Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/3b51c9-b37b-4767-88d9-5df6a463035b/1/VgCxYFTQzZoHtXs5YDEEf6EwP90.roa
File:                     VgCxYFTQzZoHtXs5YDEEf6EwP90.roa (raw, json)
Hash identifier:          oFI0gJIjCRiqAB7M+5AEXlkXRwG9b7aCYZ/4xqTbhfk=
Subject key identifier:   56:00:B1:60:54:D0:CD:9A:07:B5:7B:39:60:31:04:7F:A1:30:3F:DD
Certificate issuer:       /CN=a6a05904ec81746a0a66d207f5d36f8d97888a0d
Certificate serial:       018ED8DD03A9E157611603169902D45EE147
Authority key identifier: A6:A0:59:04:EC:81:74:6A:0A:66:D2:07:F5:D3:6F:8D:97:88:8A:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pqBZBOyBdGoKZtIH9dNvjZeIig0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/3b51c9-b37b-4767-88d9-5df6a463035b/1/VgCxYFTQzZoHtXs5YDEEf6EwP90.roa
Signing time:             Sat 13 Apr 2024 19:09:06 +0000
ROA not before:           Sat 13 Apr 2024 19:09:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60318
IP address blocks:        2a06:b300::/48 maxlen: 48
                          2a06:b300:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/3b51c9-b37b-4767-88d9-5df6a463035b/1/pqBZBOyBdGoKZtIH9dNvjZeIig0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/3b51c9-b37b-4767-88d9-5df6a463035b/1/pqBZBOyBdGoKZtIH9dNvjZeIig0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pqBZBOyBdGoKZtIH9dNvjZeIig0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d8:dd:03:a9:e1:57:61:16:03:16:99:02:d4:5e:e1:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6a05904ec81746a0a66d207f5d36f8d97888a0d
        Validity
            Not Before: Apr 13 19:09:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5600b16054d0cd9a07b57b396031047fa1303fdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:bf:1e:40:4a:41:79:bc:8a:28:a6:5a:86:a9:
                    0b:e7:3a:a9:ed:d4:96:e4:24:d9:2e:3d:03:59:d8:
                    02:a2:c4:f3:dd:6f:17:76:09:e3:83:62:27:74:3b:
                    b1:63:1b:c5:9a:ea:ff:ba:10:d9:4c:8c:a1:ed:16:
                    12:57:99:4f:1d:08:48:a5:fa:20:df:5c:5d:89:eb:
                    a7:51:72:11:fa:b6:a2:a2:26:33:18:16:dd:d1:f5:
                    dd:cf:a9:a2:4f:8d:bf:16:6e:77:06:e9:74:15:7b:
                    83:c0:b9:a4:df:c8:a5:48:90:b1:6f:4c:93:a2:e5:
                    1b:3b:5f:fb:f3:f2:3b:a6:a5:5a:5b:69:76:81:45:
                    47:7b:2c:7d:78:03:9d:6b:a5:42:bd:8e:a1:22:77:
                    07:da:be:e1:ef:5b:bb:dc:75:97:35:a4:bd:78:7d:
                    b1:05:7a:83:0f:06:03:58:bf:82:bc:aa:89:99:89:
                    72:3e:f5:dc:e6:dd:0d:30:05:8b:ff:ae:a1:b2:bc:
                    b0:e8:17:a9:cb:69:c3:79:39:8a:d5:2b:a9:95:27:
                    9c:6f:a3:0c:ab:e2:71:b5:04:f7:2d:18:bb:47:78:
                    d6:09:1b:00:9e:d0:9b:d6:e1:02:15:98:51:46:1c:
                    c7:80:0a:29:a5:f7:a2:4f:8d:cd:d5:7f:33:b1:60:
                    fe:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:00:B1:60:54:D0:CD:9A:07:B5:7B:39:60:31:04:7F:A1:30:3F:DD
            X509v3 Authority Key Identifier:
                keyid:A6:A0:59:04:EC:81:74:6A:0A:66:D2:07:F5:D3:6F:8D:97:88:8A:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pqBZBOyBdGoKZtIH9dNvjZeIig0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3b51c9-b37b-4767-88d9-5df6a463035b/1/VgCxYFTQzZoHtXs5YDEEf6EwP90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3b51c9-b37b-4767-88d9-5df6a463035b/1/pqBZBOyBdGoKZtIH9dNvjZeIig0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:b300::/47

    Signature Algorithm: sha256WithRSAEncryption
         3d:59:cb:d6:44:67:9f:9e:46:60:8d:7f:08:5e:b0:f4:ac:87:
         36:48:89:07:63:39:71:b6:b7:62:17:9b:56:1b:75:d9:2f:1f:
         7d:84:3b:51:9d:91:36:52:07:dc:0a:a0:0e:fe:1e:f5:77:a4:
         d3:33:17:72:f0:5f:a6:f2:a4:a2:53:e5:40:ba:ce:fc:04:77:
         8e:33:b8:f5:a7:61:b5:4a:88:36:0f:63:9a:7d:b7:e6:65:93:
         5c:8f:7e:84:42:ba:dd:08:1d:a5:de:59:33:31:04:5b:a2:b4:
         6e:f7:6c:24:ba:cb:a9:6c:f9:37:a4:3f:eb:ab:8b:61:ed:2a:
         64:1b:b4:79:58:a9:74:3d:06:ba:dc:d1:8f:e0:7a:a1:11:01:
         5b:bb:8d:e1:57:95:8e:16:47:e3:81:1a:23:f9:09:42:fc:20:
         df:c9:6b:eb:f4:e9:3f:f0:d9:19:75:e5:ca:13:ce:9f:9a:eb:
         d4:ff:cd:e3:9d:21:f7:f3:21:3c:8a:6b:22:19:62:1d:64:55:
         55:cf:ab:30:38:8e:92:01:0e:db:1d:17:50:80:07:87:7a:dd:
         f8:f7:b0:5c:2f:18:14:e2:6b:13:72:40:11:fc:19:2e:99:72:
         57:25:de:10:7d:0a:5b:7b:9c:1f:12:e6:30:c9:2d:83:34:c0:
         fe:99:d1:8e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY7Y3QOp4VdhFgMWmQLUXuFHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2YTA1OTA0ZWM4MTc0NmEwYTY2ZDIwN2Y1ZDM2ZjhkOTc4
ODhhMGQwHhcNMjQwNDEzMTkwOTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjAwYjE2MDU0ZDBjZDlhMDdiNTdiMzk2MDMxMDQ3ZmExMzAzZmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAor8eQEpBebyKKKZahqkL5zqp7dSW
5CTZLj0DWdgCosTz3W8Xdgnjg2IndDuxYxvFmur/uhDZTIyh7RYSV5lPHQhIpfog
31xdieunUXIR+raioiYzGBbd0fXdz6miT42/Fm53Bul0FXuDwLmk38ilSJCxb0yT
ouUbO1/78/I7pqVaW2l2gUVHeyx9eAOda6VCvY6hIncH2r7h71u73HWXNaS9eH2x
BXqDDwYDWL+CvKqJmYlyPvXc5t0NMAWL/66hsryw6Bepy2nDeTmK1SuplSecb6MM
q+JxtQT3LRi7R3jWCRsAntCb1uECFZhRRhzHgAoppfeiT43N1X8zsWD+IQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFYAsWBU0M2aB7V7OWAxBH+hMD/dMB8GA1UdIwQY
MBaAFKagWQTsgXRqCmbSB/XTb42XiIoNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHFCWkJPeUJkR29LWnRJSDlkTnZqWmVJaWcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zYjUxYzktYjM3Yi00NzY3LTg4ZDkt
NWRmNmE0NjMwMzViLzEvVmdDeFlGVFF6Wm9IdFhzNVlERUVmNkV3UDkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zYjUxYzktYjM3Yi00NzY3LTg4ZDktNWRmNmE0NjMwMzVi
LzEvcHFCWkJPeUJkR29LWnRJSDlkTnZqWmVJaWcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgazAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA9WcvWRGefnkZgjX8IXrD0rIc2SIkHYzlxtrdi
F5tWG3XZLx99hDtRnZE2UgfcCqAO/h71d6TTMxdy8F+m8qSiU+VAus78BHeOM7j1
p2G1Sog2D2OafbfmZZNcj36EQrrdCB2l3lkzMQRborRu92wkusupbPk3pD/rq4th
7SpkG7R5WKl0PQa63NGP4HqhEQFbu43hV5WOFkfjgRoj+QlC/CDfyWvr9Ok/8NkZ
deXKE86fmuvU/83jnSH38yE8imsiGWIdZFVVz6swOI6SAQ7bHRdQgAeHet3497Bc
LxgU4msTckAR/BkumXJXJd4QfQpbe5wfEuYwyS2DNMD+mdGO
-----END CERTIFICATE-----