Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/b-uMk143ghnk5rtDxi5_hxqx-NI.roa
File:                     b-uMk143ghnk5rtDxi5_hxqx-NI.roa (raw, json)
Hash identifier:          HOYkj39NSnk7+hE5AdOqFR4pWBWqlWYnBmXij5Xg+gk=
Subject key identifier:   6F:EB:8C:93:5E:37:82:19:E4:E6:BB:43:C6:2E:7F:87:1A:B1:F8:D2
Certificate issuer:       /CN=b27261d715348bfd73ce9dbb72488656993ba2f1
Certificate serial:       018CC793E92732EA52DF5C34558972A5D901
Authority key identifier: B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/b-uMk143ghnk5rtDxi5_hxqx-NI.roa
Signing time:             Tue 02 Jan 2024 00:30:08 +0000
ROA not before:           Tue 02 Jan 2024 00:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29588
IP address blocks:        2a0e:e6c0:6000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 20:23:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:e9:27:32:ea:52:df:5c:34:55:89:72:a5:d9:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b27261d715348bfd73ce9dbb72488656993ba2f1
        Validity
            Not Before: Jan  2 00:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6feb8c935e378219e4e6bb43c62e7f871ab1f8d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:7c:0c:e6:10:fd:8e:54:5e:43:9d:23:3f:2c:
                    db:f0:eb:df:da:20:e2:7d:ed:01:93:d0:97:a9:d4:
                    1e:47:0f:b4:06:40:d0:a2:63:55:e3:1a:e5:d7:a1:
                    19:e9:79:4d:e6:b4:06:80:92:2f:d8:9c:bd:1b:dd:
                    15:db:6d:6b:0e:fa:77:38:bc:de:04:58:76:47:42:
                    ff:e0:e3:14:b3:6d:c3:a4:ea:70:21:cf:53:7f:1f:
                    fd:6e:61:85:66:6f:bd:71:6d:36:d8:08:8d:6d:cc:
                    36:d0:65:ba:a2:8c:78:54:03:86:2f:4b:60:a1:41:
                    cf:b7:9e:c7:55:ce:b9:11:5e:a3:f3:68:59:20:10:
                    3f:f0:6f:e5:95:19:d9:28:11:91:9d:76:46:1a:37:
                    70:4d:75:b3:35:2a:c9:0e:20:7f:18:ab:7c:d7:b8:
                    c0:77:a7:5b:eb:d3:66:f8:16:55:c7:c0:cb:89:2b:
                    07:17:82:16:ff:d9:c6:28:9c:47:ac:91:24:8f:88:
                    b3:ef:38:d6:32:77:68:c3:36:b3:01:a8:6e:94:03:
                    28:39:1b:77:71:57:18:88:0a:e0:9a:6d:26:af:fa:
                    eb:42:a7:72:2a:34:02:2e:32:06:93:21:6e:65:2c:
                    97:82:e1:ba:52:71:0a:f2:e3:f2:c5:1e:45:52:da:
                    8f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:EB:8C:93:5E:37:82:19:E4:E6:BB:43:C6:2E:7F:87:1A:B1:F8:D2
            X509v3 Authority Key Identifier:
                keyid:B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/b-uMk143ghnk5rtDxi5_hxqx-NI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:e6c0:6000::/36

    Signature Algorithm: sha256WithRSAEncryption
         63:23:5b:4e:69:e1:14:00:4e:ff:c6:c3:f3:b9:dc:ee:26:a4:
         17:bf:85:bf:fd:16:8f:83:5a:52:58:33:32:89:50:05:4b:12:
         49:70:51:92:87:03:e7:b2:47:2c:20:fa:df:21:5b:f3:d7:26:
         bc:57:84:ab:8e:85:aa:0c:cc:e8:1f:a4:d8:3c:25:14:e2:a4:
         90:81:de:27:5c:43:c7:6f:17:91:c5:5b:80:f4:b5:43:78:f1:
         7c:9d:7f:08:bc:7a:66:e4:8b:bf:b2:94:fb:dc:d9:48:0e:c6:
         2e:24:fa:95:2c:16:d2:b1:fa:32:4a:ee:05:87:7c:1d:c8:1a:
         c3:8b:9c:cc:cc:3b:b2:45:f8:ca:8d:8e:06:b6:ea:bd:0a:a5:
         8f:8e:d5:23:ab:38:c5:5b:76:77:a0:34:20:5a:b7:d5:cc:73:
         1d:d5:3b:49:61:4d:8f:ed:45:ab:6c:b0:7b:29:af:87:ce:94:
         d0:c7:cf:88:ed:a2:90:48:0b:c2:41:68:18:4f:18:03:3b:4b:
         a9:34:41:04:28:0f:70:c3:a4:73:b9:ce:ef:dd:90:de:8b:10:
         2e:17:91:1f:b3:8e:1e:17:00:e9:3e:e2:6f:50:48:ba:61:8b:
         86:7b:eb:d6:8f:5f:e6:50:cb:2e:c3:ae:4d:87:51:75:93:3f:
         3f:9b:09:67
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHk+knMupS31w0VYlypdkBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNzI2MWQ3MTUzNDhiZmQ3M2NlOWRiYjcyNDg4NjU2OTkz
YmEyZjEwHhcNMjQwMTAyMDAzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmViOGM5MzVlMzc4MjE5ZTRlNmJiNDNjNjJlN2Y4NzFhYjFmOGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHwM5hD9jlReQ50jPyzb8Ovf2iDi
fe0Bk9CXqdQeRw+0BkDQomNV4xrl16EZ6XlN5rQGgJIv2Jy9G90V221rDvp3OLze
BFh2R0L/4OMUs23DpOpwIc9Tfx/9bmGFZm+9cW022AiNbcw20GW6oox4VAOGL0tg
oUHPt57HVc65EV6j82hZIBA/8G/llRnZKBGRnXZGGjdwTXWzNSrJDiB/GKt817jA
d6db69Nm+BZVx8DLiSsHF4IW/9nGKJxHrJEkj4iz7zjWMndowzazAahulAMoORt3
cVcYiArgmm0mr/rrQqdyKjQCLjIGkyFuZSyXguG6UnEK8uPyxR5FUtqPZwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFG/rjJNeN4IZ5Oa7Q8Yuf4casfjSMB8GA1UdIwQY
MBaAFLJyYdcVNIv9c86du3JIhlaZO6LxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2Yt
NTA0ZjI3NjY3NjBmLzEvYi11TWsxNDNnaG5rNXJ0RHhpNV9oeHF4LU5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2YtNTA0ZjI3NjY3NjBm
LzEvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKg7mwGAw
DQYJKoZIhvcNAQELBQADggEBAGMjW05p4RQATv/Gw/O53O4mpBe/hb/9Fo+DWlJY
MzKJUAVLEklwUZKHA+eyRywg+t8hW/PXJrxXhKuOhaoMzOgfpNg8JRTipJCB3idc
Q8dvF5HFW4D0tUN48Xydfwi8embki7+ylPvc2UgOxi4k+pUsFtKx+jJK7gWHfB3I
GsOLnMzMO7JF+MqNjga26r0KpY+O1SOrOMVbdnegNCBat9XMcx3VO0lhTY/tRats
sHspr4fOlNDHz4jtopBIC8JBaBhPGAM7S6k0QQQoD3DDpHO5zu/dkN6LEC4XkR+z
jh4XAOk+4m9QSLphi4Z769aPX+ZQyy7Drk2HUXWTPz+bCWc=
-----END CERTIFICATE-----