Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/p73LG3FRA9tGy6qNY3Bwq6RKFN8.roa
File:                     p73LG3FRA9tGy6qNY3Bwq6RKFN8.roa (raw, json)
Hash identifier:          p1Apdq0bxzfOtpafsbVcbIQmqkgQ3riyaVWOBMBTlws=
Subject key identifier:   A7:BD:CB:1B:71:51:03:DB:46:CB:AA:8D:63:70:70:AB:A4:4A:14:DF
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A536DA4F4E1E8B37416C9DECBB534
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/p73LG3FRA9tGy6qNY3Bwq6RKFN8.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205212
IP address blocks:        2a06:e881:3200::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:53:6d:a4:f4:e1:e8:b3:74:16:c9:de:cb:b5:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7bdcb1b715103db46cbaa8d637070aba44a14df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9f:70:6f:80:fd:01:c8:a8:45:b5:ec:61:98:
                    18:c0:fd:94:a2:43:9c:8f:e4:e3:96:8d:55:20:c8:
                    b6:ad:0b:32:77:a3:b6:17:fe:aa:30:fc:70:bf:e4:
                    99:58:42:3f:1c:8e:b0:14:70:d2:54:9e:5b:7a:49:
                    e4:6e:2f:fd:43:90:e5:37:f3:3c:93:36:2f:1d:c3:
                    77:61:a5:05:75:16:3a:bb:e8:a6:5d:ba:5d:49:ce:
                    ed:9e:d0:85:c2:e9:11:e1:8f:f5:f6:a5:46:eb:18:
                    fa:8e:13:61:db:66:e1:ee:08:4b:c6:ef:9a:8c:ba:
                    4e:73:a0:ae:ec:19:0d:e5:ca:b2:ba:ca:35:2f:39:
                    1b:79:45:e4:4d:3a:1e:12:eb:6e:77:c1:0e:9d:dc:
                    67:a7:6d:ca:b7:36:6d:60:5e:c2:70:9c:3f:be:a2:
                    5b:99:56:40:ba:fc:72:75:fe:2a:0c:ec:21:15:72:
                    41:31:fc:29:7c:29:8a:32:7e:d0:a7:42:71:c2:2a:
                    c7:c6:73:40:25:43:c9:d6:94:54:33:11:31:5a:48:
                    ae:0b:38:89:24:50:b3:51:2a:c1:ae:1b:8c:f8:6c:
                    5a:0c:1b:5e:c4:37:49:f1:92:cf:5a:42:df:d7:02:
                    f2:f5:56:e3:b5:3c:29:8c:92:d6:1b:41:30:5e:a3:
                    df:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:BD:CB:1B:71:51:03:DB:46:CB:AA:8D:63:70:70:AB:A4:4A:14:DF
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/p73LG3FRA9tGy6qNY3Bwq6RKFN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:3200::/44

    Signature Algorithm: sha256WithRSAEncryption
         d3:ff:a6:2f:c4:59:c1:cf:01:95:ed:4e:f5:60:ce:f5:3f:72:
         57:cc:b9:ab:df:08:9d:4c:9f:cc:4f:0b:62:ab:6c:bb:14:22:
         5e:bb:e9:3b:bd:b1:a1:ff:89:f3:e6:9b:73:3f:c2:d7:16:c0:
         87:cb:ab:98:10:d9:6c:2c:ba:e0:97:7d:5d:4a:55:aa:a3:1c:
         51:ce:d5:3f:90:7c:8e:31:b6:0e:ce:f4:86:b2:84:c5:f5:44:
         64:29:03:05:c8:22:4c:f8:5a:1c:22:0d:9c:22:e5:df:a2:b5:
         e3:21:62:e3:af:ae:78:f0:6b:3b:76:eb:32:8d:f2:1b:f4:a0:
         84:49:ab:a5:77:34:77:92:78:49:17:35:50:c3:1a:4f:c0:23:
         8e:5b:3f:f8:e8:3b:48:57:30:26:46:0c:fa:83:72:26:5a:45:
         51:25:b9:60:78:fb:8a:05:72:51:1c:22:c1:4b:09:db:d1:a8:
         ef:4c:2d:88:ae:5c:07:f9:b7:37:75:71:0d:83:bf:90:19:d7:
         91:1a:36:4a:7a:10:39:e8:c0:8b:10:36:67:59:96:ad:7c:a4:
         0c:7f:99:dd:49:59:0f:cb:9a:d8:57:00:94:ed:92:f5:a0:a7:
         b1:f8:1c:8d:26:29:66:40:46:92:ca:eb:41:8d:90:fd:95:8e:
         40:db:35:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKlNtpPTh6LN0Fsney7U0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2JkY2IxYjcxNTEwM2RiNDZjYmFhOGQ2MzcwNzBhYmE0NGExNGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJ9wb4D9AcioRbXsYZgYwP2UokOc
j+Tjlo1VIMi2rQsyd6O2F/6qMPxwv+SZWEI/HI6wFHDSVJ5beknkbi/9Q5DlN/M8
kzYvHcN3YaUFdRY6u+imXbpdSc7tntCFwukR4Y/19qVG6xj6jhNh22bh7ghLxu+a
jLpOc6Cu7BkN5cqyuso1LzkbeUXkTToeEutud8EOndxnp23KtzZtYF7CcJw/vqJb
mVZAuvxydf4qDOwhFXJBMfwpfCmKMn7Qp0JxwirHxnNAJUPJ1pRUMxExWkiuCziJ
JFCzUSrBrhuM+GxaDBtexDdJ8ZLPWkLf1wLy9VbjtTwpjJLWG0EwXqPfDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKe9yxtxUQPbRsuqjWNwcKukShTfMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvcDczTEczRlJBOXRHeTZxTlkzQndxNlJLRk44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbogTIA
MA0GCSqGSIb3DQEBCwUAA4IBAQDT/6YvxFnBzwGV7U71YM71P3JXzLmr3widTJ/M
Twtiq2y7FCJeu+k7vbGh/4nz5ptzP8LXFsCHy6uYENlsLLrgl31dSlWqoxxRztU/
kHyOMbYOzvSGsoTF9URkKQMFyCJM+FocIg2cIuXforXjIWLjr6548Gs7dusyjfIb
9KCESauldzR3knhJFzVQwxpPwCOOWz/46DtIVzAmRgz6g3ImWkVRJblgePuKBXJR
HCLBSwnb0ajvTC2IrlwH+bc3dXENg7+QGdeRGjZKehA56MCLEDZnWZatfKQMf5nd
SVkPy5rYVwCU7ZL1oKex+ByNJilmQEaSyutBjZD9lY5A2zXv
-----END CERTIFICATE-----