Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/1e2d99-7c83-4eb2-a163-2228f9ad750f/1/YJXTxrPf1NQxpTpo7K-agWTovQ8.roa
File:                     YJXTxrPf1NQxpTpo7K-agWTovQ8.roa (raw, json)
Hash identifier:          9YIWl69Mw+MMdDdfagdBSiN1eZ8N9clFM+ci7qP2LW0=
Subject key identifier:   60:95:D3:C6:B3:DF:D4:D4:31:A5:3A:68:EC:AF:9A:81:64:E8:BD:0F
Certificate issuer:       /CN=6b61e9000977bad58c87705e3b165b08483f0b3a
Certificate serial:       018CC870EFC9026252CBF7A0890450283913
Authority key identifier: 6B:61:E9:00:09:77:BA:D5:8C:87:70:5E:3B:16:5B:08:48:3F:0B:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a2HpAAl3utWMh3BeOxZbCEg_Czo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/1e2d99-7c83-4eb2-a163-2228f9ad750f/1/YJXTxrPf1NQxpTpo7K-agWTovQ8.roa
Signing time:             Tue 02 Jan 2024 04:31:33 +0000
ROA not before:           Tue 02 Jan 2024 04:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207491
IP address blocks:        2001:678:c08::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/1e2d99-7c83-4eb2-a163-2228f9ad750f/1/a2HpAAl3utWMh3BeOxZbCEg_Czo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/1e2d99-7c83-4eb2-a163-2228f9ad750f/1/a2HpAAl3utWMh3BeOxZbCEg_Czo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a2HpAAl3utWMh3BeOxZbCEg_Czo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:ef:c9:02:62:52:cb:f7:a0:89:04:50:28:39:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b61e9000977bad58c87705e3b165b08483f0b3a
        Validity
            Not Before: Jan  2 04:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6095d3c6b3dfd4d431a53a68ecaf9a8164e8bd0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:06:a5:51:99:19:a4:5e:da:1a:10:50:18:55:
                    4b:36:63:ce:ad:ba:3f:b8:a5:88:6c:e4:8b:0d:00:
                    7d:44:19:54:fd:fa:7c:ad:fb:54:ae:ba:4a:b3:8c:
                    5d:f0:9c:0f:bb:d2:0d:fb:c0:86:dc:ef:c0:9d:ea:
                    3d:b8:a4:6b:b2:29:eb:57:24:27:b4:4a:f8:fa:01:
                    1d:8f:11:b3:c0:4b:49:52:86:fb:98:84:d6:44:49:
                    ac:fa:be:65:29:e4:15:78:9e:cf:b9:d2:f2:0a:e0:
                    2e:25:03:36:29:3b:d9:d0:9e:6b:d6:df:a9:6c:40:
                    ae:e1:95:53:a3:ed:2a:f8:78:c2:59:f9:ee:7e:b8:
                    a5:8e:10:44:94:6d:52:b5:42:5b:0f:6f:aa:b0:45:
                    8b:f2:ff:0f:33:cf:a1:b6:a9:c1:0a:a2:59:10:be:
                    76:29:d8:1b:7b:31:4d:db:21:2a:17:0b:f6:09:3e:
                    6a:df:9c:f3:20:5d:5e:0b:a1:06:35:14:0a:13:70:
                    50:28:91:5c:b7:06:00:b3:d6:54:ea:b8:a1:d6:5f:
                    3f:dc:52:13:2b:79:f2:07:b6:8c:f0:5b:c4:43:6a:
                    7c:30:4a:f1:ae:57:35:44:c6:18:73:7e:8f:d2:33:
                    09:15:5e:ed:44:2d:2e:6c:21:fe:d1:bd:47:ad:54:
                    e1:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:95:D3:C6:B3:DF:D4:D4:31:A5:3A:68:EC:AF:9A:81:64:E8:BD:0F
            X509v3 Authority Key Identifier:
                keyid:6B:61:E9:00:09:77:BA:D5:8C:87:70:5E:3B:16:5B:08:48:3F:0B:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2HpAAl3utWMh3BeOxZbCEg_Czo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1e2d99-7c83-4eb2-a163-2228f9ad750f/1/YJXTxrPf1NQxpTpo7K-agWTovQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1e2d99-7c83-4eb2-a163-2228f9ad750f/1/a2HpAAl3utWMh3BeOxZbCEg_Czo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:c08::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:9b:cf:1d:1a:b5:de:85:64:11:7a:b4:36:1d:5f:b2:6f:bd:
         73:dd:80:3d:93:5b:06:e7:38:60:60:3d:80:46:ec:92:db:e7:
         33:48:b5:b4:87:ef:e4:c0:69:97:b1:b8:4c:44:37:12:da:1b:
         e3:85:c2:14:f6:89:55:5b:a9:aa:76:cd:65:e9:8e:91:55:79:
         b2:5a:38:07:ab:a2:5d:a8:7a:32:b7:5f:cd:56:f0:d3:fb:ea:
         b1:18:07:41:8c:f1:6a:b8:54:15:dc:10:4f:79:9f:1b:4c:2b:
         51:eb:db:3a:66:44:f6:da:99:42:9a:4d:64:e8:85:ea:a2:aa:
         75:5d:98:8a:ca:0e:aa:01:5f:d8:86:0e:ed:24:84:ed:38:4a:
         ad:0b:c2:5b:ad:fe:a4:fe:6b:0b:c1:fa:46:cb:2d:4f:44:70:
         2b:30:df:08:06:85:c3:e8:f8:74:27:df:aa:50:5e:25:e4:d8:
         bf:9f:09:f8:7d:09:1d:ac:22:d3:dd:9d:d9:f4:b2:9e:c7:4d:
         4a:cb:73:e8:2e:2c:93:32:97:16:0d:0d:f7:42:b3:18:0e:2b:
         e0:e8:d3:be:f3:3e:48:7e:a4:13:57:48:f2:5f:42:18:dc:df:
         1a:3a:a4:c7:36:2b:c3:1e:94:13:38:90:d9:a9:95:c8:f4:3c:
         77:c7:80:84
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIcO/JAmJSy/egiQRQKDkTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNjFlOTAwMDk3N2JhZDU4Yzg3NzA1ZTNiMTY1YjA4NDgz
ZjBiM2EwHhcNMjQwMTAyMDQzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDk1ZDNjNmIzZGZkNGQ0MzFhNTNhNjhlY2FmOWE4MTY0ZThiZDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgalUZkZpF7aGhBQGFVLNmPOrbo/
uKWIbOSLDQB9RBlU/fp8rftUrrpKs4xd8JwPu9IN+8CG3O/Aneo9uKRrsinrVyQn
tEr4+gEdjxGzwEtJUob7mITWREms+r5lKeQVeJ7PudLyCuAuJQM2KTvZ0J5r1t+p
bECu4ZVTo+0q+HjCWfnufriljhBElG1StUJbD2+qsEWL8v8PM8+htqnBCqJZEL52
KdgbezFN2yEqFwv2CT5q35zzIF1eC6EGNRQKE3BQKJFctwYAs9ZU6rih1l8/3FIT
K3nyB7aM8FvEQ2p8MErxrlc1RMYYc36P0jMJFV7tRC0ubCH+0b1HrVThxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGCV08az39TUMaU6aOyvmoFk6L0PMB8GA1UdIwQY
MBaAFGth6QAJd7rVjIdwXjsWWwhIPws6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTJIcEFBbDN1dFdNaDNCZU94WmJDRWdfQ3pvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xZTJkOTktN2M4My00ZWIyLWExNjMt
MjIyOGY5YWQ3NTBmLzEvWUpYVHhyUGYxTlF4cFRwbzdLLWFnV1RvdlE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xZTJkOTktN2M4My00ZWIyLWExNjMtMjIyOGY5YWQ3NTBm
LzEvYTJIcEFBbDN1dFdNaDNCZU94WmJDRWdfQ3pvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAwI
MA0GCSqGSIb3DQEBCwUAA4IBAQCQm88dGrXehWQRerQ2HV+yb71z3YA9k1sG5zhg
YD2ARuyS2+czSLW0h+/kwGmXsbhMRDcS2hvjhcIU9olVW6mqds1l6Y6RVXmyWjgH
q6JdqHoyt1/NVvDT++qxGAdBjPFquFQV3BBPeZ8bTCtR69s6ZkT22plCmk1k6IXq
oqp1XZiKyg6qAV/Yhg7tJITtOEqtC8Jbrf6k/msLwfpGyy1PRHArMN8IBoXD6Ph0
J9+qUF4l5Ni/nwn4fQkdrCLT3Z3Z9LKex01Ky3PoLiyTMpcWDQ33QrMYDivg6NO+
8z5IfqQTV0jyX0IY3N8aOqTHNivDHpQTOJDZqZXI9Dx3x4CE
-----END CERTIFICATE-----