Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/GiOwoFAlz8pouLGUqs1QD8Zo2KY.roa
File:                     GiOwoFAlz8pouLGUqs1QD8Zo2KY.roa (raw, json)
Hash identifier:          bkFi6fUxPggGCHJd38UqmglTgbSCZ1oChgw290LnnTs=
Subject key identifier:   1A:23:B0:A0:50:25:CF:CA:68:B8:B1:94:AA:CD:50:0F:C6:68:D8:A6
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       019425FDE3E16E710F0BB8E067EC7429742F
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/GiOwoFAlz8pouLGUqs1QD8Zo2KY.roa
Signing time:             Thu 02 Jan 2025 07:49:43 +0000
ROA not before:           Thu 02 Jan 2025 07:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207036
IP address blocks:        2a06:e881:1600::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e3:e1:6e:71:0f:0b:b8:e0:67:ec:74:29:74:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 07:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a23b0a05025cfca68b8b194aacd500fc668d8a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:88:da:9f:e7:c4:fb:4b:b9:ce:63:00:f8:76:
                    5d:9c:93:85:44:2c:dc:10:16:cc:94:11:f7:a8:d7:
                    68:d0:ac:43:e2:ba:9d:22:fb:a5:4e:42:3e:40:2e:
                    5f:d7:b3:a8:bd:ce:15:73:a5:fc:c7:d9:f6:a5:d2:
                    a2:d9:f0:78:98:42:46:00:31:61:75:7a:ef:2f:ff:
                    3e:27:7a:18:85:5f:9a:a1:69:87:33:2a:0e:ce:47:
                    d7:f4:1e:5f:24:85:0b:0b:71:b9:d8:1c:65:ce:81:
                    68:9e:1f:af:15:1f:be:08:ca:7f:b8:e6:44:9f:d8:
                    fc:cf:e9:a9:f7:e5:dc:26:6b:b9:67:0e:25:bb:4b:
                    c4:d3:39:5e:c7:c3:87:77:f8:d4:76:b4:7e:cd:83:
                    df:c5:ab:bc:d6:6e:b0:bf:67:69:7f:af:36:51:29:
                    f2:77:83:eb:ae:58:49:d1:8f:63:33:4f:e8:be:53:
                    89:21:41:26:56:dc:2b:56:d8:c3:fb:8f:91:3c:67:
                    4e:7d:86:a3:92:bb:75:8d:d6:82:9c:ab:44:18:31:
                    34:58:2b:fe:ac:5b:03:7d:5f:d2:ca:d6:64:da:08:
                    bb:40:ad:f3:77:da:12:47:a5:30:a4:de:05:37:7d:
                    09:0b:de:ea:8a:37:d4:74:1a:3a:55:e1:6c:84:1a:
                    7b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:23:B0:A0:50:25:CF:CA:68:B8:B1:94:AA:CD:50:0F:C6:68:D8:A6
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/GiOwoFAlz8pouLGUqs1QD8Zo2KY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:1600::/44

    Signature Algorithm: sha256WithRSAEncryption
         20:be:c0:6d:bc:4a:08:dc:4a:d4:29:ff:52:50:63:48:26:2e:
         5e:89:86:ce:7f:2c:52:b1:a5:c5:f3:be:f5:41:55:47:4f:3d:
         aa:e8:c8:fc:3d:90:31:5b:38:92:13:e5:a4:e6:85:ec:bc:b9:
         f6:54:9e:2c:e6:d9:00:68:7f:ae:7e:aa:d3:7e:c2:db:d8:fa:
         e2:5a:6b:31:af:36:92:2e:9e:80:dd:d7:4d:a7:52:73:5a:ec:
         4d:c2:1e:93:41:7b:69:05:e5:5b:80:da:d9:ec:74:f1:9c:26:
         cb:04:22:4e:c7:87:f7:85:6a:75:99:61:e8:e1:fb:b4:f6:25:
         99:11:a4:b4:04:8c:1b:07:5f:69:64:00:4b:b5:21:52:04:d7:
         26:aa:99:87:01:0a:a5:47:8f:b1:d0:e3:a1:2d:4a:85:8f:7d:
         7e:ad:d8:45:ee:d3:99:dd:5e:83:d8:5d:99:a0:98:e2:2c:a7:
         2f:80:16:15:7e:1b:fe:90:8f:a7:88:7f:b2:01:1a:16:ef:59:
         03:10:b3:a3:c4:46:48:cf:2a:2d:1c:9d:ff:7d:16:9c:80:5c:
         1d:0a:c0:76:8b:e9:3f:7e:da:b0:64:e3:f4:4b:a8:f1:f1:e5:
         82:02:f7:07:f0:be:65:8d:e8:d4:8c:69:4f:fd:87:85:be:96:
         3a:22:46:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/ePhbnEPC7jgZ+x0KXQvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjUwMTAyMDc0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTIzYjBhMDUwMjVjZmNhNjhiOGIxOTRhYWNkNTAwZmM2NjhkOGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYjan+fE+0u5zmMA+HZdnJOFRCzc
EBbMlBH3qNdo0KxD4rqdIvulTkI+QC5f17Oovc4Vc6X8x9n2pdKi2fB4mEJGADFh
dXrvL/8+J3oYhV+aoWmHMyoOzkfX9B5fJIULC3G52BxlzoFonh+vFR++CMp/uOZE
n9j8z+mp9+XcJmu5Zw4lu0vE0zlex8OHd/jUdrR+zYPfxau81m6wv2dpf682USny
d4PrrlhJ0Y9jM0/ovlOJIUEmVtwrVtjD+4+RPGdOfYajkrt1jdaCnKtEGDE0WCv+
rFsDfV/SytZk2gi7QK3zd9oSR6UwpN4FN30JC97qijfUdBo6VeFshBp7mwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBojsKBQJc/KaLixlKrNUA/GaNimMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvR2lPd29GQWx6OHBvdUxHVXFzMVFEOFpvMktZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbogRYA
MA0GCSqGSIb3DQEBCwUAA4IBAQAgvsBtvEoI3ErUKf9SUGNIJi5eiYbOfyxSsaXF
8771QVVHTz2q6Mj8PZAxWziSE+Wk5oXsvLn2VJ4s5tkAaH+ufqrTfsLb2PriWmsx
rzaSLp6A3ddNp1JzWuxNwh6TQXtpBeVbgNrZ7HTxnCbLBCJOx4f3hWp1mWHo4fu0
9iWZEaS0BIwbB19pZABLtSFSBNcmqpmHAQqlR4+x0OOhLUqFj31+rdhF7tOZ3V6D
2F2ZoJjiLKcvgBYVfhv+kI+niH+yARoW71kDELOjxEZIzyotHJ3/fRacgFwdCsB2
i+k/ftqwZOP0S6jx8eWCAvcH8L5ljejUjGlP/YeFvpY6IkYA
-----END CERTIFICATE-----