Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/BsNP5AoRlx7Bv3AW1vlDzr11ifM.roa
File:                     BsNP5AoRlx7Bv3AW1vlDzr11ifM.roa (raw, json)
Hash identifier:          CYKpco/zf73UvXaiyJxqyd9zLLKEdspRj6ChCXoupKg=
Subject key identifier:   06:C3:4F:E4:0A:11:97:1E:C1:BF:70:16:D6:F9:43:CE:BD:75:89:F3
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC34896DE63C9694C0CD7F149CDF66D79
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/BsNP5AoRlx7Bv3AW1vlDzr11ifM.roa
Signing time:             Mon 01 Jan 2024 04:29:23 +0000
ROA not before:           Mon 01 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209650
IP address blocks:        2a0d:2687::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:96:de:63:c9:69:4c:0c:d7:f1:49:cd:f6:6d:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06c34fe40a11971ec1bf7016d6f943cebd7589f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7e:67:0a:48:8d:4c:2f:c3:56:06:ea:ae:9f:
                    b7:8b:43:13:a3:8e:a7:7b:1a:04:57:4a:f1:b7:c9:
                    14:eb:d9:04:07:97:c2:e6:50:91:cf:ef:59:e3:dc:
                    9c:3a:24:fc:07:8c:72:e2:2b:29:1c:84:90:f2:d0:
                    29:f8:2c:a7:cd:81:8d:88:a8:92:ec:b4:1a:23:c3:
                    12:52:50:e7:df:d2:a9:fd:40:b5:16:65:8a:3e:30:
                    e1:e7:93:3e:05:c1:0f:71:f8:bc:ac:c1:ff:e5:e7:
                    e4:26:f2:eb:d7:ed:f7:7b:ea:01:c8:2f:9d:9e:39:
                    cb:e7:5c:56:14:f8:f0:b0:e6:85:17:b8:e5:d6:ee:
                    43:a2:e6:49:70:06:04:70:16:e4:3a:c7:28:21:d5:
                    7e:30:e2:bf:a6:9a:b3:eb:8e:a5:68:5f:b7:9e:88:
                    03:03:32:80:5c:a3:76:ad:d4:bd:c2:9a:d0:75:90:
                    31:01:7d:65:c6:b1:78:ba:12:94:84:46:b8:76:64:
                    52:4f:c8:e0:64:49:8e:52:21:96:4b:b6:19:9a:19:
                    5f:3a:56:25:77:ae:98:d7:b4:58:51:66:9e:d7:59:
                    70:1a:73:4b:64:08:94:a0:12:fb:93:65:c9:d3:49:
                    bb:37:40:98:62:92:32:bc:77:cd:a4:91:9d:24:2a:
                    c9:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:C3:4F:E4:0A:11:97:1E:C1:BF:70:16:D6:F9:43:CE:BD:75:89:F3
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/BsNP5AoRlx7Bv3AW1vlDzr11ifM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2687::/32

    Signature Algorithm: sha256WithRSAEncryption
         ab:33:ab:21:0b:2f:49:db:26:f6:64:3f:cf:4d:bb:2b:aa:4e:
         29:97:45:a0:cc:33:96:e3:88:22:9a:9b:ea:fc:50:f8:af:ca:
         d7:6e:c3:74:c5:65:92:67:d9:dc:03:4f:c7:0c:8f:da:d1:37:
         13:ca:e5:87:9e:13:16:63:23:ff:31:fc:6a:ea:83:34:3e:18:
         89:ad:c7:b5:09:7b:f0:60:23:8a:c1:fd:2d:24:86:9e:4b:0c:
         a8:da:64:7e:c2:83:3b:d4:ca:f7:72:7a:54:97:c2:a3:cc:b0:
         73:45:28:4a:3a:78:c3:16:02:d0:46:9d:4b:9f:8d:df:12:9b:
         0e:0b:6c:f1:84:e3:0c:e9:bd:60:32:11:d3:12:81:fc:6c:44:
         ad:da:8b:31:9a:bc:6c:ed:b1:aa:ba:39:58:ff:30:d9:d3:6b:
         dd:f6:04:ea:3f:7f:80:93:eb:fa:46:6c:23:91:08:60:b7:18:
         5d:85:a9:18:36:89:3c:d1:80:5b:2e:cd:28:b8:e0:4b:82:db:
         4a:17:59:c8:ec:39:81:f0:2e:90:93:b1:f3:a6:de:fe:0a:21:
         70:c5:22:6f:79:5b:c4:1a:39:5b:c0:f2:a8:56:cd:21:94:ef:
         51:97:0f:3a:ab:d5:4e:c0:de:ee:40:10:6b:3f:36:44:31:f1:
         9d:45:25:41
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSJbeY8lpTAzX8UnN9m15MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmMzNGZlNDBhMTE5NzFlYzFiZjcwMTZkNmY5NDNjZWJkNzU4OWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsX5nCkiNTC/DVgbqrp+3i0MTo46n
exoEV0rxt8kU69kEB5fC5lCRz+9Z49ycOiT8B4xy4ispHISQ8tAp+CynzYGNiKiS
7LQaI8MSUlDn39Kp/UC1FmWKPjDh55M+BcEPcfi8rMH/5efkJvLr1+33e+oByC+d
njnL51xWFPjwsOaFF7jl1u5DouZJcAYEcBbkOscoIdV+MOK/ppqz646laF+3nogD
AzKAXKN2rdS9wprQdZAxAX1lxrF4uhKUhEa4dmRST8jgZEmOUiGWS7YZmhlfOlYl
d66Y17RYUWae11lwGnNLZAiUoBL7k2XJ00m7N0CYYpIyvHfNpJGdJCrJQQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAbDT+QKEZcewb9wFtb5Q869dYnzMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvQnNOUDVBb1JseDdCdjNBVzF2bER6cjExaWZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg0mhzAN
BgkqhkiG9w0BAQsFAAOCAQEAqzOrIQsvSdsm9mQ/z027K6pOKZdFoMwzluOIIpqb
6vxQ+K/K127DdMVlkmfZ3ANPxwyP2tE3E8rlh54TFmMj/zH8auqDND4Yia3HtQl7
8GAjisH9LSSGnksMqNpkfsKDO9TK93J6VJfCo8ywc0UoSjp4wxYC0EadS5+N3xKb
Dgts8YTjDOm9YDIR0xKB/GxErdqLMZq8bO2xqro5WP8w2dNr3fYE6j9/gJPr+kZs
I5EIYLcYXYWpGDaJPNGAWy7NKLjgS4LbShdZyOw5gfAukJOx86be/gohcMUib3lb
xBo5W8DyqFbNIZTvUZcPOqvVTsDe7kAQaz82RDHxnUUlQQ==
-----END CERTIFICATE-----