Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/u-lG6h5_lKcNfKXFpfH1ARaMLsQ.roa
File:                     u-lG6h5_lKcNfKXFpfH1ARaMLsQ.roa (raw, json)
Hash identifier:          nPzizsUGmIU3P5qZBIzytDSJ2JCgk6b9O3c38IyqGDM=
Subject key identifier:   BB:E9:46:EA:1E:7F:94:A7:0D:7C:A5:C5:A5:F1:F5:01:16:8C:2E:C4
Certificate issuer:       /CN=cc2eb5b38bb62ede5c98cbfbcff9532852180516
Certificate serial:       018CC94E6FDCA2B908224E925817A3F67927
Authority key identifier: CC:2E:B5:B3:8B:B6:2E:DE:5C:98:CB:FB:CF:F9:53:28:52:18:05:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zC61s4u2Lt5cmMv7z_lTKFIYBRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/u-lG6h5_lKcNfKXFpfH1ARaMLsQ.roa
Signing time:             Tue 02 Jan 2024 08:33:30 +0000
ROA not before:           Tue 02 Jan 2024 08:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a07:e02:41::/48 maxlen: 48
                          2a07:e00:19f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/zC61s4u2Lt5cmMv7z_lTKFIYBRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/zC61s4u2Lt5cmMv7z_lTKFIYBRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zC61s4u2Lt5cmMv7z_lTKFIYBRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6f:dc:a2:b9:08:22:4e:92:58:17:a3:f6:79:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc2eb5b38bb62ede5c98cbfbcff9532852180516
        Validity
            Not Before: Jan  2 08:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbe946ea1e7f94a70d7ca5c5a5f1f501168c2ec4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f7:7a:2e:be:5c:12:47:d8:bd:bc:e2:17:b3:
                    84:cd:dd:c2:80:16:43:9d:5e:2a:3c:ed:e3:55:a7:
                    a1:30:ff:4b:ec:8e:4f:3e:f0:47:61:f3:e0:47:58:
                    26:d8:b8:3e:df:cd:e1:f7:9c:79:86:16:05:8a:b8:
                    52:d2:ac:86:42:7c:28:13:03:a5:79:cf:4c:ba:27:
                    3e:01:a1:9d:cf:75:e4:8f:17:81:39:5c:77:d7:6a:
                    86:76:7d:7e:67:a6:6b:9e:bb:bd:9b:31:3f:2d:7b:
                    08:b7:23:0c:3f:0a:92:6e:aa:3d:b3:d7:1d:63:59:
                    62:3d:f7:f9:d1:98:e2:00:22:af:aa:a8:b7:83:02:
                    8f:38:8e:72:58:cc:2e:bd:ab:21:6a:51:d5:7a:f2:
                    ce:15:1a:82:69:48:ff:5f:5f:f8:3a:9c:99:54:09:
                    ca:0a:3e:4b:9e:44:37:a9:6a:90:54:1a:8d:1e:11:
                    f8:dc:fb:80:df:c7:c7:99:f3:32:50:2f:d2:bb:36:
                    a6:eb:b7:34:42:a6:41:c4:0d:8c:0d:66:31:c8:ad:
                    a9:c7:d3:54:5e:f1:13:23:e1:73:2d:f9:df:b1:e5:
                    38:7c:1a:75:3f:a9:25:ca:3f:3e:e8:c7:07:80:20:
                    16:a5:d9:ef:21:f1:0e:ee:84:2e:92:ef:ba:f1:3b:
                    30:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:E9:46:EA:1E:7F:94:A7:0D:7C:A5:C5:A5:F1:F5:01:16:8C:2E:C4
            X509v3 Authority Key Identifier:
                keyid:CC:2E:B5:B3:8B:B6:2E:DE:5C:98:CB:FB:CF:F9:53:28:52:18:05:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zC61s4u2Lt5cmMv7z_lTKFIYBRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/u-lG6h5_lKcNfKXFpfH1ARaMLsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/zC61s4u2Lt5cmMv7z_lTKFIYBRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:e00:19f::/48
                  2a07:e02:41::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:6b:cc:c2:a9:d2:14:f2:fd:9c:51:55:4c:09:64:94:78:17:
         b9:a8:a1:b3:8f:0f:97:f7:47:66:01:ba:c4:ec:2a:1a:43:31:
         17:14:ac:2f:fe:4b:f3:3b:06:9a:79:52:84:ee:db:b3:38:0b:
         24:86:d3:17:3c:c6:aa:9d:01:da:fe:cd:34:fb:d3:64:72:37:
         50:d0:3d:8c:48:f7:89:7a:c9:4a:06:c1:bd:a6:f9:92:88:75:
         79:df:a0:43:9a:f1:6f:3a:7e:f2:f7:79:c3:7d:0d:71:21:ac:
         02:a8:93:cc:68:57:6c:e4:0b:00:4a:0d:75:e0:34:18:1a:e8:
         04:49:a3:d8:28:c3:44:ff:57:45:96:3e:86:88:ac:b4:f2:7a:
         99:ad:8d:4b:2e:c8:78:66:b3:e9:be:58:a8:5c:81:67:46:8e:
         10:85:83:a5:98:48:1b:da:2d:d8:0c:85:73:11:70:0f:e8:88:
         d6:9a:bb:47:47:da:fa:04:4e:da:e1:87:fb:39:c5:a8:07:12:
         e5:17:73:15:80:4a:1d:f3:76:a3:81:2c:36:13:4f:3b:d5:a7:
         24:83:1c:6c:43:ca:0c:bf:5e:59:3e:db:c5:b8:7a:0a:08:67:
         6c:9f:ce:0b:9b:ee:43:ec:11:71:f4:f6:d6:c1:20:6c:fa:e2:
         98:46:dc:01
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTm/corkIIk6SWBej9nknMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMmViNWIzOGJiNjJlZGU1Yzk4Y2JmYmNmZjk1MzI4NTIx
ODA1MTYwHhcNMjQwMTAyMDgzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmU5NDZlYTFlN2Y5NGE3MGQ3Y2E1YzVhNWYxZjUwMTE2OGMyZWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Pd6Lr5cEkfYvbziF7OEzd3CgBZD
nV4qPO3jVaehMP9L7I5PPvBHYfPgR1gm2Lg+383h95x5hhYFirhS0qyGQnwoEwOl
ec9Muic+AaGdz3XkjxeBOVx312qGdn1+Z6Zrnru9mzE/LXsItyMMPwqSbqo9s9cd
Y1liPff50ZjiACKvqqi3gwKPOI5yWMwuvashalHVevLOFRqCaUj/X1/4OpyZVAnK
Cj5LnkQ3qWqQVBqNHhH43PuA38fHmfMyUC/Suzam67c0QqZBxA2MDWYxyK2px9NU
XvETI+FzLfnfseU4fBp1P6klyj8+6McHgCAWpdnvIfEO7oQuku+68Tsw0QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLvpRuoef5SnDXylxaXx9QEWjC7EMB8GA1UdIwQY
MBaAFMwutbOLti7eXJjL+8/5UyhSGAUWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekM2MXM0dTJMdDVjbU12N3pfbFRLRklZQlJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC82ZjAyNjktODM0ZS00N2M1LTk4ZTEt
ZjFmODAyZTY2MTNiLzEvdS1sRzZoNV9sS2NOZktYRnBmSDFBUmFNTHNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC82ZjAyNjktODM0ZS00N2M1LTk4ZTEtZjFmODAyZTY2MTNi
LzEvekM2MXM0dTJMdDVjbU12N3pfbFRLRklZQlJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgcOAAGf
AwcAKgcOAgBBMA0GCSqGSIb3DQEBCwUAA4IBAQAta8zCqdIU8v2cUVVMCWSUeBe5
qKGzjw+X90dmAbrE7CoaQzEXFKwv/kvzOwaaeVKE7tuzOAskhtMXPMaqnQHa/s00
+9NkcjdQ0D2MSPeJeslKBsG9pvmSiHV536BDmvFvOn7y93nDfQ1xIawCqJPMaFds
5AsASg114DQYGugESaPYKMNE/1dFlj6GiKy08nqZrY1LLsh4ZrPpvlioXIFnRo4Q
hYOlmEgb2i3YDIVzEXAP6IjWmrtHR9r6BE7a4Yf7OcWoBxLlF3MVgEod83ajgSw2
E0871ackgxxsQ8oMv15ZPtvFuHoKCGdsn84Lm+5D7BFx9PbWwSBs+uKYRtwB
-----END CERTIFICATE-----