Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/d6ByhanaxQlbQW2apBiZT2sfMnw.roa
File:                     d6ByhanaxQlbQW2apBiZT2sfMnw.roa (raw, json)
Hash identifier:          js7Aw1ZoOAfaeV/ZACQ4ZQ4ADwN/dO0WjKflH1hqz4k=
Subject key identifier:   77:A0:72:85:A9:DA:C5:09:5B:41:6D:9A:A4:18:99:4F:6B:1F:32:7C
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018CC8DE36BEF0D91835D7DA83D9EBFCCCEC
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/d6ByhanaxQlbQW2apBiZT2sfMnw.roa
Signing time:             Tue 02 Jan 2024 06:30:55 +0000
ROA not before:           Tue 02 Jan 2024 06:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204490
IP address blocks:        2a0d:c102::/32 maxlen: 32
                          2a0d:afc7::/32 maxlen: 32
                          2a06:d644::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:36:be:f0:d9:18:35:d7:da:83:d9:eb:fc:cc:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jan  2 06:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77a07285a9dac5095b416d9aa418994f6b1f327c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:58:47:cd:71:de:b8:4c:ab:75:44:dd:5e:19:
                    6d:e8:d1:b1:a1:37:9f:c4:d2:63:6f:f6:6e:ec:5d:
                    52:be:5a:39:79:56:eb:91:14:99:2c:17:47:aa:37:
                    ed:af:e0:ac:8c:6c:1e:d0:00:5e:b6:b0:60:96:c6:
                    62:28:4f:14:6a:15:9c:a3:66:f1:21:65:d4:36:53:
                    34:9e:5f:f5:72:80:76:7c:84:07:ba:9e:62:d9:25:
                    4f:93:91:41:3b:08:52:12:c8:3a:eb:36:4c:d6:83:
                    65:a4:dc:14:c5:da:83:0c:24:01:50:36:0d:45:66:
                    fc:1c:8f:3f:e5:8d:e0:6a:09:9b:aa:c7:65:9a:c9:
                    2d:4d:af:1b:04:89:70:59:64:62:33:ae:96:3d:41:
                    66:8e:f6:32:df:6e:36:06:1a:50:bf:0a:c8:48:eb:
                    81:95:59:a9:bf:76:47:83:47:47:7d:7e:10:37:7f:
                    40:95:83:fa:54:a5:ee:37:2a:8f:d3:45:2a:63:88:
                    40:56:92:b3:f4:f3:29:1d:bc:e1:70:83:7b:54:02:
                    53:26:af:e9:31:7c:d9:0c:0f:6d:98:99:b6:f9:0c:
                    88:e4:dd:6b:92:5d:a1:14:e5:21:aa:ca:0e:fa:0a:
                    d2:a9:0a:60:5c:9a:fb:45:cc:7f:9e:6c:88:e5:27:
                    0d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:A0:72:85:A9:DA:C5:09:5B:41:6D:9A:A4:18:99:4F:6B:1F:32:7C
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/d6ByhanaxQlbQW2apBiZT2sfMnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:d644::/32
                  2a0d:afc7::/32
                  2a0d:c102::/32

    Signature Algorithm: sha256WithRSAEncryption
         b1:c8:e1:83:20:56:72:7e:bd:81:5a:d7:f2:ae:c7:36:c2:43:
         b0:c3:c6:77:17:10:15:0a:ce:2f:a2:70:a5:52:c6:02:8d:ec:
         4f:c5:ef:b5:54:60:8c:33:27:86:5d:98:c9:17:45:38:8c:0a:
         d1:e7:a4:61:03:c8:f8:ad:b0:91:80:a3:d2:0e:86:f3:75:3b:
         18:33:ad:48:97:5d:86:7d:c9:84:b3:8a:d3:4e:3e:e9:ba:07:
         e8:38:a0:d2:fb:59:b9:b0:de:48:de:01:0c:be:5c:8b:a7:2c:
         af:21:0d:49:72:31:26:01:63:76:9c:03:cb:25:18:34:51:a3:
         03:34:2c:5b:81:5b:07:b3:da:ae:7c:9d:2e:8a:e0:3f:34:a6:
         07:57:3c:bf:a8:81:a3:9d:e1:7e:30:f9:10:56:ea:39:90:60:
         0d:7f:e4:8f:7e:90:b1:16:53:8f:40:b2:c6:51:e3:c3:3b:33:
         bb:03:9d:c3:7d:ec:84:8e:4e:df:d0:dc:3d:52:c2:97:6e:08:
         77:d6:3d:e1:42:82:10:79:69:43:92:bd:b1:a9:b7:72:ce:62:
         e3:fb:e3:6a:00:11:78:51:0f:86:6f:34:fb:b6:18:29:71:95:
         6e:db:54:78:0c:aa:84:e2:7b:84:77:93:e8:be:9c:12:79:bb:
         3c:19:c4:96
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3ja+8NkYNdfag9nr/MzsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMTAyMDYzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2EwNzI4NWE5ZGFjNTA5NWI0MTZkOWFhNDE4OTk0ZjZiMWYzMjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFhHzXHeuEyrdUTdXhlt6NGxoTef
xNJjb/Zu7F1Svlo5eVbrkRSZLBdHqjftr+CsjGwe0ABetrBglsZiKE8UahWco2bx
IWXUNlM0nl/1coB2fIQHup5i2SVPk5FBOwhSEsg66zZM1oNlpNwUxdqDDCQBUDYN
RWb8HI8/5Y3gagmbqsdlmsktTa8bBIlwWWRiM66WPUFmjvYy3242BhpQvwrISOuB
lVmpv3ZHg0dHfX4QN39AlYP6VKXuNyqP00UqY4hAVpKz9PMpHbzhcIN7VAJTJq/p
MXzZDA9tmJm2+QyI5N1rkl2hFOUhqsoO+grSqQpgXJr7Rcx/nmyI5ScNXQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHegcoWp2sUJW0FtmqQYmU9rHzJ8MB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvZDZCeWhhbmF4UWxiUVcyYXBCaVpUMnNmTW53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgbWRAMF
ACoNr8cDBQAqDcECMA0GCSqGSIb3DQEBCwUAA4IBAQCxyOGDIFZyfr2BWtfyrsc2
wkOww8Z3FxAVCs4vonClUsYCjexPxe+1VGCMMyeGXZjJF0U4jArR56RhA8j4rbCR
gKPSDobzdTsYM61Il12GfcmEs4rTTj7pugfoOKDS+1m5sN5I3gEMvlyLpyyvIQ1J
cjEmAWN2nAPLJRg0UaMDNCxbgVsHs9qufJ0uiuA/NKYHVzy/qIGjneF+MPkQVuo5
kGANf+SPfpCxFlOPQLLGUePDOzO7A53DfeyEjk7f0Nw9UsKXbgh31j3hQoIQeWlD
kr2xqbdyzmLj++NqABF4UQ+GbzT7thgpcZVu21R4DKqE4nuEd5PovpwSebs8GcSW
-----END CERTIFICATE-----