Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/6RiT-IOUHLvlxX8lQIrtqygf9-o.roa
File:                     6RiT-IOUHLvlxX8lQIrtqygf9-o.roa (raw, json)
Hash identifier:          Rz+VWSaZIJhFkFkGkGbFJ8RGW9NJHR3VniybXQwJqdc=
Subject key identifier:   E9:18:93:F8:83:94:1C:BB:E5:C5:7F:25:40:8A:ED:AB:28:1F:F7:EA
Certificate issuer:       /CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
Certificate serial:       018CC6B7B02769F38999DD6F860DED0BEB0A
Authority key identifier: 38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/6RiT-IOUHLvlxX8lQIrtqygf9-o.roa
Signing time:             Mon 01 Jan 2024 20:29:36 +0000
ROA not before:           Mon 01 Jan 2024 20:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211071
IP address blocks:        2a0a:d6c0:202::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b0:27:69:f3:89:99:dd:6f:86:0d:ed:0b:eb:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
        Validity
            Not Before: Jan  1 20:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e91893f883941cbbe5c57f25408aedab281ff7ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c1:dd:d1:2a:25:30:b5:e3:39:66:5e:eb:d5:
                    e9:a0:59:4f:52:42:10:ac:07:8d:c9:b9:06:22:a1:
                    82:f4:da:14:57:c6:0d:b6:3f:5f:7c:f2:fd:36:4d:
                    c7:4a:10:3a:94:39:a4:59:42:ee:40:c6:35:9d:86:
                    d6:4f:5b:11:95:d0:b4:4c:07:55:be:8a:5b:cb:66:
                    cb:1d:da:9d:bc:b9:c1:0e:f4:0f:fe:0a:f8:61:ec:
                    3a:96:45:47:48:26:c2:37:d6:bf:f4:10:6d:3d:ee:
                    08:30:5d:c1:80:c7:04:7c:b5:2c:1d:c9:07:a7:37:
                    a6:33:24:35:b6:f4:20:99:a6:a4:49:1c:26:a5:b8:
                    f4:ad:07:2a:b0:49:61:74:17:94:a3:3f:7b:91:8e:
                    f5:38:7d:db:79:01:26:bb:75:e0:9a:d2:fd:0b:15:
                    0e:cc:da:ad:2e:43:6e:16:ca:e3:cd:2f:78:d4:f0:
                    0e:08:a9:02:37:fc:09:68:91:d9:4f:cf:4b:85:d8:
                    99:92:bf:13:a7:24:ef:4e:ad:34:23:dd:df:3a:1e:
                    6d:60:ef:f3:bf:69:ad:6c:59:80:59:b2:ab:91:c6:
                    14:9d:90:08:bc:04:77:09:e5:4e:12:d2:95:c8:a4:
                    45:13:dd:9a:75:8e:87:06:8b:63:93:f5:84:3a:55:
                    c1:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:18:93:F8:83:94:1C:BB:E5:C5:7F:25:40:8A:ED:AB:28:1F:F7:EA
            X509v3 Authority Key Identifier:
                keyid:38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/6RiT-IOUHLvlxX8lQIrtqygf9-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:d6c0:202::/48

    Signature Algorithm: sha256WithRSAEncryption
         c3:f0:e3:8d:c5:06:f1:b3:8b:51:44:9b:fd:5c:00:8e:04:05:
         a3:cc:3e:bc:dd:46:cf:3c:6a:49:30:ff:dc:be:65:c1:5e:ac:
         77:6a:ed:52:ac:fd:eb:6b:b0:75:14:43:4b:91:97:b3:bd:2f:
         f8:b0:7c:9a:fa:38:3a:d8:9d:4d:9a:17:6f:25:a4:63:c8:d7:
         ee:2a:35:24:87:3d:91:df:1f:43:92:82:2d:bf:dc:d8:89:a1:
         de:91:f7:ec:85:42:64:3b:04:47:2f:ad:e0:06:1d:a4:41:fc:
         01:08:45:70:74:7e:b3:be:b5:fd:ba:49:ee:f7:11:26:20:0f:
         c4:03:97:39:1d:6d:61:61:51:dc:87:8a:19:a4:50:61:30:cf:
         96:d8:e4:40:4a:a3:97:a0:7a:43:09:43:b9:14:44:c9:cb:53:
         75:97:db:37:67:54:0c:46:d1:2d:c6:dd:ee:45:65:42:cb:e5:
         3f:4d:68:1f:49:56:05:d0:b3:af:aa:4e:cb:7d:2d:50:15:b4:
         ad:64:f0:77:44:16:c7:43:ca:c8:e1:ec:1e:90:f3:ec:2f:46:
         52:56:69:04:bf:40:61:75:2f:55:ca:65:68:a7:28:21:fc:d4:
         ee:91:69:e3:a3:54:26:09:25:f6:11:58:2d:af:e3:88:ce:6c:
         d2:18:b4:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGt7AnafOJmd1vhg3tC+sKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4N2Q2ZGY3ZWI3NTQyZTAzMzNhZWVkZDE0YWRmZjhmNTFm
OGNiZDgwHhcNMjQwMTAxMjAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTE4OTNmODgzOTQxY2JiZTVjNTdmMjU0MDhhZWRhYjI4MWZmN2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMHd0SolMLXjOWZe69XpoFlPUkIQ
rAeNybkGIqGC9NoUV8YNtj9ffPL9Nk3HShA6lDmkWULuQMY1nYbWT1sRldC0TAdV
vopby2bLHdqdvLnBDvQP/gr4Yew6lkVHSCbCN9a/9BBtPe4IMF3BgMcEfLUsHckH
pzemMyQ1tvQgmaakSRwmpbj0rQcqsElhdBeUoz97kY71OH3beQEmu3XgmtL9CxUO
zNqtLkNuFsrjzS941PAOCKkCN/wJaJHZT89LhdiZkr8TpyTvTq00I93fOh5tYO/z
v2mtbFmAWbKrkcYUnZAIvAR3CeVOEtKVyKRFE92adY6HBotjk/WEOlXB7QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOkYk/iDlBy75cV/JUCK7asoH/fqMB8GA1UdIwQY
MBaAFDh9bffrdULgMzru3RSt/49R+MvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2Mt
NjA5YTQ4YjJiMTRkLzEvNlJpVC1JT1VITHZseFg4bFFJcnRxeWdmOS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2MtNjA5YTQ4YjJiMTRk
LzEvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgrWwAIC
MA0GCSqGSIb3DQEBCwUAA4IBAQDD8OONxQbxs4tRRJv9XACOBAWjzD683UbPPGpJ
MP/cvmXBXqx3au1SrP3ra7B1FENLkZezvS/4sHya+jg62J1NmhdvJaRjyNfuKjUk
hz2R3x9DkoItv9zYiaHekffshUJkOwRHL63gBh2kQfwBCEVwdH6zvrX9uknu9xEm
IA/EA5c5HW1hYVHch4oZpFBhMM+W2ORASqOXoHpDCUO5FETJy1N1l9s3Z1QMRtEt
xt3uRWVCy+U/TWgfSVYF0LOvqk7LfS1QFbStZPB3RBbHQ8rI4ewekPPsL0ZSVmkE
v0BhdS9VymVopygh/NTukWnjo1QmCSX2EVgtr+OIzmzSGLTb
-----END CERTIFICATE-----