Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/MrykHTkg4W6a8ob9tIYj2g5vKIQ.roa
File:                     MrykHTkg4W6a8ob9tIYj2g5vKIQ.roa (raw, json)
Hash identifier:          Tha+B5PbE04G6iszlFJuMEN9EVnVKwIkxjmld+XhhLY=
Subject key identifier:   32:BC:A4:1D:39:20:E1:6E:9A:F2:86:FD:B4:86:23:DA:0E:6F:28:84
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A5CDFFF769DC0F7E409A6D1E43947
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/MrykHTkg4W6a8ob9tIYj2g5vKIQ.roa
Signing time:             Tue 02 Jan 2024 12:33:43 +0000
ROA not before:           Tue 02 Jan 2024 12:33:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212364
IP address blocks:        2a06:e881:8502::/48 maxlen: 48
                          2a06:e881:8500::/48 maxlen: 48
                          2a06:e881:8501::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:5c:df:ff:76:9d:c0:f7:e4:09:a6:d1:e4:39:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32bca41d3920e16e9af286fdb48623da0e6f2884
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:03:4d:7c:63:13:d0:55:de:ea:a2:04:7c:be:
                    1a:75:3b:1d:6c:19:03:cf:fa:91:5f:74:21:a3:ad:
                    c0:fa:bb:62:70:8b:20:01:15:dd:20:0e:0f:f5:c8:
                    82:84:f6:38:c0:d5:fb:cc:f9:96:68:55:b4:a6:60:
                    b5:39:20:76:2d:a7:6e:e8:6e:cb:47:7f:bd:44:c9:
                    74:26:69:5b:d0:44:2a:3b:53:e5:69:dc:29:6a:b6:
                    ce:2f:a8:57:a9:65:4b:29:6c:58:0e:b5:29:7c:29:
                    7c:e2:77:ec:16:6c:e2:34:23:09:54:d9:e4:8c:78:
                    59:f8:0c:67:20:ab:77:b0:e8:a5:5b:ce:05:2a:0c:
                    27:33:89:3a:3b:75:1d:c0:d1:93:5a:7e:48:b1:4e:
                    2f:b3:63:03:8a:55:a6:11:a8:ab:41:f2:88:f2:89:
                    f8:0a:a5:f7:88:f0:2b:e2:2d:ec:44:70:3f:cc:cf:
                    a9:1a:63:87:46:72:1c:3f:02:41:ef:42:25:ba:c0:
                    53:aa:a8:3c:0d:0d:57:25:46:dc:f6:c3:1a:c5:a8:
                    71:9e:43:d4:e4:23:8d:ac:d0:1a:66:38:b4:2b:7f:
                    64:c8:df:91:a9:de:15:70:5d:c4:09:36:45:18:54:
                    25:63:c6:93:9d:9d:dc:d0:64:3a:c5:1d:c7:30:30:
                    40:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:BC:A4:1D:39:20:E1:6E:9A:F2:86:FD:B4:86:23:DA:0E:6F:28:84
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/MrykHTkg4W6a8ob9tIYj2g5vKIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:8500::-2a06:e881:8502:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         38:78:e2:84:6f:4a:d9:06:9a:a9:3b:c6:4d:ba:88:2d:af:d7:
         dd:54:d9:a7:14:55:03:d4:08:ca:0a:42:54:25:43:f0:cc:99:
         6a:2e:41:e7:61:f4:e9:26:c6:06:0a:f6:a9:ec:93:60:8c:d3:
         14:e9:d3:3e:4e:81:c5:9e:c6:cd:09:1a:be:c3:fb:3a:46:ac:
         3b:90:c7:5a:af:03:2c:ee:2f:58:44:ad:66:5c:00:97:66:42:
         b5:8f:ab:e9:1c:15:db:59:59:25:cc:9d:a1:bb:32:59:12:85:
         b7:07:99:24:9f:5a:b7:14:e1:7a:cd:8f:69:9f:63:d6:e0:8d:
         3e:8b:0a:2a:86:75:f1:39:c1:c7:7d:2b:1a:dc:32:e6:67:70:
         9b:f7:06:74:99:34:c8:74:75:52:60:bf:8a:88:c6:8b:a5:e8:
         5c:54:84:47:17:43:59:1e:f2:7b:af:93:49:f6:d2:3f:3f:65:
         c6:bf:e4:7e:7e:8b:eb:61:cc:90:43:2f:e9:99:2f:3c:56:70:
         b1:39:c3:17:05:d5:1b:b5:26:63:43:29:b6:66:cd:e3:8b:bd:
         8c:8c:1c:e0:a3:d2:1e:ea:ed:d7:18:d2:c5:68:39:08:22:57:
         b1:8c:4d:58:3d:bd:13:91:c8:d8:74:d4:5d:ca:a0:1d:27:5c:
         be:87:d7:28
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYzKKlzf/3adwPfkCabR5DlHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmJjYTQxZDM5MjBlMTZlOWFmMjg2ZmRiNDg2MjNkYTBlNmYyODg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQNNfGMT0FXe6qIEfL4adTsdbBkD
z/qRX3Qho63A+rticIsgARXdIA4P9ciChPY4wNX7zPmWaFW0pmC1OSB2Ladu6G7L
R3+9RMl0Jmlb0EQqO1PladwparbOL6hXqWVLKWxYDrUpfCl84nfsFmziNCMJVNnk
jHhZ+AxnIKt3sOilW84FKgwnM4k6O3UdwNGTWn5IsU4vs2MDilWmEairQfKI8on4
CqX3iPAr4i3sRHA/zM+pGmOHRnIcPwJB70IlusBTqqg8DQ1XJUbc9sMaxahxnkPU
5CONrNAaZji0K39kyN+Rqd4VcF3ECTZFGFQlY8aTnZ3c0GQ6xR3HMDBADQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFDK8pB05IOFumvKG/bSGI9oObyiEMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvTXJ5a0hUa2c0VzZhOG9iOXRJWWoyZzV2S0lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAAjATMBEDBgAqBuiB
hQMHACoG6IGFAjANBgkqhkiG9w0BAQsFAAOCAQEAOHjihG9K2QaaqTvGTbqILa/X
3VTZpxRVA9QIygpCVCVD8MyZai5B52H06SbGBgr2qeyTYIzTFOnTPk6BxZ7GzQka
vsP7OkasO5DHWq8DLO4vWEStZlwAl2ZCtY+r6RwV21lZJcydobsyWRKFtweZJJ9a
txThes2PaZ9j1uCNPosKKoZ18TnBx30rGtwy5mdwm/cGdJk0yHR1UmC/iojGi6Xo
XFSERxdDWR7ye6+TSfbSPz9lxr/kfn6L62HMkEMv6ZkvPFZwsTnDFwXVG7UmY0Mp
tmbN44u9jIwc4KPSHurt1xjSxWg5CCJXsYxNWD29E5HI2HTUXcqgHSdcvofXKA==
-----END CERTIFICATE-----