Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/6eb54e-e709-4b7a-ade9-a9aeb485d592/1/aWkpn__qwgt76ysgyf9e9i-TgiY.roa
File:                     aWkpn__qwgt76ysgyf9e9i-TgiY.roa (raw, json)
Hash identifier:          sdUduSGHIMoNfKCdNQmiWzAcgeDpJ8w0y/tgDZGVrgQ=
Subject key identifier:   69:69:29:9F:FF:EA:C2:0B:7B:EB:2B:20:C9:FF:5E:F6:2F:93:82:26
Certificate issuer:       /CN=230aa160a6e886c103dadbe44b23c27776057391
Certificate serial:       018CC3B6F6862BA89466E9AB604345E86ED8
Authority key identifier: 23:0A:A1:60:A6:E8:86:C1:03:DA:DB:E4:4B:23:C2:77:76:05:73:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IwqhYKbohsED2tvkSyPCd3YFc5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/6eb54e-e709-4b7a-ade9-a9aeb485d592/1/aWkpn__qwgt76ysgyf9e9i-TgiY.roa
Signing time:             Mon 01 Jan 2024 06:29:56 +0000
ROA not before:           Mon 01 Jan 2024 06:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56662
IP address blocks:        2001:67c:21ec::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/6eb54e-e709-4b7a-ade9-a9aeb485d592/1/IwqhYKbohsED2tvkSyPCd3YFc5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/6eb54e-e709-4b7a-ade9-a9aeb485d592/1/IwqhYKbohsED2tvkSyPCd3YFc5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IwqhYKbohsED2tvkSyPCd3YFc5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f6:86:2b:a8:94:66:e9:ab:60:43:45:e8:6e:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=230aa160a6e886c103dadbe44b23c27776057391
        Validity
            Not Before: Jan  1 06:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6969299fffeac20b7beb2b20c9ff5ef62f938226
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:4f:69:d3:e4:48:0b:41:ab:b5:a8:a0:98:9b:
                    7b:a2:14:dc:4d:e5:3c:ca:2c:1a:db:da:18:17:8e:
                    94:5c:6e:39:89:fe:c6:c2:a3:26:03:28:c8:96:b4:
                    c4:f3:93:e0:0f:ed:3f:48:2c:f8:b9:16:65:32:d0:
                    a3:f0:07:6a:61:a0:16:d3:a4:0c:57:b1:57:e4:80:
                    05:92:a0:a9:2b:ee:7b:03:18:7e:b8:92:86:4a:43:
                    9a:c7:43:43:bf:43:80:5b:ac:38:c1:47:0a:4d:e0:
                    16:8b:5b:87:63:40:cd:f5:1a:a9:52:cf:2c:34:c2:
                    a1:e9:75:2f:1c:08:e2:58:0f:3f:9f:14:c1:09:8e:
                    3c:a1:38:76:a5:e0:98:5a:01:4c:c5:97:0e:6d:7c:
                    87:c4:97:c5:8d:24:2d:09:b4:b8:40:0d:f7:09:8c:
                    f2:88:5d:aa:ab:5e:f4:b4:81:b1:98:f9:e5:3b:42:
                    07:b0:af:7c:fb:37:03:1c:0a:34:e3:15:32:92:ba:
                    67:09:90:6c:7a:44:97:d3:9c:04:c5:b2:18:9d:8e:
                    65:5b:6c:c7:7c:5e:1a:85:e3:e3:65:e1:4a:1e:a4:
                    6f:be:95:e6:09:87:47:cb:ff:40:22:6b:1c:bc:c5:
                    1b:6a:24:f3:43:87:93:cb:e0:3d:27:70:b3:aa:1a:
                    e8:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:69:29:9F:FF:EA:C2:0B:7B:EB:2B:20:C9:FF:5E:F6:2F:93:82:26
            X509v3 Authority Key Identifier:
                keyid:23:0A:A1:60:A6:E8:86:C1:03:DA:DB:E4:4B:23:C2:77:76:05:73:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IwqhYKbohsED2tvkSyPCd3YFc5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/6eb54e-e709-4b7a-ade9-a9aeb485d592/1/aWkpn__qwgt76ysgyf9e9i-TgiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/6eb54e-e709-4b7a-ade9-a9aeb485d592/1/IwqhYKbohsED2tvkSyPCd3YFc5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:21ec::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:b2:8b:d0:ad:e3:4b:89:5a:1e:30:0b:4e:99:92:41:10:ce:
         aa:92:79:cf:08:b5:70:2d:2c:4b:09:78:b4:2f:42:a1:a0:21:
         98:75:38:95:93:3c:a1:ab:6c:12:ae:ba:35:ef:f2:5b:75:db:
         03:87:0a:0c:b2:7c:f1:1a:1c:32:34:ec:e9:9e:8a:97:dd:ff:
         e1:7d:f6:c2:22:87:6d:35:ee:59:9a:a8:65:bb:c3:8c:ae:e4:
         af:2f:30:cf:f9:b1:7a:22:b2:f1:a6:7e:b4:e1:db:bd:96:af:
         bc:c5:fe:8a:f1:77:75:47:37:16:a3:03:9b:92:11:ce:ca:81:
         8b:e7:04:f8:64:ad:66:e5:d3:f6:50:49:13:33:5e:cb:c1:0d:
         1b:54:6b:53:e8:f3:64:95:df:b0:46:a0:5e:05:ec:3e:a2:db:
         c1:89:b6:de:3a:28:64:55:4d:00:ca:4e:ca:f9:7d:09:e7:88:
         f4:62:99:8d:d6:4d:4c:44:31:21:01:e5:7c:7b:37:d6:65:8e:
         aa:3b:2f:10:51:8b:1d:3b:66:7e:59:6b:89:f9:8b:f1:22:92:
         26:d5:54:21:3d:00:49:b2:a5:af:ef:2d:86:00:03:42:95:d4:
         1a:a7:9f:40:d2:e3:a8:f4:81:42:60:83:11:66:b3:51:99:ca:
         27:72:a9:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtvaGK6iUZumrYENF6G7YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMGFhMTYwYTZlODg2YzEwM2RhZGJlNDRiMjNjMjc3NzYw
NTczOTEwHhcNMjQwMTAxMDYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTY5Mjk5ZmZmZWFjMjBiN2JlYjJiMjBjOWZmNWVmNjJmOTM4MjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAik9p0+RIC0GrtaigmJt7ohTcTeU8
yiwa29oYF46UXG45if7GwqMmAyjIlrTE85PgD+0/SCz4uRZlMtCj8AdqYaAW06QM
V7FX5IAFkqCpK+57Axh+uJKGSkOax0NDv0OAW6w4wUcKTeAWi1uHY0DN9RqpUs8s
NMKh6XUvHAjiWA8/nxTBCY48oTh2peCYWgFMxZcObXyHxJfFjSQtCbS4QA33CYzy
iF2qq170tIGxmPnlO0IHsK98+zcDHAo04xUykrpnCZBsekSX05wExbIYnY5lW2zH
fF4ahePjZeFKHqRvvpXmCYdHy/9AImscvMUbaiTzQ4eTy+A9J3CzqhrouQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGlpKZ//6sILe+srIMn/XvYvk4ImMB8GA1UdIwQY
MBaAFCMKoWCm6IbBA9rb5Esjwnd2BXORMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXdxaFlLYm9oc0VEMnR2a1N5UENkM1lGYzVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS82ZWI1NGUtZTcwOS00YjdhLWFkZTkt
YTlhZWI0ODVkNTkyLzEvYVdrcG5fX3F3Z3Q3NnlzZ3lmOWU5aS1UZ2lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS82ZWI1NGUtZTcwOS00YjdhLWFkZTktYTlhZWI0ODVkNTky
LzEvSXdxaFlLYm9oc0VEMnR2a1N5UENkM1lGYzVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCHs
MA0GCSqGSIb3DQEBCwUAA4IBAQBssovQreNLiVoeMAtOmZJBEM6qknnPCLVwLSxL
CXi0L0KhoCGYdTiVkzyhq2wSrro17/JbddsDhwoMsnzxGhwyNOzpnoqX3f/hffbC
IodtNe5Zmqhlu8OMruSvLzDP+bF6IrLxpn604du9lq+8xf6K8Xd1RzcWowObkhHO
yoGL5wT4ZK1m5dP2UEkTM17LwQ0bVGtT6PNkld+wRqBeBew+otvBibbeOihkVU0A
yk7K+X0J54j0YpmN1k1MRDEhAeV8ezfWZY6qOy8QUYsdO2Z+WWuJ+YvxIpIm1VQh
PQBJsqWv7y2GAANCldQap59A0uOo9IFCYIMRZrNRmconcqnJ
-----END CERTIFICATE-----