Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/BYVTfcIf9pfkIBxbmJL9Bmox7J4.roa
File:                     BYVTfcIf9pfkIBxbmJL9Bmox7J4.roa (raw, json)
Hash identifier:          WVJjt/F6rJBVrE6OJr7cTuI4tzzqC72YoID96q85PDI=
Subject key identifier:   05:85:53:7D:C2:1F:F6:97:E4:20:1C:5B:98:92:FD:06:6A:31:EC:9E
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A57EFF2D56975A931500E7C533B06
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/BYVTfcIf9pfkIBxbmJL9Bmox7J4.roa
Signing time:             Tue 02 Jan 2024 12:33:41 +0000
ROA not before:           Tue 02 Jan 2024 12:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207755
IP address blocks:        2a06:e881:7108::/46 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:57:ef:f2:d5:69:75:a9:31:50:0e:7c:53:3b:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0585537dc21ff697e4201c5b9892fd066a31ec9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:b4:2b:72:b2:3a:8a:e4:5f:fb:1a:1a:85:a3:
                    e6:7e:4f:5e:5d:8a:91:27:45:3d:ea:46:06:71:ab:
                    90:c9:96:a8:0e:32:8d:cc:3c:10:b3:8a:15:fe:0b:
                    fb:f4:e9:dc:bc:45:fa:80:81:f7:8d:f1:e2:c8:4d:
                    46:9d:b7:3e:ae:87:c5:bf:cc:0c:02:fa:5e:0b:a4:
                    e4:f0:10:19:58:84:9e:bd:65:75:f2:79:17:66:45:
                    86:04:6c:11:6b:56:58:a5:0e:19:73:f6:16:2c:5e:
                    59:76:1d:72:c2:3c:82:4b:84:b4:e1:4f:ff:b1:3e:
                    15:87:ad:fa:28:db:c1:ce:41:4f:c1:b1:ef:13:36:
                    c1:a8:33:57:dc:ce:dc:ab:94:f0:36:88:52:45:81:
                    b3:25:90:ac:87:7a:32:c4:b8:9c:07:90:ba:8c:e8:
                    11:97:d5:ca:de:fa:e1:69:f9:e2:c3:7c:49:0f:d9:
                    1c:1d:19:3b:3d:f1:ec:55:a7:fd:be:44:84:97:9e:
                    d7:5b:ca:0f:95:fb:a9:48:29:92:86:53:e9:8c:50:
                    a5:d9:1f:fd:90:be:24:25:b9:98:8b:76:5b:c9:23:
                    16:b9:62:fc:4e:8b:49:ca:1e:3f:76:98:d6:68:f6:
                    2c:62:b1:bd:4f:25:df:4f:83:98:60:57:f7:06:25:
                    98:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:85:53:7D:C2:1F:F6:97:E4:20:1C:5B:98:92:FD:06:6A:31:EC:9E
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/BYVTfcIf9pfkIBxbmJL9Bmox7J4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:7108::/46

    Signature Algorithm: sha256WithRSAEncryption
         66:04:d3:28:e4:d4:e6:ce:cc:fb:c6:93:22:90:35:6f:13:d6:
         5a:7c:a1:d1:88:38:4c:c3:93:7a:76:fc:d3:84:c4:54:a6:5f:
         c3:2c:90:03:d8:eb:2c:9d:26:8c:64:51:21:70:c3:e9:75:5e:
         e9:4a:fa:7f:45:7c:43:2f:a3:b7:9f:47:79:1b:ed:4a:62:6f:
         63:26:25:a0:da:dc:2c:ac:fa:1c:a5:5f:65:47:f9:62:20:e9:
         16:46:a5:77:0f:92:06:a2:0a:80:83:47:28:30:12:fa:f9:9f:
         fb:a1:e0:25:41:03:2b:f5:3f:76:95:6c:e4:0c:e4:10:d1:27:
         5e:8c:a1:05:be:63:8c:6c:c4:a2:db:f5:0e:c6:ce:fd:1e:aa:
         7b:0c:23:a6:95:97:4c:cb:da:7f:b1:4f:a9:25:4e:ef:40:ea:
         74:50:42:69:48:ff:ce:85:0c:9e:00:c8:38:4d:46:66:9b:6f:
         04:e2:52:be:d5:24:12:5b:19:92:6f:71:6c:e6:f9:e7:04:aa:
         38:81:95:04:51:2f:02:19:18:29:87:0c:fd:73:79:f6:b2:2f:
         4e:ef:5e:26:da:cc:24:66:aa:4b:ea:11:1f:7d:68:ee:90:52:
         af:22:b9:e9:77:13:c5:be:40:7b:7d:7b:df:d2:81:e0:48:cf:
         c3:f8:29:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKlfv8tVpdakxUA58UzsGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTg1NTM3ZGMyMWZmNjk3ZTQyMDFjNWI5ODkyZmQwNjZhMzFlYzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLQrcrI6iuRf+xoahaPmfk9eXYqR
J0U96kYGcauQyZaoDjKNzDwQs4oV/gv79OncvEX6gIH3jfHiyE1Gnbc+rofFv8wM
AvpeC6Tk8BAZWISevWV18nkXZkWGBGwRa1ZYpQ4Zc/YWLF5Zdh1ywjyCS4S04U//
sT4Vh636KNvBzkFPwbHvEzbBqDNX3M7cq5TwNohSRYGzJZCsh3oyxLicB5C6jOgR
l9XK3vrhafniw3xJD9kcHRk7PfHsVaf9vkSEl57XW8oPlfupSCmShlPpjFCl2R/9
kL4kJbmYi3ZbySMWuWL8TotJyh4/dpjWaPYsYrG9TyXfT4OYYFf3BiWYoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAWFU33CH/aX5CAcW5iS/QZqMeyeMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvQllWVGZjSWY5cGZrSUJ4Ym1KTDlCbW94N0o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgbogXEI
MA0GCSqGSIb3DQEBCwUAA4IBAQBmBNMo5NTmzsz7xpMikDVvE9ZafKHRiDhMw5N6
dvzThMRUpl/DLJAD2OssnSaMZFEhcMPpdV7pSvp/RXxDL6O3n0d5G+1KYm9jJiWg
2twsrPocpV9lR/liIOkWRqV3D5IGogqAg0coMBL6+Z/7oeAlQQMr9T92lWzkDOQQ
0SdejKEFvmOMbMSi2/UOxs79Hqp7DCOmlZdMy9p/sU+pJU7vQOp0UEJpSP/OhQye
AMg4TUZmm28E4lK+1SQSWxmSb3Fs5vnnBKo4gZUEUS8CGRgphwz9c3n2si9O714m
2swkZqpL6hEffWjukFKvIrnpdxPFvkB7fXvf0oHgSM/D+CnQ
-----END CERTIFICATE-----