Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/bZWRIOHLScv4G_o29PUjg9ElAJU.roa
File:                     bZWRIOHLScv4G_o29PUjg9ElAJU.roa (raw, json)
Hash identifier:          /3adZNaAEmI6/Dn1P0IxzbxypSyk06ylEQ7X7CVs0ng=
Subject key identifier:   6D:95:91:20:E1:CB:49:CB:F8:1B:FA:36:F4:F5:23:83:D1:25:00:95
Certificate issuer:       /CN=5ac466cc89f9db4e31c5400d2ae7a2bffdb22547
Certificate serial:       018CC3490E36E852BA41C118BBE0ACBE7F3C
Authority key identifier: 5A:C4:66:CC:89:F9:DB:4E:31:C5:40:0D:2A:E7:A2:BF:FD:B2:25:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WsRmzIn5204xxUANKueiv_2yJUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/bZWRIOHLScv4G_o29PUjg9ElAJU.roa
Signing time:             Mon 01 Jan 2024 04:29:54 +0000
ROA not before:           Mon 01 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397568
IP address blocks:        2a06:6540:2003::/48 maxlen: 48
                          2a06:6541:2003::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/WsRmzIn5204xxUANKueiv_2yJUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/WsRmzIn5204xxUANKueiv_2yJUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WsRmzIn5204xxUANKueiv_2yJUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:0e:36:e8:52:ba:41:c1:18:bb:e0:ac:be:7f:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ac466cc89f9db4e31c5400d2ae7a2bffdb22547
        Validity
            Not Before: Jan  1 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d959120e1cb49cbf81bfa36f4f52383d1250095
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:98:49:a8:36:94:fa:7b:c3:20:1f:f9:3b:0e:
                    00:fa:f6:5e:07:67:12:9c:e7:fa:49:db:19:94:c8:
                    9e:d8:ad:97:a2:4e:64:01:15:80:3b:e1:35:40:e9:
                    27:35:c5:71:1d:da:6c:d9:fb:9a:a6:60:07:00:cd:
                    d7:e3:5a:31:4a:b5:17:a2:59:39:a3:fe:00:f4:d1:
                    c1:cd:66:ab:a8:3e:f0:7f:9d:c2:b8:ce:ba:14:b8:
                    d6:57:bc:2c:67:90:d1:64:5a:ff:73:fc:1b:a0:53:
                    53:1e:0a:6d:73:01:0a:9f:97:21:f7:d4:73:b9:44:
                    f3:57:c2:b6:49:8c:84:37:7e:5a:18:c4:67:42:af:
                    34:b8:a3:f5:3a:39:b2:b4:39:12:8b:20:e6:cd:e9:
                    f2:30:4a:d5:3a:d5:d4:01:e9:a6:6b:77:36:a0:3e:
                    03:d1:51:ea:a2:0a:d9:03:bb:1a:60:22:86:f0:99:
                    74:55:f4:7a:70:cc:76:47:89:c8:e1:ea:12:7d:3b:
                    28:43:65:76:6f:f1:e9:3f:78:2d:6e:24:00:b3:e9:
                    81:2e:11:fb:90:98:d7:25:bf:ce:54:e7:3c:1f:ee:
                    aa:fd:31:42:bc:cb:69:16:58:9b:91:a6:f3:1c:ad:
                    d9:eb:49:b2:b5:e9:b3:f0:9d:f8:cb:da:ac:2b:49:
                    a5:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:95:91:20:E1:CB:49:CB:F8:1B:FA:36:F4:F5:23:83:D1:25:00:95
            X509v3 Authority Key Identifier:
                keyid:5A:C4:66:CC:89:F9:DB:4E:31:C5:40:0D:2A:E7:A2:BF:FD:B2:25:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WsRmzIn5204xxUANKueiv_2yJUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/bZWRIOHLScv4G_o29PUjg9ElAJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/WsRmzIn5204xxUANKueiv_2yJUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:6540:2003::/48
                  2a06:6541:2003::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:76:76:75:37:b8:72:f4:33:52:8d:ec:94:fa:91:09:6e:1d:
         0f:fe:de:55:2f:3c:c9:36:e3:ed:6a:df:68:46:c3:0d:81:fa:
         46:9a:8e:68:32:fe:eb:a5:63:78:a8:03:0b:17:ef:4a:29:b7:
         45:6e:6c:48:98:4e:c7:a8:6c:c0:e8:d9:e1:17:cf:df:95:e2:
         db:67:45:89:61:18:2f:40:03:eb:85:3a:b8:e4:03:41:3b:83:
         74:2f:24:da:07:4a:92:93:3b:dc:5c:21:a2:21:a8:d7:75:1d:
         79:75:0c:11:d9:7a:7b:84:c0:1d:2a:90:85:0d:0c:7d:54:66:
         96:db:de:d4:fd:c7:6e:12:68:47:b0:41:7e:4a:52:2b:90:52:
         dd:8f:75:aa:6a:9d:e7:23:95:d0:cf:fd:8c:c8:12:37:4a:59:
         6e:1e:41:70:ae:d4:0b:6a:b3:70:10:3e:1e:16:5d:ab:99:ab:
         20:50:9b:36:24:ae:f5:cb:46:9d:ee:e3:f7:b4:3a:9c:e5:89:
         6e:84:62:9f:d7:4b:d7:c7:f9:bf:9f:66:7d:69:c3:b7:d5:b6:
         11:60:3c:11:84:c0:45:64:9c:e4:e9:37:fa:b9:3f:43:d1:7f:
         0f:32:53:d8:83:f1:38:52:9c:79:00:c0:fa:e4:c9:52:63:0f:
         1b:92:41:4e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDSQ426FK6QcEYu+Csvn88MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYzQ2NmNjODlmOWRiNGUzMWM1NDAwZDJhZTdhMmJmZmRi
MjI1NDcwHhcNMjQwMTAxMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDk1OTEyMGUxY2I0OWNiZjgxYmZhMzZmNGY1MjM4M2QxMjUwMDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZhJqDaU+nvDIB/5Ow4A+vZeB2cS
nOf6SdsZlMie2K2Xok5kARWAO+E1QOknNcVxHdps2fuapmAHAM3X41oxSrUXolk5
o/4A9NHBzWarqD7wf53CuM66FLjWV7wsZ5DRZFr/c/wboFNTHgptcwEKn5ch99Rz
uUTzV8K2SYyEN35aGMRnQq80uKP1OjmytDkSiyDmzenyMErVOtXUAemma3c2oD4D
0VHqogrZA7saYCKG8Jl0VfR6cMx2R4nI4eoSfTsoQ2V2b/HpP3gtbiQAs+mBLhH7
kJjXJb/OVOc8H+6q/TFCvMtpFlibkabzHK3Z60mytemz8J34y9qsK0mlKQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG2VkSDhy0nL+Bv6NvT1I4PRJQCVMB8GA1UdIwQY
MBaAFFrEZsyJ+dtOMcVADSrnor/9siVHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3NSbXpJbjUyMDR4eFVBTkt1ZWl2XzJ5SlVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9lMjljODctNDY4My00NDNlLTg4M2Yt
OWFiZDFhYTY0YmUxLzEvYlpXUklPSExTY3Y0R19vMjlQVWpnOUVsQUpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9lMjljODctNDY4My00NDNlLTg4M2YtOWFiZDFhYTY0YmUx
LzEvV3NSbXpJbjUyMDR4eFVBTkt1ZWl2XzJ5SlVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgZlQCAD
AwcAKgZlQSADMA0GCSqGSIb3DQEBCwUAA4IBAQCIdnZ1N7hy9DNSjeyU+pEJbh0P
/t5VLzzJNuPtat9oRsMNgfpGmo5oMv7rpWN4qAMLF+9KKbdFbmxImE7HqGzA6Nnh
F8/fleLbZ0WJYRgvQAPrhTq45ANBO4N0LyTaB0qSkzvcXCGiIajXdR15dQwR2Xp7
hMAdKpCFDQx9VGaW297U/cduEmhHsEF+SlIrkFLdj3Wqap3nI5XQz/2MyBI3Sllu
HkFwrtQLarNwED4eFl2rmasgUJs2JK71y0ad7uP3tDqc5YluhGKf10vXx/m/n2Z9
acO31bYRYDwRhMBFZJzk6Tf6uT9D0X8PMlPYg/E4Upx5AMD65MlSYw8bkkFO
-----END CERTIFICATE-----