Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/6S8g1_5jqS_TU4H2Ino-MUn-R2A.roa
File:                     6S8g1_5jqS_TU4H2Ino-MUn-R2A.roa (raw, json)
Hash identifier:          9HBzOhJvgomkKH617igMzzGzUfqv/pRoFRu9EumAHu4=
Subject key identifier:   E9:2F:20:D7:FE:63:A9:2F:D3:53:81:F6:22:7A:3E:31:49:FE:47:60
Certificate issuer:       /CN=41d14f28f98d3bdcc45e19226f1f56170e312abf
Certificate serial:       018CC2DB07D3A4BCAF57000564C90512B155
Authority key identifier: 41:D1:4F:28:F9:8D:3B:DC:C4:5E:19:22:6F:1F:56:17:0E:31:2A:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QdFPKPmNO9zEXhkibx9WFw4xKr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/6S8g1_5jqS_TU4H2Ino-MUn-R2A.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200924
IP address blocks:        2001:67c:2a10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/QdFPKPmNO9zEXhkibx9WFw4xKr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/QdFPKPmNO9zEXhkibx9WFw4xKr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QdFPKPmNO9zEXhkibx9WFw4xKr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:07:d3:a4:bc:af:57:00:05:64:c9:05:12:b1:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41d14f28f98d3bdcc45e19226f1f56170e312abf
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e92f20d7fe63a92fd35381f6227a3e3149fe4760
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:3c:ea:a3:b9:55:65:58:f2:60:2d:27:a6:39:
                    a7:1d:0a:03:95:3c:85:d2:1e:1a:81:0c:9d:f2:75:
                    a5:62:33:11:60:22:52:6e:bb:0a:09:d2:92:8c:70:
                    e7:6b:06:5f:eb:e4:1b:01:47:fd:00:0b:34:60:49:
                    2c:48:c7:1c:44:87:5d:f3:ca:ef:f7:af:8a:2e:32:
                    46:32:78:59:09:22:b6:ef:05:8d:29:d0:87:b9:1b:
                    6b:5b:78:5c:75:88:63:29:46:cf:c2:59:af:ce:05:
                    71:0f:ea:5d:05:c0:42:ad:aa:e9:59:8d:7e:e5:4c:
                    e2:01:35:e8:fa:59:95:0d:73:66:16:06:7d:bc:b6:
                    10:ce:24:d2:b3:4d:fe:2d:1d:3f:f4:c3:7d:7e:da:
                    26:18:0d:73:f3:2d:ca:12:83:bb:fa:81:a3:d6:dd:
                    2e:27:4d:24:9b:bb:20:4b:73:83:f7:56:e0:64:3b:
                    ee:86:a2:13:d3:54:ee:94:04:c0:a0:43:16:b7:fb:
                    6f:2d:9a:28:0e:1d:e6:66:85:b6:6a:db:72:4d:8c:
                    a0:ca:8c:92:0a:87:b8:01:95:90:f5:a6:11:42:ae:
                    f3:ff:cf:8c:9e:6d:36:2e:e9:98:d3:32:b5:f9:76:
                    ae:e8:b7:64:fb:05:5d:d0:12:08:05:34:b2:16:f7:
                    1d:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:2F:20:D7:FE:63:A9:2F:D3:53:81:F6:22:7A:3E:31:49:FE:47:60
            X509v3 Authority Key Identifier:
                keyid:41:D1:4F:28:F9:8D:3B:DC:C4:5E:19:22:6F:1F:56:17:0E:31:2A:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QdFPKPmNO9zEXhkibx9WFw4xKr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/6S8g1_5jqS_TU4H2Ino-MUn-R2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/QdFPKPmNO9zEXhkibx9WFw4xKr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2a10::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:04:a3:df:b1:1a:9b:c3:59:7f:88:eb:8e:0a:49:73:1d:56:
         f9:62:8c:0f:47:36:7d:b3:0b:f2:60:04:18:11:7e:63:48:7c:
         83:d3:11:9f:45:96:4c:a2:a1:08:b3:dd:cc:82:ce:dc:ab:cc:
         46:ee:63:2f:e5:e2:7a:ea:cb:ca:6d:56:20:36:8d:e0:97:bf:
         e6:8d:a0:d3:8d:30:c0:fa:ab:f2:83:7b:67:2c:ea:3b:dd:bb:
         a6:b1:04:c1:7c:f6:d3:bc:3e:e5:28:1a:41:5e:59:4f:4d:36:
         10:fc:5e:1a:e1:6a:64:37:31:73:19:63:15:94:88:88:72:ff:
         be:ff:a8:93:68:b6:35:d6:56:24:39:14:30:3b:6d:d0:dc:4b:
         39:7f:d8:ae:60:81:38:7e:56:af:ac:f7:dc:b7:f3:24:a1:ca:
         6e:12:dc:46:10:5f:15:90:f6:ba:36:33:e5:a7:d0:73:2a:cb:
         50:6e:dc:a7:18:f2:c1:af:67:f6:c1:8f:de:ae:7d:96:ea:31:
         58:47:3b:88:4f:f7:86:d7:45:c5:5a:6f:63:e5:e0:b8:ce:f9:
         4c:a2:5c:99:1f:c9:ae:f2:8f:92:53:b4:a3:e4:b6:30:8e:95:
         14:3f:81:3a:9a:b1:4d:cd:e1:40:67:18:3e:b1:81:6b:25:fa:
         6c:02:e9:f6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wfTpLyvVwAFZMkFErFVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZDE0ZjI4Zjk4ZDNiZGNjNDVlMTkyMjZmMWY1NjE3MGUz
MTJhYmYwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTJmMjBkN2ZlNjNhOTJmZDM1MzgxZjYyMjdhM2UzMTQ5ZmU0NzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzzqo7lVZVjyYC0npjmnHQoDlTyF
0h4agQyd8nWlYjMRYCJSbrsKCdKSjHDnawZf6+QbAUf9AAs0YEksSMccRIdd88rv
96+KLjJGMnhZCSK27wWNKdCHuRtrW3hcdYhjKUbPwlmvzgVxD+pdBcBCrarpWY1+
5UziATXo+lmVDXNmFgZ9vLYQziTSs03+LR0/9MN9ftomGA1z8y3KEoO7+oGj1t0u
J00km7sgS3OD91bgZDvuhqIT01TulATAoEMWt/tvLZooDh3mZoW2attyTYygyoyS
Coe4AZWQ9aYRQq7z/8+Mnm02LumY0zK1+Xau6Ldk+wVd0BIIBTSyFvcdaQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOkvINf+Y6kv01OB9iJ6PjFJ/kdgMB8GA1UdIwQY
MBaAFEHRTyj5jTvcxF4ZIm8fVhcOMSq/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWRGUEtQbU5POXpFWGhraWJ4OVdGdzR4S3I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9hMDc0ZTItNjZlYS00M2NjLTk0YTct
YjM4MDQ1MzI2N2Y5LzEvNlM4ZzFfNWpxU19UVTRIMkluby1NVW4tUjJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9hMDc0ZTItNjZlYS00M2NjLTk0YTctYjM4MDQ1MzI2N2Y5
LzEvUWRGUEtQbU5POXpFWGhraWJ4OVdGdzR4S3I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA5BKPfsRqbw1l/iOuOCklzHVb5YowPRzZ9swvy
YAQYEX5jSHyD0xGfRZZMoqEIs93Mgs7cq8xG7mMv5eJ66svKbVYgNo3gl7/mjaDT
jTDA+qvyg3tnLOo73bumsQTBfPbTvD7lKBpBXllPTTYQ/F4a4WpkNzFzGWMVlIiI
cv++/6iTaLY11lYkORQwO23Q3Es5f9iuYIE4flavrPfct/MkocpuEtxGEF8VkPa6
NjPlp9BzKstQbtynGPLBr2f2wY/ern2W6jFYRzuIT/eG10XFWm9j5eC4zvlMolyZ
H8mu8o+SU7Sj5LYwjpUUP4E6mrFNzeFAZxg+sYFrJfpsAun2
-----END CERTIFICATE-----