Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/50d855-cd81-481a-95ef-b84487f920e4/1/6kFn0QvjkvjVrxVy2TY7iKIHano.roa
File:                     6kFn0QvjkvjVrxVy2TY7iKIHano.roa (raw, json)
Hash identifier:          E8Pmmkf0Vtv5vIgcUgGzanqfD8iL1PerC8HwBCoNUCI=
Subject key identifier:   EA:41:67:D1:0B:E3:92:F8:D5:AF:15:72:D9:36:3B:88:A2:07:6A:7A
Certificate issuer:       /CN=92d7f69a04bd9cad523b39f77a2ddab44c291192
Certificate serial:       018CC4246BFE6ED3133D21D51E725336BE45
Authority key identifier: 92:D7:F6:9A:04:BD:9C:AD:52:3B:39:F7:7A:2D:DA:B4:4C:29:11:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktf2mgS9nK1SOzn3ei3atEwpEZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/50d855-cd81-481a-95ef-b84487f920e4/1/6kFn0QvjkvjVrxVy2TY7iKIHano.roa
Signing time:             Mon 01 Jan 2024 08:29:30 +0000
ROA not before:           Mon 01 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        2001:67c:2458::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/50d855-cd81-481a-95ef-b84487f920e4/1/ktf2mgS9nK1SOzn3ei3atEwpEZI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/50d855-cd81-481a-95ef-b84487f920e4/1/ktf2mgS9nK1SOzn3ei3atEwpEZI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktf2mgS9nK1SOzn3ei3atEwpEZI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6b:fe:6e:d3:13:3d:21:d5:1e:72:53:36:be:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7f69a04bd9cad523b39f77a2ddab44c291192
        Validity
            Not Before: Jan  1 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea4167d10be392f8d5af1572d9363b88a2076a7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:4f:12:f3:42:32:22:be:d7:4d:46:34:59:37:
                    4b:11:74:a1:5d:39:9a:f0:ba:42:58:8c:95:c1:4f:
                    09:e2:06:86:60:ec:2f:f1:9e:16:44:99:1e:f1:3b:
                    74:1e:c9:3d:ac:09:a9:f7:d5:4f:bf:9c:16:31:ec:
                    a1:41:05:65:a5:20:89:63:78:fb:48:b7:ac:b5:00:
                    4b:28:1f:e8:79:61:7a:cb:a4:ef:c4:6d:66:e2:3a:
                    08:68:ce:87:03:48:03:a2:8e:c8:45:a8:0e:82:e5:
                    af:49:ba:c7:bf:43:8d:55:5b:df:13:2a:4f:b2:a0:
                    d1:9a:5a:64:aa:5a:7e:49:28:21:47:38:11:b5:04:
                    df:27:40:0f:18:c5:2d:c1:46:5c:68:82:87:06:59:
                    0c:d6:4a:d7:ae:ee:7e:d6:9b:54:4e:0a:ae:23:db:
                    fe:0c:1a:6e:2a:ce:74:25:74:e4:a1:69:52:be:2c:
                    29:bd:c5:ff:7f:b3:85:8a:c4:2c:25:2e:79:1a:a3:
                    c1:ee:73:63:a1:5a:0a:86:54:d0:e1:0c:99:e3:e8:
                    3c:b2:73:ee:37:d7:50:77:47:5c:c9:18:fd:88:4e:
                    a6:89:c7:4d:74:55:8a:9b:2b:37:c8:37:87:1c:74:
                    b9:74:a2:f5:d4:8f:76:cf:76:56:aa:4b:70:4d:69:
                    d4:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:41:67:D1:0B:E3:92:F8:D5:AF:15:72:D9:36:3B:88:A2:07:6A:7A
            X509v3 Authority Key Identifier:
                keyid:92:D7:F6:9A:04:BD:9C:AD:52:3B:39:F7:7A:2D:DA:B4:4C:29:11:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktf2mgS9nK1SOzn3ei3atEwpEZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/50d855-cd81-481a-95ef-b84487f920e4/1/6kFn0QvjkvjVrxVy2TY7iKIHano.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/50d855-cd81-481a-95ef-b84487f920e4/1/ktf2mgS9nK1SOzn3ei3atEwpEZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2458::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:a3:fd:8e:97:ed:1c:6d:0b:5b:19:6d:0a:2c:67:3d:d3:77:
         79:7d:9e:81:d5:09:4e:6a:53:13:af:b4:bb:06:c4:8a:84:dc:
         0b:78:2c:28:66:11:a6:88:5c:ff:b6:46:30:87:98:67:77:91:
         31:3a:29:00:68:7c:e7:04:19:5e:1e:86:be:c4:86:e3:4f:5d:
         ff:4d:d7:4a:2d:9d:60:d6:26:96:42:09:cf:1c:6e:0c:65:b7:
         b8:15:09:9b:7b:ff:55:6c:61:9a:40:4b:78:2b:df:0c:38:6d:
         97:cd:03:d5:2b:b6:36:b8:c8:ba:e2:78:4e:e3:58:1c:ca:bc:
         ef:75:34:a3:e3:e2:3a:42:56:2d:ea:be:cd:04:89:97:f2:cc:
         3e:6d:0c:2e:d4:39:54:4f:9d:12:74:a4:1b:4f:9c:28:bc:d9:
         2f:8d:02:eb:79:35:58:d4:a1:34:f7:fe:8f:66:a7:66:cd:d7:
         a6:64:de:c3:43:c4:5f:d9:c7:fb:a8:55:62:b8:23:31:43:4c:
         62:62:fe:d0:43:c8:b6:8e:64:72:7d:5e:16:8f:69:95:ac:59:
         8a:9e:00:5c:18:86:b9:1f:e7:ba:32:0d:9d:2b:9c:3e:1b:73:
         cb:ef:69:56:ee:9d:82:1b:48:42:48:58:2e:62:af:8c:10:15:
         cb:f2:f3:49
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJGv+btMTPSHVHnJTNr5FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdmNjlhMDRiZDljYWQ1MjNiMzlmNzdhMmRkYWI0NGMy
OTExOTIwHhcNMjQwMTAxMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTQxNjdkMTBiZTM5MmY4ZDVhZjE1NzJkOTM2M2I4OGEyMDc2YTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6E8S80IyIr7XTUY0WTdLEXShXTma
8LpCWIyVwU8J4gaGYOwv8Z4WRJke8Tt0Hsk9rAmp99VPv5wWMeyhQQVlpSCJY3j7
SLestQBLKB/oeWF6y6TvxG1m4joIaM6HA0gDoo7IRagOguWvSbrHv0ONVVvfEypP
sqDRmlpkqlp+SSghRzgRtQTfJ0APGMUtwUZcaIKHBlkM1krXru5+1ptUTgquI9v+
DBpuKs50JXTkoWlSviwpvcX/f7OFisQsJS55GqPB7nNjoVoKhlTQ4QyZ4+g8snPu
N9dQd0dcyRj9iE6micdNdFWKmys3yDeHHHS5dKL11I92z3ZWqktwTWnUMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOpBZ9EL45L41a8Vctk2O4iiB2p6MB8GA1UdIwQY
MBaAFJLX9poEvZytUjs593ot2rRMKRGSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmMm1nUzluSzFTT3puM2VpM2F0RXdwRVpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy81MGQ4NTUtY2Q4MS00ODFhLTk1ZWYt
Yjg0NDg3ZjkyMGU0LzEvNmtGbjBRdmprdmpWcnhWeTJUWTdpS0lIYW5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy81MGQ4NTUtY2Q4MS00ODFhLTk1ZWYtYjg0NDg3ZjkyMGU0
LzEva3RmMm1nUzluSzFTT3puM2VpM2F0RXdwRVpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCRY
MA0GCSqGSIb3DQEBCwUAA4IBAQA5o/2Ol+0cbQtbGW0KLGc903d5fZ6B1QlOalMT
r7S7BsSKhNwLeCwoZhGmiFz/tkYwh5hnd5ExOikAaHznBBleHoa+xIbjT13/TddK
LZ1g1iaWQgnPHG4MZbe4FQmbe/9VbGGaQEt4K98MOG2XzQPVK7Y2uMi64nhO41gc
yrzvdTSj4+I6QlYt6r7NBImX8sw+bQwu1DlUT50SdKQbT5wovNkvjQLreTVY1KE0
9/6PZqdmzdemZN7DQ8Rf2cf7qFViuCMxQ0xiYv7QQ8i2jmRyfV4Wj2mVrFmKngBc
GIa5H+e6Mg2dK5w+G3PL72lW7p2CG0hCSFguYq+MEBXL8vNJ
-----END CERTIFICATE-----