Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/abb8fc-a82b-4157-b28e-e139fbc279b9/1/6CxSe0mZ1VNNudeOM6tCOl4BfpE.roa
File:                     6CxSe0mZ1VNNudeOM6tCOl4BfpE.roa (raw, json)
Hash identifier:          AZ2JactdvmsGwlorqVk99lqx/Zkkt6Qzt/ewkjdtY+k=
Subject key identifier:   E8:2C:52:7B:49:99:D5:53:4D:B9:D7:8E:33:AB:42:3A:5E:01:7E:91
Certificate issuer:       /CN=6f138f2e033f942bb94e731ff452448c6802ae82
Certificate serial:       018CC4930C9627C1D94084F97C3EB3B2498D
Authority key identifier: 6F:13:8F:2E:03:3F:94:2B:B9:4E:73:1F:F4:52:44:8C:68:02:AE:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bxOPLgM_lCu5TnMf9FJEjGgCroI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/abb8fc-a82b-4157-b28e-e139fbc279b9/1/6CxSe0mZ1VNNudeOM6tCOl4BfpE.roa
Signing time:             Mon 01 Jan 2024 10:30:20 +0000
ROA not before:           Mon 01 Jan 2024 10:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59632
IP address blocks:        176.124.104.0/21 maxlen: 21
                          2001:67c:744::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/abb8fc-a82b-4157-b28e-e139fbc279b9/1/bxOPLgM_lCu5TnMf9FJEjGgCroI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/abb8fc-a82b-4157-b28e-e139fbc279b9/1/bxOPLgM_lCu5TnMf9FJEjGgCroI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bxOPLgM_lCu5TnMf9FJEjGgCroI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:0c:96:27:c1:d9:40:84:f9:7c:3e:b3:b2:49:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f138f2e033f942bb94e731ff452448c6802ae82
        Validity
            Not Before: Jan  1 10:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e82c527b4999d5534db9d78e33ab423a5e017e91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a1:92:6b:7e:5c:08:2e:dc:f6:d2:bc:67:ad:
                    5f:9f:d8:12:62:4b:f0:a1:ef:3f:79:1d:0c:30:e1:
                    77:70:dd:ab:5c:b1:8d:06:f0:30:3c:c7:0b:67:5b:
                    35:1d:99:60:69:1d:10:37:55:fd:ef:ce:a6:aa:1b:
                    ea:3b:45:2f:7b:04:2b:20:ac:ce:bc:37:d8:96:e3:
                    c6:05:de:ce:79:5e:d8:e1:52:8f:8e:85:84:dc:d1:
                    40:d4:6a:98:69:87:0d:66:6a:fd:8b:1a:8a:2d:10:
                    4a:83:1f:15:27:a6:c1:e6:71:4d:1d:55:16:a0:25:
                    fd:82:75:5d:0e:12:f3:0f:16:01:01:76:a8:d8:5a:
                    07:f3:a4:f5:29:31:38:ac:3d:d5:f8:08:6c:a5:e0:
                    fd:95:32:5d:3d:b5:f2:0a:50:8b:24:44:69:35:a6:
                    c5:f2:6e:ad:9d:9a:88:b9:79:d4:0f:36:a7:2d:93:
                    07:ae:b5:46:fc:e7:09:c0:b0:98:d5:03:17:4e:1e:
                    bb:0e:1b:38:a2:09:a6:73:77:5b:f5:43:f2:3c:c1:
                    3b:64:e2:7f:d6:25:ed:5d:f8:8f:50:57:6c:f7:fb:
                    b4:59:4f:f5:9a:ed:e3:34:e1:e6:65:2c:de:ea:ab:
                    c3:16:4d:1c:fe:c6:46:a7:9a:ec:2e:1f:a7:c1:12:
                    4c:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:2C:52:7B:49:99:D5:53:4D:B9:D7:8E:33:AB:42:3A:5E:01:7E:91
            X509v3 Authority Key Identifier:
                keyid:6F:13:8F:2E:03:3F:94:2B:B9:4E:73:1F:F4:52:44:8C:68:02:AE:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bxOPLgM_lCu5TnMf9FJEjGgCroI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/abb8fc-a82b-4157-b28e-e139fbc279b9/1/6CxSe0mZ1VNNudeOM6tCOl4BfpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/abb8fc-a82b-4157-b28e-e139fbc279b9/1/bxOPLgM_lCu5TnMf9FJEjGgCroI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.124.104.0/21
                IPv6:
                  2001:67c:744::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:f6:04:25:04:24:87:84:57:59:a4:ae:6e:92:bd:2a:15:ee:
         e8:df:79:41:63:82:ed:44:85:70:ce:1f:91:75:f2:bb:46:19:
         24:16:de:fa:48:6a:6e:5f:79:9c:01:4c:2a:b6:b7:6f:df:7e:
         ad:28:40:36:36:85:48:1e:d1:df:b6:ca:f5:42:49:a4:f4:f8:
         12:96:a1:d0:7d:9a:75:ae:a7:d7:a0:68:d4:32:31:30:67:e1:
         35:7d:84:78:55:35:0b:a0:c3:f6:0c:f6:17:39:49:91:30:32:
         5d:aa:f1:8c:d1:e7:a4:c7:9a:4c:d6:dd:a3:85:a1:9c:21:c5:
         71:ee:2a:2e:9b:04:fd:ac:3d:2c:86:05:2b:6a:73:64:02:03:
         72:22:7e:be:f0:7e:fc:e9:19:c2:85:33:d2:75:b6:83:5e:a0:
         af:98:4b:38:8c:d7:bf:6e:ca:53:d5:3c:49:ee:a3:2a:90:7c:
         62:ff:3f:52:a4:bc:71:51:0c:af:d7:36:0a:00:2d:be:14:03:
         e6:5d:76:8b:d5:88:28:a5:89:94:9b:e2:34:98:a5:5d:6e:4c:
         df:22:cf:75:48:e9:07:3e:7a:50:6c:e9:85:15:94:5e:c2:f5:
         20:9b:3b:ef:57:18:54:c7:fb:b8:f4:45:d1:c6:ec:1f:ec:d9:
         19:9a:2c:ba
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEkwyWJ8HZQIT5fD6zskmNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMTM4ZjJlMDMzZjk0MmJiOTRlNzMxZmY0NTI0NDhjNjgw
MmFlODIwHhcNMjQwMTAxMTAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODJjNTI3YjQ5OTlkNTUzNGRiOWQ3OGUzM2FiNDIzYTVlMDE3ZTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaGSa35cCC7c9tK8Z61fn9gSYkvw
oe8/eR0MMOF3cN2rXLGNBvAwPMcLZ1s1HZlgaR0QN1X9786mqhvqO0UvewQrIKzO
vDfYluPGBd7OeV7Y4VKPjoWE3NFA1GqYaYcNZmr9ixqKLRBKgx8VJ6bB5nFNHVUW
oCX9gnVdDhLzDxYBAXao2FoH86T1KTE4rD3V+AhspeD9lTJdPbXyClCLJERpNabF
8m6tnZqIuXnUDzanLZMHrrVG/OcJwLCY1QMXTh67Dhs4ogmmc3db9UPyPME7ZOJ/
1iXtXfiPUFds9/u0WU/1mu3jNOHmZSze6qvDFk0c/sZGp5rsLh+nwRJMJQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOgsUntJmdVTTbnXjjOrQjpeAX6RMB8GA1UdIwQY
MBaAFG8Tjy4DP5QruU5zH/RSRIxoAq6CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnhPUExnTV9sQ3U1VG5NZjlGSkVqR2dDcm9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9hYmI4ZmMtYTgyYi00MTU3LWIyOGUt
ZTEzOWZiYzI3OWI5LzEvNkN4U2UwbVoxVk5OdWRlT002dENPbDRCZnBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9hYmI4ZmMtYTgyYi00MTU3LWIyOGUtZTEzOWZiYzI3OWI5
LzEvYnhPUExnTV9sQ3U1VG5NZjlGSkVqR2dDcm9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDsHxoMA8E
AgACMAkDBwAgAQZ8B0QwDQYJKoZIhvcNAQELBQADggEBAE32BCUEJIeEV1mkrm6S
vSoV7ujfeUFjgu1EhXDOH5F18rtGGSQW3vpIam5feZwBTCq2t2/ffq0oQDY2hUge
0d+2yvVCSaT0+BKWodB9mnWup9egaNQyMTBn4TV9hHhVNQugw/YM9hc5SZEwMl2q
8YzR56THmkzW3aOFoZwhxXHuKi6bBP2sPSyGBStqc2QCA3Iifr7wfvzpGcKFM9J1
toNeoK+YSziM179uylPVPEnuoyqQfGL/P1KkvHFRDK/XNgoALb4UA+ZddovViCil
iZSb4jSYpV1uTN8iz3VI6Qc+elBs6YUVlF7C9SCbO+9XGFTH+7j0RdHG7B/s2Rma
LLo=
-----END CERTIFICATE-----