Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/Fy0_hFiIZytB8xCPxEtWRkkTNRk.roa
File:                     Fy0_hFiIZytB8xCPxEtWRkkTNRk.roa (raw, json)
Hash identifier:          xAK8tz6Kc3A47MeH2eyt7VqHGHj7ufmuE6EAZWB07oc=
Subject key identifier:   17:2D:3F:84:58:88:67:2B:41:F3:10:8F:C4:4B:56:46:49:13:35:19
Certificate issuer:       /CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
Certificate serial:       018CC94E5E863A8042FD89443DF8834E0E89
Authority key identifier: EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/Fy0_hFiIZytB8xCPxEtWRkkTNRk.roa
Signing time:             Tue 02 Jan 2024 08:33:25 +0000
ROA not before:           Tue 02 Jan 2024 08:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201566
IP address blocks:        2a0e:a6c7:1000::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 13:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:5e:86:3a:80:42:fd:89:44:3d:f8:83:4e:0e:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
        Validity
            Not Before: Jan  2 08:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=172d3f845888672b41f3108fc44b564649133519
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:06:c4:67:00:94:16:83:93:65:e3:b7:02:18:
                    9a:94:29:19:6a:26:14:d1:9b:c1:f3:de:5e:e5:f2:
                    5a:67:8c:30:ef:e8:ac:81:ae:a4:08:3c:1c:22:96:
                    49:51:f8:c5:7d:8d:e8:29:a0:e1:67:83:6a:6c:92:
                    6f:99:71:17:00:bb:ce:31:72:62:82:b3:b6:8f:25:
                    2e:e8:0e:c4:f7:6b:6a:49:53:94:63:8f:b0:96:eb:
                    e7:87:65:5f:7d:31:ab:1d:fe:68:6b:38:d0:3d:16:
                    f9:42:eb:c6:4a:b5:d9:a8:a4:c6:49:59:0f:56:42:
                    fa:9e:23:60:a1:2a:c3:5d:b0:7b:6f:94:27:d7:79:
                    e3:66:0a:1e:48:90:4b:33:c9:ad:cf:98:10:5f:4d:
                    52:69:6e:27:2a:cc:2a:81:5c:97:91:b5:fb:a8:d1:
                    dc:c9:02:1e:32:22:51:62:62:04:f1:68:fa:cb:c2:
                    f8:97:79:cb:72:5c:26:7c:40:5b:58:ea:82:a9:63:
                    da:82:92:e3:ee:f9:53:b7:42:f5:b6:9a:aa:b2:c6:
                    57:dc:dd:cc:bb:cd:61:1d:72:06:21:26:29:23:40:
                    c8:22:d4:b2:60:7f:f2:d2:6d:77:e0:d7:b1:ed:20:
                    b7:6b:fe:79:53:20:6a:8b:2e:d8:f9:dc:8b:d1:ff:
                    63:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:2D:3F:84:58:88:67:2B:41:F3:10:8F:C4:4B:56:46:49:13:35:19
            X509v3 Authority Key Identifier:
                keyid:EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/Fy0_hFiIZytB8xCPxEtWRkkTNRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:a6c7:1000::/38

    Signature Algorithm: sha256WithRSAEncryption
         b5:f3:3f:ec:f7:b0:5c:e1:20:11:4f:16:07:36:32:3a:0a:23:
         97:a3:24:0d:6b:53:3e:ab:67:74:68:24:8c:3c:43:cc:49:d3:
         0c:43:a6:0a:de:58:74:fe:12:ee:60:5f:b2:96:27:dc:80:54:
         5d:d6:21:86:56:cc:25:91:66:9d:e2:a2:6e:37:83:71:6f:48:
         b6:05:b0:b6:1d:3f:43:e2:e3:1b:78:87:3e:60:44:30:a0:f0:
         ab:7b:e8:ec:05:73:70:e2:46:94:d8:2a:47:2e:8f:a4:16:a5:
         8a:71:a6:0d:5e:19:98:5c:78:b5:28:c7:5e:72:68:83:4b:bd:
         5c:3b:29:b0:f0:0d:55:82:78:b8:15:fd:d0:ed:ba:c7:3a:29:
         81:4e:a8:27:8e:b2:59:7c:60:5c:56:f0:1a:8c:dd:f4:6e:8f:
         6d:43:08:ad:1e:79:41:ac:8e:52:83:d0:98:5f:c7:ec:ca:1e:
         1a:86:64:cd:65:4f:36:d6:cd:55:12:d2:c1:4f:fd:46:63:cc:
         de:c8:dd:3c:6a:58:61:1e:62:34:07:2e:c2:1e:07:53:96:4f:
         c8:e1:0d:9e:58:6b:cb:a6:4a:e8:1e:b2:1f:bb:70:9c:72:b3:
         3c:f2:be:21:3c:1c:03:18:d1:53:92:83:77:c3:54:e8:65:20:
         61:af:8b:7c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTl6GOoBC/YlEPfiDTg6JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNmI0MjAyMTg4NmQ4ZWVkYmFlOTBkOWU2YWIxZGU1MzNj
NTBkMjAwHhcNMjQwMTAyMDgzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzJkM2Y4NDU4ODg2NzJiNDFmMzEwOGZjNDRiNTY0NjQ5MTMzNTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQbEZwCUFoOTZeO3AhialCkZaiYU
0ZvB895e5fJaZ4ww7+isga6kCDwcIpZJUfjFfY3oKaDhZ4NqbJJvmXEXALvOMXJi
grO2jyUu6A7E92tqSVOUY4+wluvnh2VffTGrHf5oazjQPRb5QuvGSrXZqKTGSVkP
VkL6niNgoSrDXbB7b5Qn13njZgoeSJBLM8mtz5gQX01SaW4nKswqgVyXkbX7qNHc
yQIeMiJRYmIE8Wj6y8L4l3nLclwmfEBbWOqCqWPagpLj7vlTt0L1tpqqssZX3N3M
u81hHXIGISYpI0DIItSyYH/y0m134Nex7SC3a/55UyBqiy7Y+dyL0f9jxwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBctP4RYiGcrQfMQj8RLVkZJEzUZMB8GA1UdIwQY
MBaAFOxrQgIYhtju266Q2earHeUzxQ0gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQt
YTY4NzNiMzc0ZTI2LzEvRnkwX2hGaUlaeXRCOHhDUHhFdFdSa2tUTlJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQtYTY4NzNiMzc0ZTI2
LzEvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKg6mxxAw
DQYJKoZIhvcNAQELBQADggEBALXzP+z3sFzhIBFPFgc2MjoKI5ejJA1rUz6rZ3Ro
JIw8Q8xJ0wxDpgreWHT+Eu5gX7KWJ9yAVF3WIYZWzCWRZp3iom43g3FvSLYFsLYd
P0Pi4xt4hz5gRDCg8Kt76OwFc3DiRpTYKkcuj6QWpYpxpg1eGZhceLUox15yaINL
vVw7KbDwDVWCeLgV/dDtusc6KYFOqCeOsll8YFxW8BqM3fRuj21DCK0eeUGsjlKD
0Jhfx+zKHhqGZM1lTzbWzVUS0sFP/UZjzN7I3TxqWGEeYjQHLsIeB1OWT8jhDZ5Y
a8umSugesh+7cJxyszzyviE8HAMY0VOSg3fDVOhlIGGvi3w=
-----END CERTIFICATE-----