Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/b7NLZ7BsEtv1bK3bwt1ob1AYoiE.roa
File:                     b7NLZ7BsEtv1bK3bwt1ob1AYoiE.roa (raw, json)
Hash identifier:          +qBzdZOupF4jH/Uo5P5pL8AZeBjlh1QaK7o0Fj0ChME=
Subject key identifier:   6F:B3:4B:67:B0:6C:12:DB:F5:6C:AD:DB:C2:DD:68:6F:50:18:A2:21
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A5B1FFF112677BCDBC61E210FC819
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/b7NLZ7BsEtv1bK3bwt1ob1AYoiE.roa
Signing time:             Tue 02 Jan 2024 12:33:42 +0000
ROA not before:           Tue 02 Jan 2024 12:33:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210286
IP address blocks:        2a06:e881:9000::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:5b:1f:ff:11:26:77:bc:db:c6:1e:21:0f:c8:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fb34b67b06c12dbf56caddbc2dd686f5018a221
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:8e:c8:3e:b4:2c:ae:23:c8:1d:ab:94:94:cc:
                    44:ed:8b:69:75:c9:12:1e:18:b6:0c:f3:57:ba:be:
                    c8:87:9b:31:69:d8:11:c4:34:a2:5c:f7:d5:d1:87:
                    00:ab:86:64:7f:04:00:86:9c:b3:6d:d4:2b:84:bb:
                    a0:c2:0d:17:d8:1d:15:0c:ac:f3:1b:55:e1:e4:a6:
                    b0:87:b8:8b:5f:a3:5c:94:c0:69:5b:95:16:c5:dc:
                    20:90:de:57:ab:50:0a:ad:cd:0c:66:9a:d4:0d:ac:
                    71:26:35:da:a0:88:f9:0c:5a:4e:4d:f8:97:eb:40:
                    ee:cf:97:bb:e9:36:cc:81:ec:6a:cc:de:91:8a:13:
                    f2:75:89:a6:7c:f4:da:b2:15:df:40:5f:7f:c2:71:
                    bb:98:e6:29:d8:df:e7:6b:17:b2:92:c2:67:fa:d3:
                    4c:f3:7f:bf:32:6f:ea:a1:b1:ec:c7:5b:cc:cc:1a:
                    ef:a4:f6:17:9e:1a:22:48:a4:4c:36:79:e7:17:38:
                    54:81:f1:ae:af:9c:39:1e:12:6b:b6:d9:4c:5f:9d:
                    75:0e:da:b8:5d:32:92:16:19:8e:38:e1:31:3d:e1:
                    9d:d0:47:74:6a:79:33:91:0f:8a:f2:fd:d4:92:c7:
                    8f:d5:3f:5e:63:bc:43:e7:16:74:b8:8f:44:b5:7c:
                    b5:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:B3:4B:67:B0:6C:12:DB:F5:6C:AD:DB:C2:DD:68:6F:50:18:A2:21
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/b7NLZ7BsEtv1bK3bwt1ob1AYoiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:9000::/44

    Signature Algorithm: sha256WithRSAEncryption
         45:fc:d4:f7:38:e7:32:e8:3a:5e:15:76:86:10:40:14:b3:c1:
         08:6f:54:a8:3e:61:1c:3b:ca:b8:8c:e7:f4:d4:99:07:a1:3c:
         a2:eb:6e:ca:70:f9:a2:4f:b5:4f:67:64:19:e7:12:8a:0c:11:
         05:17:83:35:2d:e1:54:39:0d:29:9c:b5:85:4a:76:19:b6:f3:
         70:56:8e:ee:07:2f:ec:8e:6c:f2:20:d1:c5:45:29:1c:a9:a2:
         4b:39:5c:84:64:52:2e:ac:fb:bd:c3:dd:88:34:1b:56:8c:ee:
         3a:be:b6:04:c2:d2:e7:cd:5e:94:14:fe:98:ea:42:63:ee:d3:
         a5:ea:e9:a9:0e:8e:a0:b2:b6:a8:ee:f1:e9:51:d9:19:32:56:
         6c:20:a0:bd:4e:24:a0:a0:86:c0:97:2c:3b:3c:3f:60:3b:92:
         70:94:31:4b:42:a1:d9:1c:96:59:ed:77:3d:3a:8e:ae:af:e9:
         d8:25:2f:2e:39:ba:95:70:a1:82:56:d9:ca:08:6e:e3:4b:2a:
         cf:34:b6:85:e3:a9:a0:9e:19:9f:23:95:ff:5f:c9:dd:13:23:
         09:03:f3:a2:e9:cf:22:6c:59:7d:99:05:03:bd:62:33:9c:42:
         e7:ad:56:d4:53:d0:61:61:fa:93:67:e9:bb:c3:d4:d2:f2:63:
         95:95:47:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKlsf/xEmd7zbxh4hD8gZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmIzNGI2N2IwNmMxMmRiZjU2Y2FkZGJjMmRkNjg2ZjUwMThhMjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhI7IPrQsriPIHauUlMxE7YtpdckS
Hhi2DPNXur7Ih5sxadgRxDSiXPfV0YcAq4ZkfwQAhpyzbdQrhLugwg0X2B0VDKzz
G1Xh5Kawh7iLX6NclMBpW5UWxdwgkN5Xq1AKrc0MZprUDaxxJjXaoIj5DFpOTfiX
60Duz5e76TbMgexqzN6RihPydYmmfPTashXfQF9/wnG7mOYp2N/naxeyksJn+tNM
83+/Mm/qobHsx1vMzBrvpPYXnhoiSKRMNnnnFzhUgfGur5w5HhJrttlMX511Dtq4
XTKSFhmOOOExPeGd0Ed0ankzkQ+K8v3UkseP1T9eY7xD5xZ0uI9EtXy1wwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG+zS2ewbBLb9Wyt28LdaG9QGKIhMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvYjdOTFo3QnNFdHYxYkszYnd0MW9iMUFZb2lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbogZAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBF/NT3OOcy6DpeFXaGEEAUs8EIb1SoPmEcO8q4
jOf01JkHoTyi627KcPmiT7VPZ2QZ5xKKDBEFF4M1LeFUOQ0pnLWFSnYZtvNwVo7u
By/sjmzyINHFRSkcqaJLOVyEZFIurPu9w92INBtWjO46vrYEwtLnzV6UFP6Y6kJj
7tOl6umpDo6gsrao7vHpUdkZMlZsIKC9TiSgoIbAlyw7PD9gO5JwlDFLQqHZHJZZ
7Xc9Oo6ur+nYJS8uObqVcKGCVtnKCG7jSyrPNLaF46mgnhmfI5X/X8ndEyMJA/Oi
6c8ibFl9mQUDvWIznELnrVbUU9BhYfqTZ+m7w9TS8mOVlUdL
-----END CERTIFICATE-----