Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/eaHaCyF_EO8RoKuwtYOHrEkiiZU.roa
File:                     eaHaCyF_EO8RoKuwtYOHrEkiiZU.roa (raw, json)
Hash identifier:          fsyHxq9pbsSVzUlUz2CpLHLoE3XfLyy/MuEjAfEKEM4=
Subject key identifier:   79:A1:DA:0B:21:7F:10:EF:11:A0:AB:B0:B5:83:87:AC:49:22:89:95
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B55D41F7E96CB98B6F77F11B0E0D9
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/eaHaCyF_EO8RoKuwtYOHrEkiiZU.roa
Signing time:             Tue 02 Jan 2024 12:34:46 +0000
ROA not before:           Tue 02 Jan 2024 12:34:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49094
IP address blocks:        2a0c:da04::/38 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:55:d4:1f:7e:96:cb:98:b6:f7:7f:11:b0:e0:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79a1da0b217f10ef11a0abb0b58387ac49228995
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8e:71:80:3b:89:93:55:93:d7:eb:2c:9f:50:
                    1b:6f:b6:b7:69:99:15:55:d9:45:c8:34:47:d4:0a:
                    5e:dc:1c:f0:1b:e3:a5:1b:f9:71:9d:2d:16:70:dd:
                    a3:37:8a:cf:0a:78:75:a0:aa:13:9e:cd:44:03:17:
                    83:99:13:bd:0a:b7:4f:97:28:54:36:ec:fd:0d:30:
                    6e:57:b4:43:f7:bb:71:d7:21:e3:a2:09:03:d1:3f:
                    9d:5c:a2:e8:93:a3:e1:db:d3:1b:8f:ef:a1:e5:2a:
                    34:97:d2:a4:07:1b:50:f5:08:ea:e4:fd:a4:b8:4f:
                    e2:52:b2:91:85:09:27:f4:fe:8c:d4:08:44:ce:5a:
                    1f:c4:3b:0e:ed:aa:45:e4:f8:45:6d:4f:5b:04:64:
                    35:85:8a:6d:85:b7:9f:29:3d:38:11:de:6d:f5:ac:
                    12:4d:e1:45:34:66:7b:97:42:06:ca:90:c8:d4:9a:
                    56:99:96:6c:eb:08:80:62:a5:3c:e0:56:47:d4:a5:
                    93:2d:17:8f:66:14:47:fc:38:db:7d:e9:e1:db:88:
                    ad:c6:c0:20:ea:f5:fc:7e:65:61:3f:0a:ee:7d:c0:
                    f7:91:14:11:e7:09:26:3a:cf:24:dd:c4:37:cf:a0:
                    9d:42:3b:af:5e:20:f9:21:37:15:4c:f6:42:07:01:
                    c2:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:A1:DA:0B:21:7F:10:EF:11:A0:AB:B0:B5:83:87:AC:49:22:89:95
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/eaHaCyF_EO8RoKuwtYOHrEkiiZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:da04::/38

    Signature Algorithm: sha256WithRSAEncryption
         71:49:6a:84:b6:0c:19:65:54:5b:fe:2d:62:77:3e:a3:a0:a5:
         20:91:01:03:c1:9b:01:0a:19:46:42:bd:9c:f9:5f:f3:35:af:
         db:64:03:32:2a:10:47:66:b6:77:db:a6:6f:bb:2b:fa:07:4b:
         df:40:04:cc:1d:2e:d7:d9:6c:c0:9c:86:8d:ae:4b:39:bd:3f:
         3b:65:ac:d7:6a:46:8a:49:2d:a5:d4:82:04:ed:ae:4f:8c:1d:
         93:2b:85:b5:69:8a:f1:91:25:d8:19:91:2b:b9:60:f5:95:a1:
         0d:3f:2a:69:ca:7c:e5:be:bc:a5:94:17:3f:45:77:f0:0a:59:
         ab:ff:d6:68:7c:ca:6c:bd:1a:ba:05:d2:a7:dc:9c:7f:5f:a5:
         0a:7c:73:3e:35:98:22:7d:82:b4:48:35:77:e0:6b:5b:55:a6:
         a6:26:9b:bd:72:4b:e2:e8:25:00:be:f1:fd:68:5b:25:b2:36:
         36:81:9e:c7:90:d2:69:15:b2:28:35:b6:5e:ac:38:fd:bd:7c:
         d9:ca:92:dd:4b:96:3c:ed:7d:35:fd:28:9d:4d:4c:75:a2:f2:
         ab:3b:ed:93:bf:b5:31:65:20:0f:19:9e:07:75:6c:80:e5:4e:
         ef:ff:05:db:3c:23:76:43:e0:1f:0c:a8:ec:85:98:e5:f4:5a:
         00:a1:7e:a9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKK1XUH36Wy5i2938RsODZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWExZGEwYjIxN2YxMGVmMTFhMGFiYjBiNTgzODdhYzQ5MjI4OTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtY5xgDuJk1WT1+ssn1Abb7a3aZkV
VdlFyDRH1Ape3BzwG+OlG/lxnS0WcN2jN4rPCnh1oKoTns1EAxeDmRO9CrdPlyhU
Nuz9DTBuV7RD97tx1yHjogkD0T+dXKLok6Ph29Mbj++h5So0l9KkBxtQ9Qjq5P2k
uE/iUrKRhQkn9P6M1AhEzlofxDsO7apF5PhFbU9bBGQ1hYpthbefKT04Ed5t9awS
TeFFNGZ7l0IGypDI1JpWmZZs6wiAYqU84FZH1KWTLRePZhRH/Djbfenh24itxsAg
6vX8fmVhPwrufcD3kRQR5wkmOs8k3cQ3z6CdQjuvXiD5ITcVTPZCBwHCawIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHmh2gshfxDvEaCrsLWDh6xJIomVMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvZWFIYUN5Rl9FTzhSb0t1d3RZT0hyRWtpaVpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgzaBAAw
DQYJKoZIhvcNAQELBQADggEBAHFJaoS2DBllVFv+LWJ3PqOgpSCRAQPBmwEKGUZC
vZz5X/M1r9tkAzIqEEdmtnfbpm+7K/oHS99ABMwdLtfZbMCcho2uSzm9PztlrNdq
RopJLaXUggTtrk+MHZMrhbVpivGRJdgZkSu5YPWVoQ0/KmnKfOW+vKWUFz9Fd/AK
Wav/1mh8ymy9GroF0qfcnH9fpQp8cz41mCJ9grRINXfga1tVpqYmm71yS+LoJQC+
8f1oWyWyNjaBnseQ0mkVsig1tl6sOP29fNnKkt1LljztfTX9KJ1NTHWi8qs77ZO/
tTFlIA8Zngd1bIDlTu//Bds8I3ZD4B8MqOyFmOX0WgChfqk=
-----END CERTIFICATE-----