Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/6c3948-ca2a-40d1-8e17-ef518b4b463f/1/sWE2it0t4jIBWxSGFRVJg3_X31E.roa
File:                     sWE2it0t4jIBWxSGFRVJg3_X31E.roa (raw, json)
Hash identifier:          tt8yoSEZSy5ZkvhApmA321XwZC1PJ+KY4HI2Noo5lqo=
Subject key identifier:   B1:61:36:8A:DD:2D:E2:32:01:5B:14:86:15:15:49:83:7F:D7:DF:51
Certificate issuer:       /CN=6f7fcea4f7fcd7bd81dd598153dd6ee5b12e47df
Certificate serial:       018CC49329C9082CD33A86173FE8F6DFA250
Authority key identifier: 6F:7F:CE:A4:F7:FC:D7:BD:81:DD:59:81:53:DD:6E:E5:B1:2E:47:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3_OpPf8172B3VmBU91u5bEuR98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/6c3948-ca2a-40d1-8e17-ef518b4b463f/1/sWE2it0t4jIBWxSGFRVJg3_X31E.roa
Signing time:             Mon 01 Jan 2024 10:30:28 +0000
ROA not before:           Mon 01 Jan 2024 10:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12843
IP address blocks:        2001:67c:1928::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/6c3948-ca2a-40d1-8e17-ef518b4b463f/1/b3_OpPf8172B3VmBU91u5bEuR98.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/6c3948-ca2a-40d1-8e17-ef518b4b463f/1/b3_OpPf8172B3VmBU91u5bEuR98.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3_OpPf8172B3VmBU91u5bEuR98.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:29:c9:08:2c:d3:3a:86:17:3f:e8:f6:df:a2:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f7fcea4f7fcd7bd81dd598153dd6ee5b12e47df
        Validity
            Not Before: Jan  1 10:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b161368add2de232015b1486151549837fd7df51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:35:5f:1c:36:3e:49:09:96:da:d4:ff:6a:bb:
                    71:f6:83:49:b9:b7:f1:a4:ee:60:c8:0a:fd:c9:6c:
                    56:ed:e2:0c:f0:fe:75:2d:42:42:18:fb:04:74:da:
                    1b:3b:d5:df:6f:c7:30:77:81:a9:82:9b:92:d1:20:
                    e2:56:f2:12:02:3a:d8:cd:09:e2:0a:30:2c:4a:e4:
                    6d:69:25:3d:2a:a9:0d:ca:dd:6f:d9:db:ae:07:68:
                    09:e5:d2:a2:9f:d4:cf:18:c6:08:53:b8:26:ab:61:
                    b5:58:78:66:41:e9:a4:b7:32:13:15:ae:20:df:cf:
                    1d:b7:a7:0c:c0:5f:b1:f5:16:d7:1f:0b:47:80:0b:
                    39:e5:ad:36:1e:61:65:19:cf:9b:0a:e7:33:4f:fa:
                    30:bc:77:2b:b5:15:b6:2d:39:97:9b:80:f1:2f:db:
                    2c:b1:2a:e4:a6:33:7a:ac:8c:89:e1:e1:b9:8a:6a:
                    48:e6:5b:0c:4d:41:0e:43:64:13:9a:dc:88:25:22:
                    3c:d7:f3:cb:da:77:0d:4d:f0:83:a8:5a:6a:e8:ca:
                    76:81:5e:26:bd:32:9b:84:c5:00:f9:89:a6:e8:1f:
                    ef:5e:42:9f:3e:85:c7:e9:13:a1:f4:21:82:6f:f4:
                    72:30:2b:e1:30:41:e8:43:55:15:97:50:34:50:eb:
                    69:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:61:36:8A:DD:2D:E2:32:01:5B:14:86:15:15:49:83:7F:D7:DF:51
            X509v3 Authority Key Identifier:
                keyid:6F:7F:CE:A4:F7:FC:D7:BD:81:DD:59:81:53:DD:6E:E5:B1:2E:47:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3_OpPf8172B3VmBU91u5bEuR98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/6c3948-ca2a-40d1-8e17-ef518b4b463f/1/sWE2it0t4jIBWxSGFRVJg3_X31E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/6c3948-ca2a-40d1-8e17-ef518b4b463f/1/b3_OpPf8172B3VmBU91u5bEuR98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1928::/48

    Signature Algorithm: sha256WithRSAEncryption
         e1:fd:bc:51:c9:96:3a:47:18:94:e4:74:32:77:41:0f:91:a7:
         c4:99:54:64:b1:4e:1f:33:6a:b5:0e:70:86:a3:82:07:db:87:
         64:16:3a:48:06:95:b6:3b:db:61:96:1b:72:ef:52:e5:cb:d9:
         ae:dc:83:ed:a8:0f:0b:d2:97:d4:77:4e:19:f8:09:c5:b6:52:
         18:7f:72:7f:99:6c:01:c6:66:9c:9c:44:1c:91:6f:7e:d6:f5:
         fb:c1:61:ed:cc:44:82:5c:52:02:97:0b:b4:00:a0:84:78:bf:
         a0:ec:12:0a:ee:45:c2:e6:d0:cb:21:bb:74:d9:c3:37:23:da:
         08:75:ec:ee:62:a5:9e:90:7e:66:8d:eb:3f:0e:42:d9:9c:63:
         a1:98:8a:df:7a:72:a7:8b:06:dd:f6:2b:e3:14:27:a9:c9:16:
         42:8e:d9:07:c1:ec:82:42:72:26:26:f8:4b:9f:c1:6f:7a:29:
         d2:33:a6:ca:f8:d5:47:ca:e9:66:d9:19:00:1b:e7:b7:28:f8:
         f0:15:d5:bd:90:e8:4b:90:5c:3c:fe:c9:10:9b:05:56:b6:e5:
         f3:b2:d6:d3:61:17:98:6c:d3:73:99:2f:1e:7c:59:e1:ef:b5:
         49:f0:d2:9e:85:cb:81:16:0d:6e:de:46:1f:8b:8d:57:8b:33:
         31:57:f8:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkynJCCzTOoYXP+j236JQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmN2ZjZWE0ZjdmY2Q3YmQ4MWRkNTk4MTUzZGQ2ZWU1YjEy
ZTQ3ZGYwHhcNMjQwMTAxMTAzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTYxMzY4YWRkMmRlMjMyMDE1YjE0ODYxNTE1NDk4MzdmZDdkZjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDVfHDY+SQmW2tT/artx9oNJubfx
pO5gyAr9yWxW7eIM8P51LUJCGPsEdNobO9Xfb8cwd4GpgpuS0SDiVvISAjrYzQni
CjAsSuRtaSU9KqkNyt1v2duuB2gJ5dKin9TPGMYIU7gmq2G1WHhmQemktzITFa4g
388dt6cMwF+x9RbXHwtHgAs55a02HmFlGc+bCuczT/owvHcrtRW2LTmXm4DxL9ss
sSrkpjN6rIyJ4eG5impI5lsMTUEOQ2QTmtyIJSI81/PL2ncNTfCDqFpq6Mp2gV4m
vTKbhMUA+Ymm6B/vXkKfPoXH6ROh9CGCb/RyMCvhMEHoQ1UVl1A0UOtp2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLFhNordLeIyAVsUhhUVSYN/199RMB8GA1UdIwQY
MBaAFG9/zqT3/Ne9gd1ZgVPdbuWxLkffMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNfT3BQZjgxNzJCM1ZtQlU5MXU1YkV1Ujk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy82YzM5NDgtY2EyYS00MGQxLThlMTct
ZWY1MThiNGI0NjNmLzEvc1dFMml0MHQ0aklCV3hTR0ZSVkpnM19YMzFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy82YzM5NDgtY2EyYS00MGQxLThlMTctZWY1MThiNGI0NjNm
LzEvYjNfT3BQZjgxNzJCM1ZtQlU5MXU1YkV1Ujk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBko
MA0GCSqGSIb3DQEBCwUAA4IBAQDh/bxRyZY6RxiU5HQyd0EPkafEmVRksU4fM2q1
DnCGo4IH24dkFjpIBpW2O9thlhty71Lly9mu3IPtqA8L0pfUd04Z+AnFtlIYf3J/
mWwBxmacnEQckW9+1vX7wWHtzESCXFIClwu0AKCEeL+g7BIK7kXC5tDLIbt02cM3
I9oIdezuYqWekH5mjes/DkLZnGOhmIrfenKniwbd9ivjFCepyRZCjtkHweyCQnIm
JvhLn8FveinSM6bK+NVHyulm2RkAG+e3KPjwFdW9kOhLkFw8/skQmwVWtuXzstbT
YReYbNNzmS8efFnh77VJ8NKehcuBFg1u3kYfi41XizMxV/gs
-----END CERTIFICATE-----