Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/v19uETpHy4E6UZYYOvBx-uy-CIw.roa
File:                     v19uETpHy4E6UZYYOvBx-uy-CIw.roa (raw, json)
Hash identifier:          ao6wBROGV9MyFpNvfagVu7bf95oaWD824ibMC+fZn+E=
Subject key identifier:   BF:5F:6E:11:3A:47:CB:81:3A:51:96:18:3A:F0:71:FA:EC:BE:08:8C
Certificate issuer:       /CN=d98247d3f81472dbba06dbea9bd19c785d18babe
Certificate serial:       018CC34957F3A6F9C8CDF71CA4B9B630FDAF
Authority key identifier: D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/v19uETpHy4E6UZYYOvBx-uy-CIw.roa
Signing time:             Mon 01 Jan 2024 04:30:12 +0000
ROA not before:           Mon 01 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60998
IP address blocks:        2a0f:4440:aaaa::/48 maxlen: 48
                          2a0f:4440:abcd::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:57:f3:a6:f9:c8:cd:f7:1c:a4:b9:b6:30:fd:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d98247d3f81472dbba06dbea9bd19c785d18babe
        Validity
            Not Before: Jan  1 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf5f6e113a47cb813a5196183af071faecbe088c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:e5:4f:38:27:76:76:ce:af:66:33:62:d0:29:
                    c7:09:a2:b7:53:8c:71:cf:1f:55:7f:3d:3e:85:39:
                    62:1c:b5:fa:79:1b:4d:ef:be:94:65:93:bd:df:72:
                    96:53:4f:24:46:3c:bd:7a:6e:19:f3:c1:2e:b0:31:
                    17:b5:27:0a:b1:bc:29:29:e2:dc:b1:08:6d:48:c8:
                    5b:e8:e6:54:46:4d:1f:b4:6d:33:0c:52:32:20:1f:
                    77:a0:4a:53:27:c3:21:1a:d7:a8:e7:88:8b:c4:36:
                    6c:7d:21:4b:1e:b1:5c:95:79:27:ae:aa:90:fa:20:
                    89:d4:01:58:50:ce:1a:78:dd:38:2e:0a:83:65:e4:
                    21:e7:b9:18:00:59:9e:0a:cc:df:1f:87:b1:3d:66:
                    32:e0:2f:e4:0e:2c:8a:67:7b:1e:12:04:23:88:cf:
                    09:23:4a:49:0b:67:40:d9:f7:d3:76:40:c2:f9:8f:
                    40:52:e1:fe:e3:1c:7a:52:fc:78:30:dd:6e:fd:bb:
                    d3:22:f7:67:c9:7d:e2:75:1d:23:21:26:2e:33:27:
                    84:f5:5b:ef:c5:b0:29:82:81:c6:6a:e6:e8:96:b2:
                    82:0e:d4:9d:02:ae:00:b2:e2:ec:a9:bf:0f:7f:f7:
                    78:1a:56:18:7d:0f:84:99:84:ce:69:60:a8:e3:01:
                    72:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:5F:6E:11:3A:47:CB:81:3A:51:96:18:3A:F0:71:FA:EC:BE:08:8C
            X509v3 Authority Key Identifier:
                keyid:D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/v19uETpHy4E6UZYYOvBx-uy-CIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:4440:aaaa::/48
                  2a0f:4440:abcd::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:35:f4:92:47:35:53:a6:b1:d7:03:9b:ee:23:48:e3:4b:35:
         19:c0:b2:74:5f:c7:11:88:04:05:2a:cc:5a:14:da:aa:16:8d:
         4f:2c:3d:8d:d2:81:a6:29:80:82:96:50:b0:10:09:7a:5f:ba:
         cf:86:eb:ba:cc:da:87:40:36:55:f0:a3:ad:eb:b6:5b:b7:b9:
         6f:73:c4:4e:a2:ff:f0:b9:10:1f:7c:54:de:85:e6:96:9a:a8:
         c9:62:17:5e:33:37:10:d7:bc:91:67:f7:73:21:ec:59:80:10:
         c7:c9:e3:74:9c:ac:5d:8d:a6:d7:f3:fd:0c:16:8c:d7:f9:47:
         7a:dd:96:41:9e:08:e6:32:14:d9:92:1e:63:3e:d1:cc:28:e9:
         2f:f7:0b:34:7e:ea:c6:18:bb:59:71:b1:7a:9c:1d:8c:60:51:
         c6:18:75:27:68:5d:4f:c3:38:1f:e2:16:2b:79:6f:dd:43:56:
         54:c5:f1:42:1e:bd:b6:fa:fc:60:1c:3e:73:16:da:fe:44:80:
         01:d1:54:a3:c8:9b:32:68:04:49:1c:c4:15:9a:93:8a:ce:18:
         7b:38:3b:d0:eb:8d:11:e6:59:06:ea:8d:03:c0:4d:17:b0:2c:
         cf:d3:f8:7a:5e:5f:65:6d:23:fb:de:ab:68:f0:4a:a3:8f:65:
         d8:ce:e1:22
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDSVfzpvnIzfccpLm2MP2vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ODI0N2QzZjgxNDcyZGJiYTA2ZGJlYTliZDE5Yzc4NWQx
OGJhYmUwHhcNMjQwMTAxMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjVmNmUxMTNhNDdjYjgxM2E1MTk2MTgzYWYwNzFmYWVjYmUwODhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOVPOCd2ds6vZjNi0CnHCaK3U4xx
zx9Vfz0+hTliHLX6eRtN776UZZO933KWU08kRjy9em4Z88EusDEXtScKsbwpKeLc
sQhtSMhb6OZURk0ftG0zDFIyIB93oEpTJ8MhGteo54iLxDZsfSFLHrFclXknrqqQ
+iCJ1AFYUM4aeN04LgqDZeQh57kYAFmeCszfH4exPWYy4C/kDiyKZ3seEgQjiM8J
I0pJC2dA2ffTdkDC+Y9AUuH+4xx6Uvx4MN1u/bvTIvdnyX3idR0jISYuMyeE9Vvv
xbApgoHGaubolrKCDtSdAq4AsuLsqb8Pf/d4GlYYfQ+EmYTOaWCo4wFy4QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL9fbhE6R8uBOlGWGDrwcfrsvgiMMB8GA1UdIwQY
MBaAFNmCR9P4FHLbugbb6pvRnHhdGLq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgt
YTMwMzI2MTU2NjBjLzEvdjE5dUVUcEh5NEU2VVpZWU92QngtdXktQ0l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgtYTMwMzI2MTU2NjBj
LzEvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg9EQKqq
AwcAKg9EQKvNMA0GCSqGSIb3DQEBCwUAA4IBAQAxNfSSRzVTprHXA5vuI0jjSzUZ
wLJ0X8cRiAQFKsxaFNqqFo1PLD2N0oGmKYCCllCwEAl6X7rPhuu6zNqHQDZV8KOt
67Zbt7lvc8ROov/wuRAffFTeheaWmqjJYhdeMzcQ17yRZ/dzIexZgBDHyeN0nKxd
jabX8/0MFozX+Ud63ZZBngjmMhTZkh5jPtHMKOkv9ws0furGGLtZcbF6nB2MYFHG
GHUnaF1Pwzgf4hYreW/dQ1ZUxfFCHr22+vxgHD5zFtr+RIAB0VSjyJsyaARJHMQV
mpOKzhh7ODvQ640R5lkG6o0DwE0XsCzP0/h6Xl9lbSP73qto8Eqjj2XYzuEi
-----END CERTIFICATE-----