Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/bhx6bRQJbK4_5KO0IIRJ0ybwSaw.roa
File:                     bhx6bRQJbK4_5KO0IIRJ0ybwSaw.roa (raw, json)
Hash identifier:          as/qS6HjB0x5pdSeNPVxPaLsP7zaGO6ndfjuFlUp2SA=
Subject key identifier:   6E:1C:7A:6D:14:09:6C:AE:3F:E4:A3:B4:20:84:49:D3:26:F0:49:AC
Certificate issuer:       /CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
Certificate serial:       018CC493567E21C90DB20DC6D834C0842A8C
Authority key identifier: B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/bhx6bRQJbK4_5KO0IIRJ0ybwSaw.roa
Signing time:             Mon 01 Jan 2024 10:30:39 +0000
ROA not before:           Mon 01 Jan 2024 10:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43431
IP address blocks:        2a0e:eb00:1::/48 maxlen: 48
                          2a0b:1784::/30 maxlen: 30
                          2a0b:1780::/30 maxlen: 30
                          2a0e:eb00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:56:7e:21:c9:0d:b2:0d:c6:d8:34:c0:84:2a:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
        Validity
            Not Before: Jan  1 10:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e1c7a6d14096cae3fe4a3b4208449d326f049ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:7d:6e:92:d6:b6:97:48:71:79:ac:db:dd:71:
                    ae:5c:0c:6b:fa:87:b1:71:f8:22:a1:83:80:71:b8:
                    8f:b6:10:15:65:56:84:d2:e8:fc:90:6e:f1:89:ea:
                    06:d5:6f:e1:cb:12:cc:f3:a7:43:3e:38:72:d0:16:
                    25:97:23:6a:7c:e5:65:83:2e:1a:7a:c2:d4:7e:c2:
                    72:ee:99:ce:5b:0c:db:ba:cd:7c:00:01:2b:1f:a7:
                    87:59:d3:18:1f:a0:a9:b5:14:e1:48:96:ac:e5:f1:
                    6d:1d:a8:e1:5c:f5:d4:7a:7d:cd:71:57:72:03:22:
                    fa:c6:d7:67:7d:bb:7e:fc:3c:0e:a2:f6:44:f0:3c:
                    1d:b5:9d:35:47:37:30:45:0a:01:e6:93:cb:4d:b0:
                    2f:3f:1b:72:e1:a3:21:db:d6:3f:b7:98:8a:c2:56:
                    f2:0d:41:b3:e5:e6:5f:6b:70:a7:59:63:9c:5b:fc:
                    c2:89:43:c4:a5:21:7c:4e:33:b0:cb:8e:45:82:42:
                    f7:85:36:80:5e:b5:dd:d7:e8:96:6d:dc:8b:f1:d8:
                    ef:c2:00:19:74:98:88:9f:b2:a7:f6:2e:9d:85:c0:
                    da:95:cd:ce:56:21:92:3a:fc:6f:1c:3d:f2:87:14:
                    13:eb:13:02:44:bb:01:e1:f5:45:65:6a:55:f2:c2:
                    d8:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:1C:7A:6D:14:09:6C:AE:3F:E4:A3:B4:20:84:49:D3:26:F0:49:AC
            X509v3 Authority Key Identifier:
                keyid:B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/bhx6bRQJbK4_5KO0IIRJ0ybwSaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:1780::/29
                  2a0e:eb00::/47

    Signature Algorithm: sha256WithRSAEncryption
         2a:d1:41:a0:fc:f6:7e:55:dc:97:d0:79:fc:37:99:08:44:58:
         1d:b2:24:5f:87:c0:06:c9:26:ef:62:a1:4e:80:2d:7f:90:80:
         74:77:d8:e8:fc:a0:92:2c:fc:01:e8:df:b0:92:2d:e6:77:e3:
         01:48:80:01:e9:cf:e6:73:e2:52:64:0f:e8:2f:ac:e1:bc:10:
         5c:cf:36:36:09:55:8c:b5:f5:ee:59:22:f4:33:cf:a9:78:df:
         02:44:ba:9c:31:b2:6b:8b:3a:4e:08:fa:eb:72:3e:03:93:79:
         74:41:b4:a0:09:53:76:8f:dd:f0:93:bf:ea:18:a5:71:03:2f:
         26:82:db:8a:28:74:9f:74:1d:7d:37:60:f4:86:a8:90:72:8f:
         2b:c5:33:bd:48:0e:d1:a8:59:da:83:f4:82:03:cc:02:12:26:
         af:2c:ad:69:71:2c:50:26:f6:72:2b:a0:2e:65:93:6e:e9:bc:
         4e:fc:72:d9:00:9a:ad:cb:02:fb:19:c4:cd:7e:9a:4f:9d:01:
         d4:f9:45:4c:ed:98:ca:53:c0:c8:ae:28:e2:0f:8a:de:66:17:
         5d:5e:b1:e6:33:ce:0f:6f:00:54:c7:17:4c:73:20:45:34:57:
         3e:24:5d:9d:42:90:69:83:58:66:1e:af:34:5b:54:03:57:3f:
         45:9d:2a:41
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYzEk1Z+IckNsg3G2DTAhCqMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYzIwYWUxZGFjY2EzMTgxNWIyNzQ3MDI5MjdjMWE1YTlk
YmM3YjMwHhcNMjQwMTAxMTAzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTFjN2E2ZDE0MDk2Y2FlM2ZlNGEzYjQyMDg0NDlkMzI2ZjA0OWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhX1ukta2l0hxeazb3XGuXAxr+oex
cfgioYOAcbiPthAVZVaE0uj8kG7xieoG1W/hyxLM86dDPjhy0BYllyNqfOVlgy4a
esLUfsJy7pnOWwzbus18AAErH6eHWdMYH6CptRThSJas5fFtHajhXPXUen3NcVdy
AyL6xtdnfbt+/DwOovZE8DwdtZ01RzcwRQoB5pPLTbAvPxty4aMh29Y/t5iKwlby
DUGz5eZfa3CnWWOcW/zCiUPEpSF8TjOwy45FgkL3hTaAXrXd1+iWbdyL8djvwgAZ
dJiIn7Kn9i6dhcDalc3OViGSOvxvHD3yhxQT6xMCRLsB4fVFZWpV8sLYrwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFG4cem0UCWyuP+SjtCCESdMm8EmsMB8GA1UdIwQY
MBaAFLDCCuHazKMYFbJ0cCknwaWp28ezMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc01JSzRkck1veGdWc25Sd0tTZkJwYW5ieDdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ODg4NjktN2E2NS00MTViLWI2OGYt
NTQ4NDQwMmNlYjdhLzEvYmh4NmJSUUpiSzRfNUtPMElJUkoweWJ3U2F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ODg4NjktN2E2NS00MTViLWI2OGYtNTQ4NDQwMmNlYjdh
LzEvc01JSzRkck1veGdWc25Sd0tTZkJwYW5ieDdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwUDKgsXgAMH
ASoO6wAAADANBgkqhkiG9w0BAQsFAAOCAQEAKtFBoPz2flXcl9B5/DeZCERYHbIk
X4fABskm72KhToAtf5CAdHfY6Pygkiz8AejfsJIt5nfjAUiAAenP5nPiUmQP6C+s
4bwQXM82NglVjLX17lki9DPPqXjfAkS6nDGya4s6Tgj663I+A5N5dEG0oAlTdo/d
8JO/6hilcQMvJoLbiih0n3QdfTdg9IaokHKPK8UzvUgO0ahZ2oP0ggPMAhImryyt
aXEsUCb2ciugLmWTbum8Tvxy2QCarcsC+xnEzX6aT50B1PlFTO2YylPAyK4o4g+K
3mYXXV6x5jPOD28AVMcXTHMgRTRXPiRdnUKQaYNYZh6vNFtUA1c/RZ0qQQ==
-----END CERTIFICATE-----