Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/z_K6xJBWHaFSwjsmBPnCmT3ADiA.roa
File:                     z_K6xJBWHaFSwjsmBPnCmT3ADiA.roa (raw, json)
Hash identifier:          CcKxjasrUmWXS8pjlrNoNBLCOhWqn6NQhMbF6qn71EE=
Subject key identifier:   CF:F2:BA:C4:90:56:1D:A1:52:C2:3B:26:04:F9:C2:99:3D:C0:0E:20
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A5C699A0BBAEB94ACF8D113B9FAD2
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/z_K6xJBWHaFSwjsmBPnCmT3ADiA.roa
Signing time:             Tue 02 Jan 2024 12:33:42 +0000
ROA not before:           Tue 02 Jan 2024 12:33:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212024
IP address blocks:        2a06:e881:7700::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:5c:69:9a:0b:ba:eb:94:ac:f8:d1:13:b9:fa:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cff2bac490561da152c23b2604f9c2993dc00e20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:a6:fd:0d:ae:a9:4f:87:88:ce:b6:5a:32:f0:
                    b7:29:17:21:13:dc:4c:3d:b5:e0:56:73:91:b3:77:
                    97:0f:f9:83:52:4e:7e:c9:ba:00:f8:48:54:73:cd:
                    12:d4:66:b2:02:55:2b:80:3b:18:88:07:4b:f0:8a:
                    0f:4a:f8:8e:b1:bc:e3:db:ca:46:6d:b6:27:84:31:
                    f4:db:b1:f5:be:4b:89:55:36:ba:40:20:27:f2:93:
                    2a:ac:0b:fe:3e:66:03:8b:9d:a1:7d:f4:88:db:5f:
                    5b:4e:84:f7:11:b1:1f:c2:5d:a8:1c:85:76:86:59:
                    ee:69:56:8f:69:ca:67:0e:da:c6:6e:c2:52:26:c2:
                    0b:ca:0c:23:f0:48:c9:a1:3a:af:7e:a4:f0:e9:34:
                    b0:c3:4a:2b:56:45:40:50:66:86:4b:b3:4f:27:7a:
                    8d:81:c7:ed:a0:cf:20:ac:ba:5a:89:49:25:fd:f3:
                    65:c3:06:df:9d:7d:5d:f1:cd:70:9f:b2:0c:84:c0:
                    33:b0:c3:68:11:4c:ea:88:f0:ed:be:08:c3:76:fb:
                    56:d1:b4:e8:52:68:5b:91:c5:1b:1e:7e:81:1d:a8:
                    55:4e:dc:ef:b5:e3:55:19:22:e4:f7:c3:3f:5a:33:
                    8e:c8:eb:3c:35:e8:46:52:92:a8:78:64:d3:bd:15:
                    57:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:F2:BA:C4:90:56:1D:A1:52:C2:3B:26:04:F9:C2:99:3D:C0:0E:20
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/z_K6xJBWHaFSwjsmBPnCmT3ADiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:7700::/40

    Signature Algorithm: sha256WithRSAEncryption
         9c:c8:ed:f9:41:90:f0:cd:93:9f:52:34:73:50:5b:7e:98:ad:
         15:23:f0:65:71:b2:21:e2:18:83:6d:c0:7c:86:0e:52:11:7b:
         96:3e:4e:df:5f:5e:70:61:91:74:c6:47:70:ea:2d:d2:4a:18:
         ca:7b:d7:96:22:73:e5:dc:f8:ee:02:91:c2:2c:36:77:30:9d:
         00:24:4a:a9:12:01:a1:ba:1f:64:13:ed:53:19:e3:09:10:a3:
         72:23:e1:24:2a:7e:35:6d:67:e1:01:15:6e:b0:18:10:9c:5f:
         6c:26:4a:8b:8b:f1:29:a8:8b:57:c9:f4:2a:12:f9:9e:69:6a:
         d5:0f:8b:bf:b0:6f:61:55:b4:f8:27:60:37:0e:f9:00:54:a6:
         bf:f5:95:48:d2:9f:4f:b4:e8:b4:5d:5a:41:48:95:e4:12:4b:
         e3:51:7f:dc:b5:79:d5:ef:60:7c:25:ec:68:0d:7b:30:78:70:
         a0:2f:0c:bd:b1:43:ae:5a:5d:4e:26:55:e9:7b:ae:26:b4:ed:
         46:4d:52:35:03:d9:9c:64:09:ba:f1:3a:4b:c4:53:68:73:fb:
         98:95:49:b0:dd:eb:b8:1f:44:c1:c5:e1:82:03:be:a7:11:13:
         e0:86:77:ad:b3:30:63:25:1e:c6:e7:de:d9:5b:d4:ba:b3:11:
         52:c6:5a:af
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKKlxpmgu665Ss+NETufrSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmYyYmFjNDkwNTYxZGExNTJjMjNiMjYwNGY5YzI5OTNkYzAwZTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKb9Da6pT4eIzrZaMvC3KRchE9xM
PbXgVnORs3eXD/mDUk5+yboA+EhUc80S1GayAlUrgDsYiAdL8IoPSviOsbzj28pG
bbYnhDH027H1vkuJVTa6QCAn8pMqrAv+PmYDi52hffSI219bToT3EbEfwl2oHIV2
hlnuaVaPacpnDtrGbsJSJsILygwj8EjJoTqvfqTw6TSww0orVkVAUGaGS7NPJ3qN
gcftoM8grLpaiUkl/fNlwwbfnX1d8c1wn7IMhMAzsMNoEUzqiPDtvgjDdvtW0bTo
UmhbkcUbHn6BHahVTtzvteNVGSLk98M/WjOOyOs8NehGUpKoeGTTvRVX5wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFM/yusSQVh2hUsI7JgT5wpk9wA4gMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvel9LNnhKQldIYUZTd2pzbUJQbkNtVDNBRGlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgbogXcw
DQYJKoZIhvcNAQELBQADggEBAJzI7flBkPDNk59SNHNQW36YrRUj8GVxsiHiGINt
wHyGDlIRe5Y+Tt9fXnBhkXTGR3DqLdJKGMp715Yic+Xc+O4CkcIsNncwnQAkSqkS
AaG6H2QT7VMZ4wkQo3Ij4SQqfjVtZ+EBFW6wGBCcX2wmSouL8Smoi1fJ9CoS+Z5p
atUPi7+wb2FVtPgnYDcO+QBUpr/1lUjSn0+06LRdWkFIleQSS+NRf9y1edXvYHwl
7GgNezB4cKAvDL2xQ65aXU4mVel7ria07UZNUjUD2ZxkCbrxOkvEU2hz+5iVSbDd
67gfRMHF4YIDvqcRE+CGd62zMGMlHsbn3tlb1LqzEVLGWq8=
-----END CERTIFICATE-----