Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/IAdWPns-FG2Xwb5ExQqrM_rpf4Q.roa
File:                     IAdWPns-FG2Xwb5ExQqrM_rpf4Q.roa (raw, json)
Hash identifier:          VNfqBm9Dvdh811RIAVi2yqlDU+IvamBzvSkxWReS5vM=
Subject key identifier:   20:07:56:3E:7B:3E:14:6D:97:C1:BE:44:C5:0A:AB:33:FA:E9:7F:84
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A519875CDE2ECE8BAF5C3AF83A94A
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/IAdWPns-FG2Xwb5ExQqrM_rpf4Q.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201950
IP address blocks:        2a06:e881:9500::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:51:98:75:cd:e2:ec:e8:ba:f5:c3:af:83:a9:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2007563e7b3e146d97c1be44c50aab33fae97f84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:29:d0:04:47:99:02:75:39:56:c8:d5:b1:ac:
                    2e:cd:95:3c:d3:27:c7:1e:26:5f:76:24:78:17:1e:
                    4e:39:7f:06:c8:b2:4a:4c:3e:e2:49:2a:51:7f:48:
                    ce:4a:98:ff:b6:80:cc:50:8f:45:c5:1c:61:fa:0b:
                    68:55:e1:36:ea:65:bf:eb:c4:db:f0:93:73:ba:4b:
                    d8:38:e9:e2:8d:35:d7:d6:e1:af:35:db:28:d6:31:
                    65:81:1d:72:3b:ce:4c:c4:d4:75:c1:0e:09:e6:2a:
                    66:b3:38:12:d6:47:e8:a3:26:86:7e:53:43:af:b9:
                    e4:20:dd:94:c2:e4:09:42:5d:9d:54:ea:81:a8:19:
                    df:8d:3c:20:0f:97:4d:4d:87:a4:30:42:13:93:9a:
                    6d:2b:7f:2b:9b:c7:21:47:5f:7b:99:0a:92:80:24:
                    c0:6d:1f:ef:dd:be:81:e6:88:64:7f:3e:4e:17:2f:
                    3d:70:ca:77:ca:50:8c:ad:7c:11:3a:66:1d:a1:bf:
                    d1:f2:cc:ff:ef:02:b7:14:60:3a:2a:80:92:c3:2a:
                    cd:74:3d:92:18:7d:3c:c7:62:2b:24:6f:7a:04:9f:
                    d0:c0:ff:16:f8:e1:ce:42:30:83:b6:e0:d9:65:d7:
                    d3:88:1e:16:ee:8d:a9:68:f7:a2:95:92:29:fd:67:
                    a1:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:07:56:3E:7B:3E:14:6D:97:C1:BE:44:C5:0A:AB:33:FA:E9:7F:84
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/IAdWPns-FG2Xwb5ExQqrM_rpf4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:9500::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:dc:f9:b5:c4:b9:36:a0:72:7b:c1:04:0c:dd:49:fa:bd:2b:
         ee:36:65:3b:e8:e4:b0:5b:e9:e1:20:78:70:91:a7:80:5f:8a:
         7e:d6:f7:29:01:ba:c6:a6:51:fd:a6:a2:c8:b9:e2:ca:1f:fb:
         1f:f0:59:4d:3f:02:7c:d1:b9:d2:fa:d8:f2:b0:64:96:f5:8e:
         02:12:f9:1a:40:2c:41:ea:5e:d6:a0:89:32:d3:3f:45:92:9b:
         d2:86:e3:10:ea:12:dd:cc:a7:b1:4f:80:6a:6b:4d:8d:f9:bb:
         6b:e8:14:a5:6f:da:f7:f0:66:69:00:41:4a:59:35:a7:c6:25:
         82:b5:dd:1f:78:d2:5c:e2:bb:bb:e6:b1:03:fc:c1:0e:e6:42:
         bf:d8:37:1d:ec:a6:fb:3e:e4:fa:9e:8f:47:3a:50:56:9e:47:
         57:91:c3:ca:62:6b:db:9f:1a:96:ba:be:ff:79:bc:8d:ea:54:
         d4:14:b4:b9:e6:c1:e6:3b:04:b0:43:4b:50:be:67:1e:c3:15:
         94:c6:ac:99:d0:d5:ae:04:73:71:0b:df:fe:48:30:34:d6:ca:
         48:b9:a2:03:ad:7d:47:51:c5:44:7f:ea:a5:75:f2:11:b6:0e:
         42:a2:8d:10:11:c0:8a:3f:b2:5c:cf:73:1f:78:5b:dd:ad:7f:
         2a:cd:fa:df
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKlGYdc3i7Oi69cOvg6lKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDA3NTYzZTdiM2UxNDZkOTdjMWJlNDRjNTBhYWIzM2ZhZTk3Zjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhynQBEeZAnU5VsjVsawuzZU80yfH
HiZfdiR4Fx5OOX8GyLJKTD7iSSpRf0jOSpj/toDMUI9FxRxh+gtoVeE26mW/68Tb
8JNzukvYOOnijTXX1uGvNdso1jFlgR1yO85MxNR1wQ4J5ipmszgS1kfooyaGflND
r7nkIN2UwuQJQl2dVOqBqBnfjTwgD5dNTYekMEITk5ptK38rm8chR197mQqSgCTA
bR/v3b6B5ohkfz5OFy89cMp3ylCMrXwROmYdob/R8sz/7wK3FGA6KoCSwyrNdD2S
GH08x2IrJG96BJ/QwP8W+OHOQjCDtuDZZdfTiB4W7o2paPeilZIp/WehrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCAHVj57PhRtl8G+RMUKqzP66X+EMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvSUFkV1Bucy1GRzJYd2I1RXhRcXJNX3JwZjRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgbogZUA
MA0GCSqGSIb3DQEBCwUAA4IBAQBR3Pm1xLk2oHJ7wQQM3Un6vSvuNmU76OSwW+nh
IHhwkaeAX4p+1vcpAbrGplH9pqLIueLKH/sf8FlNPwJ80bnS+tjysGSW9Y4CEvka
QCxB6l7WoIky0z9FkpvShuMQ6hLdzKexT4Bqa02N+btr6BSlb9r38GZpAEFKWTWn
xiWCtd0feNJc4ru75rED/MEO5kK/2Dcd7Kb7PuT6no9HOlBWnkdXkcPKYmvbnxqW
ur7/ebyN6lTUFLS55sHmOwSwQ0tQvmcewxWUxqyZ0NWuBHNxC9/+SDA01spIuaID
rX1HUcVEf+qldfIRtg5Coo0QEcCKP7Jcz3MfeFvdrX8qzfrf
-----END CERTIFICATE-----