Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/k-XTBYuze_jqWpNCWi8MVG-fHyo.roa
File:                     k-XTBYuze_jqWpNCWi8MVG-fHyo.roa (raw, json)
Hash identifier:          AFXQuNfuD9g54ATKPgpG00VjtJHslIDdDAvGqFmLlO0=
Subject key identifier:   93:E5:D3:05:8B:B3:7B:F8:EA:5A:93:42:5A:2F:0C:54:6F:9F:1F:2A
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       019217A5679E027849F359AE2C6DF690AF6F
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/k-XTBYuze_jqWpNCWi8MVG-fHyo.roa
Signing time:             Sun 22 Sep 2024 02:52:48 +0000
ROA not before:           Sun 22 Sep 2024 02:52:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203801
IP address blocks:        2a06:e881:4400::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:17:a5:67:9e:02:78:49:f3:59:ae:2c:6d:f6:90:af:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Sep 22 02:52:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93e5d3058bb37bf8ea5a93425a2f0c546f9f1f2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:11:53:72:f1:ee:62:3d:de:cf:47:82:85:c2:
                    a8:a0:c0:81:78:5d:13:0f:63:70:66:db:a9:18:f1:
                    91:f8:d1:cc:8e:35:30:ac:bb:36:03:ab:17:23:41:
                    51:09:6e:ef:78:8c:5d:12:f9:ca:31:0b:04:c1:70:
                    73:b5:2d:a3:b7:f6:b3:c3:d6:03:d2:a0:fb:08:48:
                    7d:77:b0:80:75:87:36:d3:ca:bc:06:93:01:06:3d:
                    0f:cb:a3:7f:87:e3:ee:a2:d0:6b:8d:27:3c:e9:46:
                    2c:01:07:80:fb:79:a2:a4:72:29:15:66:de:a4:08:
                    3e:6d:fe:47:a5:48:82:fe:13:5e:9e:bf:bc:5e:81:
                    4e:ca:bb:a1:ee:7b:32:60:99:fe:7b:25:d5:c6:6e:
                    c2:43:18:00:5c:fd:ea:0b:50:e7:dd:3c:c5:c9:1e:
                    d5:43:75:78:2f:e7:b3:d3:dc:50:38:ea:d9:d1:58:
                    f2:86:d2:aa:6d:09:28:87:1f:a3:ca:02:ce:e3:f0:
                    f8:b3:16:d0:40:04:66:c6:c3:4f:aa:f4:d1:49:58:
                    6b:9a:65:df:81:83:ed:bb:c7:cf:f8:03:77:c1:6a:
                    5c:de:48:6a:74:f9:b2:76:e2:60:ab:02:3f:dd:44:
                    1f:57:3d:18:7a:1c:cb:41:84:a3:cc:64:01:2b:4b:
                    c5:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:E5:D3:05:8B:B3:7B:F8:EA:5A:93:42:5A:2F:0C:54:6F:9F:1F:2A
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/k-XTBYuze_jqWpNCWi8MVG-fHyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:4400::/44

    Signature Algorithm: sha256WithRSAEncryption
         3a:d8:a8:79:a1:2e:40:1a:7e:ff:8b:2f:09:67:4e:78:1b:b9:
         ec:94:dd:bf:f5:28:8d:2f:0c:09:0b:bd:8c:fc:61:74:65:0a:
         21:ba:17:17:5c:68:5f:9a:10:db:04:14:01:43:27:a4:d0:61:
         78:57:e7:fc:e1:6a:90:c9:50:fa:67:2f:d6:5d:9e:d0:f9:9f:
         dc:10:9a:c3:7e:fd:ae:4b:40:fd:20:e8:02:86:4f:e1:fa:97:
         40:04:38:b2:db:66:aa:9c:72:7c:df:80:59:41:8f:37:88:d5:
         49:70:9e:50:cd:9f:83:e2:42:4b:64:b8:69:f5:6e:3e:cf:7e:
         d7:98:50:7d:34:ae:a4:d5:22:d3:5a:cd:52:55:f0:f7:86:41:
         a4:f0:c1:1c:a5:48:80:7a:7b:d9:95:62:0c:6c:b7:ff:0f:66:
         89:f1:ce:bb:8e:8a:44:93:96:ee:b0:e2:25:52:98:a2:aa:f9:
         ee:40:9d:bf:b2:38:96:09:94:6f:10:92:61:c1:1b:f3:9e:8c:
         22:be:30:2d:ac:03:5f:3a:2a:78:38:43:f6:cb:91:9e:b6:3f:
         0a:83:8b:05:ef:b0:6a:b5:7c:c1:4d:15:b9:d5:0f:77:5a:26:
         6a:12:fa:c4:65:9f:11:bc:7b:8a:a0:f8:a8:1d:2f:36:80:6f:
         02:22:26:f9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZIXpWeeAnhJ81muLG32kK9vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwOTIyMDI1MjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2U1ZDMwNThiYjM3YmY4ZWE1YTkzNDI1YTJmMGM1NDZmOWYxZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RFTcvHuYj3ez0eChcKooMCBeF0T
D2NwZtupGPGR+NHMjjUwrLs2A6sXI0FRCW7veIxdEvnKMQsEwXBztS2jt/azw9YD
0qD7CEh9d7CAdYc208q8BpMBBj0Py6N/h+PuotBrjSc86UYsAQeA+3mipHIpFWbe
pAg+bf5HpUiC/hNenr+8XoFOyruh7nsyYJn+eyXVxm7CQxgAXP3qC1Dn3TzFyR7V
Q3V4L+ez09xQOOrZ0VjyhtKqbQkohx+jygLO4/D4sxbQQARmxsNPqvTRSVhrmmXf
gYPtu8fP+AN3wWpc3khqdPmyduJgqwI/3UQfVz0YehzLQYSjzGQBK0vFDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJPl0wWLs3v46lqTQlovDFRvnx8qMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvay1YVEJZdXplX2pxV3BOQ1dpOE1WRy1mSHlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbogUQA
MA0GCSqGSIb3DQEBCwUAA4IBAQA62Kh5oS5AGn7/iy8JZ054G7nslN2/9SiNLwwJ
C72M/GF0ZQohuhcXXGhfmhDbBBQBQyek0GF4V+f84WqQyVD6Zy/WXZ7Q+Z/cEJrD
fv2uS0D9IOgChk/h+pdABDiy22aqnHJ834BZQY83iNVJcJ5QzZ+D4kJLZLhp9W4+
z37XmFB9NK6k1SLTWs1SVfD3hkGk8MEcpUiAenvZlWIMbLf/D2aJ8c67jopEk5bu
sOIlUpiiqvnuQJ2/sjiWCZRvEJJhwRvznowivjAtrANfOip4OEP2y5Getj8Kg4sF
77BqtXzBTRW51Q93WiZqEvrEZZ8RvHuKoPioHS82gG8CIib5
-----END CERTIFICATE-----