Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/b8e5c4-38eb-445f-b036-c37790e6d482/1/bIaEW0_yfIAOdr1ZIWIVHpRuNU8.roa
File:                     bIaEW0_yfIAOdr1ZIWIVHpRuNU8.roa (raw, json)
Hash identifier:          mHfEmXSjOkdPHijJSt6cnIdhwaZKo7aMio5VL8k7TdM=
Subject key identifier:   6C:86:84:5B:4F:F2:7C:80:0E:76:BD:59:21:62:15:1E:94:6E:35:4F
Certificate issuer:       /CN=4eef6aae6fba5c61a61739afcab55a62266e89ee
Certificate serial:       018CC8DE60121F52720030F94B96BE96969F
Authority key identifier: 4E:EF:6A:AE:6F:BA:5C:61:A6:17:39:AF:CA:B5:5A:62:26:6E:89:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tu9qrm-6XGGmFzmvyrVaYiZuie4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/b8e5c4-38eb-445f-b036-c37790e6d482/1/bIaEW0_yfIAOdr1ZIWIVHpRuNU8.roa
Signing time:             Tue 02 Jan 2024 06:31:05 +0000
ROA not before:           Tue 02 Jan 2024 06:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212461
IP address blocks:        2a0b:6900:1ad::/48 maxlen: 48
                          2a0b:6903:1ad::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/b8e5c4-38eb-445f-b036-c37790e6d482/1/Tu9qrm-6XGGmFzmvyrVaYiZuie4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/b8e5c4-38eb-445f-b036-c37790e6d482/1/Tu9qrm-6XGGmFzmvyrVaYiZuie4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tu9qrm-6XGGmFzmvyrVaYiZuie4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:60:12:1f:52:72:00:30:f9:4b:96:be:96:96:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4eef6aae6fba5c61a61739afcab55a62266e89ee
        Validity
            Not Before: Jan  2 06:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c86845b4ff27c800e76bd592162151e946e354f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b1:40:7a:72:f7:3b:0d:a3:ba:f3:d8:eb:08:
                    21:7b:b7:d4:0c:af:43:09:00:45:db:4f:23:96:03:
                    38:25:7c:bd:95:33:41:86:88:cf:30:f0:1a:8b:ef:
                    92:39:3b:3f:fe:51:04:43:4e:58:54:56:24:73:98:
                    e9:ee:c5:d0:65:fe:16:fc:d3:88:5c:eb:7e:a7:b3:
                    37:d4:0a:40:99:1f:cf:19:7e:39:22:cf:af:4f:68:
                    21:3d:de:76:48:10:6d:90:b6:dc:68:d4:56:76:ad:
                    e2:68:b9:87:35:ad:f8:57:dc:0c:37:df:91:da:d2:
                    df:32:b2:9f:a9:ad:a0:a4:86:93:9f:e3:9b:27:1d:
                    b3:96:5b:71:84:09:e2:22:4f:76:ac:09:d6:a1:8c:
                    3e:e9:cc:1e:ea:04:a7:7f:12:5d:6d:22:96:9c:44:
                    8c:d1:b5:dc:a3:4a:1b:de:e2:29:e7:95:63:59:87:
                    b0:ce:54:f0:f1:df:32:61:1c:49:36:09:9e:71:6e:
                    d5:2f:35:78:b1:e3:23:c6:70:50:33:6d:07:90:9c:
                    0d:a7:54:e3:c5:8c:ea:2d:a9:5b:f9:45:11:6c:aa:
                    41:04:6d:73:06:33:e5:5e:30:a4:ed:4a:e2:29:8f:
                    b8:eb:33:e3:26:dd:3d:79:b7:9f:4c:8e:4f:27:e4:
                    41:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:86:84:5B:4F:F2:7C:80:0E:76:BD:59:21:62:15:1E:94:6E:35:4F
            X509v3 Authority Key Identifier:
                keyid:4E:EF:6A:AE:6F:BA:5C:61:A6:17:39:AF:CA:B5:5A:62:26:6E:89:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tu9qrm-6XGGmFzmvyrVaYiZuie4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/b8e5c4-38eb-445f-b036-c37790e6d482/1/bIaEW0_yfIAOdr1ZIWIVHpRuNU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/b8e5c4-38eb-445f-b036-c37790e6d482/1/Tu9qrm-6XGGmFzmvyrVaYiZuie4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6900:1ad::/48
                  2a0b:6903:1ad::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:c6:bd:e5:da:ea:b3:1e:8c:2f:6b:f9:5c:98:7a:54:64:b2:
         8e:e2:cb:17:c7:02:12:1e:dc:c7:c9:c2:0e:9d:53:35:17:85:
         07:ad:0d:be:f2:46:3b:ea:e9:9b:2a:0b:78:30:ef:93:cc:37:
         e7:87:44:77:da:48:20:d5:5c:1b:23:84:64:99:b6:7c:f6:77:
         f9:71:38:12:dc:15:7b:fb:09:03:5a:3c:2a:8b:46:38:dc:df:
         dd:6c:b2:c0:90:9d:7b:3e:40:56:00:54:29:21:6b:3f:b2:53:
         c4:17:21:26:45:64:1f:9b:36:61:8f:0a:82:25:69:d4:fc:67:
         5f:39:b2:8c:01:0b:b6:57:ad:91:ac:f8:79:29:b3:a9:7b:28:
         42:f4:70:34:9c:93:e2:d4:fb:74:09:86:9c:5c:f3:22:60:56:
         12:94:eb:1b:17:b8:ac:48:38:03:2c:05:7c:7a:fb:ca:84:bb:
         e4:4b:71:c7:36:05:d9:08:8f:0c:50:53:8c:d6:89:09:64:3e:
         a7:65:07:30:c3:19:80:ec:6d:ea:41:cd:e8:6d:59:a7:0c:b6:
         91:87:d5:1c:4b:7a:1b:16:f2:de:58:0f:6e:9b:60:62:f9:29:
         98:85:8a:fb:d3:87:9f:01:0f:41:ba:0e:d3:e1:d5:ed:a3:f8:
         97:d8:6d:66
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI3mASH1JyADD5S5a+lpafMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZWY2YWFlNmZiYTVjNjFhNjE3MzlhZmNhYjU1YTYyMjY2
ZTg5ZWUwHhcNMjQwMTAyMDYzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yzg2ODQ1YjRmZjI3YzgwMGU3NmJkNTkyMTYyMTUxZTk0NmUzNTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLFAenL3Ow2juvPY6wghe7fUDK9D
CQBF208jlgM4JXy9lTNBhojPMPAai++SOTs//lEEQ05YVFYkc5jp7sXQZf4W/NOI
XOt+p7M31ApAmR/PGX45Is+vT2ghPd52SBBtkLbcaNRWdq3iaLmHNa34V9wMN9+R
2tLfMrKfqa2gpIaTn+ObJx2zlltxhAniIk92rAnWoYw+6cwe6gSnfxJdbSKWnESM
0bXco0ob3uIp55VjWYewzlTw8d8yYRxJNgmecW7VLzV4seMjxnBQM20HkJwNp1Tj
xYzqLalb+UURbKpBBG1zBjPlXjCk7UriKY+46zPjJt09ebefTI5PJ+RBHwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGyGhFtP8nyADna9WSFiFR6UbjVPMB8GA1UdIwQY
MBaAFE7vaq5vulxhphc5r8q1WmImbonuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHU5cXJtLTZYR0dtRnptdnlyVmFZaVp1aWU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9iOGU1YzQtMzhlYi00NDVmLWIwMzYt
YzM3NzkwZTZkNDgyLzEvYklhRVcwX3lmSUFPZHIxWklXSVZIcFJ1TlU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9iOGU1YzQtMzhlYi00NDVmLWIwMzYtYzM3NzkwZTZkNDgy
LzEvVHU5cXJtLTZYR0dtRnptdnlyVmFZaVp1aWU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgtpAAGt
AwcAKgtpAwGtMA0GCSqGSIb3DQEBCwUAA4IBAQBUxr3l2uqzHowva/lcmHpUZLKO
4ssXxwISHtzHycIOnVM1F4UHrQ2+8kY76umbKgt4MO+TzDfnh0R32kgg1VwbI4Rk
mbZ89nf5cTgS3BV7+wkDWjwqi0Y43N/dbLLAkJ17PkBWAFQpIWs/slPEFyEmRWQf
mzZhjwqCJWnU/GdfObKMAQu2V62RrPh5KbOpeyhC9HA0nJPi1Pt0CYacXPMiYFYS
lOsbF7isSDgDLAV8evvKhLvkS3HHNgXZCI8MUFOM1okJZD6nZQcwwxmA7G3qQc3o
bVmnDLaRh9UcS3obFvLeWA9um2Bi+SmYhYr704efAQ9Bug7T4dXto/iX2G1m
-----END CERTIFICATE-----