Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/bnKC8C0hOMbLCW1j7nakO4-dnN0.roa
File:                     bnKC8C0hOMbLCW1j7nakO4-dnN0.roa (raw, json)
Hash identifier:          Tz69JCghhpMbKCvEzSfyoqPl3HACjAliwT3nsYvHG8U=
Subject key identifier:   6E:72:82:F0:2D:21:38:C6:CB:09:6D:63:EE:76:A4:3B:8F:9D:9C:DD
Certificate issuer:       /CN=86cb742a03bc9c85507217a25204dfff82fccdf9
Certificate serial:       018CCA2AA43D5C636C85F69E06DF5427FEBA
Authority key identifier: 86:CB:74:2A:03:BC:9C:85:50:72:17:A2:52:04:DF:FF:82:FC:CD:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/bnKC8C0hOMbLCW1j7nakO4-dnN0.roa
Signing time:             Tue 02 Jan 2024 12:34:01 +0000
ROA not before:           Tue 02 Jan 2024 12:34:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     135330
IP address blocks:        2a0a:eec0:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/hst0KgO8nIVQcheiUgTf_4L8zfk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/hst0KgO8nIVQcheiUgTf_4L8zfk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:a4:3d:5c:63:6c:85:f6:9e:06:df:54:27:fe:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cb742a03bc9c85507217a25204dfff82fccdf9
        Validity
            Not Before: Jan  2 12:34:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e7282f02d2138c6cb096d63ee76a43b8f9d9cdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:7e:99:19:c0:85:5d:7f:1c:af:d1:6e:fa:ad:
                    69:15:da:8c:5b:46:9e:aa:da:2d:01:57:2c:05:ed:
                    af:34:46:bd:c0:55:1a:06:39:18:46:99:93:34:a1:
                    e7:91:b0:6f:ab:90:ee:87:26:a5:af:50:93:a1:52:
                    83:78:7f:69:5f:02:00:6f:ff:20:b1:2d:2e:27:32:
                    9e:16:4e:08:67:48:fa:b4:31:c4:80:9d:5f:0c:8e:
                    1e:12:a4:ac:54:a0:96:fe:29:22:da:f9:7c:43:3c:
                    2a:f4:0a:65:dd:65:4a:92:27:72:64:4d:b7:62:e3:
                    c3:09:07:ec:2f:fc:27:01:f8:21:23:90:9d:00:6c:
                    bf:04:9e:ef:7b:5a:bf:cf:1e:f7:8a:9e:9f:d0:59:
                    f8:a5:36:d9:ae:fd:48:06:d4:e3:d2:f7:29:fd:42:
                    5f:55:db:49:b3:0a:4e:81:ff:53:23:38:e9:9c:d3:
                    e0:67:1d:b8:59:2b:05:a1:05:0f:e3:db:2f:b1:f0:
                    66:fd:fd:b3:7d:50:c0:df:a8:78:46:71:f8:2d:da:
                    d4:26:05:9b:25:91:2b:f9:d8:59:e0:d6:39:06:4d:
                    41:e9:b1:03:c1:6a:1f:3e:ba:de:96:1c:92:f6:40:
                    26:69:3c:f7:54:7f:95:9f:71:31:f1:71:82:1c:be:
                    5d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:72:82:F0:2D:21:38:C6:CB:09:6D:63:EE:76:A4:3B:8F:9D:9C:DD
            X509v3 Authority Key Identifier:
                keyid:86:CB:74:2A:03:BC:9C:85:50:72:17:A2:52:04:DF:FF:82:FC:CD:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/bnKC8C0hOMbLCW1j7nakO4-dnN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/hst0KgO8nIVQcheiUgTf_4L8zfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:eec0:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:d1:d7:d2:ec:26:95:c8:e4:30:20:af:ef:62:0d:cf:41:24:
         ed:85:bf:3c:0c:a0:0c:ac:b0:af:85:26:0a:de:ac:54:d9:79:
         7d:fb:db:fe:ea:d6:19:46:03:ae:0b:07:d9:ca:13:a9:e4:25:
         21:12:61:13:aa:71:0e:37:22:be:14:ae:38:5b:50:48:b7:d1:
         22:2f:96:8a:73:bb:6b:6d:20:21:3f:d6:82:14:d1:96:d1:27:
         7d:84:a1:65:f9:85:46:82:d2:7c:e1:c6:da:e8:32:0a:af:e5:
         5e:43:6f:86:39:d8:c7:d3:f2:98:fe:19:14:66:b2:6d:2c:8a:
         98:d5:e1:42:87:bb:51:83:3d:91:3c:f6:ae:60:04:79:18:dc:
         7e:40:92:7c:a2:a4:f5:b8:a2:f6:e7:60:81:7c:86:ab:a0:63:
         72:34:72:a6:17:7d:a8:a3:9a:5b:4d:e3:dc:17:7f:65:8e:fb:
         82:55:f7:a2:a2:e4:d3:c8:ae:34:40:d4:07:40:79:32:69:bf:
         a6:f2:75:d5:a3:68:a7:8f:32:c7:e8:4d:15:ad:08:ae:b1:18:
         d4:bc:99:1e:b8:e1:a1:a4:dc:e7:1c:83:a4:ce:69:c8:8c:0c:
         cb:1e:e6:fa:8e:05:66:6c:60:fd:8d:5e:94:cd:28:96:35:af:
         a6:04:b4:e8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKqQ9XGNshfaeBt9UJ/66MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2I3NDJhMDNiYzljODU1MDcyMTdhMjUyMDRkZmZmODJm
Y2NkZjkwHhcNMjQwMTAyMTIzNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTcyODJmMDJkMjEzOGM2Y2IwOTZkNjNlZTc2YTQzYjhmOWQ5Y2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk36ZGcCFXX8cr9Fu+q1pFdqMW0ae
qtotAVcsBe2vNEa9wFUaBjkYRpmTNKHnkbBvq5Duhyalr1CToVKDeH9pXwIAb/8g
sS0uJzKeFk4IZ0j6tDHEgJ1fDI4eEqSsVKCW/iki2vl8Qzwq9Apl3WVKkidyZE23
YuPDCQfsL/wnAfghI5CdAGy/BJ7ve1q/zx73ip6f0Fn4pTbZrv1IBtTj0vcp/UJf
VdtJswpOgf9TIzjpnNPgZx24WSsFoQUP49svsfBm/f2zfVDA36h4RnH4LdrUJgWb
JZEr+dhZ4NY5Bk1B6bEDwWofPrrelhyS9kAmaTz3VH+Vn3Ex8XGCHL5dUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG5ygvAtITjGywltY+52pDuPnZzdMB8GA1UdIwQY
MBaAFIbLdCoDvJyFUHIXolIE3/+C/M35MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN0MEtnTzhuSVZRY2hlaVVnVGZfNEw4emZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS83NjdhZTUtYjlhMi00OTkzLTgxYTgt
MDVmMThmYzIxMmE3LzEvYm5LQzhDMGhPTWJMQ1cxajduYWtPNC1kbk4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS83NjdhZTUtYjlhMi00OTkzLTgxYTgtMDVmMThmYzIxMmE3
LzEvaHN0MEtnTzhuSVZRY2hlaVVnVGZfNEw4emZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgruwAAI
MA0GCSqGSIb3DQEBCwUAA4IBAQAQ0dfS7CaVyOQwIK/vYg3PQSTthb88DKAMrLCv
hSYK3qxU2Xl9+9v+6tYZRgOuCwfZyhOp5CUhEmETqnEONyK+FK44W1BIt9EiL5aK
c7trbSAhP9aCFNGW0Sd9hKFl+YVGgtJ84cba6DIKr+VeQ2+GOdjH0/KY/hkUZrJt
LIqY1eFCh7tRgz2RPPauYAR5GNx+QJJ8oqT1uKL252CBfIaroGNyNHKmF32oo5pb
TePcF39ljvuCVfeiouTTyK40QNQHQHkyab+m8nXVo2injzLH6E0VrQiusRjUvJke
uOGhpNznHIOkzmnIjAzLHub6jgVmbGD9jV6UzSiWNa+mBLTo
-----END CERTIFICATE-----