Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/l03L_jBn4tRAhz5POcwTqfpp3jo.roa
File:                     l03L_jBn4tRAhz5POcwTqfpp3jo.roa (raw, json)
Hash identifier:          7ht1Gap6ljAK9F6EiRT2rsuiu4V1hoheYIVGCmm5410=
Subject key identifier:   97:4D:CB:FE:30:67:E2:D4:40:87:3E:4F:39:CC:13:A9:FA:69:DE:3A
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A57C1149CECCADEC0506BACA5CFEE
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/l03L_jBn4tRAhz5POcwTqfpp3jo.roa
Signing time:             Tue 02 Jan 2024 12:33:41 +0000
ROA not before:           Tue 02 Jan 2024 12:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207754
IP address blocks:        2a06:e881:7104::/46 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:57:c1:14:9c:ec:ca:de:c0:50:6b:ac:a5:cf:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=974dcbfe3067e2d440873e4f39cc13a9fa69de3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:20:cc:d9:2d:bb:43:83:82:b3:1c:c4:81:4a:
                    2d:08:6b:3a:23:fb:f4:fa:27:4a:04:2c:74:d1:94:
                    62:1f:dc:50:5d:e4:a6:fa:da:01:1b:a9:55:5c:0f:
                    10:1d:74:c7:9c:06:aa:77:ce:a5:bb:f5:69:35:8c:
                    83:e9:fe:07:13:91:e5:b1:41:20:9b:d4:9a:a3:7c:
                    ae:08:5c:d7:3a:4c:31:3c:a1:b1:02:0c:24:aa:a2:
                    98:41:17:d2:a7:38:a4:b4:d8:cb:fe:e5:d8:c5:5b:
                    c8:94:90:4d:a8:2e:77:15:f7:28:2e:c8:63:39:35:
                    4a:b4:54:b3:73:50:cc:ca:c2:c5:68:34:89:4a:50:
                    75:8f:e2:6b:32:88:a3:54:7e:10:83:74:c0:e9:e9:
                    de:1a:63:55:26:7a:72:9c:d9:ca:a5:f5:11:19:6e:
                    14:22:5f:1f:3e:65:f1:2d:7b:fb:7c:87:a4:3e:21:
                    ca:48:f1:1c:d2:7d:2a:11:74:36:3c:b6:81:b0:5a:
                    6d:20:31:d0:b4:a1:94:3c:3b:57:a1:95:fa:c5:e8:
                    5e:3f:78:8b:71:82:76:78:a9:ff:40:1c:dd:7a:42:
                    e6:0f:db:d3:1e:62:e3:76:83:c3:b9:d3:ab:12:a3:
                    ca:93:92:1a:fd:8e:3f:0f:6d:4c:85:ce:6e:74:9b:
                    91:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:4D:CB:FE:30:67:E2:D4:40:87:3E:4F:39:CC:13:A9:FA:69:DE:3A
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/l03L_jBn4tRAhz5POcwTqfpp3jo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:7104::/46

    Signature Algorithm: sha256WithRSAEncryption
         79:0b:06:89:f7:a0:4c:48:ed:82:ff:22:3a:7a:51:98:76:0c:
         b4:5d:3e:bf:77:3e:73:5b:af:9f:f0:ad:a5:6d:b7:b3:87:95:
         1f:8b:70:26:9a:2a:60:93:ab:c5:57:0a:fd:e0:a7:36:6e:51:
         09:87:de:b9:9b:c7:14:88:29:52:c3:f0:fb:ef:87:f8:bf:5b:
         65:3a:13:e6:9f:ad:90:fd:68:89:43:81:22:bd:fc:d8:fb:66:
         d0:bd:6b:29:ed:0d:a3:a9:ad:8f:b8:e4:2f:cd:a9:38:61:f3:
         b7:a8:23:a3:7f:8f:f0:79:6e:76:4f:1b:0a:a7:bf:6c:1d:83:
         a2:84:5f:13:b6:9d:8a:1e:90:ac:65:20:dd:44:86:77:ed:f1:
         e3:ad:0f:6c:31:55:19:a0:d7:4c:47:42:8c:2e:46:d8:76:7d:
         f4:72:4a:eb:c8:42:35:09:aa:17:ff:d8:48:f5:af:43:4d:29:
         b3:c0:dc:58:a2:52:60:3e:49:3d:74:29:0a:3c:db:d6:d7:9a:
         23:ae:99:05:41:e5:a7:88:c6:8f:36:47:af:fd:41:7e:33:5e:
         08:55:dd:d4:c0:96:07:3b:27:e1:3e:3e:32:46:0f:0a:f5:fd:
         de:1e:25:88:86:cb:ad:7a:ac:c4:7a:2f:a4:10:9c:03:27:f2:
         1c:2e:1f:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKlfBFJzsyt7AUGuspc/uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzRkY2JmZTMwNjdlMmQ0NDA4NzNlNGYzOWNjMTNhOWZhNjlkZTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryDM2S27Q4OCsxzEgUotCGs6I/v0
+idKBCx00ZRiH9xQXeSm+toBG6lVXA8QHXTHnAaqd86lu/VpNYyD6f4HE5HlsUEg
m9Sao3yuCFzXOkwxPKGxAgwkqqKYQRfSpziktNjL/uXYxVvIlJBNqC53FfcoLshj
OTVKtFSzc1DMysLFaDSJSlB1j+JrMoijVH4Qg3TA6eneGmNVJnpynNnKpfURGW4U
Il8fPmXxLXv7fIekPiHKSPEc0n0qEXQ2PLaBsFptIDHQtKGUPDtXoZX6xeheP3iL
cYJ2eKn/QBzdekLmD9vTHmLjdoPDudOrEqPKk5Ia/Y4/D21Mhc5udJuRZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJdNy/4wZ+LUQIc+TznME6n6ad46MB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvbDAzTF9qQm40dFJBaHo1UE9jd1RxZnBwM2pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgbogXEE
MA0GCSqGSIb3DQEBCwUAA4IBAQB5CwaJ96BMSO2C/yI6elGYdgy0XT6/dz5zW6+f
8K2lbbezh5Ufi3Ammipgk6vFVwr94Kc2blEJh965m8cUiClSw/D774f4v1tlOhPm
n62Q/WiJQ4EivfzY+2bQvWsp7Q2jqa2PuOQvzak4YfO3qCOjf4/weW52TxsKp79s
HYOihF8Ttp2KHpCsZSDdRIZ37fHjrQ9sMVUZoNdMR0KMLkbYdn30ckrryEI1CaoX
/9hI9a9DTSmzwNxYolJgPkk9dCkKPNvW15ojrpkFQeWniMaPNkev/UF+M14IVd3U
wJYHOyfhPj4yRg8K9f3eHiWIhsuteqzEei+kEJwDJ/IcLh+H
-----END CERTIFICATE-----