Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/KzcbAGnuCRwQuuMY4XGbGN7YoWQ.roa
File:                     KzcbAGnuCRwQuuMY4XGbGN7YoWQ.roa (raw, json)
Hash identifier:          6Kg2/x/h0dtcx8GueBqIYB/QrNvICRHg/5EbjF34CUY=
Subject key identifier:   2B:37:1B:00:69:EE:09:1C:10:BA:E3:18:E1:71:9B:18:DE:D8:A1:64
Certificate issuer:       /CN=c0fbd5876613edc56e0f5de468cce5eb2885ff29
Certificate serial:       018EA8D1FB9941FD87214E21CCD0AB8AC991
Authority key identifier: C0:FB:D5:87:66:13:ED:C5:6E:0F:5D:E4:68:CC:E5:EB:28:85:FF:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wPvVh2YT7cVuD13kaMzl6yiF_yk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/KzcbAGnuCRwQuuMY4XGbGN7YoWQ.roa
Signing time:             Thu 04 Apr 2024 11:15:17 +0000
ROA not before:           Thu 04 Apr 2024 11:15:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205272
IP address blocks:        2a06:bcc0:6::/48 maxlen: 48
                          2a06:bcc0:7::/48 maxlen: 48
                          2a06:bcc0:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/wPvVh2YT7cVuD13kaMzl6yiF_yk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/wPvVh2YT7cVuD13kaMzl6yiF_yk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wPvVh2YT7cVuD13kaMzl6yiF_yk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a8:d1:fb:99:41:fd:87:21:4e:21:cc:d0:ab:8a:c9:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0fbd5876613edc56e0f5de468cce5eb2885ff29
        Validity
            Not Before: Apr  4 11:15:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b371b0069ee091c10bae318e1719b18ded8a164
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:93:78:33:7f:cd:d7:91:49:8d:76:9d:c5:0f:
                    6b:1c:46:7c:be:f8:dd:ca:4f:5a:aa:15:fb:25:04:
                    62:8f:52:c5:46:2b:c1:04:72:27:24:ee:75:41:cf:
                    6e:70:b0:d7:ac:fb:bd:b1:9a:48:69:68:d6:32:95:
                    52:dd:71:88:64:06:57:f1:2c:d9:8c:b0:55:ba:91:
                    db:30:d7:e2:fc:42:0e:71:7e:a6:b6:99:3a:20:33:
                    ad:55:e0:93:db:64:c7:8d:da:4f:cd:73:1d:76:a9:
                    1e:1a:22:63:fb:cb:b5:51:87:b5:85:6a:c5:80:9d:
                    e9:11:8d:7c:5b:b2:86:db:d2:00:ab:1e:5d:c0:fc:
                    37:07:42:bc:b7:d5:6b:03:4b:de:10:bc:90:66:5c:
                    1d:de:56:ed:eb:96:32:1b:54:cb:2c:d7:31:df:92:
                    b7:e0:c0:ef:52:70:69:6b:96:75:18:5e:82:49:ec:
                    fa:41:f5:e6:ae:d9:b2:1a:4f:6b:58:80:6e:e4:47:
                    88:5e:ff:8e:ad:88:64:43:5b:df:d6:34:f7:cb:15:
                    17:4b:ca:ed:7b:9b:3c:53:be:e0:ce:3b:d0:70:d7:
                    12:2e:ba:49:49:1c:a8:b9:7f:1d:e6:54:69:ed:47:
                    b8:40:f5:28:ba:5c:d5:2b:52:a5:32:a7:79:e0:6d:
                    e8:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:37:1B:00:69:EE:09:1C:10:BA:E3:18:E1:71:9B:18:DE:D8:A1:64
            X509v3 Authority Key Identifier:
                keyid:C0:FB:D5:87:66:13:ED:C5:6E:0F:5D:E4:68:CC:E5:EB:28:85:FF:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wPvVh2YT7cVuD13kaMzl6yiF_yk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/KzcbAGnuCRwQuuMY4XGbGN7YoWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/wPvVh2YT7cVuD13kaMzl6yiF_yk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:bcc0:6::-2a06:bcc0:8:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         a5:35:67:c6:48:aa:54:6b:e7:32:3b:d4:c1:ba:56:e8:8e:01:
         52:f4:88:1c:09:d3:50:a1:50:00:d6:36:61:8d:ac:ab:9d:d5:
         dc:26:3d:74:6d:ab:35:5d:cd:c1:6e:38:3e:9a:24:57:94:02:
         71:7a:18:45:cf:04:b9:90:9b:86:ff:2d:14:ce:f8:8b:2f:36:
         ab:6d:35:d6:7c:b3:29:de:40:52:a8:6f:c1:50:0b:dc:1b:6f:
         a5:7d:62:ec:44:c3:4d:13:6b:75:f4:b0:bb:7e:c3:59:98:d0:
         bc:a9:8c:01:ce:be:8a:8a:b2:70:04:b4:c7:5a:02:7c:dc:66:
         ce:cc:29:6e:90:15:69:e3:8f:f2:75:71:49:5f:c4:13:73:85:
         26:09:0c:73:b8:c0:29:86:e2:e0:ca:6a:33:28:34:24:cc:11:
         6e:0d:e1:1d:31:4d:4d:9d:c3:d3:cc:11:ae:a4:2c:3b:7d:f9:
         67:25:11:f5:3b:cb:de:fb:f8:2a:8c:2c:b3:ce:76:e3:30:b4:
         7a:45:aa:31:de:53:a1:8e:f6:3b:35:bb:21:c2:c1:21:65:d7:
         c7:f0:8e:e0:21:09:00:9c:fc:5c:7f:97:b9:a5:9b:e9:ed:c4:
         4b:0b:8c:1c:81:df:03:8f:16:da:b5:88:ba:53:e7:f7:48:0a:
         50:6b:d6:8f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY6o0fuZQf2HIU4hzNCrismRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZmJkNTg3NjYxM2VkYzU2ZTBmNWRlNDY4Y2NlNWViMjg4
NWZmMjkwHhcNMjQwNDA0MTExNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjM3MWIwMDY5ZWUwOTFjMTBiYWUzMThlMTcxOWIxOGRlZDhhMTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpN4M3/N15FJjXadxQ9rHEZ8vvjd
yk9aqhX7JQRij1LFRivBBHInJO51Qc9ucLDXrPu9sZpIaWjWMpVS3XGIZAZX8SzZ
jLBVupHbMNfi/EIOcX6mtpk6IDOtVeCT22THjdpPzXMddqkeGiJj+8u1UYe1hWrF
gJ3pEY18W7KG29IAqx5dwPw3B0K8t9VrA0veELyQZlwd3lbt65YyG1TLLNcx35K3
4MDvUnBpa5Z1GF6CSez6QfXmrtmyGk9rWIBu5EeIXv+OrYhkQ1vf1jT3yxUXS8rt
e5s8U77gzjvQcNcSLrpJSRyouX8d5lRp7Ue4QPUoulzVK1KlMqd54G3oVQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCs3GwBp7gkcELrjGOFxmxje2KFkMB8GA1UdIwQY
MBaAFMD71YdmE+3Fbg9d5GjM5esohf8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1B2VmgyWVQ3Y1Z1RDEza2FNemw2eWlGX3lrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8wMWViYzItODRkMC00YWUzLWEyYzIt
YTNiNmJlNGE5ZTliLzEvS3pjYkFHbnVDUndRdXVNWTRYR2JHTjdZb1dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8wMWViYzItODRkMC00YWUzLWEyYzItYTNiNmJlNGE5ZTli
LzEvd1B2VmgyWVQ3Y1Z1RDEza2FNemw2eWlGX3lrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwEqBrzA
AAYDBwAqBrzAAAgwDQYJKoZIhvcNAQELBQADggEBAKU1Z8ZIqlRr5zI71MG6VuiO
AVL0iBwJ01ChUADWNmGNrKud1dwmPXRtqzVdzcFuOD6aJFeUAnF6GEXPBLmQm4b/
LRTO+IsvNqttNdZ8syneQFKob8FQC9wbb6V9YuxEw00Ta3X0sLt+w1mY0LypjAHO
voqKsnAEtMdaAnzcZs7MKW6QFWnjj/J1cUlfxBNzhSYJDHO4wCmG4uDKajMoNCTM
EW4N4R0xTU2dw9PMEa6kLDt9+WclEfU7y977+CqMLLPOduMwtHpFqjHeU6GO9js1
uyHCwSFl18fwjuAhCQCc/Fx/l7mlm+ntxEsLjByB3wOPFtq1iLpT5/dIClBr1o8=
-----END CERTIFICATE-----