Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/Vrf_MP1uf-8AtmLtT8UZkjTEt8Q.roa
File:                     Vrf_MP1uf-8AtmLtT8UZkjTEt8Q.roa (raw, json)
Hash identifier:          od/XI2p2XtZ8xqKU7d/Cw+ymrWY19CVvYKI95/RVSyA=
Subject key identifier:   56:B7:FF:30:FD:6E:7F:EF:00:B6:62:ED:4F:C5:19:92:34:C4:B7:C4
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A51BBBE8FAA99B60FA9958BD8F263
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/Vrf_MP1uf-8AtmLtT8UZkjTEt8Q.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203478
IP address blocks:        2a06:e881:5600::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:51:bb:be:8f:aa:99:b6:0f:a9:95:8b:d8:f2:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56b7ff30fd6e7fef00b662ed4fc5199234c4b7c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:94:9a:da:5a:c3:6b:65:e0:18:61:33:36:76:
                    b6:51:79:9d:41:98:37:ce:66:01:db:4f:57:be:bb:
                    95:d8:4c:e0:6b:11:22:b7:60:78:44:35:bc:f1:9e:
                    8c:9b:38:aa:99:a3:28:89:93:ed:f2:68:77:75:62:
                    7a:09:81:c2:ec:a6:32:07:fe:b8:d1:c5:37:f1:20:
                    1a:ad:c5:95:1c:69:f8:54:97:7f:83:a4:1d:f3:0e:
                    1c:c1:84:55:54:80:c6:04:59:f6:61:7a:d8:2b:a5:
                    ac:c7:be:b0:7b:eb:00:3c:71:d8:1f:7b:f8:43:3b:
                    d3:94:9b:e6:24:65:d8:82:f2:28:10:6c:22:c4:7a:
                    e2:43:53:24:77:7a:cb:0b:a4:9a:92:18:3e:d7:15:
                    64:09:aa:0a:c8:41:ba:ce:d8:2b:3f:dd:ef:d0:76:
                    61:c0:73:03:01:ff:d6:93:ee:97:c3:e8:67:74:89:
                    90:b0:7b:99:4f:09:27:80:ca:f7:f9:a6:c6:39:17:
                    ce:4a:56:d2:64:b1:97:b0:62:60:ba:09:a4:61:ef:
                    c4:de:ed:42:75:04:52:e5:24:e8:de:b6:d5:7e:32:
                    92:a3:79:17:1f:55:61:a8:0b:b4:f6:d4:16:a1:7a:
                    5c:dd:30:98:c4:17:68:7c:de:d2:87:fd:bd:cb:01:
                    6f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:B7:FF:30:FD:6E:7F:EF:00:B6:62:ED:4F:C5:19:92:34:C4:B7:C4
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/Vrf_MP1uf-8AtmLtT8UZkjTEt8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:5600::/44

    Signature Algorithm: sha256WithRSAEncryption
         2a:95:46:77:46:ad:cb:fb:0e:b7:1e:e6:40:e7:36:72:c6:2e:
         92:55:1a:8a:a8:e7:64:65:ba:09:c1:0c:e3:2b:31:06:83:e1:
         65:c4:8b:78:33:74:ae:f2:cc:45:83:b4:18:fb:ad:81:ed:ad:
         d8:d9:a6:0c:4d:9e:d8:c1:5a:ef:08:c5:61:17:c8:e6:ca:6e:
         30:67:e2:de:74:da:4b:b4:ab:50:fa:04:bd:aa:56:b2:4d:e3:
         fc:17:91:10:b4:9a:b0:23:63:c2:06:ad:b1:7e:e3:96:6b:6e:
         c1:51:0d:26:68:29:95:d9:85:74:47:ef:48:84:31:31:08:7f:
         0b:2d:0e:c4:86:7a:ed:44:3b:08:71:71:df:46:68:03:a9:0b:
         74:68:5c:31:dc:4c:76:03:51:43:b6:7c:1f:e1:f9:bc:7b:65:
         cd:ad:af:89:c3:de:cb:32:6d:eb:51:30:ce:9d:91:e7:be:6b:
         ef:ec:09:d0:13:78:62:b7:b8:e7:a3:6b:c2:42:5b:64:d0:78:
         8e:c5:15:c3:1f:25:93:46:3a:01:8a:99:46:79:27:8b:8a:79:
         d7:e7:53:25:8f:a8:93:9e:3a:71:e7:22:47:2c:4e:90:7e:a6:
         76:66:6c:ba:c1:7b:9e:2a:ac:19:fc:6a:e7:46:c7:6b:46:90:
         25:ed:84:e7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKlG7vo+qmbYPqZWL2PJjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmI3ZmYzMGZkNmU3ZmVmMDBiNjYyZWQ0ZmM1MTk5MjM0YzRiN2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopSa2lrDa2XgGGEzNna2UXmdQZg3
zmYB209XvruV2EzgaxEit2B4RDW88Z6MmziqmaMoiZPt8mh3dWJ6CYHC7KYyB/64
0cU38SAarcWVHGn4VJd/g6Qd8w4cwYRVVIDGBFn2YXrYK6Wsx76we+sAPHHYH3v4
QzvTlJvmJGXYgvIoEGwixHriQ1Mkd3rLC6Sakhg+1xVkCaoKyEG6ztgrP93v0HZh
wHMDAf/Wk+6Xw+hndImQsHuZTwkngMr3+abGORfOSlbSZLGXsGJgugmkYe/E3u1C
dQRS5STo3rbVfjKSo3kXH1VhqAu09tQWoXpc3TCYxBdofN7Sh/29ywFvRQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFa3/zD9bn/vALZi7U/FGZI0xLfEMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvVnJmX01QMXVmLThBdG1MdFQ4VVpralRFdDhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbogVYA
MA0GCSqGSIb3DQEBCwUAA4IBAQAqlUZ3Rq3L+w63HuZA5zZyxi6SVRqKqOdkZboJ
wQzjKzEGg+FlxIt4M3Su8sxFg7QY+62B7a3Y2aYMTZ7YwVrvCMVhF8jmym4wZ+Le
dNpLtKtQ+gS9qlayTeP8F5EQtJqwI2PCBq2xfuOWa27BUQ0maCmV2YV0R+9IhDEx
CH8LLQ7EhnrtRDsIcXHfRmgDqQt0aFwx3Ex2A1FDtnwf4fm8e2XNra+Jw97LMm3r
UTDOnZHnvmvv7AnQE3hit7jno2vCQltk0HiOxRXDHyWTRjoBiplGeSeLinnX51Ml
j6iTnjpx5yJHLE6QfqZ2Zmy6wXueKqwZ/GrnRsdrRpAl7YTn
-----END CERTIFICATE-----