Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/3e77dc-4868-41d4-90c4-2ac8bcd83550/1/qH6E5-_eMgNuIbxSgCS5Olms1pI.roa
File:                     qH6E5-_eMgNuIbxSgCS5Olms1pI.roa (raw, json)
Hash identifier:          amLtHZynwyq2HCkpUR2yhWqt490aGX2AHQE8YIUwkq4=
Subject key identifier:   A8:7E:84:E7:EF:DE:32:03:6E:21:BC:52:80:24:B9:3A:59:AC:D6:92
Certificate issuer:       /CN=32967a7747365c819de6076f7f5aa0ba3c9e598a
Certificate serial:       018CC424D03D95B4259AC176DEEDB6B6DFB4
Authority key identifier: 32:96:7A:77:47:36:5C:81:9D:E6:07:6F:7F:5A:A0:BA:3C:9E:59:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MpZ6d0c2XIGd5gdvf1qgujyeWYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/3e77dc-4868-41d4-90c4-2ac8bcd83550/1/qH6E5-_eMgNuIbxSgCS5Olms1pI.roa
Signing time:             Mon 01 Jan 2024 08:29:56 +0000
ROA not before:           Mon 01 Jan 2024 08:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202619
IP address blocks:        2001:67c:26f8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/3e77dc-4868-41d4-90c4-2ac8bcd83550/1/MpZ6d0c2XIGd5gdvf1qgujyeWYo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/3e77dc-4868-41d4-90c4-2ac8bcd83550/1/MpZ6d0c2XIGd5gdvf1qgujyeWYo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MpZ6d0c2XIGd5gdvf1qgujyeWYo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:d0:3d:95:b4:25:9a:c1:76:de:ed:b6:b6:df:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32967a7747365c819de6076f7f5aa0ba3c9e598a
        Validity
            Not Before: Jan  1 08:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a87e84e7efde32036e21bc528024b93a59acd692
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:31:38:71:d0:57:f1:3f:87:6f:0e:63:31:71:
                    2b:4c:85:a8:d8:14:41:42:41:f5:16:91:55:27:59:
                    fc:3b:4a:34:e6:89:ce:b5:fd:a5:85:05:91:0b:7d:
                    10:f4:01:99:b3:5e:ad:18:15:b8:2b:78:2f:b3:4f:
                    04:18:78:96:2e:a7:7d:97:2e:09:ea:e8:66:ab:f1:
                    e3:74:38:86:f7:88:40:ab:70:a5:e4:e8:53:c6:ed:
                    fc:07:8e:f6:42:8f:16:55:00:e6:a3:06:9f:c7:20:
                    d5:d0:91:32:ce:62:2c:04:36:e3:6b:85:c2:73:23:
                    50:34:8b:96:cb:07:8f:46:06:9b:73:d2:26:65:29:
                    cf:59:ad:d0:04:1b:00:d4:63:ec:c2:cf:a5:9c:c6:
                    0f:dd:2e:e3:73:73:08:b4:a4:e8:34:15:92:94:4c:
                    8e:e4:3d:c9:2e:1b:ee:e3:56:38:ef:51:ae:d5:37:
                    1a:bb:e9:f9:01:f0:2e:38:2a:66:ba:25:fb:df:0f:
                    3b:a7:ad:5b:2a:82:03:07:23:b1:b3:c8:56:10:1e:
                    6d:5c:19:31:d2:57:b2:81:f6:19:d3:ed:50:bd:6d:
                    4c:f1:74:f1:07:d4:9a:73:b9:7f:5b:8d:5e:85:a4:
                    69:e2:8d:08:04:fe:2e:1d:4a:ba:b6:1f:01:c7:b5:
                    8c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:7E:84:E7:EF:DE:32:03:6E:21:BC:52:80:24:B9:3A:59:AC:D6:92
            X509v3 Authority Key Identifier:
                keyid:32:96:7A:77:47:36:5C:81:9D:E6:07:6F:7F:5A:A0:BA:3C:9E:59:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MpZ6d0c2XIGd5gdvf1qgujyeWYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/3e77dc-4868-41d4-90c4-2ac8bcd83550/1/qH6E5-_eMgNuIbxSgCS5Olms1pI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/3e77dc-4868-41d4-90c4-2ac8bcd83550/1/MpZ6d0c2XIGd5gdvf1qgujyeWYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:26f8::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:2c:9f:b0:67:a8:d2:87:27:a7:13:61:28:1a:07:6f:7c:80:
         e6:94:7c:16:13:ac:08:81:6a:e0:00:fb:fb:26:f9:6b:82:fd:
         1e:5b:a6:ad:cc:d9:3c:63:95:c9:df:c9:38:bc:6c:5a:37:7b:
         b2:cd:8c:d5:fc:37:64:dd:4c:e3:83:44:7b:3f:42:77:64:b6:
         a5:f8:35:ad:e3:d6:fd:ef:4d:29:f3:9a:13:0d:28:46:f9:0b:
         2d:d5:ad:1a:fa:01:4a:59:ad:90:4e:0c:ac:88:bc:a8:18:3e:
         bc:c8:2a:32:9e:22:83:2b:55:9b:1b:83:43:3f:9b:44:89:90:
         03:4b:92:87:79:11:d4:f0:95:15:6a:12:c8:c1:84:3c:24:1c:
         e5:e8:d8:b8:7c:85:80:61:80:34:15:7a:08:eb:87:7a:43:c5:
         5e:e0:b7:e1:3f:fa:f8:a2:75:1b:79:0a:6e:a3:82:31:97:79:
         48:7a:21:f4:57:b4:62:f7:64:6a:81:3c:21:0d:99:95:4e:8f:
         34:03:9b:f5:55:3a:8d:19:55:ba:dc:52:0b:6b:a0:60:d3:f0:
         d1:2a:ca:df:c1:31:d0:0d:24:dc:49:3e:1d:15:e9:d5:26:4a:
         54:96:c0:d3:f1:f5:1f:01:b3:30:36:35:4a:fb:50:1b:9b:98:
         d4:5f:b2:7d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJNA9lbQlmsF23u22tt+0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyOTY3YTc3NDczNjVjODE5ZGU2MDc2ZjdmNWFhMGJhM2M5
ZTU5OGEwHhcNMjQwMTAxMDgyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODdlODRlN2VmZGUzMjAzNmUyMWJjNTI4MDI0YjkzYTU5YWNkNjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDE4cdBX8T+Hbw5jMXErTIWo2BRB
QkH1FpFVJ1n8O0o05onOtf2lhQWRC30Q9AGZs16tGBW4K3gvs08EGHiWLqd9ly4J
6uhmq/HjdDiG94hAq3Cl5OhTxu38B472Qo8WVQDmowafxyDV0JEyzmIsBDbja4XC
cyNQNIuWywePRgabc9ImZSnPWa3QBBsA1GPsws+lnMYP3S7jc3MItKToNBWSlEyO
5D3JLhvu41Y471Gu1Tcau+n5AfAuOCpmuiX73w87p61bKoIDByOxs8hWEB5tXBkx
0leygfYZ0+1QvW1M8XTxB9Sac7l/W41ehaRp4o0IBP4uHUq6th8Bx7WMfwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKh+hOfv3jIDbiG8UoAkuTpZrNaSMB8GA1UdIwQY
MBaAFDKWendHNlyBneYHb39aoLo8nlmKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXBaNmQwYzJYSUdkNWdkdmYxcWd1anllV1lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8zZTc3ZGMtNDg2OC00MWQ0LTkwYzQt
MmFjOGJjZDgzNTUwLzEvcUg2RTUtX2VNZ051SWJ4U2dDUzVPbG1zMXBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8zZTc3ZGMtNDg2OC00MWQ0LTkwYzQtMmFjOGJjZDgzNTUw
LzEvTXBaNmQwYzJYSUdkNWdkdmYxcWd1anllV1lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCb4
MA0GCSqGSIb3DQEBCwUAA4IBAQA2LJ+wZ6jShyenE2EoGgdvfIDmlHwWE6wIgWrg
APv7Jvlrgv0eW6atzNk8Y5XJ38k4vGxaN3uyzYzV/Ddk3Uzjg0R7P0J3ZLal+DWt
49b9700p85oTDShG+Qst1a0a+gFKWa2QTgysiLyoGD68yCoyniKDK1WbG4NDP5tE
iZADS5KHeRHU8JUVahLIwYQ8JBzl6Ni4fIWAYYA0FXoI64d6Q8Ve4LfhP/r4onUb
eQpuo4Ixl3lIeiH0V7Ri92RqgTwhDZmVTo80A5v1VTqNGVW63FILa6Bg0/DRKsrf
wTHQDSTcST4dFenVJkpUlsDT8fUfAbMwNjVK+1Abm5jUX7J9
-----END CERTIFICATE-----