Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/rCP06ELcexPpeTKQUIEUmfi58qc.roa
File:                     rCP06ELcexPpeTKQUIEUmfi58qc.roa (raw, json)
Hash identifier:          LMgNrBA1b0wEaebkq+4bfNiBoNLZBf8lNtu0FcisB30=
Subject key identifier:   AC:23:F4:E8:42:DC:7B:13:E9:79:32:90:50:81:14:99:F8:B9:F2:A7
Certificate issuer:       /CN=b0f619ef200840dfa8fd43567c7a978c15312d7f
Certificate serial:       018CC794732963110FEEBF29664A8E003468
Authority key identifier: B0:F6:19:EF:20:08:40:DF:A8:FD:43:56:7C:7A:97:8C:15:31:2D:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/rCP06ELcexPpeTKQUIEUmfi58qc.roa
Signing time:             Tue 02 Jan 2024 00:30:43 +0000
ROA not before:           Tue 02 Jan 2024 00:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52041
IP address blocks:        2a11:8f83::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:73:29:63:11:0f:ee:bf:29:66:4a:8e:00:34:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0f619ef200840dfa8fd43567c7a978c15312d7f
        Validity
            Not Before: Jan  2 00:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac23f4e842dc7b13e979329050811499f8b9f2a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:dd:6a:22:ae:ab:f6:1a:af:31:fa:51:b3:5d:
                    9c:71:5b:3f:02:bb:d7:5f:a7:33:ac:63:23:87:66:
                    43:86:b0:e7:31:f9:0c:75:ca:10:8a:42:89:2a:cd:
                    0d:03:c9:48:0c:65:fe:f5:4c:88:5b:4c:a3:5c:e8:
                    3e:72:fc:f3:c1:c6:ee:7f:8f:3d:b5:df:12:e8:5f:
                    f2:8c:88:f5:73:cf:45:b8:e1:69:37:5f:4f:df:65:
                    b0:69:68:90:76:d4:ff:cf:c2:7f:e3:c2:10:0a:fe:
                    f5:5f:ec:ff:08:85:49:1c:90:6e:ed:b7:65:38:73:
                    b6:f1:2b:88:12:70:82:5a:8e:45:a5:f8:15:7b:aa:
                    34:52:8b:48:f7:50:9e:9e:d3:d3:10:9c:b6:51:63:
                    56:9f:81:f3:5e:7c:8f:00:e0:0f:d5:37:33:46:8a:
                    71:8f:f2:d5:23:be:fa:8a:1c:09:28:bb:b6:86:35:
                    94:26:58:cd:61:74:1b:f6:32:4d:ba:d6:f9:ae:31:
                    37:cf:bc:1b:9b:67:38:8f:98:db:f6:cc:06:87:5c:
                    9c:48:cd:33:9c:d4:51:38:ce:d1:1a:3b:f9:88:f1:
                    e6:69:a3:9c:4f:61:04:7e:10:a1:a3:f6:e7:cb:b6:
                    7e:cf:3e:33:6b:ac:b2:dd:a9:68:6e:31:60:b1:9f:
                    32:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:23:F4:E8:42:DC:7B:13:E9:79:32:90:50:81:14:99:F8:B9:F2:A7
            X509v3 Authority Key Identifier:
                keyid:B0:F6:19:EF:20:08:40:DF:A8:FD:43:56:7C:7A:97:8C:15:31:2D:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/rCP06ELcexPpeTKQUIEUmfi58qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:8f83::/32

    Signature Algorithm: sha256WithRSAEncryption
         71:62:07:57:d6:9b:2d:1e:70:45:cc:4b:b2:4d:d9:5a:15:d5:
         0d:b8:ed:0d:d9:ca:c3:e9:41:52:56:c0:0b:58:26:f5:2e:19:
         0a:07:9a:8f:9b:0a:a0:d4:d4:ef:c0:70:4c:d0:a6:d2:46:22:
         09:f3:46:af:49:82:fe:a8:97:c4:72:a4:e2:00:9a:97:3d:bf:
         bc:fe:48:fe:95:99:84:e4:a2:7b:cb:a4:85:60:1f:4d:76:88:
         7a:7c:68:67:fa:b6:ba:c3:d3:1b:20:07:97:8a:57:2f:9d:d8:
         52:d3:49:51:ee:e1:91:3a:65:e0:63:3f:81:e3:01:3f:14:06:
         2a:4f:70:b9:bd:45:69:66:a0:de:c9:ae:1f:b2:3d:9a:4a:ee:
         8f:98:8e:8c:0b:71:ad:df:18:7f:61:fc:11:ac:23:93:0c:c3:
         0b:d8:3a:73:da:b3:f4:f7:12:5b:85:bb:cb:0a:71:74:af:79:
         03:bd:7e:05:da:36:23:8b:26:2e:77:d4:57:5d:a7:9d:ec:3c:
         46:07:c6:78:20:10:ce:76:f8:e2:8e:cb:73:fe:94:9f:a4:80:
         1d:df:cc:6d:a1:12:4a:84:a5:13:8e:ff:00:cc:be:ba:d5:f9:
         f1:b1:b5:3f:cf:60:49:c4:56:02:cd:c9:96:44:45:62:3f:68:
         35:d2:a9:e3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlHMpYxEP7r8pZkqOADRoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwZjYxOWVmMjAwODQwZGZhOGZkNDM1NjdjN2E5NzhjMTUz
MTJkN2YwHhcNMjQwMTAyMDAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzIzZjRlODQyZGM3YjEzZTk3OTMyOTA1MDgxMTQ5OWY4YjlmMmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmt1qIq6r9hqvMfpRs12ccVs/ArvX
X6czrGMjh2ZDhrDnMfkMdcoQikKJKs0NA8lIDGX+9UyIW0yjXOg+cvzzwcbuf489
td8S6F/yjIj1c89FuOFpN19P32WwaWiQdtT/z8J/48IQCv71X+z/CIVJHJBu7bdl
OHO28SuIEnCCWo5FpfgVe6o0UotI91CentPTEJy2UWNWn4HzXnyPAOAP1TczRopx
j/LVI776ihwJKLu2hjWUJljNYXQb9jJNutb5rjE3z7wbm2c4j5jb9swGh1ycSM0z
nNRROM7RGjv5iPHmaaOcT2EEfhCho/bny7Z+zz4za6yy3alobjFgsZ8yuwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKwj9OhC3HsT6XkykFCBFJn4ufKnMB8GA1UdIwQY
MBaAFLD2Ge8gCEDfqP1DVnx6l4wVMS1/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1BZWjd5QUlRTi1vX1VOV2ZIcVhqQlV4TFg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wZTE4ZDItZDgwYi00YWEwLWFhZWYt
MDY5NjYxNjc1MTA2LzEvckNQMDZFTGNleFBwZVRLUVVJRVVtZmk1OHFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wZTE4ZDItZDgwYi00YWEwLWFhZWYtMDY5NjYxNjc1MTA2
LzEvc1BZWjd5QUlRTi1vX1VOV2ZIcVhqQlV4TFg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhGPgzAN
BgkqhkiG9w0BAQsFAAOCAQEAcWIHV9abLR5wRcxLsk3ZWhXVDbjtDdnKw+lBUlbA
C1gm9S4ZCgeaj5sKoNTU78BwTNCm0kYiCfNGr0mC/qiXxHKk4gCalz2/vP5I/pWZ
hOSie8ukhWAfTXaIenxoZ/q2usPTGyAHl4pXL53YUtNJUe7hkTpl4GM/geMBPxQG
Kk9wub1FaWag3smuH7I9mkruj5iOjAtxrd8Yf2H8EawjkwzDC9g6c9qz9PcSW4W7
ywpxdK95A71+Bdo2I4smLnfUV12nnew8RgfGeCAQznb44o7Lc/6Un6SAHd/MbaES
SoSlE47/AMy+utX58bG1P89gScRWAs3JlkRFYj9oNdKp4w==
-----END CERTIFICATE-----