Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/IAIHsMBZmJwGMXrvpacOFN9hPkQ.roa
File:                     IAIHsMBZmJwGMXrvpacOFN9hPkQ.roa (raw, json)
Hash identifier:          nDgMbNb6ksiiCWN9GDn/jiRL4wzUTMd+4nVMnYkYpyI=
Subject key identifier:   20:02:07:B0:C0:59:98:9C:06:31:7A:EF:A5:A7:0E:14:DF:61:3E:44
Certificate issuer:       /CN=cfc7ef2b766594892d78928cbe781779fdce67d0
Certificate serial:       018CC2DABCEDA58D4D629A096ABA0A8A5F5F
Authority key identifier: CF:C7:EF:2B:76:65:94:89:2D:78:92:8C:BE:78:17:79:FD:CE:67:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/IAIHsMBZmJwGMXrvpacOFN9hPkQ.roa
Signing time:             Mon 01 Jan 2024 02:29:24 +0000
ROA not before:           Mon 01 Jan 2024 02:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8729
IP address blocks:        2a02:6a0:cffe::/48 maxlen: 48
                          2a02:6a0:cfff::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:bc:ed:a5:8d:4d:62:9a:09:6a:ba:0a:8a:5f:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfc7ef2b766594892d78928cbe781779fdce67d0
        Validity
            Not Before: Jan  1 02:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=200207b0c059989c06317aefa5a70e14df613e44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d1:9a:67:34:cf:86:2c:f9:5f:95:c0:aa:95:
                    9e:91:7d:4e:52:fc:1b:44:89:ab:7b:70:13:85:7f:
                    de:f4:ab:36:d5:4f:77:c3:6e:b6:04:8d:21:d6:ea:
                    4d:9a:1a:2d:85:0d:70:99:2e:64:41:6b:25:02:9c:
                    e3:bc:be:f6:61:ce:4b:06:b5:35:8e:81:e1:5e:9d:
                    a7:9e:9d:72:79:47:74:1c:65:d7:ab:f0:55:b4:b9:
                    d3:5f:7d:ae:2f:9d:8c:2c:10:49:58:9c:60:93:02:
                    d8:29:1e:ee:ab:17:44:a5:4f:04:d1:b7:11:0e:1b:
                    2b:7d:21:3f:4c:7b:61:ce:d4:50:65:a7:32:af:1f:
                    18:d6:29:c0:de:fc:e4:dd:b6:30:c2:de:bb:b7:63:
                    99:28:82:bf:08:5a:c8:9a:b9:a6:34:98:fa:53:48:
                    8b:ce:b2:0e:5c:52:51:1f:a2:8e:d5:8d:23:ed:8b:
                    bf:3d:e8:0d:25:78:e6:80:0b:e4:a9:95:b3:3e:1d:
                    e8:9a:a0:52:c6:52:4a:17:b3:03:e5:eb:28:2c:76:
                    d7:6b:56:f0:9b:45:02:b5:55:ca:23:c0:97:5a:6a:
                    6e:a3:05:8b:c9:7b:df:64:3f:b5:59:01:78:6c:6c:
                    e1:a6:6a:07:e2:b7:cb:79:6b:18:6c:02:bc:3b:63:
                    f6:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:02:07:B0:C0:59:98:9C:06:31:7A:EF:A5:A7:0E:14:DF:61:3E:44
            X509v3 Authority Key Identifier:
                keyid:CF:C7:EF:2B:76:65:94:89:2D:78:92:8C:BE:78:17:79:FD:CE:67:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/IAIHsMBZmJwGMXrvpacOFN9hPkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:6a0:cffe::/47

    Signature Algorithm: sha256WithRSAEncryption
         42:45:33:37:77:93:27:03:9c:84:51:d1:db:3c:29:db:79:0c:
         c5:dc:32:ab:eb:30:4b:4a:91:d4:a4:34:62:07:7e:21:a0:26:
         1d:74:cb:fd:9d:67:ec:9b:4b:9f:55:0e:aa:a3:0b:59:71:3a:
         f1:60:39:4e:f7:98:86:f5:d8:aa:2e:bd:c0:54:1a:fe:36:99:
         d4:60:ef:b5:cd:79:a8:9b:77:20:f5:da:d4:66:a7:2c:46:00:
         12:29:73:62:41:10:dd:6f:0a:30:c9:33:55:66:b5:00:fe:15:
         fd:e3:f1:3a:93:f9:44:07:a4:bb:90:d7:d4:49:2a:10:0e:e9:
         ed:0b:49:c3:72:9f:64:7e:dd:ca:99:e6:99:81:65:ff:ec:2f:
         78:30:94:f1:01:54:d0:19:a4:37:83:f1:ba:2e:a9:45:77:16:
         d3:d0:5a:06:86:16:86:aa:de:e2:63:2d:c4:b6:35:c8:9f:69:
         80:24:83:cc:43:30:aa:0a:a2:25:9b:0e:01:49:78:5d:76:1c:
         c6:c2:c3:64:37:a1:3c:43:04:53:41:11:93:24:da:d6:1c:24:
         53:ac:05:64:fa:2d:1e:e0:5a:5b:29:cc:f6:5b:97:ff:02:ed:
         56:22:96:f8:9c:56:12:78:98:19:d2:84:fe:22:46:54:fe:27:
         a2:52:6e:dc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2rztpY1NYpoJaroKil9fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYzdlZjJiNzY2NTk0ODkyZDc4OTI4Y2JlNzgxNzc5ZmRj
ZTY3ZDAwHhcNMjQwMTAxMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDAyMDdiMGMwNTk5ODljMDYzMTdhZWZhNWE3MGUxNGRmNjEzZTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktGaZzTPhiz5X5XAqpWekX1OUvwb
RImre3AThX/e9Ks21U93w262BI0h1upNmhothQ1wmS5kQWslApzjvL72Yc5LBrU1
joHhXp2nnp1yeUd0HGXXq/BVtLnTX32uL52MLBBJWJxgkwLYKR7uqxdEpU8E0bcR
DhsrfSE/THthztRQZacyrx8Y1inA3vzk3bYwwt67t2OZKIK/CFrImrmmNJj6U0iL
zrIOXFJRH6KO1Y0j7Yu/PegNJXjmgAvkqZWzPh3omqBSxlJKF7MD5esoLHbXa1bw
m0UCtVXKI8CXWmpuowWLyXvfZD+1WQF4bGzhpmoH4rfLeWsYbAK8O2P2eQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCACB7DAWZicBjF676WnDhTfYT5EMB8GA1UdIwQY
MBaAFM/H7yt2ZZSJLXiSjL54F3n9zmfQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejhmdkszWmxsSWt0ZUpLTXZuZ1hlZjNPWjlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9jZDBiMmMtMjllMi00NzM3LTllYjct
OGNkNTViMDNkMjJkLzEvSUFJSHNNQlptSndHTVhydnBhY09GTjloUGtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9jZDBiMmMtMjllMi00NzM3LTllYjctOGNkNTViMDNkMjJk
LzEvejhmdkszWmxsSWt0ZUpLTXZuZ1hlZjNPWjlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgIGoM/+
MA0GCSqGSIb3DQEBCwUAA4IBAQBCRTM3d5MnA5yEUdHbPCnbeQzF3DKr6zBLSpHU
pDRiB34hoCYddMv9nWfsm0ufVQ6qowtZcTrxYDlO95iG9diqLr3AVBr+NpnUYO+1
zXmom3cg9drUZqcsRgASKXNiQRDdbwowyTNVZrUA/hX94/E6k/lEB6S7kNfUSSoQ
DuntC0nDcp9kft3KmeaZgWX/7C94MJTxAVTQGaQ3g/G6LqlFdxbT0FoGhhaGqt7i
Yy3EtjXIn2mAJIPMQzCqCqIlmw4BSXhddhzGwsNkN6E8QwRTQRGTJNrWHCRTrAVk
+i0e4FpbKcz2W5f/Au1WIpb4nFYSeJgZ0oT+IkZU/ieiUm7c
-----END CERTIFICATE-----