Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/a1Z8-1M86e7mfuVqhtIfCd1KQ0A.roa
File:                     a1Z8-1M86e7mfuVqhtIfCd1KQ0A.roa (raw, json)
Hash identifier:          zbtKOslIgELJCm3TpixO0vfTnQw6WYhkgKEM4VFgzXk=
Subject key identifier:   6B:56:7C:FB:53:3C:E9:EE:E6:7E:E5:6A:86:D2:1F:09:DD:4A:43:40
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018F05BC2AC72863483F296F6DE383C49233
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/a1Z8-1M86e7mfuVqhtIfCd1KQ0A.roa
Signing time:             Mon 22 Apr 2024 12:16:08 +0000
ROA not before:           Mon 22 Apr 2024 12:16:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0c:4185::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:bc:2a:c7:28:63:48:3f:29:6f:6d:e3:83:c4:92:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Apr 22 12:16:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b567cfb533ce9eee67ee56a86d21f09dd4a4340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:65:a4:e2:41:56:0f:60:68:a9:47:2a:e7:88:
                    38:ee:9c:b5:79:da:f9:82:87:ae:db:72:5b:d2:41:
                    ce:b5:2e:4a:f0:a1:56:a4:a6:57:23:7c:41:97:d6:
                    42:a4:19:b9:b5:48:5e:d0:a0:83:eb:b2:ed:62:36:
                    90:55:5c:fb:d7:21:87:d4:b5:27:f4:b9:83:39:1f:
                    f3:90:6f:25:c3:0c:1a:c3:48:8e:37:88:50:1c:0e:
                    25:3d:7a:a2:41:7a:63:c2:92:65:3b:ca:c5:d5:9b:
                    52:40:61:85:b6:4c:df:2a:4e:5e:d1:67:15:ed:dd:
                    0c:94:2e:0b:c1:f6:cf:e4:dd:f5:0f:bc:04:92:9c:
                    70:c1:fa:13:33:90:90:97:ed:f0:a0:0f:e4:ad:5b:
                    b8:17:f9:c5:09:5a:d5:22:d8:f1:72:ae:cd:dc:75:
                    87:d7:29:9f:8f:47:c7:92:60:74:7c:e1:09:81:5b:
                    16:97:4b:e4:57:70:83:94:3c:c8:4c:8a:f1:05:eb:
                    bc:f5:ae:b6:2a:62:22:f3:fd:13:bf:e8:c3:0f:33:
                    e1:c3:1e:51:4c:c4:bd:33:30:e8:2b:3a:24:e6:43:
                    f5:f9:23:34:af:54:9d:22:ee:e3:e0:00:5b:58:2f:
                    4c:bb:db:1a:f7:6b:c0:dc:eb:07:71:40:9d:8d:8e:
                    b1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:56:7C:FB:53:3C:E9:EE:E6:7E:E5:6A:86:D2:1F:09:DD:4A:43:40
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/a1Z8-1M86e7mfuVqhtIfCd1KQ0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:4185::/32

    Signature Algorithm: sha256WithRSAEncryption
         95:b9:ba:4f:24:35:c1:fc:11:87:db:8f:42:25:89:ce:b4:05:
         bc:10:07:2f:b7:0c:27:6d:a0:67:5a:cb:93:92:7d:7a:2c:fd:
         1d:3c:78:59:b8:3f:65:af:24:75:22:53:30:70:fc:c8:f3:dc:
         09:46:e4:33:11:ce:1b:a6:31:59:ba:44:a6:25:48:b1:70:68:
         b3:23:8b:cc:af:66:cf:53:ff:85:32:f2:db:1a:65:dc:c0:1e:
         ed:2d:59:c8:33:6d:8d:db:49:01:00:98:5c:65:ff:eb:92:ea:
         fa:eb:4c:a7:77:f6:10:d7:35:07:52:a3:24:63:c4:70:99:15:
         fd:0a:b2:21:11:1e:dc:ba:b2:6c:9c:fb:b5:6b:f9:9b:f4:ea:
         4e:c8:04:0b:c6:40:e9:ef:1c:d1:e0:fd:6c:83:73:22:87:bc:
         f4:98:6a:70:57:70:71:b1:8b:12:3b:78:ad:35:dd:55:e8:85:
         6f:61:72:04:02:82:ae:25:fe:bd:2b:41:97:f0:2b:16:04:38:
         44:60:04:4b:08:bb:25:7b:3c:e5:8c:31:bb:52:9c:11:f6:9e:
         fe:a0:27:43:f9:0f:8a:91:3d:7b:82:ee:21:0e:e8:ad:bf:4e:
         e2:a7:7a:ac:4b:a9:4d:a2:12:24:a4:9e:e9:9d:35:fc:28:1e:
         82:56:39:e3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8FvCrHKGNIPylvbeODxJIzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwNDIyMTIxNjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjU2N2NmYjUzM2NlOWVlZTY3ZWU1NmE4NmQyMWYwOWRkNGE0MzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGWk4kFWD2BoqUcq54g47py1edr5
goeu23Jb0kHOtS5K8KFWpKZXI3xBl9ZCpBm5tUhe0KCD67LtYjaQVVz71yGH1LUn
9LmDOR/zkG8lwwwaw0iON4hQHA4lPXqiQXpjwpJlO8rF1ZtSQGGFtkzfKk5e0WcV
7d0MlC4LwfbP5N31D7wEkpxwwfoTM5CQl+3woA/krVu4F/nFCVrVItjxcq7N3HWH
1ymfj0fHkmB0fOEJgVsWl0vkV3CDlDzITIrxBeu89a62KmIi8/0Tv+jDDzPhwx5R
TMS9MzDoKzok5kP1+SM0r1SdIu7j4ABbWC9Mu9sa92vA3OsHcUCdjY6xbQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGtWfPtTPOnu5n7laobSHwndSkNAMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvYTFaOC0xTTg2ZTdtZnVWcWh0SWZDZDFLUTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgxBhTAN
BgkqhkiG9w0BAQsFAAOCAQEAlbm6TyQ1wfwRh9uPQiWJzrQFvBAHL7cMJ22gZ1rL
k5J9eiz9HTx4Wbg/Za8kdSJTMHD8yPPcCUbkMxHOG6YxWbpEpiVIsXBosyOLzK9m
z1P/hTLy2xpl3MAe7S1ZyDNtjdtJAQCYXGX/65Lq+utMp3f2ENc1B1KjJGPEcJkV
/QqyIREe3LqybJz7tWv5m/TqTsgEC8ZA6e8c0eD9bINzIoe89JhqcFdwcbGLEjt4
rTXdVeiFb2FyBAKCriX+vStBl/ArFgQ4RGAESwi7JXs85Ywxu1KcEfae/qAnQ/kP
ipE9e4LuIQ7orb9O4qd6rEupTaISJKSe6Z01/CgeglY54w==
-----END CERTIFICATE-----