Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/cj7XcEOit6hcIBmReNBYEMWi4a8.roa
File:                     cj7XcEOit6hcIBmReNBYEMWi4a8.roa (raw, json)
Hash identifier:          pXHtoHwFEvsyyo6OMEcf3wCHpkMrFpX6FwQaF68naSY=
Subject key identifier:   72:3E:D7:70:43:A2:B7:A8:5C:20:19:91:78:D0:58:10:C5:A2:E1:AF
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A52433BF18C0BC0804664814B56DD
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/cj7XcEOit6hcIBmReNBYEMWi4a8.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204604
IP address blocks:        2a06:e881:4002::/48 maxlen: 48
                          2a06:e881:4001::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:52:43:3b:f1:8c:0b:c0:80:46:64:81:4b:56:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=723ed77043a2b7a85c20199178d05810c5a2e1af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:cf:44:71:fb:13:c9:b6:08:6b:23:8b:5b:74:
                    34:84:d5:2b:13:2f:5f:78:1b:ce:18:f8:90:c0:57:
                    43:2d:c4:df:b1:c1:58:b0:4e:b2:d5:98:e8:a1:47:
                    ac:23:31:e3:57:17:34:20:48:8f:03:c6:b8:e1:7f:
                    4c:d8:1a:76:e6:53:b8:ca:33:e6:2f:45:4a:ae:16:
                    b6:6e:11:75:48:73:42:68:1b:0c:85:3a:56:02:5f:
                    85:3f:97:71:30:2b:8f:c9:6d:c2:db:76:7b:1c:da:
                    1e:66:47:55:a3:3a:55:f2:e0:70:68:6e:49:c9:1f:
                    bd:5c:05:b9:59:5a:82:dc:9f:3b:76:5d:f2:31:86:
                    d8:31:e3:60:ab:c9:9a:39:70:58:74:71:0f:1b:04:
                    7b:bd:05:08:22:dc:af:ba:72:87:ed:fc:c0:91:e4:
                    7d:57:ee:55:1a:e7:83:fd:72:e0:96:3b:fa:7b:19:
                    4d:75:22:0d:53:11:2e:73:7d:19:27:f3:7c:f1:b8:
                    be:46:16:e2:08:0a:27:7b:54:1d:e1:4b:71:38:44:
                    2c:63:9a:18:9f:52:42:c6:6a:e1:35:d2:62:d5:ce:
                    ff:88:ea:e8:cb:8c:13:b0:2f:c5:3e:7a:fe:62:20:
                    36:b0:3c:76:eb:20:8d:62:63:3d:05:0f:9f:37:8f:
                    8e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:3E:D7:70:43:A2:B7:A8:5C:20:19:91:78:D0:58:10:C5:A2:E1:AF
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/cj7XcEOit6hcIBmReNBYEMWi4a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:4001::-2a06:e881:4002:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         33:e7:39:df:d7:bc:39:25:31:70:79:a7:81:88:be:1c:8c:94:
         4d:b5:03:1d:13:89:44:ff:db:91:5e:f4:ea:04:43:70:84:e1:
         e7:06:64:e8:24:9b:6f:bc:76:88:2c:51:3f:04:c2:ab:f0:87:
         1d:34:45:b0:7e:64:e3:10:ec:f4:ca:b9:29:ed:4a:c7:7b:21:
         65:9f:29:f9:5c:0f:3c:66:ed:21:cd:fc:3d:cd:65:4b:cb:b1:
         87:26:24:01:b8:38:b7:87:64:db:75:80:bf:c4:fb:f6:53:94:
         c1:d0:b7:1c:02:4e:43:ca:51:3b:85:3b:65:49:96:e7:e7:ba:
         2b:16:5e:75:09:a4:b4:c3:e8:68:da:cb:9d:5d:2b:c3:b3:9c:
         f8:4c:4f:00:7f:a9:5b:8f:e0:8f:a3:33:bc:3e:fb:83:c5:58:
         8c:2c:b5:51:3e:fc:4d:61:e0:f7:89:34:ad:c8:f5:fc:81:c1:
         5b:33:fa:10:53:55:50:47:ad:2d:99:74:23:76:0b:48:3e:d3:
         97:18:15:e9:54:9f:55:cb:cb:5d:68:1c:99:3d:3e:b4:b1:97:
         c7:72:f8:52:17:87:60:09:be:83:3d:b1:e2:51:77:a7:73:8b:
         19:2c:16:7f:3d:3a:ad:92:2d:88:aa:a5:af:98:88:bf:63:de:
         da:a9:e6:4e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzKKlJDO/GMC8CARmSBS1bdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjNlZDc3MDQzYTJiN2E4NWMyMDE5OTE3OGQwNTgxMGM1YTJlMWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjs9EcfsTybYIayOLW3Q0hNUrEy9f
eBvOGPiQwFdDLcTfscFYsE6y1ZjooUesIzHjVxc0IEiPA8a44X9M2Bp25lO4yjPm
L0VKrha2bhF1SHNCaBsMhTpWAl+FP5dxMCuPyW3C23Z7HNoeZkdVozpV8uBwaG5J
yR+9XAW5WVqC3J87dl3yMYbYMeNgq8maOXBYdHEPGwR7vQUIItyvunKH7fzAkeR9
V+5VGueD/XLgljv6exlNdSINUxEuc30ZJ/N88bi+RhbiCAone1Qd4UtxOEQsY5oY
n1JCxmrhNdJi1c7/iOroy4wTsC/FPnr+YiA2sDx26yCNYmM9BQ+fN4+ObQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFHI+13BDoreoXCAZkXjQWBDFouGvMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvY2o3WGNFT2l0NmhjSUJtUmVOQllFTVdpNGE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqBuiB
QAEDBwAqBuiBQAIwDQYJKoZIhvcNAQELBQADggEBADPnOd/XvDklMXB5p4GIvhyM
lE21Ax0TiUT/25Fe9OoEQ3CE4ecGZOgkm2+8dogsUT8Ewqvwhx00RbB+ZOMQ7PTK
uSntSsd7IWWfKflcDzxm7SHN/D3NZUvLsYcmJAG4OLeHZNt1gL/E+/ZTlMHQtxwC
TkPKUTuFO2VJlufnuisWXnUJpLTD6Gjay51dK8OznPhMTwB/qVuP4I+jM7w++4PF
WIwstVE+/E1h4PeJNK3I9fyBwVsz+hBTVVBHrS2ZdCN2C0g+05cYFelUn1XLy11o
HJk9PrSxl8dy+FIXh2AJvoM9seJRd6dzixksFn89Oq2SLYiqpa+YiL9j3tqp5k4=
-----END CERTIFICATE-----