Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/98bc90-01df-46ae-ba63-a9c04d0954e2/1/QE2cfsD1zr6EnLrgrc2FlIlxfFo.roa
File:                     QE2cfsD1zr6EnLrgrc2FlIlxfFo.roa (raw, json)
Hash identifier:          cH5RFsV+yyDmBuXUbz8C8cVTxSQPyvsiKwpzQQ1B8U0=
Subject key identifier:   40:4D:9C:7E:C0:F5:CE:BE:84:9C:BA:E0:AD:CD:85:94:89:71:7C:5A
Certificate issuer:       /CN=6ba69c3bdc92d681148a358a13a6e6f53dfb7758
Certificate serial:       018F0A7852A96E9B29A212046336A5045213
Authority key identifier: 6B:A6:9C:3B:DC:92:D6:81:14:8A:35:8A:13:A6:E6:F5:3D:FB:77:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a6acO9yS1oEUijWKE6bm9T37d1g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/98bc90-01df-46ae-ba63-a9c04d0954e2/1/QE2cfsD1zr6EnLrgrc2FlIlxfFo.roa
Signing time:             Tue 23 Apr 2024 10:20:08 +0000
ROA not before:           Tue 23 Apr 2024 10:20:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215060
IP address blocks:        2001:67c:e84::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/98bc90-01df-46ae-ba63-a9c04d0954e2/1/a6acO9yS1oEUijWKE6bm9T37d1g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/98bc90-01df-46ae-ba63-a9c04d0954e2/1/a6acO9yS1oEUijWKE6bm9T37d1g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a6acO9yS1oEUijWKE6bm9T37d1g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0a:78:52:a9:6e:9b:29:a2:12:04:63:36:a5:04:52:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ba69c3bdc92d681148a358a13a6e6f53dfb7758
        Validity
            Not Before: Apr 23 10:20:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=404d9c7ec0f5cebe849cbae0adcd859489717c5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:fc:75:8b:2b:26:45:c2:f6:ba:d0:d9:44:be:
                    3d:5e:ea:ad:f8:0c:58:84:9c:e7:e9:70:8f:2b:97:
                    ac:f9:e3:b7:56:8b:a9:81:4d:1d:53:0d:cf:96:67:
                    09:c0:cc:6c:f7:3f:e2:fa:e1:57:68:4d:af:da:c1:
                    fe:9b:a1:dd:c6:d6:fc:5e:18:b4:16:54:74:fe:40:
                    6a:77:b2:1d:eb:11:b9:d6:8f:47:64:39:0c:d4:ac:
                    a8:58:f5:56:0c:6f:2c:45:ba:3f:bb:c1:26:d2:83:
                    cd:11:a8:b3:3e:f6:a4:d1:9a:fa:0f:1f:eb:2b:3b:
                    23:4f:a3:ca:cd:b0:6a:5f:26:62:e0:8f:cc:05:bb:
                    44:b7:3c:63:e7:85:ef:a7:dc:80:dd:49:3c:d0:60:
                    aa:a6:3f:32:8c:1c:ae:94:19:8c:a3:1c:95:5a:00:
                    f5:81:4c:57:71:45:92:5e:27:20:4e:2b:dc:36:59:
                    14:d5:6c:cf:44:a7:f8:5e:4e:05:3d:58:9f:5c:3d:
                    8d:cb:44:81:c7:6d:4e:a2:4e:cc:5a:12:5a:97:31:
                    3e:94:95:93:9d:5f:e2:6a:c0:c7:dd:a9:88:80:68:
                    f9:f9:e8:01:1d:2b:09:39:96:6f:66:0a:50:08:2d:
                    51:b5:e0:e4:df:c7:09:fd:9e:63:83:48:4d:ba:c6:
                    11:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:4D:9C:7E:C0:F5:CE:BE:84:9C:BA:E0:AD:CD:85:94:89:71:7C:5A
            X509v3 Authority Key Identifier:
                keyid:6B:A6:9C:3B:DC:92:D6:81:14:8A:35:8A:13:A6:E6:F5:3D:FB:77:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6acO9yS1oEUijWKE6bm9T37d1g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/98bc90-01df-46ae-ba63-a9c04d0954e2/1/QE2cfsD1zr6EnLrgrc2FlIlxfFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/98bc90-01df-46ae-ba63-a9c04d0954e2/1/a6acO9yS1oEUijWKE6bm9T37d1g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e84::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:ae:d1:df:20:28:a3:7e:c6:e9:1d:75:e6:54:03:0f:61:14:
         5f:b9:e1:cd:82:6e:52:92:17:2e:7f:e1:28:85:15:e5:db:22:
         22:02:ea:ee:0e:99:2a:63:c3:28:45:cd:81:d3:5c:37:03:85:
         a9:c2:41:a7:23:0d:8f:f4:8b:6f:4c:9e:fa:3d:e5:ea:28:ca:
         5d:5e:e0:ba:b3:91:65:72:1e:73:5f:b3:91:2e:00:fa:2f:f2:
         b2:1b:45:c8:97:43:62:92:d4:74:e0:23:a5:53:21:da:36:a9:
         79:68:19:2d:f1:d3:bf:0e:2f:d9:7a:4a:53:25:59:a0:94:7d:
         13:18:b5:96:52:a8:89:ab:bb:26:8d:0a:fa:6a:cb:86:84:27:
         f0:e4:36:d1:ee:23:1d:d2:10:14:b0:ce:01:e3:05:e2:93:a5:
         99:34:fe:41:de:37:80:f2:e2:1a:23:60:a0:5d:1e:39:2d:c1:
         d6:23:be:a7:8b:f0:5a:4a:86:cb:e4:cb:d2:8a:68:4c:4b:32:
         65:49:15:a9:80:3e:86:e1:82:c8:53:8c:d1:5b:45:3c:5d:3e:
         ec:0e:66:c5:29:bc:b2:99:cd:5b:e9:ed:14:24:e1:0d:72:c5:
         a9:80:d4:bf:2b:59:09:2f:10:b7:21:be:cd:f7:28:74:2f:4c:
         a9:cb:4c:73
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8KeFKpbpspohIEYzalBFITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYTY5YzNiZGM5MmQ2ODExNDhhMzU4YTEzYTZlNmY1M2Rm
Yjc3NTgwHhcNMjQwNDIzMTAyMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDRkOWM3ZWMwZjVjZWJlODQ5Y2JhZTBhZGNkODU5NDg5NzE3YzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Px1iysmRcL2utDZRL49Xuqt+AxY
hJzn6XCPK5es+eO3VoupgU0dUw3PlmcJwMxs9z/i+uFXaE2v2sH+m6Hdxtb8Xhi0
FlR0/kBqd7Id6xG51o9HZDkM1KyoWPVWDG8sRbo/u8Em0oPNEaizPvak0Zr6Dx/r
KzsjT6PKzbBqXyZi4I/MBbtEtzxj54Xvp9yA3Uk80GCqpj8yjByulBmMoxyVWgD1
gUxXcUWSXicgTivcNlkU1WzPRKf4Xk4FPVifXD2Ny0SBx21Ook7MWhJalzE+lJWT
nV/iasDH3amIgGj5+egBHSsJOZZvZgpQCC1RteDk38cJ/Z5jg0hNusYRqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEBNnH7A9c6+hJy64K3NhZSJcXxaMB8GA1UdIwQY
MBaAFGumnDvcktaBFIo1ihOm5vU9+3dYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTZhY085eVMxb0VVaWpXS0U2Ym05VDM3ZDFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy85OGJjOTAtMDFkZi00NmFlLWJhNjMt
YTljMDRkMDk1NGUyLzEvUUUyY2ZzRDF6cjZFbkxyZ3JjMkZsSWx4ZkZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy85OGJjOTAtMDFkZi00NmFlLWJhNjMtYTljMDRkMDk1NGUy
LzEvYTZhY085eVMxb0VVaWpXS0U2Ym05VDM3ZDFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA6E
MA0GCSqGSIb3DQEBCwUAA4IBAQAjrtHfICijfsbpHXXmVAMPYRRfueHNgm5Skhcu
f+EohRXl2yIiAuruDpkqY8MoRc2B01w3A4WpwkGnIw2P9ItvTJ76PeXqKMpdXuC6
s5Flch5zX7ORLgD6L/KyG0XIl0NiktR04COlUyHaNql5aBkt8dO/Di/ZekpTJVmg
lH0TGLWWUqiJq7smjQr6asuGhCfw5DbR7iMd0hAUsM4B4wXik6WZNP5B3jeA8uIa
I2CgXR45LcHWI76ni/BaSobL5MvSimhMSzJlSRWpgD6G4YLIU4zRW0U8XT7sDmbF
Kbyymc1b6e0UJOENcsWpgNS/K1kJLxC3Ib7N9yh0L0ypy0xz
-----END CERTIFICATE-----