Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/jxdpytxg9rETRtnNNFYRe0uzitA.roa
File:                     jxdpytxg9rETRtnNNFYRe0uzitA.roa (raw, json)
Hash identifier:          knRKzk7rLgbCkZGFm07j1rsLHZ2wYI2TYJ6B63PEeg4=
Subject key identifier:   8F:17:69:CA:DC:60:F6:B1:13:46:D9:CD:34:56:11:7B:4B:B3:8A:D0
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A53C938070520D69C0E1CB0FB4BCD
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/jxdpytxg9rETRtnNNFYRe0uzitA.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205602
IP address blocks:        2a06:e881:116::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:53:c9:38:07:05:20:d6:9c:0e:1c:b0:fb:4b:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f1769cadc60f6b11346d9cd3456117b4bb38ad0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ed:be:f2:67:ef:c3:3b:22:4b:ce:7c:94:78:
                    1a:40:f0:75:20:6d:b5:32:8f:1b:ce:cb:f6:5e:0d:
                    12:34:d3:28:ca:99:6c:dd:91:31:b4:77:15:40:dc:
                    4f:a1:5d:52:e8:9e:48:e8:ec:7f:dc:ce:6a:4e:38:
                    8c:c6:77:53:7b:31:56:75:3a:3d:aa:4d:6b:f3:bd:
                    b8:05:b4:12:8c:ef:d8:3f:d4:58:58:77:1f:6f:a2:
                    9b:9c:99:fc:b5:71:fc:5b:be:4d:a1:c8:cf:ac:51:
                    a9:01:82:0f:17:7f:64:00:8b:a1:d2:f4:9d:d8:be:
                    91:ba:70:0f:8d:c9:ec:da:1e:1c:e3:d6:f4:9a:e7:
                    a4:67:57:f8:1f:03:af:fb:75:ba:d3:49:ab:68:2c:
                    a7:78:0c:66:ec:fa:aa:d6:ac:32:bc:e6:99:fe:ae:
                    49:43:24:ca:8b:63:e3:ef:81:d0:8d:f6:c4:4a:8a:
                    66:01:6f:e5:04:71:92:52:27:95:66:30:0d:f3:40:
                    03:90:ca:e2:bc:14:ea:79:70:c6:c4:0b:a1:a8:c8:
                    27:fd:4e:b0:e9:44:16:ed:d7:47:56:a2:1b:eb:dd:
                    15:47:45:84:14:27:0e:c9:65:cf:1b:b7:9e:a5:f2:
                    ab:5f:85:33:24:67:c0:8c:de:c3:f3:a4:ef:2d:2a:
                    b3:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:17:69:CA:DC:60:F6:B1:13:46:D9:CD:34:56:11:7B:4B:B3:8A:D0
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/jxdpytxg9rETRtnNNFYRe0uzitA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:116::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:f9:19:63:3a:0d:c8:98:f5:49:38:46:ee:b0:e7:e4:a8:fb:
         36:3d:4e:06:ca:f9:a0:0f:43:e8:51:52:96:29:3b:06:c6:92:
         dc:01:a7:01:95:7a:10:e2:17:ed:fe:81:01:8e:23:8a:38:cb:
         0d:57:48:e0:fe:cc:0d:9d:6d:6d:ad:6d:09:85:da:c8:0a:c7:
         63:19:ae:3d:40:dc:27:69:43:d0:ad:a7:1b:e8:94:01:07:a8:
         42:c8:2e:bc:e3:78:f9:96:ce:43:db:6e:c6:e8:30:25:49:6f:
         b9:63:a6:28:b9:d4:77:58:89:f7:7b:65:ea:a6:a6:d4:88:ea:
         bb:be:b4:48:aa:8d:7a:75:0f:a0:af:5c:06:d7:ff:7e:a3:2b:
         84:91:36:d4:04:16:cb:1f:f6:2c:73:fd:b6:68:06:15:d6:8a:
         de:b9:86:73:3f:cf:0f:97:0e:91:be:64:b6:fb:55:84:f5:6a:
         b6:8e:07:ec:32:09:28:84:9a:76:9d:32:d4:a7:cc:d7:43:96:
         39:c1:a5:9d:70:42:37:65:ed:a9:06:a4:64:1a:77:6a:e4:e5:
         94:28:a9:91:03:cd:78:a7:50:14:a4:1b:32:19:10:3a:05:c6:
         a5:b2:17:dd:c9:c5:b5:fd:fa:22:67:4f:be:f2:de:b8:65:8b:
         c1:81:ee:69
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKlPJOAcFINacDhyw+0vNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjE3NjljYWRjNjBmNmIxMTM0NmQ5Y2QzNDU2MTE3YjRiYjM4YWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhO2+8mfvwzsiS858lHgaQPB1IG21
Mo8bzsv2Xg0SNNMoypls3ZExtHcVQNxPoV1S6J5I6Ox/3M5qTjiMxndTezFWdTo9
qk1r8724BbQSjO/YP9RYWHcfb6KbnJn8tXH8W75NocjPrFGpAYIPF39kAIuh0vSd
2L6RunAPjcns2h4c49b0muekZ1f4HwOv+3W600mraCyneAxm7Pqq1qwyvOaZ/q5J
QyTKi2Pj74HQjfbESopmAW/lBHGSUieVZjAN80ADkMrivBTqeXDGxAuhqMgn/U6w
6UQW7ddHVqIb690VR0WEFCcOyWXPG7eepfKrX4UzJGfAjN7D86TvLSqz8wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI8XacrcYPaxE0bZzTRWEXtLs4rQMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvanhkcHl0eGc5ckVUUnRuTk5GWVJlMHV6aXRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgbogQEW
MA0GCSqGSIb3DQEBCwUAA4IBAQB6+RljOg3ImPVJOEbusOfkqPs2PU4GyvmgD0Po
UVKWKTsGxpLcAacBlXoQ4hft/oEBjiOKOMsNV0jg/swNnW1trW0JhdrICsdjGa49
QNwnaUPQracb6JQBB6hCyC6843j5ls5D227G6DAlSW+5Y6YoudR3WIn3e2XqpqbU
iOq7vrRIqo16dQ+gr1wG1/9+oyuEkTbUBBbLH/Ysc/22aAYV1oreuYZzP88Plw6R
vmS2+1WE9Wq2jgfsMgkohJp2nTLUp8zXQ5Y5waWdcEI3Ze2pBqRkGndq5OWUKKmR
A814p1AUpBsyGRA6BcalshfdycW1/foiZ0++8t64ZYvBge5p
-----END CERTIFICATE-----