Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/dfbaa2-4a27-4f3c-b9fc-fb01436a695f/1/zB-KcQWLjkB5LFcTxjhQlODrS1w.roa
File:                     zB-KcQWLjkB5LFcTxjhQlODrS1w.roa (raw, json)
Hash identifier:          FcPfmX63wJWscCP6HOF+dZkIBhmn1GcLoAa/VDIYcPk=
Subject key identifier:   CC:1F:8A:71:05:8B:8E:40:79:2C:57:13:C6:38:50:94:E0:EB:4B:5C
Certificate issuer:       /CN=5262505b488581c2ecd7582a34ece52632e3ef96
Certificate serial:       018CC6B78CB0676B2784545EA5792825427C
Authority key identifier: 52:62:50:5B:48:85:81:C2:EC:D7:58:2A:34:EC:E5:26:32:E3:EF:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UmJQW0iFgcLs11gqNOzlJjLj75Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/dfbaa2-4a27-4f3c-b9fc-fb01436a695f/1/zB-KcQWLjkB5LFcTxjhQlODrS1w.roa
Signing time:             Mon 01 Jan 2024 20:29:27 +0000
ROA not before:           Mon 01 Jan 2024 20:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2027
IP address blocks:        2a0b:cbc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/dfbaa2-4a27-4f3c-b9fc-fb01436a695f/1/UmJQW0iFgcLs11gqNOzlJjLj75Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/dfbaa2-4a27-4f3c-b9fc-fb01436a695f/1/UmJQW0iFgcLs11gqNOzlJjLj75Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UmJQW0iFgcLs11gqNOzlJjLj75Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:8c:b0:67:6b:27:84:54:5e:a5:79:28:25:42:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5262505b488581c2ecd7582a34ece52632e3ef96
        Validity
            Not Before: Jan  1 20:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc1f8a71058b8e40792c5713c6385094e0eb4b5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:fb:e1:8d:f7:01:c1:89:05:05:bf:cb:33:5b:
                    06:b1:31:1e:5c:68:3b:c3:3a:03:ea:4c:e9:62:b5:
                    8b:7c:ea:48:80:42:ae:e0:85:31:b2:0d:08:39:1f:
                    7d:d0:05:51:8a:13:4d:af:05:00:3f:08:87:0f:8b:
                    15:e5:f1:12:7a:0d:c0:3b:a3:67:43:35:b9:5e:0e:
                    85:9c:df:fb:2a:24:d8:16:a3:c1:6d:b9:dd:df:64:
                    eb:cc:53:9a:69:79:19:c6:86:87:41:05:5d:d1:9d:
                    ea:0b:e9:26:4b:10:8c:97:fa:0d:b1:94:79:d1:73:
                    65:e1:75:8c:0e:1e:82:59:8d:8c:2b:a4:9c:a8:5c:
                    dc:b9:12:21:38:55:45:c2:a1:f7:74:37:c5:ac:b1:
                    8c:be:90:f0:76:46:13:e1:0e:9f:30:1b:0a:28:43:
                    85:83:35:9f:1e:28:99:6e:00:17:2c:5d:b4:8c:04:
                    4e:34:e7:6f:19:7a:43:0f:38:dd:66:86:1c:33:ad:
                    80:0b:c4:81:c0:bf:f9:52:0f:21:b8:2e:fe:66:16:
                    af:9d:8f:ab:d5:96:26:55:bc:6d:9c:55:1f:0e:00:
                    32:ae:cb:70:b3:88:da:cb:5e:1a:f2:96:5b:2b:bc:
                    55:11:58:72:3e:5f:5b:8b:f8:cc:9a:3e:c7:dd:63:
                    1e:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:1F:8A:71:05:8B:8E:40:79:2C:57:13:C6:38:50:94:E0:EB:4B:5C
            X509v3 Authority Key Identifier:
                keyid:52:62:50:5B:48:85:81:C2:EC:D7:58:2A:34:EC:E5:26:32:E3:EF:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UmJQW0iFgcLs11gqNOzlJjLj75Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/dfbaa2-4a27-4f3c-b9fc-fb01436a695f/1/zB-KcQWLjkB5LFcTxjhQlODrS1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/dfbaa2-4a27-4f3c-b9fc-fb01436a695f/1/UmJQW0iFgcLs11gqNOzlJjLj75Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:cbc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:32:37:d3:f1:5b:4e:bc:91:e9:5e:44:98:d4:45:6e:8c:26:
         01:9f:15:d5:bd:2b:9d:20:97:20:09:34:88:37:0e:64:6a:5c:
         42:05:0b:d2:78:ef:7b:0c:2c:0f:13:d8:0c:5f:06:43:e6:4d:
         42:df:a6:e7:4d:81:e5:ad:2a:17:47:77:d3:82:f5:5d:d1:66:
         4e:84:e1:f3:25:27:64:1e:73:3f:d8:2a:9f:5e:f6:b3:66:86:
         0e:a8:ab:39:7a:7d:88:ca:c0:1a:d0:5c:91:b2:4d:c1:2b:93:
         7a:f0:fc:8f:f4:d6:af:9e:1e:3d:cb:84:b2:8c:58:67:c3:e1:
         84:6a:27:8a:98:e6:0c:9a:00:54:4e:f3:40:1f:d7:39:26:19:
         ec:fc:15:4c:74:74:e7:a1:b1:19:06:fd:18:44:e8:b9:0d:28:
         aa:91:79:41:77:5d:ef:36:d0:27:2e:38:71:7a:4a:0d:5b:4f:
         c9:35:a9:a5:78:21:1f:ce:fa:0f:8d:ae:a7:e2:0c:99:7d:dc:
         7e:cb:ec:a1:49:84:ee:23:8b:c5:d3:86:80:43:6b:4d:be:ac:
         28:9a:22:99:77:7c:2d:40:38:8e:45:05:2c:f9:05:97:64:86:
         cc:9a:3f:69:dc:41:1d:97:a6:5c:96:2c:0a:cb:5a:af:d8:22:
         9d:ec:ab:1a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGt4ywZ2snhFRepXkoJUJ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNjI1MDViNDg4NTgxYzJlY2Q3NTgyYTM0ZWNlNTI2MzJl
M2VmOTYwHhcNMjQwMTAxMjAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzFmOGE3MTA1OGI4ZTQwNzkyYzU3MTNjNjM4NTA5NGUwZWI0YjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/vhjfcBwYkFBb/LM1sGsTEeXGg7
wzoD6kzpYrWLfOpIgEKu4IUxsg0IOR990AVRihNNrwUAPwiHD4sV5fESeg3AO6Nn
QzW5Xg6FnN/7KiTYFqPBbbnd32TrzFOaaXkZxoaHQQVd0Z3qC+kmSxCMl/oNsZR5
0XNl4XWMDh6CWY2MK6ScqFzcuRIhOFVFwqH3dDfFrLGMvpDwdkYT4Q6fMBsKKEOF
gzWfHiiZbgAXLF20jARONOdvGXpDDzjdZoYcM62AC8SBwL/5Ug8huC7+ZhavnY+r
1ZYmVbxtnFUfDgAyrstws4jay14a8pZbK7xVEVhyPl9bi/jMmj7H3WMeMwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMwfinEFi45AeSxXE8Y4UJTg60tcMB8GA1UdIwQY
MBaAFFJiUFtIhYHC7NdYKjTs5SYy4++WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW1KUVcwaUZnY0xzMTFncU5PemxKakxqNzVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9kZmJhYTItNGEyNy00ZjNjLWI5ZmMt
ZmIwMTQzNmE2OTVmLzEvekItS2NRV0xqa0I1TEZjVHhqaFFsT0RyUzF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9kZmJhYTItNGEyNy00ZjNjLWI5ZmMtZmIwMTQzNmE2OTVm
LzEvVW1KUVcwaUZnY0xzMTFncU5PemxKakxqNzVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgvLwDAN
BgkqhkiG9w0BAQsFAAOCAQEARDI30/FbTryR6V5EmNRFbowmAZ8V1b0rnSCXIAk0
iDcOZGpcQgUL0njvewwsDxPYDF8GQ+ZNQt+m502B5a0qF0d304L1XdFmToTh8yUn
ZB5zP9gqn172s2aGDqirOXp9iMrAGtBckbJNwSuTevD8j/TWr54ePcuEsoxYZ8Ph
hGonipjmDJoAVE7zQB/XOSYZ7PwVTHR056GxGQb9GETouQ0oqpF5QXdd7zbQJy44
cXpKDVtPyTWppXghH876D42up+IMmX3cfsvsoUmE7iOLxdOGgENrTb6sKJoimXd8
LUA4jkUFLPkFl2SGzJo/adxBHZemXJYsCstar9gineyrGg==
-----END CERTIFICATE-----