Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/6IwVmiUIKc9FyfeQOT8zI1eOfvY.roa
File:                     6IwVmiUIKc9FyfeQOT8zI1eOfvY.roa (raw, json)
Hash identifier:          JO9H/C6crZVbUNqb0ngHxrq8COT1EpmReN85PpTohNM=
Subject key identifier:   E8:8C:15:9A:25:08:29:CF:45:C9:F7:90:39:3F:33:23:57:8E:7E:F6
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018FE5A4B4E08BDFD64B039CF265424936FE
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/6IwVmiUIKc9FyfeQOT8zI1eOfvY.roa
Signing time:             Tue 04 Jun 2024 23:45:27 +0000
ROA not before:           Tue 04 Jun 2024 23:45:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215258
IP address blocks:        2a0c:9a40:8540::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e5:a4:b4:e0:8b:df:d6:4b:03:9c:f2:65:42:49:36:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jun  4 23:45:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e88c159a250829cf45c9f790393f3323578e7ef6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:1a:c0:23:cb:f6:7c:df:0d:20:5b:d1:9e:7a:
                    51:80:60:d9:0d:46:c5:dd:70:67:be:fa:1d:f7:4f:
                    d9:52:2a:6e:d9:34:fd:da:42:6c:06:fa:c0:77:80:
                    f3:5e:66:22:03:a3:80:aa:dd:f5:7c:ab:ab:a8:c0:
                    2b:68:39:dc:f7:4a:cc:2c:7b:05:60:a1:c0:94:10:
                    83:66:c7:6f:ed:45:87:de:86:f3:ec:3b:2d:eb:f5:
                    48:32:4d:f6:4a:a5:b9:9a:07:b2:1a:52:f8:ee:14:
                    0b:ad:bf:81:0d:65:17:23:a2:41:56:ca:4f:0d:40:
                    73:18:ac:3a:cc:3f:fd:77:54:be:dc:a6:fa:17:fd:
                    28:9b:a4:5f:11:af:7b:28:ab:00:6b:75:09:1a:b4:
                    91:3e:7e:a7:95:78:f8:91:4e:c3:98:1e:3f:54:2d:
                    3d:ab:46:94:5c:3b:e6:b1:28:6c:97:2a:56:f5:ee:
                    2d:a5:14:de:da:70:cc:5a:a9:6f:21:ce:67:ca:b3:
                    e1:14:0d:de:b1:59:90:fa:0d:c7:82:80:bb:2f:20:
                    93:cf:36:29:d1:35:80:cf:e8:33:b6:2a:27:6c:6f:
                    79:53:d0:d1:5d:b3:38:9c:5e:f6:0e:a2:70:d1:df:
                    60:23:42:0b:72:b0:2d:3f:be:70:fd:3e:94:57:4f:
                    e4:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:8C:15:9A:25:08:29:CF:45:C9:F7:90:39:3F:33:23:57:8E:7E:F6
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/6IwVmiUIKc9FyfeQOT8zI1eOfvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8540::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:e9:f1:ed:da:e9:ea:02:56:4b:ac:7e:9c:37:4d:f6:37:18:
         1f:17:b1:92:76:ca:50:fb:de:05:4f:3f:87:13:6a:2b:22:78:
         74:13:2d:83:eb:c1:99:7e:50:46:2e:e7:6e:37:64:71:a4:92:
         de:58:f4:32:09:82:2a:2e:3d:e7:d0:dd:93:aa:7e:df:65:71:
         4d:f5:b2:a4:8b:7b:b9:bf:cd:34:53:c3:a3:ba:c6:94:ab:96:
         ca:12:c8:e2:9e:3b:a8:8a:8e:ee:7d:0d:a2:f7:5d:05:57:46:
         19:48:bf:e8:a6:00:b6:97:7c:27:85:fa:3e:9e:c0:99:97:c3:
         95:99:68:80:b0:59:ed:62:45:39:4a:75:11:da:f4:1e:4c:a6:
         77:dc:e5:9f:0d:3f:0d:86:4e:44:08:9c:95:a6:5e:d9:d6:e5:
         4d:de:9d:2f:da:9f:fb:e1:e8:b9:32:f2:dc:71:32:8b:d9:ae:
         8c:22:d8:9f:a7:1c:ca:30:58:7f:04:db:f1:62:01:b8:56:66:
         ef:8d:56:34:f6:6c:ad:c8:f1:52:e3:a2:a6:ea:3f:fe:81:6c:
         3d:82:e3:1d:43:2f:8f:69:82:26:09:61:b0:26:88:e1:4b:60:
         27:a1:8d:a4:43:16:4e:a6:d8:1e:4d:2e:97:7c:dd:ea:bb:62:
         62:67:2f:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY/lpLTgi9/WSwOc8mVCSTb+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwNjA0MjM0NTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODhjMTU5YTI1MDgyOWNmNDVjOWY3OTAzOTNmMzMyMzU3OGU3ZWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5hrAI8v2fN8NIFvRnnpRgGDZDUbF
3XBnvvod90/ZUipu2TT92kJsBvrAd4DzXmYiA6OAqt31fKurqMAraDnc90rMLHsF
YKHAlBCDZsdv7UWH3obz7Dst6/VIMk32SqW5mgeyGlL47hQLrb+BDWUXI6JBVspP
DUBzGKw6zD/9d1S+3Kb6F/0om6RfEa97KKsAa3UJGrSRPn6nlXj4kU7DmB4/VC09
q0aUXDvmsShslypW9e4tpRTe2nDMWqlvIc5nyrPhFA3esVmQ+g3HgoC7LyCTzzYp
0TWAz+gztionbG95U9DRXbM4nF72DqJw0d9gI0ILcrAtP75w/T6UV0/k3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOiMFZolCCnPRcn3kDk/MyNXjn72MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvNkl3Vm1pVUlLYzlGeWZlUU9UOHpJMWVPZnZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIVA
MA0GCSqGSIb3DQEBCwUAA4IBAQBc6fHt2unqAlZLrH6cN032NxgfF7GSdspQ+94F
Tz+HE2orInh0Ey2D68GZflBGLuduN2RxpJLeWPQyCYIqLj3n0N2Tqn7fZXFN9bKk
i3u5v800U8OjusaUq5bKEsjinjuoio7ufQ2i910FV0YZSL/opgC2l3wnhfo+nsCZ
l8OVmWiAsFntYkU5SnUR2vQeTKZ33OWfDT8Nhk5ECJyVpl7Z1uVN3p0v2p/74ei5
MvLccTKL2a6MItifpxzKMFh/BNvxYgG4VmbvjVY09mytyPFS46Km6j/+gWw9guMd
Qy+PaYImCWGwJojhS2AnoY2kQxZOptgeTS6XfN3qu2JiZy+y
-----END CERTIFICATE-----