Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/Ho0yaLx9TJFDkFBfbG97nq9rb_U.roa
File:                     Ho0yaLx9TJFDkFBfbG97nq9rb_U.roa (raw, json)
Hash identifier:          /AlsSlCYviZ+ywfs8HiHZi2yk9+sQJNDInjVBXdPk9Q=
Subject key identifier:   1E:8D:32:68:BC:7D:4C:91:43:90:50:5F:6C:6F:7B:9E:AF:6B:6F:F5
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A597B7E066EBDD7741A01A3F0ACD3
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/Ho0yaLx9TJFDkFBfbG97nq9rb_U.roa
Signing time:             Tue 02 Jan 2024 12:33:42 +0000
ROA not before:           Tue 02 Jan 2024 12:33:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208958
IP address blocks:        2a06:e881:650a::/48 maxlen: 48
                          2a06:e881:6500::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:59:7b:7e:06:6e:bd:d7:74:1a:01:a3:f0:ac:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e8d3268bc7d4c914390505f6c6f7b9eaf6b6ff5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a9:76:96:d5:6c:1d:a8:f8:fc:27:23:32:c9:
                    41:58:65:04:0a:f2:74:71:af:17:fd:b8:9c:d8:a0:
                    23:66:a5:8c:41:d6:9b:44:07:d2:7e:60:02:d2:b5:
                    b3:0d:18:2d:55:84:52:b7:fb:5a:69:0d:51:57:53:
                    c0:0a:4a:74:8b:16:6d:6a:7a:5b:f2:f5:9f:19:37:
                    44:de:09:46:9d:a0:dd:84:05:21:1a:f5:e5:4f:27:
                    1b:7e:e4:cb:f9:79:64:e5:f8:77:e2:91:a5:bd:51:
                    c9:8d:c7:9b:7c:d1:a3:87:60:69:ba:5b:48:9d:99:
                    34:c3:c5:d7:33:83:da:dc:08:92:12:1c:99:75:05:
                    a1:2b:48:51:d4:60:34:c2:4c:a0:58:f2:a7:77:42:
                    56:82:8f:32:6c:26:28:7e:fc:06:85:95:75:90:c0:
                    15:81:c3:0e:a9:ae:4c:6a:84:80:dc:0c:17:09:af:
                    90:4c:d7:1b:34:09:78:a8:5f:d9:ac:22:69:1e:a3:
                    bd:6f:58:5c:a3:b1:f3:8f:55:a7:ce:19:b2:ad:ff:
                    fa:06:0e:0f:03:f3:ad:41:ba:e1:61:18:83:06:88:
                    58:84:0d:43:07:b9:df:dd:b9:9e:16:bd:a8:2e:3c:
                    dc:b4:ad:94:07:a9:8a:13:e4:eb:ff:db:4d:b4:35:
                    77:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:8D:32:68:BC:7D:4C:91:43:90:50:5F:6C:6F:7B:9E:AF:6B:6F:F5
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/Ho0yaLx9TJFDkFBfbG97nq9rb_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:6500::/44

    Signature Algorithm: sha256WithRSAEncryption
         6a:7a:1a:6d:4d:4b:27:82:f0:6c:66:c5:c2:84:26:6d:89:34:
         04:17:41:b6:aa:58:27:52:02:c2:87:a1:d6:7b:9f:d3:7a:75:
         14:6c:f1:be:44:33:23:ec:38:df:d7:97:42:20:01:91:01:28:
         23:76:83:9f:36:d9:d3:a7:11:93:82:8d:39:99:6b:ff:5b:75:
         24:2e:e5:41:8d:d2:b4:1c:0b:9f:5e:ca:13:6c:30:fc:92:05:
         5e:54:2a:1a:40:a0:42:ac:8b:cc:bf:bc:99:34:ef:b6:fe:27:
         37:80:4e:2a:52:43:33:7a:f2:a2:02:27:8c:10:d6:ea:e0:53:
         c4:d4:b3:9a:43:ba:d0:42:ca:9c:6b:fa:de:92:2e:64:e4:58:
         31:8a:a3:9e:d1:49:d4:41:b1:8a:41:3e:a7:64:c6:73:b7:bb:
         be:45:3c:5d:47:df:64:97:39:56:f4:f2:87:9a:42:c9:20:08:
         0d:56:79:49:c9:16:d9:bf:f5:91:f1:3d:57:10:67:10:c9:84:
         b3:de:b1:59:f4:fe:3d:51:b8:e4:3d:0b:58:6c:bf:22:22:f0:
         a4:40:82:f4:8c:59:7a:97:5b:30:19:4e:64:b6:a8:c9:ba:6c:
         ad:9c:1b:e7:88:9e:be:28:7b:7a:4e:5a:9a:ac:b2:07:87:b1:
         5e:cf:69:3a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKll7fgZuvdd0GgGj8KzTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZThkMzI2OGJjN2Q0YzkxNDM5MDUwNWY2YzZmN2I5ZWFmNmI2ZmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnal2ltVsHaj4/CcjMslBWGUECvJ0
ca8X/bic2KAjZqWMQdabRAfSfmAC0rWzDRgtVYRSt/taaQ1RV1PACkp0ixZtanpb
8vWfGTdE3glGnaDdhAUhGvXlTycbfuTL+Xlk5fh34pGlvVHJjcebfNGjh2BpultI
nZk0w8XXM4Pa3AiSEhyZdQWhK0hR1GA0wkygWPKnd0JWgo8ybCYofvwGhZV1kMAV
gcMOqa5MaoSA3AwXCa+QTNcbNAl4qF/ZrCJpHqO9b1hco7Hzj1Wnzhmyrf/6Bg4P
A/OtQbrhYRiDBohYhA1DB7nf3bmeFr2oLjzctK2UB6mKE+Tr/9tNtDV3zQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB6NMmi8fUyRQ5BQX2xve56va2/1MB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvSG8weWFMeDlUSkZEa0ZCZmJHOTducTlyYl9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbogWUA
MA0GCSqGSIb3DQEBCwUAA4IBAQBqehptTUsngvBsZsXChCZtiTQEF0G2qlgnUgLC
h6HWe5/TenUUbPG+RDMj7Djf15dCIAGRASgjdoOfNtnTpxGTgo05mWv/W3UkLuVB
jdK0HAufXsoTbDD8kgVeVCoaQKBCrIvMv7yZNO+2/ic3gE4qUkMzevKiAieMENbq
4FPE1LOaQ7rQQsqca/reki5k5FgxiqOe0UnUQbGKQT6nZMZzt7u+RTxdR99klzlW
9PKHmkLJIAgNVnlJyRbZv/WR8T1XEGcQyYSz3rFZ9P49UbjkPQtYbL8iIvCkQIL0
jFl6l1swGU5ktqjJumytnBvniJ6+KHt6TlqarLIHh7Fez2k6
-----END CERTIFICATE-----