Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/6mtbwnqqMdIVKLnH-8XNwF-2Mmk.roa
File:                     6mtbwnqqMdIVKLnH-8XNwF-2Mmk.roa (raw, json)
Hash identifier:          PGGjzu893/Jfmc9YUUzVNZHJDH+7efyd7GnCEh1q3gM=
Subject key identifier:   EA:6B:5B:C2:7A:AA:31:D2:15:28:B9:C7:FB:C5:CD:C0:5F:B6:32:69
Certificate issuer:       /CN=f60846f21c56a8513d31c155dd199197a3ffc7c0
Certificate serial:       018CC2DABABBC39E6923B09BE2B170228B5A
Authority key identifier: F6:08:46:F2:1C:56:A8:51:3D:31:C1:55:DD:19:91:97:A3:FF:C7:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9ghG8hxWqFE9McFV3RmRl6P_x8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/6mtbwnqqMdIVKLnH-8XNwF-2Mmk.roa
Signing time:             Mon 01 Jan 2024 02:29:23 +0000
ROA not before:           Mon 01 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48606
IP address blocks:        2a0c:5705::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/9ghG8hxWqFE9McFV3RmRl6P_x8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/9ghG8hxWqFE9McFV3RmRl6P_x8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9ghG8hxWqFE9McFV3RmRl6P_x8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ba:bb:c3:9e:69:23:b0:9b:e2:b1:70:22:8b:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f60846f21c56a8513d31c155dd199197a3ffc7c0
        Validity
            Not Before: Jan  1 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea6b5bc27aaa31d21528b9c7fbc5cdc05fb63269
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a0:7d:8d:5e:01:d0:71:7b:db:e4:e6:6f:53:
                    d7:26:2a:0c:3d:9d:9c:1d:01:f2:d3:ad:b5:3f:6e:
                    d8:ba:8f:66:5a:b5:0d:8c:0e:b8:4d:b0:43:da:91:
                    0f:aa:18:49:2c:44:0b:d4:d3:83:47:62:7a:90:0d:
                    74:bc:05:bf:ae:40:71:18:b4:25:84:52:18:eb:3b:
                    25:1b:35:77:cd:8d:9e:74:60:81:4c:cb:69:8c:1e:
                    a9:3c:28:ef:4c:9c:a6:4f:18:90:d2:18:2f:fc:4a:
                    7c:9c:24:14:24:32:c4:af:c0:1e:61:f0:89:7b:98:
                    71:1b:f9:97:32:00:34:73:fd:61:82:ba:36:f3:b1:
                    bc:12:45:0b:1e:6d:18:0c:7f:8b:e8:87:74:6c:a4:
                    59:10:a2:e1:e1:49:cb:b1:ae:7b:cb:f3:5a:ab:e1:
                    34:e0:f0:01:53:cf:b3:e2:1b:4f:b9:7a:89:d6:2c:
                    3a:21:86:d8:c3:0f:85:e5:11:05:4d:46:1b:98:d4:
                    6a:0b:82:a9:f3:f4:1b:33:89:77:ad:b1:97:99:be:
                    28:ce:f1:f7:e6:81:24:bc:09:6a:65:72:18:39:0f:
                    1b:6e:a4:1b:cf:2b:da:cf:b6:b5:d6:1e:61:b7:02:
                    4c:83:e2:8d:6d:91:d2:88:d7:98:41:4d:81:0f:c6:
                    ea:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:6B:5B:C2:7A:AA:31:D2:15:28:B9:C7:FB:C5:CD:C0:5F:B6:32:69
            X509v3 Authority Key Identifier:
                keyid:F6:08:46:F2:1C:56:A8:51:3D:31:C1:55:DD:19:91:97:A3:FF:C7:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9ghG8hxWqFE9McFV3RmRl6P_x8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/6mtbwnqqMdIVKLnH-8XNwF-2Mmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/9ghG8hxWqFE9McFV3RmRl6P_x8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:5705::/32

    Signature Algorithm: sha256WithRSAEncryption
         04:e2:86:16:ac:0e:08:53:45:9e:30:18:0a:e5:46:9b:bb:b7:
         d7:35:5e:5a:93:f2:23:e4:b7:7c:b6:d1:d9:b2:09:fd:7b:47:
         32:83:07:f8:60:39:ef:50:d2:86:9d:e7:e7:17:e2:48:39:cc:
         22:71:27:a3:39:d4:3a:e3:f7:a8:bd:06:34:e0:65:b2:18:95:
         bb:c7:dc:ce:87:1b:0d:77:89:77:a6:66:35:6d:ac:0d:48:e9:
         62:3c:05:aa:a6:2d:0f:29:d7:9a:91:f7:2c:85:b7:2d:71:4d:
         7a:44:de:73:c4:60:d3:6d:bd:93:91:15:e9:54:09:6f:41:74:
         5b:21:0e:31:36:c6:48:cf:cb:b0:9b:07:8a:4c:0f:ff:9b:f9:
         57:84:6a:b1:93:f2:c2:83:1f:ea:ad:b2:95:ac:6e:c9:3f:95:
         5c:a2:b0:8d:50:8b:ce:51:3e:56:34:bb:e0:2c:ce:b4:76:8f:
         4a:ca:4a:11:81:4a:ab:bf:75:d7:76:50:71:0e:9d:61:b2:f3:
         c9:ca:b4:a9:67:ea:5f:c8:83:7f:77:ef:29:d5:9c:21:8a:d9:
         b1:df:a4:ee:90:86:04:4c:59:aa:25:0f:44:f3:d8:5f:73:cb:
         25:47:72:7e:45:d8:f2:53:a2:fc:20:aa:3a:59:75:86:00:0e:
         a3:1f:79:c2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzC2rq7w55pI7Cb4rFwIotaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MDg0NmYyMWM1NmE4NTEzZDMxYzE1NWRkMTk5MTk3YTNm
ZmM3YzAwHhcNMjQwMTAxMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTZiNWJjMjdhYWEzMWQyMTUyOGI5YzdmYmM1Y2RjMDVmYjYzMjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqB9jV4B0HF72+Tmb1PXJioMPZ2c
HQHy0621P27Yuo9mWrUNjA64TbBD2pEPqhhJLEQL1NODR2J6kA10vAW/rkBxGLQl
hFIY6zslGzV3zY2edGCBTMtpjB6pPCjvTJymTxiQ0hgv/Ep8nCQUJDLEr8AeYfCJ
e5hxG/mXMgA0c/1hgro287G8EkULHm0YDH+L6Id0bKRZEKLh4UnLsa57y/Naq+E0
4PABU8+z4htPuXqJ1iw6IYbYww+F5REFTUYbmNRqC4Kp8/QbM4l3rbGXmb4ozvH3
5oEkvAlqZXIYOQ8bbqQbzyvaz7a11h5htwJMg+KNbZHSiNeYQU2BD8bqKQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOprW8J6qjHSFSi5x/vFzcBftjJpMB8GA1UdIwQY
MBaAFPYIRvIcVqhRPTHBVd0ZkZej/8fAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWdoRzhoeFdxRkU5TWNGVjNSbVJsNlBfeDhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9hMGY0YmUtNGMwZC00ZGY1LTkwYzYt
YTZkNDVlZjdkMjI3LzEvNm10YnducXFNZElWS0xuSC04WE53Ri0yTW1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9hMGY0YmUtNGMwZC00ZGY1LTkwYzYtYTZkNDVlZjdkMjI3
LzEvOWdoRzhoeFdxRkU5TWNGVjNSbVJsNlBfeDhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgxXBTAN
BgkqhkiG9w0BAQsFAAOCAQEABOKGFqwOCFNFnjAYCuVGm7u31zVeWpPyI+S3fLbR
2bIJ/XtHMoMH+GA571DShp3n5xfiSDnMInEnoznUOuP3qL0GNOBlshiVu8fczocb
DXeJd6ZmNW2sDUjpYjwFqqYtDynXmpH3LIW3LXFNekTec8Rg0229k5EV6VQJb0F0
WyEOMTbGSM/LsJsHikwP/5v5V4RqsZPywoMf6q2ylaxuyT+VXKKwjVCLzlE+VjS7
4CzOtHaPSspKEYFKq79113ZQcQ6dYbLzycq0qWfqX8iDf3fvKdWcIYrZsd+k7pCG
BExZqiUPRPPYX3PLJUdyfkXY8lOi/CCqOll1hgAOox95wg==
-----END CERTIFICATE-----