Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/cd410f-9de4-4d82-8091-59e792fe14cc/1/6kT1OM_177x3PGQDQ1a3s2sR_K4.roa
File:                     6kT1OM_177x3PGQDQ1a3s2sR_K4.roa (raw, json)
Hash identifier:          pudzp6qByHaNTcT92lDs7vD1/hJEZCfrg6xZH0s/fi8=
Subject key identifier:   EA:44:F5:38:CF:F5:EF:BC:77:3C:64:03:43:56:B7:B3:6B:11:FC:AE
Certificate issuer:       /CN=334b09743ed2afd6afb47c58360ee3112a95cd34
Certificate serial:       018ED34177A2D399309941010F4DBBFACD83
Authority key identifier: 33:4B:09:74:3E:D2:AF:D6:AF:B4:7C:58:36:0E:E3:11:2A:95:CD:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M0sJdD7Sr9avtHxYNg7jESqVzTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/cd410f-9de4-4d82-8091-59e792fe14cc/1/6kT1OM_177x3PGQDQ1a3s2sR_K4.roa
Signing time:             Fri 12 Apr 2024 17:01:06 +0000
ROA not before:           Fri 12 Apr 2024 17:01:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397071
IP address blocks:        2a0c:5e00:7::/48 maxlen: 48
                          2a0c:5e00:7::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/cd410f-9de4-4d82-8091-59e792fe14cc/1/M0sJdD7Sr9avtHxYNg7jESqVzTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/cd410f-9de4-4d82-8091-59e792fe14cc/1/M0sJdD7Sr9avtHxYNg7jESqVzTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M0sJdD7Sr9avtHxYNg7jESqVzTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d3:41:77:a2:d3:99:30:99:41:01:0f:4d:bb:fa:cd:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=334b09743ed2afd6afb47c58360ee3112a95cd34
        Validity
            Not Before: Apr 12 17:01:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea44f538cff5efbc773c64034356b7b36b11fcae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:02:24:b4:ec:bf:65:08:19:e5:a1:17:04:f5:
                    a0:d0:d9:f7:d9:b0:2d:e9:8b:d6:2a:47:49:d4:e1:
                    0e:49:8f:ae:07:d8:88:11:31:83:06:f6:a5:f5:95:
                    64:07:ce:f3:b1:61:f0:be:8f:af:9f:d1:2b:2a:b5:
                    f5:04:67:f6:e6:dc:45:02:89:26:ad:25:70:8d:a6:
                    e0:b0:9e:4e:06:e7:bd:2f:a7:e9:57:cd:a2:f4:95:
                    04:9c:ca:3a:b6:6b:99:15:12:0d:70:b7:06:a7:af:
                    86:97:c3:44:fe:87:01:db:b8:d9:65:60:28:ea:c2:
                    0f:8a:c4:b4:a4:bc:97:b6:01:18:ae:91:0e:31:08:
                    55:25:09:73:b2:61:9e:2a:ed:e6:3a:36:ae:85:c0:
                    4b:ac:38:ab:92:9f:6c:74:b1:a7:17:af:cb:1d:fe:
                    74:e2:b9:84:fb:41:6b:6c:ce:be:48:02:bc:2c:e8:
                    6a:f3:b9:82:67:d2:57:89:f0:d3:04:9d:dc:84:7c:
                    0f:d4:0c:39:fe:63:6f:c1:b3:bd:f7:af:c2:33:96:
                    a7:ab:cb:fe:26:4a:0d:f2:09:c2:e1:ca:0c:0d:07:
                    27:ff:c3:f7:57:b3:05:e4:4f:07:f4:3e:60:0e:b3:
                    7c:ec:39:56:0a:82:49:55:04:99:3c:3c:a1:93:41:
                    e6:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:44:F5:38:CF:F5:EF:BC:77:3C:64:03:43:56:B7:B3:6B:11:FC:AE
            X509v3 Authority Key Identifier:
                keyid:33:4B:09:74:3E:D2:AF:D6:AF:B4:7C:58:36:0E:E3:11:2A:95:CD:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M0sJdD7Sr9avtHxYNg7jESqVzTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/cd410f-9de4-4d82-8091-59e792fe14cc/1/6kT1OM_177x3PGQDQ1a3s2sR_K4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/cd410f-9de4-4d82-8091-59e792fe14cc/1/M0sJdD7Sr9avtHxYNg7jESqVzTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:5e00:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:d0:f1:86:cf:ea:71:22:cb:75:35:bb:ef:f2:34:d0:72:c3:
         a9:da:35:74:f7:7f:92:e1:36:62:e8:84:31:3d:95:e1:ff:86:
         20:1a:00:e8:60:bb:4b:37:0c:13:f6:62:da:4d:cb:46:67:e6:
         5f:63:23:fe:f9:47:de:fa:7a:67:dc:1d:92:c2:69:22:10:a5:
         a1:25:84:c0:4e:66:0f:96:b7:43:db:3c:70:90:b7:9d:34:78:
         91:e1:b2:b7:bd:94:b5:84:6f:f8:13:34:0e:e8:a8:39:80:64:
         5c:8a:8c:b5:19:81:dd:36:63:c0:bd:0b:bf:db:ab:a6:5b:29:
         ba:ba:d6:73:af:92:ab:97:aa:eb:28:d3:d8:e3:f8:53:7c:a5:
         22:ad:27:61:0d:c0:31:39:f6:5e:b5:25:42:f0:3f:b5:c5:6a:
         83:b2:08:7e:50:39:35:95:52:7d:0c:eb:df:db:8b:99:94:5b:
         79:a0:01:1b:17:16:f9:71:68:f4:43:dc:a2:cf:65:71:57:af:
         c4:4c:c6:a8:2f:af:99:04:e8:0d:74:19:53:ff:50:ee:9f:8b:
         70:45:f3:c1:60:ea:73:b6:77:23:a0:d5:c5:44:6d:c7:e3:34:
         ca:c5:d4:8b:0e:92:32:56:84:d2:97:2d:c2:eb:91:9c:40:61:
         3c:10:66:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY7TQXei05kwmUEBD027+s2DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzNGIwOTc0M2VkMmFmZDZhZmI0N2M1ODM2MGVlMzExMmE5
NWNkMzQwHhcNMjQwNDEyMTcwMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTQ0ZjUzOGNmZjVlZmJjNzczYzY0MDM0MzU2YjdiMzZiMTFmY2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAIktOy/ZQgZ5aEXBPWg0Nn32bAt
6YvWKkdJ1OEOSY+uB9iIETGDBval9ZVkB87zsWHwvo+vn9ErKrX1BGf25txFAokm
rSVwjabgsJ5OBue9L6fpV82i9JUEnMo6tmuZFRINcLcGp6+Gl8NE/ocB27jZZWAo
6sIPisS0pLyXtgEYrpEOMQhVJQlzsmGeKu3mOjauhcBLrDirkp9sdLGnF6/LHf50
4rmE+0FrbM6+SAK8LOhq87mCZ9JXifDTBJ3chHwP1Aw5/mNvwbO996/CM5anq8v+
JkoN8gnC4coMDQcn/8P3V7MF5E8H9D5gDrN87DlWCoJJVQSZPDyhk0HmuwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOpE9TjP9e+8dzxkA0NWt7NrEfyuMB8GA1UdIwQY
MBaAFDNLCXQ+0q/Wr7R8WDYO4xEqlc00MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTBzSmREN1NyOWF2dEh4WU5nN2pFU3FWelRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9jZDQxMGYtOWRlNC00ZDgyLTgwOTEt
NTllNzkyZmUxNGNjLzEvNmtUMU9NXzE3N3gzUEdRRFExYTNzMnNSX0s0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9jZDQxMGYtOWRlNC00ZDgyLTgwOTEtNTllNzkyZmUxNGNj
LzEvTTBzSmREN1NyOWF2dEh4WU5nN2pFU3FWelRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgxeAAAH
MA0GCSqGSIb3DQEBCwUAA4IBAQCO0PGGz+pxIst1Nbvv8jTQcsOp2jV093+S4TZi
6IQxPZXh/4YgGgDoYLtLNwwT9mLaTctGZ+ZfYyP++Ufe+npn3B2SwmkiEKWhJYTA
TmYPlrdD2zxwkLedNHiR4bK3vZS1hG/4EzQO6Kg5gGRcioy1GYHdNmPAvQu/26um
Wym6utZzr5Krl6rrKNPY4/hTfKUirSdhDcAxOfZetSVC8D+1xWqDsgh+UDk1lVJ9
DOvf24uZlFt5oAEbFxb5cWj0Q9yiz2VxV6/ETMaoL6+ZBOgNdBlT/1Dun4twRfPB
YOpztncjoNXFRG3H4zTKxdSLDpIyVoTSly3C65GcQGE8EGaM
-----END CERTIFICATE-----