Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/boIKJjqaGKszicG4oF_qABad9-w.roa
File:                     boIKJjqaGKszicG4oF_qABad9-w.roa (raw, json)
Hash identifier:          oyMGwFCm659ZEXfgMQ4YTHycoUjKPbU1zm4D4aRqJb8=
Subject key identifier:   6E:82:0A:26:3A:9A:18:AB:33:89:C1:B8:A0:5F:EA:00:16:9D:F7:EC
Certificate issuer:       /CN=dfb8ff2f3a0bfc41eadc18af9e52acd100524149
Certificate serial:       018CC6B91E68D5F8DB19D2233F463B16AD0D
Authority key identifier: DF:B8:FF:2F:3A:0B:FC:41:EA:DC:18:AF:9E:52:AC:D1:00:52:41:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/37j_LzoL_EHq3BivnlKs0QBSQUk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/boIKJjqaGKszicG4oF_qABad9-w.roa
Signing time:             Mon 01 Jan 2024 20:31:09 +0000
ROA not before:           Mon 01 Jan 2024 20:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0a:2b00:20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/37j_LzoL_EHq3BivnlKs0QBSQUk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/37j_LzoL_EHq3BivnlKs0QBSQUk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/37j_LzoL_EHq3BivnlKs0QBSQUk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:02:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:1e:68:d5:f8:db:19:d2:23:3f:46:3b:16:ad:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfb8ff2f3a0bfc41eadc18af9e52acd100524149
        Validity
            Not Before: Jan  1 20:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e820a263a9a18ab3389c1b8a05fea00169df7ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:b2:84:c7:b1:1d:5a:5a:f1:6a:34:69:0d:2f:
                    c4:65:13:76:cc:31:a0:da:b3:64:78:fa:98:54:85:
                    1b:c8:84:f3:f4:59:c5:8f:09:43:e6:1a:5f:85:f9:
                    02:a4:b7:c2:00:3b:0b:08:c5:12:9f:bb:a9:f6:48:
                    e2:06:90:da:03:34:fd:0c:c0:41:b1:ce:55:95:19:
                    af:42:75:dc:01:50:73:c1:8e:24:a9:bc:bf:a9:ef:
                    49:e9:a1:e1:d6:8f:44:09:0c:0a:82:52:e9:02:75:
                    e5:e1:9b:54:a3:8d:eb:bb:a3:23:7d:c7:78:89:78:
                    26:3a:02:20:77:66:fe:a3:e8:fd:23:8e:0a:93:f1:
                    a7:f1:b6:37:9d:cd:0c:80:2f:7f:58:51:b4:a5:c3:
                    47:ce:0f:87:85:ef:a8:cc:dc:58:57:c5:4b:91:88:
                    2f:4d:0c:ae:92:67:8b:24:66:53:11:26:bb:8f:7e:
                    6d:ca:55:45:b9:c2:16:04:1b:86:4b:ed:23:b3:15:
                    7b:0d:f2:fa:f4:4a:af:28:22:d3:16:9a:85:6c:89:
                    6d:a9:45:d3:6a:ff:a5:ba:85:c2:c1:4c:d8:e8:00:
                    df:58:50:a0:d1:82:dc:ae:e8:8d:6b:ea:04:8b:d0:
                    5c:6f:26:e1:af:d8:2f:17:04:ac:ad:b2:6b:95:97:
                    6a:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:82:0A:26:3A:9A:18:AB:33:89:C1:B8:A0:5F:EA:00:16:9D:F7:EC
            X509v3 Authority Key Identifier:
                keyid:DF:B8:FF:2F:3A:0B:FC:41:EA:DC:18:AF:9E:52:AC:D1:00:52:41:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/37j_LzoL_EHq3BivnlKs0QBSQUk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/boIKJjqaGKszicG4oF_qABad9-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/37j_LzoL_EHq3BivnlKs0QBSQUk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2b00:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:4a:16:fe:bd:54:ff:8c:9b:ec:21:df:e4:0e:b1:70:8f:de:
         44:ef:89:4b:ef:72:7d:15:3a:5b:b3:13:cf:37:df:38:b7:52:
         d3:9e:30:58:d9:1b:9a:97:bd:5b:68:2f:6a:ef:71:5e:b1:c3:
         6d:14:c7:4c:fa:ea:f3:73:c8:43:3d:20:2e:fc:96:5c:9f:e7:
         89:10:96:c9:f0:3d:c5:b7:c3:7f:bf:88:12:9b:26:d4:d2:0e:
         68:a0:43:65:d1:c5:ea:80:ae:c6:2c:21:c2:2b:6f:fb:48:68:
         6f:5d:f9:a2:c1:f9:0c:2b:19:31:10:f3:68:b0:59:10:74:18:
         1e:4c:90:65:f3:d8:80:fb:a8:ed:a1:d1:00:c5:66:c5:45:ba:
         5c:e5:1c:b2:2e:9e:40:ea:c8:4a:d2:ab:57:6b:c2:4d:ba:7e:
         e8:62:f6:bb:7d:3c:e3:28:a6:ec:1a:c0:72:ef:df:2c:33:42:
         54:29:d3:83:11:aa:b0:55:9d:29:05:43:a1:cd:d8:a5:37:df:
         19:41:6e:9e:f4:64:07:18:1b:db:67:56:e0:c8:34:ab:bb:d7:
         0c:f3:f5:4e:9a:d7:74:ac:59:41:84:68:d6:be:48:cc:43:1b:
         95:f0:2a:f2:60:bf:0c:d6:a5:c8:7b:f2:b6:c1:c9:fa:45:cc:
         e1:a1:67:bc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuR5o1fjbGdIjP0Y7Fq0NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYjhmZjJmM2EwYmZjNDFlYWRjMThhZjllNTJhY2QxMDA1
MjQxNDkwHhcNMjQwMTAxMjAzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTgyMGEyNjNhOWExOGFiMzM4OWMxYjhhMDVmZWEwMDE2OWRmN2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgbKEx7EdWlrxajRpDS/EZRN2zDGg
2rNkePqYVIUbyITz9FnFjwlD5hpfhfkCpLfCADsLCMUSn7up9kjiBpDaAzT9DMBB
sc5VlRmvQnXcAVBzwY4kqby/qe9J6aHh1o9ECQwKglLpAnXl4ZtUo43ru6Mjfcd4
iXgmOgIgd2b+o+j9I44Kk/Gn8bY3nc0MgC9/WFG0pcNHzg+Hhe+ozNxYV8VLkYgv
TQyukmeLJGZTESa7j35tylVFucIWBBuGS+0jsxV7DfL69EqvKCLTFpqFbIltqUXT
av+luoXCwUzY6ADfWFCg0YLcruiNa+oEi9Bcbybhr9gvFwSsrbJrlZdq3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG6CCiY6mhirM4nBuKBf6gAWnffsMB8GA1UdIwQY
MBaAFN+4/y86C/xB6twYr55SrNEAUkFJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzdqX0x6b0xfRUhxM0Jpdm5sS3MwUUJTUVVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC82Yjg3YWYtYTIxMi00ODBkLWE0ZDQt
YTNkZjNiNjljZTVhLzEvYm9JS0pqcWFHS3N6aWNHNG9GX3FBQmFkOS13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC82Yjg3YWYtYTIxMi00ODBkLWE0ZDQtYTNkZjNiNjljZTVh
LzEvMzdqX0x6b0xfRUhxM0Jpdm5sS3MwUUJTUVVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgorAAAg
MA0GCSqGSIb3DQEBCwUAA4IBAQASShb+vVT/jJvsId/kDrFwj95E74lL73J9FTpb
sxPPN984t1LTnjBY2Rual71baC9q73FescNtFMdM+urzc8hDPSAu/JZcn+eJEJbJ
8D3Ft8N/v4gSmybU0g5ooENl0cXqgK7GLCHCK2/7SGhvXfmiwfkMKxkxEPNosFkQ
dBgeTJBl89iA+6jtodEAxWbFRbpc5RyyLp5A6shK0qtXa8JNun7oYva7fTzjKKbs
GsBy798sM0JUKdODEaqwVZ0pBUOhzdilN98ZQW6e9GQHGBvbZ1bgyDSru9cM8/VO
mtd0rFlBhGjWvkjMQxuV8CryYL8M1qXIe/K2wcn6RczhoWe8
-----END CERTIFICATE-----