Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/R6M-fLL460615TH9QSGcOFOg5XU.roa
File:                     R6M-fLL460615TH9QSGcOFOg5XU.roa (raw, json)
Hash identifier:          6S23Ed5Dfet65PDJMXTX9fMFACxwHD9mgsBFyK7xgtI=
Subject key identifier:   47:A3:3E:7C:B2:F8:EB:4E:B5:E5:31:FD:41:21:9C:38:53:A0:E5:75
Certificate issuer:       /CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
Certificate serial:       018CC348F9FEF722C5D4FF60A2AB91762631
Authority key identifier: A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/R6M-fLL460615TH9QSGcOFOg5XU.roa
Signing time:             Mon 01 Jan 2024 04:29:48 +0000
ROA not before:           Mon 01 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198022
IP address blocks:        144.208.215.96/28 maxlen: 28
                          2a00:11c0:47:df::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f9:fe:f7:22:c5:d4:ff:60:a2:ab:91:76:26:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
        Validity
            Not Before: Jan  1 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47a33e7cb2f8eb4eb5e531fd41219c3853a0e575
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:c6:6c:25:87:68:a5:bb:fd:be:b6:a3:b6:02:
                    91:7a:2e:4c:2a:23:46:65:3e:2f:39:87:6a:f6:98:
                    19:bd:86:0b:3e:c2:68:35:ac:11:1d:ee:4a:23:7c:
                    d4:ce:03:ba:f2:ee:a4:c6:4d:c6:12:b7:ec:47:77:
                    11:76:a8:46:97:a5:73:b8:0d:88:6b:9e:55:53:34:
                    9d:49:fb:54:48:74:ce:9e:fe:de:89:ec:c3:91:e3:
                    da:5b:e4:73:e3:89:ee:9b:d8:9f:de:75:8b:3c:06:
                    b4:88:5c:d1:d6:eb:8d:ba:05:a4:0a:e3:15:8b:c5:
                    27:d1:27:09:ce:64:73:1f:c9:f5:e3:f5:3c:20:65:
                    b5:1c:ad:d9:8d:12:bb:80:8e:89:bf:68:84:88:cf:
                    cc:fd:7a:62:da:80:c3:13:47:34:1e:02:6f:5f:00:
                    d6:7a:5d:bf:9d:c5:2e:ab:88:ef:cc:18:8b:56:05:
                    86:18:3a:a1:cd:ba:08:22:a8:66:9a:f6:90:9c:41:
                    4c:63:a9:a4:07:6d:4c:65:14:4f:5d:66:6e:2f:9d:
                    66:52:97:a2:7a:2f:7c:f1:e1:4a:38:fc:a7:99:0d:
                    89:97:ae:58:cc:df:3d:41:95:fd:ef:f3:10:c4:eb:
                    f1:11:8f:9d:fe:f6:1e:be:89:70:94:28:d8:22:cc:
                    f4:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:A3:3E:7C:B2:F8:EB:4E:B5:E5:31:FD:41:21:9C:38:53:A0:E5:75
            X509v3 Authority Key Identifier:
                keyid:A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/R6M-fLL460615TH9QSGcOFOg5XU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.208.215.96/28
                IPv6:
                  2a00:11c0:47:df::/64

    Signature Algorithm: sha256WithRSAEncryption
         21:fa:1e:5e:48:95:cc:f3:1f:6c:c7:64:29:71:2b:67:29:1d:
         4a:c8:16:ac:de:2a:a9:54:03:d0:63:33:a6:a6:54:40:9b:b6:
         47:8b:20:7e:6b:ea:e3:4e:38:58:67:a9:18:db:81:2f:25:a2:
         1e:4b:f4:01:ad:0a:20:2c:b7:f2:ed:aa:0e:8e:38:aa:c2:e4:
         88:5c:a9:89:3e:33:cd:7b:51:7b:e2:d6:e7:b9:66:93:cc:7f:
         6f:1d:db:d9:3a:df:fa:f1:f6:95:ee:30:ca:9e:d4:e1:1e:dc:
         17:8c:47:5f:09:20:b8:5e:4a:1d:07:34:02:2b:73:dc:b1:d4:
         88:ed:de:00:67:88:09:d2:01:7a:72:69:eb:16:43:19:07:66:
         7a:1e:05:1f:20:9b:7a:b7:82:ef:00:a7:9b:b8:a8:e3:83:65:
         19:21:3a:33:f9:b4:3c:f5:e5:63:84:cf:7d:5a:c5:14:f1:d1:
         d9:1e:e3:02:01:9c:d1:9c:ef:fd:fa:31:a0:ec:7c:13:c1:19:
         0f:fa:8b:57:18:06:6c:74:9c:37:be:64:bf:2a:3c:ac:dd:b6:
         40:9f:77:f6:2a:d3:a4:fa:95:b2:0f:37:23:1a:d0:9a:b9:09:
         9d:8a:48:05:b3:8e:ee:cf:9f:ef:1d:9d:dc:80:86:14:cf:2b:
         97:9d:50:86
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzDSPn+9yLF1P9goquRdiYxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MzlhZmViYWNlODk5YThlZTBiYjRmOGJiNDQ3NWZlMjQ3
YTE1MjgwHhcNMjQwMTAxMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2EzM2U3Y2IyZjhlYjRlYjVlNTMxZmQ0MTIxOWMzODUzYTBlNTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgcZsJYdopbv9vrajtgKRei5MKiNG
ZT4vOYdq9pgZvYYLPsJoNawRHe5KI3zUzgO68u6kxk3GErfsR3cRdqhGl6VzuA2I
a55VUzSdSftUSHTOnv7eiezDkePaW+Rz44num9if3nWLPAa0iFzR1uuNugWkCuMV
i8Un0ScJzmRzH8n14/U8IGW1HK3ZjRK7gI6Jv2iEiM/M/Xpi2oDDE0c0HgJvXwDW
el2/ncUuq4jvzBiLVgWGGDqhzboIIqhmmvaQnEFMY6mkB21MZRRPXWZuL51mUpei
ei988eFKOPynmQ2Jl65YzN89QZX97/MQxOvxEY+d/vYevolwlCjYIsz0VQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFEejPnyy+OtOteUx/UEhnDhToOV1MB8GA1UdIwQY
MBaAFKU5r+us6Jmo7gu0+LtEdf4kehUoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYt
NzQxMzk1OTEzMTJlLzEvUjZNLWZMTDQ2MDYxNVRIOVFTR2NPRk9nNVhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYtNzQxMzk1OTEzMTJl
LzEvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjANBAIAATAHAwUEkNDXYDAR
BAIAAjALAwkAKgARwABHAN8wDQYJKoZIhvcNAQELBQADggEBACH6Hl5IlczzH2zH
ZClxK2cpHUrIFqzeKqlUA9BjM6amVECbtkeLIH5r6uNOOFhnqRjbgS8loh5L9AGt
CiAst/Ltqg6OOKrC5IhcqYk+M817UXvi1ue5ZpPMf28d29k63/rx9pXuMMqe1OEe
3BeMR18JILheSh0HNAIrc9yx1Ijt3gBniAnSAXpyaesWQxkHZnoeBR8gm3q3gu8A
p5u4qOODZRkhOjP5tDz15WOEz31axRTx0dke4wIBnNGc7/36MaDsfBPBGQ/6i1cY
Bmx0nDe+ZL8qPKzdtkCfd/Yq06T6lbIPNyMa0Jq5CZ2KSAWzju7Pn+8dndyAhhTP
K5edUIY=
-----END CERTIFICATE-----