Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/ea8170-0db3-4d02-aa8a-e744c5bef561/1/6Y5ZBM-hAiIwryCyGGcxvRj-mfU.roa
File:                     6Y5ZBM-hAiIwryCyGGcxvRj-mfU.roa (raw, json)
Hash identifier:          dMWRtyVNfg9IHpoRkTYpSLpWscLW042PnLVaxYc/B78=
Subject key identifier:   E9:8E:59:04:CF:A1:02:22:30:AF:20:B2:18:67:31:BD:18:FE:99:F5
Certificate issuer:       /CN=c125ef4dc9d3ecdf486655c2dd231e9cbbb0a0b7
Certificate serial:       018CC6B93A80FD4B5BA7D1F5555056BA6DD0
Authority key identifier: C1:25:EF:4D:C9:D3:EC:DF:48:66:55:C2:DD:23:1E:9C:BB:B0:A0:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wSXvTcnT7N9IZlXC3SMenLuwoLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/ea8170-0db3-4d02-aa8a-e744c5bef561/1/6Y5ZBM-hAiIwryCyGGcxvRj-mfU.roa
Signing time:             Mon 01 Jan 2024 20:31:17 +0000
ROA not before:           Mon 01 Jan 2024 20:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209859
IP address blocks:        2001:67c:1768::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/ea8170-0db3-4d02-aa8a-e744c5bef561/1/wSXvTcnT7N9IZlXC3SMenLuwoLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/ea8170-0db3-4d02-aa8a-e744c5bef561/1/wSXvTcnT7N9IZlXC3SMenLuwoLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wSXvTcnT7N9IZlXC3SMenLuwoLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3a:80:fd:4b:5b:a7:d1:f5:55:50:56:ba:6d:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c125ef4dc9d3ecdf486655c2dd231e9cbbb0a0b7
        Validity
            Not Before: Jan  1 20:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e98e5904cfa1022230af20b2186731bd18fe99f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c5:e9:58:62:d4:32:b4:04:de:2d:5a:dc:f5:
                    f2:92:a9:12:86:75:47:c1:68:be:37:67:9f:36:8c:
                    28:da:9f:cd:d7:e2:45:36:a9:ba:38:8e:7b:47:65:
                    38:79:f7:3b:1d:02:c5:19:9c:fe:17:6f:1f:20:26:
                    80:05:4d:0f:60:ea:08:4a:77:b6:a8:5a:0e:3f:33:
                    8a:8e:e1:d4:68:19:a7:1e:95:97:96:a8:be:4f:9c:
                    d7:d4:e3:e1:94:9e:6d:45:26:10:36:5f:7d:67:a7:
                    dd:f0:e1:21:d1:fb:ca:8e:dc:2a:a3:6f:85:bd:2b:
                    7b:81:4e:fe:90:1a:08:10:6f:b5:a4:c0:24:23:df:
                    9b:8f:6b:62:57:f1:19:d7:18:27:f3:cc:2c:08:be:
                    c1:6d:6c:97:5e:52:5f:da:eb:0a:fb:3b:b3:96:6f:
                    9d:de:c4:ff:c8:6f:1d:2c:f3:77:98:49:68:f1:8d:
                    4b:06:e5:a8:17:45:1d:6c:56:9c:2a:06:fb:9a:bf:
                    6d:a7:d6:73:d5:87:a3:84:5e:1e:07:32:b1:ad:42:
                    1e:24:2a:3b:8b:bf:b4:f1:ff:b0:6c:61:98:8a:56:
                    c0:27:d1:2f:1b:2d:a5:36:99:17:ed:7c:e0:24:a3:
                    08:30:64:cd:41:5a:78:01:cc:54:7c:a9:16:7a:7b:
                    4f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:8E:59:04:CF:A1:02:22:30:AF:20:B2:18:67:31:BD:18:FE:99:F5
            X509v3 Authority Key Identifier:
                keyid:C1:25:EF:4D:C9:D3:EC:DF:48:66:55:C2:DD:23:1E:9C:BB:B0:A0:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wSXvTcnT7N9IZlXC3SMenLuwoLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/ea8170-0db3-4d02-aa8a-e744c5bef561/1/6Y5ZBM-hAiIwryCyGGcxvRj-mfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/ea8170-0db3-4d02-aa8a-e744c5bef561/1/wSXvTcnT7N9IZlXC3SMenLuwoLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1768::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:7f:61:5b:8c:f4:2c:57:2c:30:93:83:7f:5e:d0:2a:c7:80:
         f5:fc:09:a3:53:57:f3:9a:12:de:da:54:7a:0e:0d:21:c4:29:
         2f:e1:b4:de:54:ba:09:01:d5:a7:d5:8c:33:ab:a7:9f:4e:40:
         c4:c9:fe:c8:0c:3f:fe:49:db:41:37:f4:89:c1:81:c4:64:04:
         5f:3e:9d:0d:32:d7:6d:b6:3e:b4:b1:22:ca:69:32:58:e3:0d:
         f8:6c:dc:f4:6c:e6:bc:0a:39:47:b0:f7:cb:00:fa:ef:6e:bf:
         cf:92:a7:d7:7b:64:17:29:39:05:95:3e:46:c8:e8:dc:ce:a1:
         84:c0:e4:00:dc:9e:72:44:cb:1d:ce:eb:d4:67:a5:5e:ee:e4:
         6a:0e:f8:83:e1:f9:a4:e7:cc:1b:33:41:f5:9b:28:95:f5:42:
         b8:d2:3e:cf:13:78:89:4e:fd:b0:b1:f3:b9:b9:b8:a2:65:2d:
         2a:8b:6d:a2:03:b4:a1:f6:cd:92:49:94:8d:35:11:43:9d:60:
         8f:e3:25:39:ea:e3:94:89:0f:b1:17:ec:e8:bb:05:6c:df:09:
         e2:5e:66:1e:df:fd:e2:2f:18:ec:25:29:e1:a4:cd:fa:3b:77:
         a6:d0:dd:be:87:6f:fa:dc:46:50:45:95:1e:73:7b:ef:ef:c8:
         06:3e:29:51
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuTqA/Utbp9H1VVBWum3QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMjVlZjRkYzlkM2VjZGY0ODY2NTVjMmRkMjMxZTljYmJi
MGEwYjcwHhcNMjQwMTAxMjAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOThlNTkwNGNmYTEwMjIyMzBhZjIwYjIxODY3MzFiZDE4ZmU5OWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcXpWGLUMrQE3i1a3PXykqkShnVH
wWi+N2efNowo2p/N1+JFNqm6OI57R2U4efc7HQLFGZz+F28fICaABU0PYOoISne2
qFoOPzOKjuHUaBmnHpWXlqi+T5zX1OPhlJ5tRSYQNl99Z6fd8OEh0fvKjtwqo2+F
vSt7gU7+kBoIEG+1pMAkI9+bj2tiV/EZ1xgn88wsCL7BbWyXXlJf2usK+zuzlm+d
3sT/yG8dLPN3mElo8Y1LBuWoF0UdbFacKgb7mr9tp9Zz1YejhF4eBzKxrUIeJCo7
i7+08f+wbGGYilbAJ9EvGy2lNpkX7XzgJKMIMGTNQVp4AcxUfKkWentP5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOmOWQTPoQIiMK8gshhnMb0Y/pn1MB8GA1UdIwQY
MBaAFMEl703J0+zfSGZVwt0jHpy7sKC3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1NYdlRjblQ3TjlJWmxYQzNTTWVuTHV3b0xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9lYTgxNzAtMGRiMy00ZDAyLWFhOGEt
ZTc0NGM1YmVmNTYxLzEvNlk1WkJNLWhBaUl3cnlDeUdHY3h2UmotbWZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9lYTgxNzAtMGRiMy00ZDAyLWFhOGEtZTc0NGM1YmVmNTYx
LzEvd1NYdlRjblQ3TjlJWmxYQzNTTWVuTHV3b0xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBdo
MA0GCSqGSIb3DQEBCwUAA4IBAQB4f2FbjPQsVywwk4N/XtAqx4D1/AmjU1fzmhLe
2lR6Dg0hxCkv4bTeVLoJAdWn1Ywzq6efTkDEyf7IDD/+SdtBN/SJwYHEZARfPp0N
Mtdttj60sSLKaTJY4w34bNz0bOa8CjlHsPfLAPrvbr/PkqfXe2QXKTkFlT5GyOjc
zqGEwOQA3J5yRMsdzuvUZ6Ve7uRqDviD4fmk58wbM0H1myiV9UK40j7PE3iJTv2w
sfO5ubiiZS0qi22iA7Sh9s2SSZSNNRFDnWCP4yU56uOUiQ+xF+zouwVs3wniXmYe
3/3iLxjsJSnhpM36O3em0N2+h2/63EZQRZUec3vv78gGPilR
-----END CERTIFICATE-----