Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/_Z9DbTq-1FcP_0sd0YRAJBUKBlo.roa
File:                     _Z9DbTq-1FcP_0sd0YRAJBUKBlo.roa (raw, json)
Hash identifier:          RYLdIoka3Dz35shXZQHhWJnpjfPGREaUXHv0IRGCaws=
Subject key identifier:   FD:9F:43:6D:3A:BE:D4:57:0F:FF:4B:1D:D1:84:40:24:15:0A:06:5A
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A56CE5F778D8AD87077CB7F2BE581
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/_Z9DbTq-1FcP_0sd0YRAJBUKBlo.roa
Signing time:             Tue 02 Jan 2024 12:33:41 +0000
ROA not before:           Tue 02 Jan 2024 12:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207036
IP address blocks:        2a06:e881:1600::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:56:ce:5f:77:8d:8a:d8:70:77:cb:7f:2b:e5:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd9f436d3abed4570fff4b1dd1844024150a065a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:9a:94:a7:f4:13:0e:fb:5b:23:8a:3c:25:f8:
                    6b:ba:2d:e0:0b:b9:7c:fa:ff:ec:00:e5:43:6d:38:
                    28:83:d7:13:dc:a5:60:aa:97:d7:bb:99:64:e1:e6:
                    f6:93:86:63:2c:c6:9f:8d:a1:97:5b:77:40:02:e8:
                    7c:b2:a2:85:64:81:ab:86:fa:50:b9:5e:eb:ef:50:
                    7c:ad:57:76:4f:1a:b3:73:f9:d1:d1:a3:35:c9:03:
                    06:1d:84:7f:78:01:f7:21:c6:0e:ac:aa:60:8d:61:
                    67:60:8d:b6:3e:43:c3:a2:1b:4b:fc:93:d8:a3:a3:
                    41:3f:50:96:ae:4c:82:a5:e9:f1:76:86:d3:e4:d6:
                    82:e4:55:03:a2:f1:8a:46:1a:82:18:eb:eb:16:ec:
                    78:8b:3d:27:2c:a8:60:e4:de:f1:dd:bf:7f:a5:f9:
                    be:7d:8f:f5:7b:20:63:66:7a:09:31:03:bc:7a:22:
                    3a:66:4c:eb:a7:6e:56:ac:19:20:1a:4e:dc:11:de:
                    5c:25:97:b8:9b:64:0a:ce:17:29:7b:e8:cc:af:4b:
                    0f:f6:c7:9e:39:ee:75:8e:35:a8:69:96:7d:89:84:
                    c3:40:93:04:26:21:3a:93:4e:05:0a:d4:33:22:18:
                    5d:61:94:af:90:f2:ae:d7:be:63:cd:c9:4c:00:46:
                    07:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:9F:43:6D:3A:BE:D4:57:0F:FF:4B:1D:D1:84:40:24:15:0A:06:5A
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/_Z9DbTq-1FcP_0sd0YRAJBUKBlo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:1600::/44

    Signature Algorithm: sha256WithRSAEncryption
         19:f0:2c:a9:01:92:15:df:9d:dd:d8:b1:31:2f:25:6b:16:27:
         39:d4:25:61:d6:52:12:69:00:39:8c:fa:21:da:06:6c:98:61:
         c9:5a:78:fe:53:fc:e8:da:85:a7:4e:27:65:72:51:3f:91:f8:
         b1:2e:9c:3c:53:24:33:18:29:a6:d5:2d:62:74:74:be:5f:38:
         34:05:c9:42:6c:94:e2:21:57:59:6c:78:0c:9b:23:d6:bb:d5:
         fc:5f:0a:56:93:e0:86:af:62:b9:8f:48:f7:83:6b:2c:b0:94:
         a2:f4:8a:82:33:71:2b:06:6d:cd:8b:4e:48:1c:5d:32:4e:b9:
         f5:c4:97:bc:5e:8e:ef:24:f2:b7:4e:58:28:9e:04:e8:51:3c:
         c0:52:62:50:f4:c6:7c:45:75:ed:63:dc:71:34:5e:3a:82:d2:
         ef:b1:3d:3c:52:5f:96:5a:6f:26:be:fd:ea:83:2b:33:02:cc:
         e9:cb:a3:6e:81:ef:4e:ce:ee:68:89:75:5a:5b:bf:33:87:2c:
         75:50:6c:f4:bb:e5:fe:ad:33:27:2b:cf:95:d4:d1:69:dd:e3:
         9e:d9:aa:af:38:7b:0e:8d:9a:fb:00:49:ec:79:ae:83:72:e5:
         12:a3:bc:43:8c:50:63:2f:aa:f9:c4:3e:c7:de:a2:fc:79:6e:
         30:58:04:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKlbOX3eNithwd8t/K+WBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDlmNDM2ZDNhYmVkNDU3MGZmZjRiMWRkMTg0NDAyNDE1MGEwNjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5qUp/QTDvtbI4o8Jfhrui3gC7l8
+v/sAOVDbTgog9cT3KVgqpfXu5lk4eb2k4ZjLMafjaGXW3dAAuh8sqKFZIGrhvpQ
uV7r71B8rVd2Txqzc/nR0aM1yQMGHYR/eAH3IcYOrKpgjWFnYI22PkPDohtL/JPY
o6NBP1CWrkyCpenxdobT5NaC5FUDovGKRhqCGOvrFux4iz0nLKhg5N7x3b9/pfm+
fY/1eyBjZnoJMQO8eiI6Zkzrp25WrBkgGk7cEd5cJZe4m2QKzhcpe+jMr0sP9see
Oe51jjWoaZZ9iYTDQJMEJiE6k04FCtQzIhhdYZSvkPKu175jzclMAEYHMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP2fQ206vtRXD/9LHdGEQCQVCgZaMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvX1o5RGJUcS0xRmNQXzBzZDBZUkFKQlVLQmxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbogRYA
MA0GCSqGSIb3DQEBCwUAA4IBAQAZ8CypAZIV353d2LExLyVrFic51CVh1lISaQA5
jPoh2gZsmGHJWnj+U/zo2oWnTidlclE/kfixLpw8UyQzGCmm1S1idHS+Xzg0BclC
bJTiIVdZbHgMmyPWu9X8XwpWk+CGr2K5j0j3g2sssJSi9IqCM3ErBm3Ni05IHF0y
Trn1xJe8Xo7vJPK3TlgongToUTzAUmJQ9MZ8RXXtY9xxNF46gtLvsT08Ul+WWm8m
vv3qgyszAszpy6Nuge9Ozu5oiXVaW78zhyx1UGz0u+X+rTMnK8+V1NFp3eOe2aqv
OHsOjZr7AEnsea6DcuUSo7xDjFBjL6r5xD7H3qL8eW4wWATQ
-----END CERTIFICATE-----