Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/yA-dXiTC-YzSP4bJG5Hrze-Qgd0.roa
File:                     yA-dXiTC-YzSP4bJG5Hrze-Qgd0.roa (raw, json)
Hash identifier:          KU5AfZ0agpB+i5sWvPf8PoW8+T3cL8mRbH+zaRJT1aY=
Subject key identifier:   C8:0F:9D:5E:24:C2:F9:8C:D2:3F:86:C9:1B:91:EB:CD:EF:90:81:DD
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A55C490CE45C6CBE846D67C710C0E
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/yA-dXiTC-YzSP4bJG5Hrze-Qgd0.roa
Signing time:             Tue 02 Jan 2024 12:33:41 +0000
ROA not before:           Tue 02 Jan 2024 12:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206633
IP address blocks:        2a06:e881:108::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:55:c4:90:ce:45:c6:cb:e8:46:d6:7c:71:0c:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c80f9d5e24c2f98cd23f86c91b91ebcdef9081dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c9:de:d9:05:23:ac:27:4c:16:70:86:1b:94:
                    f7:2c:db:60:2f:bf:1c:4b:ad:45:b9:bf:e9:46:a6:
                    45:bf:d1:dd:8f:db:64:01:26:77:b2:d3:a9:db:d7:
                    29:11:bc:fa:7c:d9:e0:8b:48:b8:9e:60:2c:97:27:
                    d2:3d:71:10:5b:06:6e:e5:89:27:6a:9e:48:84:2f:
                    90:79:3b:c5:14:b5:55:83:28:0c:e4:3c:10:02:f2:
                    af:d6:3b:80:cb:1c:82:83:3b:fb:5d:62:0d:bd:7c:
                    63:1e:44:c5:fd:39:30:21:e2:79:14:6c:70:00:00:
                    2e:02:78:71:75:fb:36:01:f7:b5:e4:83:e7:a6:58:
                    6c:f5:67:2d:30:9e:8a:99:33:b1:81:cb:6a:40:c2:
                    f3:25:fa:4b:36:6d:d0:39:3d:83:6b:bb:f9:53:c0:
                    1e:02:53:9e:ab:35:a0:16:d7:00:cc:c9:45:aa:96:
                    df:16:53:c9:bd:a0:7c:b4:d6:a2:39:84:fc:53:f7:
                    f2:f1:8d:56:eb:69:c9:b9:35:94:8e:07:5c:e7:5d:
                    fa:71:38:ec:af:ef:62:5c:66:b6:9a:6a:cc:cc:92:
                    fa:93:23:86:ff:d9:e3:2b:d7:10:40:09:8f:27:0c:
                    54:29:2d:05:61:e0:2d:b4:d6:62:67:40:41:65:4d:
                    0a:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:0F:9D:5E:24:C2:F9:8C:D2:3F:86:C9:1B:91:EB:CD:EF:90:81:DD
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/yA-dXiTC-YzSP4bJG5Hrze-Qgd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:108::/48

    Signature Algorithm: sha256WithRSAEncryption
         c0:5b:3b:ff:71:ae:1f:f4:e6:d2:6d:fc:02:50:b9:88:89:db:
         16:b8:18:07:e5:fd:06:0c:57:66:c1:d8:8f:9a:b3:38:ee:9a:
         7e:c3:73:0f:d4:87:9a:85:15:09:ed:37:37:b4:eb:55:ad:c5:
         55:6a:04:0f:3d:1e:1a:15:60:4c:c1:9b:66:ea:11:7e:16:29:
         3f:89:aa:f8:8b:e5:ca:54:a5:9e:35:8f:cb:b7:94:32:38:e9:
         e7:06:0a:b4:44:5c:eb:43:28:12:8b:c6:16:b7:31:31:8f:1e:
         a4:aa:87:7d:58:c6:b2:d9:04:29:4e:53:b6:14:25:7c:2d:84:
         43:bc:9f:cc:07:b7:ad:dc:63:0f:3a:b7:c0:d3:3d:b2:36:27:
         ce:e8:67:f2:13:29:1b:ba:ac:5a:ca:a3:12:e3:16:36:fd:9d:
         20:6b:0d:a2:66:f0:bb:df:fa:1b:59:78:5d:9e:92:5e:fd:67:
         d7:1f:3c:42:71:1d:6b:7f:9a:7b:47:3d:6b:08:db:66:38:4e:
         01:6c:d6:a6:78:f7:b9:5d:54:96:d4:bb:bd:f3:85:3e:00:94:
         00:f1:f3:5d:a9:95:21:e3:88:04:fc:77:d5:a3:6b:61:7d:8f:
         78:82:7c:72:4b:22:d0:6e:32:38:d4:ab:c9:cb:a9:fb:9d:ca:
         7b:4f:b4:71
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKlXEkM5FxsvoRtZ8cQwOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODBmOWQ1ZTI0YzJmOThjZDIzZjg2YzkxYjkxZWJjZGVmOTA4MWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8ne2QUjrCdMFnCGG5T3LNtgL78c
S61Fub/pRqZFv9Hdj9tkASZ3stOp29cpEbz6fNngi0i4nmAslyfSPXEQWwZu5Ykn
ap5IhC+QeTvFFLVVgygM5DwQAvKv1juAyxyCgzv7XWINvXxjHkTF/TkwIeJ5FGxw
AAAuAnhxdfs2Afe15IPnplhs9WctMJ6KmTOxgctqQMLzJfpLNm3QOT2Da7v5U8Ae
AlOeqzWgFtcAzMlFqpbfFlPJvaB8tNaiOYT8U/fy8Y1W62nJuTWUjgdc5136cTjs
r+9iXGa2mmrMzJL6kyOG/9njK9cQQAmPJwxUKS0FYeAttNZiZ0BBZU0K3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMgPnV4kwvmM0j+GyRuR683vkIHdMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEveUEtZFhpVEMtWXpTUDRiSkc1SHJ6ZS1RZ2QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgbogQEI
MA0GCSqGSIb3DQEBCwUAA4IBAQDAWzv/ca4f9ObSbfwCULmIidsWuBgH5f0GDFdm
wdiPmrM47pp+w3MP1IeahRUJ7Tc3tOtVrcVVagQPPR4aFWBMwZtm6hF+Fik/iar4
i+XKVKWeNY/Lt5QyOOnnBgq0RFzrQygSi8YWtzExjx6kqod9WMay2QQpTlO2FCV8
LYRDvJ/MB7et3GMPOrfA0z2yNifO6GfyEykbuqxayqMS4xY2/Z0gaw2iZvC73/ob
WXhdnpJe/WfXHzxCcR1rf5p7Rz1rCNtmOE4BbNamePe5XVSW1Lu984U+AJQA8fNd
qZUh44gE/HfVo2thfY94gnxySyLQbjI41KvJy6n7ncp7T7Rx
-----END CERTIFICATE-----