Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/Ir8i5J8sjwmWXyPeQkDiK9bCuQU.roa
File:                     Ir8i5J8sjwmWXyPeQkDiK9bCuQU.roa (raw, json)
Hash identifier:          mPXfgMNhO0duUTyPhek1IZIVhDrqaXUkf4UpEwOjxZA=
Subject key identifier:   22:BF:22:E4:9F:2C:8F:09:96:5F:23:DE:42:40:E2:2B:D6:C2:B9:05
Certificate issuer:       /CN=e0f2f545ddb234e383d36b8a8d6b56a38dd72f89
Certificate serial:       018CC2DB3D8A90EC4009750A117E2167ABF2
Authority key identifier: E0:F2:F5:45:DD:B2:34:E3:83:D3:6B:8A:8D:6B:56:A3:8D:D7:2F:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4PL1Rd2yNOOD02uKjWtWo43XL4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/Ir8i5J8sjwmWXyPeQkDiK9bCuQU.roa
Signing time:             Mon 01 Jan 2024 02:29:57 +0000
ROA not before:           Mon 01 Jan 2024 02:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8823
IP address blocks:        2a0a:64c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/4PL1Rd2yNOOD02uKjWtWo43XL4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/4PL1Rd2yNOOD02uKjWtWo43XL4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4PL1Rd2yNOOD02uKjWtWo43XL4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3d:8a:90:ec:40:09:75:0a:11:7e:21:67:ab:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0f2f545ddb234e383d36b8a8d6b56a38dd72f89
        Validity
            Not Before: Jan  1 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22bf22e49f2c8f09965f23de4240e22bd6c2b905
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e8:ea:c2:87:33:51:c6:92:56:f4:e3:68:e5:
                    98:b0:db:91:cf:08:0d:2c:24:47:33:b0:60:cb:85:
                    0b:21:d0:81:f9:c5:9e:89:25:16:19:94:7f:08:67:
                    fc:26:a2:e2:2d:17:b5:f6:a6:9b:79:43:66:9d:63:
                    3a:46:c7:12:e2:3e:30:84:27:44:18:a1:0d:3e:ab:
                    2e:33:06:fd:dc:4a:50:92:d4:74:d6:55:4b:e6:43:
                    83:a2:6a:19:7c:18:5f:7e:c1:93:ce:71:00:99:3e:
                    4b:c3:a2:32:49:6f:92:aa:a8:f7:da:41:3d:a0:b7:
                    8e:6c:df:99:ac:fa:c3:5e:f2:5f:62:df:38:b9:a6:
                    51:10:d6:93:e7:18:29:97:93:f2:fc:c0:2c:40:ee:
                    99:e4:72:e6:83:ee:a6:c9:e2:48:b2:c9:b3:fa:7f:
                    1c:2d:58:48:c5:67:5d:cd:04:e6:c1:3d:af:75:bc:
                    b1:a4:4e:72:ce:1c:67:ef:15:d7:1a:56:e6:ab:98:
                    ca:a8:03:ad:11:24:ae:78:c9:00:b3:ba:a4:e1:35:
                    d0:57:0c:e8:40:91:60:e5:b4:df:fa:66:67:50:bb:
                    10:71:1e:6e:f9:bb:b5:85:8f:55:93:13:8b:d4:a5:
                    6d:ff:18:4f:dc:0e:98:37:f4:9b:d9:22:16:dd:4b:
                    1b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:BF:22:E4:9F:2C:8F:09:96:5F:23:DE:42:40:E2:2B:D6:C2:B9:05
            X509v3 Authority Key Identifier:
                keyid:E0:F2:F5:45:DD:B2:34:E3:83:D3:6B:8A:8D:6B:56:A3:8D:D7:2F:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4PL1Rd2yNOOD02uKjWtWo43XL4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/Ir8i5J8sjwmWXyPeQkDiK9bCuQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/4PL1Rd2yNOOD02uKjWtWo43XL4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:64c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6e:a3:f1:8a:8b:8c:3b:ec:d5:d7:5d:05:b4:5b:18:ab:a6:a8:
         6e:c6:61:93:a6:40:6d:0a:83:2a:2c:4a:8f:34:79:49:77:04:
         a6:95:32:fd:f7:f2:8f:66:1c:33:d1:49:89:7d:c3:5e:cf:02:
         fe:92:83:31:94:d7:8d:11:c2:df:64:79:72:28:a2:b9:af:d4:
         42:a1:64:a3:e0:a1:bf:5e:45:7c:e6:4f:fa:c5:b8:a2:fe:d2:
         31:69:b0:53:72:b4:33:b5:35:69:2e:68:fc:af:07:5b:4e:ff:
         8b:28:ac:35:60:3b:c5:57:23:77:3f:66:27:a0:4d:65:8d:49:
         62:a7:17:ba:c7:f9:b7:33:13:b4:11:be:c2:2b:c5:c3:16:56:
         a6:f6:50:1a:72:61:2d:f9:4d:2e:eb:73:2b:f9:d2:0e:09:e7:
         49:cd:9f:04:45:e0:d7:44:7b:04:55:9e:96:7c:50:ae:46:17:
         c8:f9:60:5f:68:64:1a:15:69:12:82:0d:b4:40:67:6f:2a:dc:
         a5:b1:ab:aa:ba:9d:ac:30:99:34:f9:18:33:7a:eb:e1:36:27:
         15:c3:5f:8c:76:d3:1a:e2:e9:cf:f3:2d:37:3d:2e:15:15:89:
         b3:56:33:58:46:ab:03:61:98:15:98:67:aa:78:86:18:eb:67:
         0d:24:7c:f3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzC2z2KkOxACXUKEX4hZ6vyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZjJmNTQ1ZGRiMjM0ZTM4M2QzNmI4YThkNmI1NmEzOGRk
NzJmODkwHhcNMjQwMTAxMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmJmMjJlNDlmMmM4ZjA5OTY1ZjIzZGU0MjQwZTIyYmQ2YzJiOTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkejqwoczUcaSVvTjaOWYsNuRzwgN
LCRHM7Bgy4ULIdCB+cWeiSUWGZR/CGf8JqLiLRe19qabeUNmnWM6RscS4j4whCdE
GKENPqsuMwb93EpQktR01lVL5kODomoZfBhffsGTznEAmT5Lw6IySW+Sqqj32kE9
oLeObN+ZrPrDXvJfYt84uaZRENaT5xgpl5Py/MAsQO6Z5HLmg+6myeJIssmz+n8c
LVhIxWddzQTmwT2vdbyxpE5yzhxn7xXXGlbmq5jKqAOtESSueMkAs7qk4TXQVwzo
QJFg5bTf+mZnULsQcR5u+bu1hY9VkxOL1KVt/xhP3A6YN/Sb2SIW3UsbvQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCK/IuSfLI8Jll8j3kJA4ivWwrkFMB8GA1UdIwQY
MBaAFODy9UXdsjTjg9Nrio1rVqON1y+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFBMMVJkMnlOT09EMDJ1S2pXdFdvNDNYTDRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9jODBjNWEtZmFlMi00NjZkLWFhMTYt
OGNhNmMzM2QxNGJiLzEvSXI4aTVKOHNqd21XWHlQZVFrRGlLOWJDdVFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9jODBjNWEtZmFlMi00NjZkLWFhMTYtOGNhNmMzM2QxNGJi
LzEvNFBMMVJkMnlOT09EMDJ1S2pXdFdvNDNYTDRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgpkwDAN
BgkqhkiG9w0BAQsFAAOCAQEAbqPxiouMO+zV110FtFsYq6aobsZhk6ZAbQqDKixK
jzR5SXcEppUy/ffyj2YcM9FJiX3DXs8C/pKDMZTXjRHC32R5ciiiua/UQqFko+Ch
v15FfOZP+sW4ov7SMWmwU3K0M7U1aS5o/K8HW07/iyisNWA7xVcjdz9mJ6BNZY1J
YqcXusf5tzMTtBG+wivFwxZWpvZQGnJhLflNLutzK/nSDgnnSc2fBEXg10R7BFWe
lnxQrkYXyPlgX2hkGhVpEoINtEBnbyrcpbGrqrqdrDCZNPkYM3rr4TYnFcNfjHbT
GuLpz/MtNz0uFRWJs1YzWEarA2GYFZhnqniGGOtnDSR88w==
-----END CERTIFICATE-----