Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/c1fe4d-ab5a-4071-ba2a-d5a06d8ab984/1/weKptaWEwo6jyABgUQBx2U8NNKE.roa
File:                     weKptaWEwo6jyABgUQBx2U8NNKE.roa (raw, json)
Hash identifier:          PErM/LJJMtcr8Eq7gphWO8S13DFESGkafPKy1Pf2tGw=
Subject key identifier:   C1:E2:A9:B5:A5:84:C2:8E:A3:C8:00:60:51:00:71:D9:4F:0D:34:A1
Certificate issuer:       /CN=dfa24f8298be18c8a69f18128f064e7003e1d3dd
Certificate serial:       018CC801BBBE41D136DE308B1CE628BDE779
Authority key identifier: DF:A2:4F:82:98:BE:18:C8:A6:9F:18:12:8F:06:4E:70:03:E1:D3:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/36JPgpi-GMimnxgSjwZOcAPh090.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/c1fe4d-ab5a-4071-ba2a-d5a06d8ab984/1/weKptaWEwo6jyABgUQBx2U8NNKE.roa
Signing time:             Tue 02 Jan 2024 02:30:05 +0000
ROA not before:           Tue 02 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60033
IP address blocks:        2001:678:b5c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/c1fe4d-ab5a-4071-ba2a-d5a06d8ab984/1/36JPgpi-GMimnxgSjwZOcAPh090.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/c1fe4d-ab5a-4071-ba2a-d5a06d8ab984/1/36JPgpi-GMimnxgSjwZOcAPh090.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/36JPgpi-GMimnxgSjwZOcAPh090.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:bb:be:41:d1:36:de:30:8b:1c:e6:28:bd:e7:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfa24f8298be18c8a69f18128f064e7003e1d3dd
        Validity
            Not Before: Jan  2 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1e2a9b5a584c28ea3c80060510071d94f0d34a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:91:2f:29:ba:3a:33:0c:05:14:be:35:57:d5:
                    98:d9:ea:e2:20:2f:bc:4d:cd:22:46:60:71:92:1e:
                    91:93:97:9a:59:d6:7c:7b:5f:33:44:0e:e7:bc:4a:
                    ca:64:35:ba:47:bb:eb:ae:59:1a:11:31:6e:d2:e6:
                    8e:a2:36:34:70:1c:ac:15:bd:18:a5:3a:18:5f:a3:
                    5e:f2:65:4c:20:3e:25:5a:26:27:ec:b2:1d:b4:0a:
                    34:c4:02:d9:2e:f5:a7:6e:f9:e8:a0:34:55:5f:4d:
                    cf:1d:ae:d0:6c:48:89:a7:cf:7f:c4:03:01:6d:4c:
                    30:de:4d:5a:51:44:3e:80:5e:68:b8:54:66:f8:2a:
                    f3:3a:04:a6:1d:71:e1:51:d2:f0:0e:16:02:98:2a:
                    f2:53:6c:f8:4a:3f:8f:ed:b3:bc:a0:29:37:d6:f5:
                    cb:8f:c0:6d:27:da:94:17:d0:19:84:e4:78:bf:25:
                    0d:f2:a9:c5:8e:8f:3e:3c:4d:90:37:a9:77:36:27:
                    92:2b:d4:08:ae:d3:33:3b:05:bb:e2:70:f6:79:73:
                    8b:59:98:41:7c:e9:48:4b:f4:fd:66:4a:62:18:c0:
                    b6:a6:3b:ff:80:95:5f:d0:c4:b9:06:6c:24:3c:06:
                    90:e2:84:d7:f1:99:c8:36:19:58:69:7d:ae:95:e3:
                    7f:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:E2:A9:B5:A5:84:C2:8E:A3:C8:00:60:51:00:71:D9:4F:0D:34:A1
            X509v3 Authority Key Identifier:
                keyid:DF:A2:4F:82:98:BE:18:C8:A6:9F:18:12:8F:06:4E:70:03:E1:D3:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/36JPgpi-GMimnxgSjwZOcAPh090.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c1fe4d-ab5a-4071-ba2a-d5a06d8ab984/1/weKptaWEwo6jyABgUQBx2U8NNKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c1fe4d-ab5a-4071-ba2a-d5a06d8ab984/1/36JPgpi-GMimnxgSjwZOcAPh090.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:b5c::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:33:fa:9d:84:56:7b:da:97:30:1c:82:8e:dc:08:a6:da:c3:
         08:f6:77:68:50:58:2d:94:74:c5:fc:86:ff:67:19:fe:2a:84:
         2d:e7:37:40:85:46:f8:0f:0e:87:ee:5a:86:7c:2c:e6:f6:d8:
         a7:1a:c4:9f:a3:3f:df:3c:b2:09:2e:1d:66:80:f5:a0:50:1b:
         ec:11:65:b2:50:1d:ed:d2:92:2a:46:6d:09:f6:ad:f2:5c:00:
         0e:ee:f6:d5:0f:65:21:ee:76:09:5a:98:64:3b:f5:b6:fd:7b:
         03:1a:a9:44:f8:08:44:57:8d:1c:74:0a:a9:dd:17:20:57:1d:
         f5:dc:2a:ab:d9:e6:88:9e:2c:2b:31:bd:8f:f9:90:7f:6e:04:
         49:94:73:1d:1d:9d:39:91:86:ae:70:21:fa:03:89:2b:62:e2:
         a9:01:de:12:6c:50:fc:78:16:0b:9f:14:95:67:ee:e1:b2:6d:
         f8:e5:25:e5:b6:38:2c:a1:83:bb:fd:82:20:03:12:23:b1:cc:
         68:d3:a8:5c:51:6a:85:e1:e1:74:14:54:65:5d:57:ee:50:43:
         84:af:94:db:3b:78:3c:d3:1c:51:ca:d8:e4:e2:cd:9d:b4:8b:
         99:f9:6d:be:b1:66:65:70:d1:a1:11:3c:82:99:18:d2:d8:df:
         bb:6e:9d:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAbu+QdE23jCLHOYoved5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYTI0ZjgyOThiZTE4YzhhNjlmMTgxMjhmMDY0ZTcwMDNl
MWQzZGQwHhcNMjQwMTAyMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWUyYTliNWE1ODRjMjhlYTNjODAwNjA1MTAwNzFkOTRmMGQzNGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipEvKbo6MwwFFL41V9WY2eriIC+8
Tc0iRmBxkh6Rk5eaWdZ8e18zRA7nvErKZDW6R7vrrlkaETFu0uaOojY0cBysFb0Y
pToYX6Ne8mVMID4lWiYn7LIdtAo0xALZLvWnbvnooDRVX03PHa7QbEiJp89/xAMB
bUww3k1aUUQ+gF5ouFRm+CrzOgSmHXHhUdLwDhYCmCryU2z4Sj+P7bO8oCk31vXL
j8BtJ9qUF9AZhOR4vyUN8qnFjo8+PE2QN6l3NieSK9QIrtMzOwW74nD2eXOLWZhB
fOlIS/T9ZkpiGMC2pjv/gJVf0MS5BmwkPAaQ4oTX8ZnINhlYaX2uleN/hwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMHiqbWlhMKOo8gAYFEAcdlPDTShMB8GA1UdIwQY
MBaAFN+iT4KYvhjIpp8YEo8GTnAD4dPdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzZKUGdwaS1HTWltbnhnU2p3Wk9jQVBoMDkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9jMWZlNGQtYWI1YS00MDcxLWJhMmEt
ZDVhMDZkOGFiOTg0LzEvd2VLcHRhV0V3bzZqeUFCZ1VRQngyVThOTktFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9jMWZlNGQtYWI1YS00MDcxLWJhMmEtZDVhMDZkOGFiOTg0
LzEvMzZKUGdwaS1HTWltbnhnU2p3Wk9jQVBoMDkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAtc
MA0GCSqGSIb3DQEBCwUAA4IBAQCVM/qdhFZ72pcwHIKO3Aim2sMI9ndoUFgtlHTF
/Ib/Zxn+KoQt5zdAhUb4Dw6H7lqGfCzm9tinGsSfoz/fPLIJLh1mgPWgUBvsEWWy
UB3t0pIqRm0J9q3yXAAO7vbVD2Uh7nYJWphkO/W2/XsDGqlE+AhEV40cdAqp3Rcg
Vx313Cqr2eaIniwrMb2P+ZB/bgRJlHMdHZ05kYaucCH6A4krYuKpAd4SbFD8eBYL
nxSVZ+7hsm345SXltjgsoYO7/YIgAxIjscxo06hcUWqF4eF0FFRlXVfuUEOEr5Tb
O3g80xxRytjk4s2dtIuZ+W2+sWZlcNGhETyCmRjS2N+7bp2n
-----END CERTIFICATE-----