b:a9:4c:82:26:fb:85:42:43:
         78:41:0a:99:da:55:b6:32:56:46:a9:0b:1b:dd:6d:08:30:d6:
         87:28:73:3a:fa:b7:1a:89:79:b4:f2:41:7d:72:b9:d4:d5:54:
         d5:81:50:28:f8:e2:fe:ae:2a:f2:86:15:2e:22:43:33:6e:bf:
         6d:bf:64:d8:29:91:7d:21:d0:22:30:16:ab:a8:4a:8b:a1:9b:
         47:33:0e:73:a5:c0:64:47:25:11:e1:32:72:6d:5d:d7:07:bc:
         30:f2:80:b1:21:5b:a8:8c:f6:7d:06:a0:54:0c:7a:73:ae:95:
         83:ed:4c:24:de:07:bf:40:b9:9e:d7:12:5d:b7:3e:a2:3d:0c:
         18:21:a4:c4:d9:ce:b5:f6:86:2d:a9:3e:35:fe:e2:e8:ab:93:
         f6:d4:43:6d:32:6a:ff:65:08:7b:69:80:30:72:96:d5:f6:bc:
         5d:3b:cc:63
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKlwPOXlZdm49wEy0gZtAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDE3NmU0NmZjNDgzOTFkNzI5ZWQ0ZWE1MTM0OGE4MWQyNTEyYjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusQEU3BibnCiXDXvaTthuanHgXwA
CDnUYFSEvNPSuPCX2TtHeNwITVucONFiY+5AY8H2U/nY8T2sHsAIq7+YZjmkVlOB
wUuVIkAdGhXHYX4bwU4wM7u7E4P8tyE9+LSVqpkrpE6hIWmCKTKfW+4ONUUtgspn
wEQyrrCivIVyw0kHekX+5bMMu02Tb5AuZ+c2fjQe7yP9oPcY09CWoRkGH+/hh/l5
ng//+6LqoOsU1Xx5sWISYluMj7CzPK48z51JFazELo2g6oMsHbK8mXnoHKs/KTjy
XG7CglSotVPWFLDtkRM038atRAZ0isfPJ/Wh9Gm+cYI9rfvphBavEpE+OQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPQXbkb8SDkdcp7U6lE0ioHSUStjMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvOUJkdVJ2eElPUjF5bnRUcVVUU0tnZEpSSzJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgbogXn/
MA0GCSqGSIb3DQEBCwUAA4IBAQDWoZLduZitPthGeQhTrB4UwsRgEOZfblyfGquU
PoqIrkkECgMg9aYznb+lV3p+CdFgkkzg0Xle/6lw+YobZm8COM2NjyUcyjbKozeU
Lv9mI+cbqUyCJvuFQkN4QQqZ2lW2MlZGqQsb3W0IMNaHKHM6+rcaiXm08kF9crnU
1VTVgVAo+OL+riryhhUuIkMzbr9tv2TYKZF9IdAiMBarqEqLoZtHMw5zpcBkRyUR
4TJybV3XB7ww8oCxIVuojPZ9BqBUDHpzrpWD7Uwk3ge/QLme1xJdtz6iPQwYIaTE
2c619oYtqT41/uLoq5P21ENtMmr/ZQh7aYAwcpbV9rxdO8xj
-----END CERTIFICATE-----