Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/j9F7RRqTjYDVQPTKG82GXn72icg.roa
File:                     j9F7RRqTjYDVQPTKG82GXn72icg.roa (raw, json)
Hash identifier:          FbdSDJ6J/69s0UEyel2LYxTNW5svZXenyF/miI5dNjw=
Subject key identifier:   8F:D1:7B:45:1A:93:8D:80:D5:40:F4:CA:1B:CD:86:5E:7E:F6:89:C8
Certificate issuer:       /CN=cc2eb5b38bb62ede5c98cbfbcff9532852180516
Certificate serial:       018CC94E700E97CA87BB8AF71B760137A97E
Authority key identifier: CC:2E:B5:B3:8B:B6:2E:DE:5C:98:CB:FB:CF:F9:53:28:52:18:05:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zC61s4u2Lt5cmMv7z_lTKFIYBRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/j9F7RRqTjYDVQPTKG82GXn72icg.roa
Signing time:             Tue 02 Jan 2024 08:33:30 +0000
ROA not before:           Tue 02 Jan 2024 08:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a07:e02:41::/48 maxlen: 48
                          2a07:e00:19f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/zC61s4u2Lt5cmMv7z_lTKFIYBRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/zC61s4u2Lt5cmMv7z_lTKFIYBRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zC61s4u2Lt5cmMv7z_lTKFIYBRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:70:0e:97:ca:87:bb:8a:f7:1b:76:01:37:a9:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc2eb5b38bb62ede5c98cbfbcff9532852180516
        Validity
            Not Before: Jan  2 08:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fd17b451a938d80d540f4ca1bcd865e7ef689c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:6a:a5:51:2e:6c:5f:ef:33:ea:33:c4:c0:e6:
                    cf:0a:2d:fc:df:c6:9f:59:34:e7:ea:b1:cf:1f:ab:
                    9b:4d:43:6a:9e:36:b5:ce:e3:67:83:81:0f:10:66:
                    ca:15:d9:74:33:6c:fa:4c:c6:2d:bd:4d:7f:2d:36:
                    15:83:e0:5e:75:77:c4:a9:14:5e:62:e0:71:49:0e:
                    b8:1e:2b:a5:fb:ea:ec:f6:4d:a2:02:17:fc:67:17:
                    c9:f0:0a:62:3f:38:a7:48:72:73:7a:4f:4e:1c:33:
                    a2:a2:16:d8:9b:e5:ba:cf:3d:61:47:4f:51:a1:35:
                    f9:be:98:95:11:58:d6:41:33:26:e5:c0:66:1c:fe:
                    ad:42:a7:41:ee:64:10:37:fe:8c:70:34:71:03:1a:
                    37:c6:dd:21:45:de:45:8f:d1:f8:b6:e0:58:8a:f0:
                    34:7a:0b:6d:16:f0:55:3c:27:09:a3:a3:79:7e:60:
                    75:62:c9:55:fb:c0:6b:79:76:3c:6f:00:e7:a4:99:
                    b8:cd:fa:7d:dc:cf:aa:84:a8:6c:1b:51:17:f5:c8:
                    54:be:c0:5c:0a:89:0e:40:9e:8a:4d:2c:ad:58:6e:
                    52:cb:a5:b9:ba:03:99:88:66:11:4b:ba:0b:ee:ff:
                    52:51:f3:7d:e2:4e:93:c1:cb:6e:0c:d5:d7:09:30:
                    bf:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:D1:7B:45:1A:93:8D:80:D5:40:F4:CA:1B:CD:86:5E:7E:F6:89:C8
            X509v3 Authority Key Identifier:
                keyid:CC:2E:B5:B3:8B:B6:2E:DE:5C:98:CB:FB:CF:F9:53:28:52:18:05:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zC61s4u2Lt5cmMv7z_lTKFIYBRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/j9F7RRqTjYDVQPTKG82GXn72icg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/zC61s4u2Lt5cmMv7z_lTKFIYBRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:e00:19f::/48
                  2a07:e02:41::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:8f:38:96:09:f6:2b:77:d0:12:4e:01:e4:28:4a:e2:f4:78:
         f0:52:f5:f7:46:81:28:c9:1b:4b:82:78:02:db:c4:69:47:e3:
         6f:f9:81:97:d5:2c:99:c4:9e:03:1c:52:5c:ec:9a:14:e5:dd:
         af:f8:0c:e3:41:6b:4c:7c:2b:45:c2:c4:c9:0b:60:9b:cf:8d:
         b4:09:e1:d0:07:47:65:3e:2a:92:36:48:84:d6:c1:39:22:c0:
         cf:a1:c1:2b:97:c3:db:d0:48:81:69:a7:c3:93:12:be:7d:bc:
         3a:79:37:0b:22:00:cb:c5:9c:e5:3e:85:ad:24:96:74:fd:0a:
         b8:98:7d:cd:97:17:1f:5e:14:53:7e:b3:39:b6:f6:f5:64:6e:
         20:c2:b9:bd:67:d4:bf:6d:73:0e:2f:a0:07:3b:fe:cc:6f:34:
         bd:44:6b:5a:35:17:a4:09:1d:c7:e0:ae:67:48:9d:23:c3:10:
         d7:4f:13:e8:05:e5:6e:57:b5:63:1c:47:00:99:48:6a:50:b7:
         ae:4b:5c:d8:de:4b:e3:dc:c3:ab:dd:01:66:0c:c7:d2:0d:63:
         da:0c:4e:99:08:3b:d6:7d:59:20:bc:13:7e:35:6a:24:82:c4:
         4c:bf:d9:a2:e2:aa:0b:6c:40:f3:f6:3d:a3:f7:9b:89:29:7e:
         f5:b0:a6:4a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTnAOl8qHu4r3G3YBN6l+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMmViNWIzOGJiNjJlZGU1Yzk4Y2JmYmNmZjk1MzI4NTIx
ODA1MTYwHhcNMjQwMTAyMDgzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmQxN2I0NTFhOTM4ZDgwZDU0MGY0Y2ExYmNkODY1ZTdlZjY4OWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWqlUS5sX+8z6jPEwObPCi3838af
WTTn6rHPH6ubTUNqnja1zuNng4EPEGbKFdl0M2z6TMYtvU1/LTYVg+BedXfEqRRe
YuBxSQ64Hiul++rs9k2iAhf8ZxfJ8ApiPzinSHJzek9OHDOiohbYm+W6zz1hR09R
oTX5vpiVEVjWQTMm5cBmHP6tQqdB7mQQN/6McDRxAxo3xt0hRd5Fj9H4tuBYivA0
egttFvBVPCcJo6N5fmB1YslV+8BreXY8bwDnpJm4zfp93M+qhKhsG1EX9chUvsBc
CokOQJ6KTSytWG5Sy6W5ugOZiGYRS7oL7v9SUfN94k6TwctuDNXXCTC/6wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI/Re0Uak42A1UD0yhvNhl5+9onIMB8GA1UdIwQY
MBaAFMwutbOLti7eXJjL+8/5UyhSGAUWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekM2MXM0dTJMdDVjbU12N3pfbFRLRklZQlJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC82ZjAyNjktODM0ZS00N2M1LTk4ZTEt
ZjFmODAyZTY2MTNiLzEvajlGN1JScVRqWURWUVBUS0c4MkdYbjcyaWNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC82ZjAyNjktODM0ZS00N2M1LTk4ZTEtZjFmODAyZTY2MTNi
LzEvekM2MXM0dTJMdDVjbU12N3pfbFRLRklZQlJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgcOAAGf
AwcAKgcOAgBBMA0GCSqGSIb3DQEBCwUAA4IBAQAajziWCfYrd9ASTgHkKEri9Hjw
UvX3RoEoyRtLgngC28RpR+Nv+YGX1SyZxJ4DHFJc7JoU5d2v+AzjQWtMfCtFwsTJ
C2Cbz420CeHQB0dlPiqSNkiE1sE5IsDPocErl8Pb0EiBaafDkxK+fbw6eTcLIgDL
xZzlPoWtJJZ0/Qq4mH3NlxcfXhRTfrM5tvb1ZG4gwrm9Z9S/bXMOL6AHO/7MbzS9
RGtaNRekCR3H4K5nSJ0jwxDXTxPoBeVuV7VjHEcAmUhqULeuS1zY3kvj3MOr3QFm
DMfSDWPaDE6ZCDvWfVkgvBN+NWokgsRMv9mi4qoLbEDz9j2j95uJKX71sKZK
-----END CERTIFICATE-----