Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/FwyWghr97Lvn6_MY1vrRdWu2_ck.roa
File:                     FwyWghr97Lvn6_MY1vrRdWu2_ck.roa (raw, json)
Hash identifier:          s2fbAy7das/RpxgA2R+3Ozk/7X0UIcts823tbUgl/3c=
Subject key identifier:   17:0C:96:82:1A:FD:EC:BB:E7:EB:F3:18:D6:FA:D1:75:6B:B6:FD:C9
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC34899FFBB8D9ECCB70037088BE36922
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/FwyWghr97Lvn6_MY1vrRdWu2_ck.roa
Signing time:             Mon 01 Jan 2024 04:29:24 +0000
ROA not before:           Mon 01 Jan 2024 04:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213115
IP address blocks:        2a0d:2586::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:99:ff:bb:8d:9e:cc:b7:00:37:08:8b:e3:69:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=170c96821afdecbbe7ebf318d6fad1756bb6fdc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7f:fc:f1:4e:c6:ba:89:29:38:0a:db:d5:05:
                    0d:3e:05:82:fd:aa:de:83:2e:48:a3:29:4f:cb:6d:
                    78:89:35:a6:51:66:18:10:3b:a7:dc:88:3e:93:62:
                    f1:2a:e0:8f:c8:47:aa:c6:a9:9f:9f:55:c6:14:d7:
                    41:0a:44:ad:d9:74:dd:ed:fc:3d:43:5f:db:d5:fc:
                    da:d5:c6:65:db:22:1b:00:e2:c4:db:37:83:a7:0f:
                    af:5a:1a:10:bf:95:59:17:96:4a:fc:a1:d2:87:e6:
                    28:aa:52:c4:f0:7e:47:74:5a:c6:2d:da:8c:2b:53:
                    ac:a7:64:86:df:53:a4:47:57:24:95:25:4f:95:ac:
                    2e:d5:35:15:5d:86:bf:af:2e:b7:4e:2e:a2:28:c0:
                    98:64:95:f2:f5:55:a8:7f:83:9e:9b:b7:91:e2:cb:
                    07:d9:0a:d6:09:74:7f:44:ad:70:7b:e9:5c:7b:bf:
                    57:49:c0:99:53:8b:d7:ba:12:aa:23:9f:e8:0b:87:
                    04:e8:0e:d6:c8:36:f1:8b:40:d6:3b:49:d7:16:0e:
                    ae:63:7e:f3:2a:15:5f:7a:0c:fc:b3:2c:09:34:78:
                    ed:6c:83:a7:07:fb:9b:75:94:f9:63:cd:37:8e:e4:
                    ef:07:3b:c2:bc:7d:63:72:a5:51:15:d2:3b:f4:fc:
                    2a:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:0C:96:82:1A:FD:EC:BB:E7:EB:F3:18:D6:FA:D1:75:6B:B6:FD:C9
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/FwyWghr97Lvn6_MY1vrRdWu2_ck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2586::/32

    Signature Algorithm: sha256WithRSAEncryption
         b4:ff:e2:7b:d9:42:bd:12:f6:21:63:5e:09:6f:97:df:fe:28:
         64:f2:86:eb:4f:35:3d:05:98:49:f5:78:0c:37:06:1b:d1:b2:
         5e:ef:33:c5:f8:63:95:47:2e:8f:ba:4a:d6:e2:d0:3d:70:e0:
         f5:0e:75:ac:bf:dd:55:ce:ed:78:16:83:5b:f9:0b:a6:4c:ee:
         ef:d9:71:bc:15:71:a3:a2:90:a8:0a:78:ca:51:90:4d:03:3e:
         ea:fe:77:a1:18:79:fb:e7:13:29:da:92:90:d8:1a:9b:d5:31:
         d7:6b:f8:1a:52:bd:8d:12:db:28:f6:d4:c2:c9:c5:d7:ae:7d:
         fe:db:08:ec:68:66:56:cf:ef:ec:ab:17:60:c2:e5:b9:47:ff:
         54:02:90:89:f2:a6:38:64:07:38:da:1e:88:99:b4:0a:16:2d:
         36:4e:28:76:6d:d8:02:15:cc:c8:86:bf:7c:a5:b9:c8:b6:ab:
         71:b3:4d:6e:aa:07:82:57:ea:dd:8e:8c:44:6b:64:20:10:16:
         a4:4f:f5:c0:b3:13:34:8a:41:cf:fa:b2:5a:e3:ef:b0:31:f7:
         24:2a:81:2b:35:bc:3a:60:bc:94:b2:00:73:e0:07:8d:26:bc:
         45:db:cf:34:ee:1e:bb:f0:3c:37:c0:bf:23:a4:2d:74:ba:7c:
         90:ea:d4:35
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSJn/u42ezLcANwiL42kiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzBjOTY4MjFhZmRlY2JiZTdlYmYzMThkNmZhZDE3NTZiYjZmZGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmH/88U7GuokpOArb1QUNPgWC/are
gy5IoylPy214iTWmUWYYEDun3Ig+k2LxKuCPyEeqxqmfn1XGFNdBCkSt2XTd7fw9
Q1/b1fza1cZl2yIbAOLE2zeDpw+vWhoQv5VZF5ZK/KHSh+YoqlLE8H5HdFrGLdqM
K1Osp2SG31OkR1cklSVPlawu1TUVXYa/ry63Ti6iKMCYZJXy9VWof4Oem7eR4ssH
2QrWCXR/RK1we+lce79XScCZU4vXuhKqI5/oC4cE6A7WyDbxi0DWO0nXFg6uY37z
KhVfegz8sywJNHjtbIOnB/ubdZT5Y803juTvBzvCvH1jcqVRFdI79PwqJwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBcMloIa/ey75+vzGNb60XVrtv3JMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvRnd5V2docjk3THZuNl9NWTF2clJkV3UyX2NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg0lhjAN
BgkqhkiG9w0BAQsFAAOCAQEAtP/ie9lCvRL2IWNeCW+X3/4oZPKG6081PQWYSfV4
DDcGG9GyXu8zxfhjlUcuj7pK1uLQPXDg9Q51rL/dVc7teBaDW/kLpkzu79lxvBVx
o6KQqAp4ylGQTQM+6v53oRh5++cTKdqSkNgam9Ux12v4GlK9jRLbKPbUwsnF1659
/tsI7GhmVs/v7KsXYMLluUf/VAKQifKmOGQHONoeiJm0ChYtNk4odm3YAhXMyIa/
fKW5yLarcbNNbqoHglfq3Y6MRGtkIBAWpE/1wLMTNIpBz/qyWuPvsDH3JCqBKzW8
OmC8lLIAc+AHjSa8RdvPNO4eu/A8N8C/I6QtdLp8kOrUNQ==
-----END CERTIFICATE-----