Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/9a8d08-e4bb-492f-9863-454f99c74f11/1/2BSKSFOjnQqc6StZLVgQvqX_kBE.roa
File:                     2BSKSFOjnQqc6StZLVgQvqX_kBE.roa (raw, json)
Hash identifier:          fQiK/Soe/TFhL1cTaPs2jNFZwNPFq5mIrbvFlO8Xmqo=
Subject key identifier:   D8:14:8A:48:53:A3:9D:0A:9C:E9:2B:59:2D:58:10:BE:A5:FF:90:11
Certificate issuer:       /CN=553f4c4631a3385c5e395ee1d9daa076b0bccff1
Certificate serial:       018CC2DAF0CD07EE68524F7A2793EA9F1E21
Authority key identifier: 55:3F:4C:46:31:A3:38:5C:5E:39:5E:E1:D9:DA:A0:76:B0:BC:CF:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VT9MRjGjOFxeOV7h2dqgdrC8z_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/9a8d08-e4bb-492f-9863-454f99c74f11/1/2BSKSFOjnQqc6StZLVgQvqX_kBE.roa
Signing time:             Mon 01 Jan 2024 02:29:37 +0000
ROA not before:           Mon 01 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212467
IP address blocks:        2001:67c:2fbc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/9a8d08-e4bb-492f-9863-454f99c74f11/1/VT9MRjGjOFxeOV7h2dqgdrC8z_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/9a8d08-e4bb-492f-9863-454f99c74f11/1/VT9MRjGjOFxeOV7h2dqgdrC8z_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VT9MRjGjOFxeOV7h2dqgdrC8z_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f0:cd:07:ee:68:52:4f:7a:27:93:ea:9f:1e:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=553f4c4631a3385c5e395ee1d9daa076b0bccff1
        Validity
            Not Before: Jan  1 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8148a4853a39d0a9ce92b592d5810bea5ff9011
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b6:83:ce:9e:54:dc:f2:44:3f:fa:a1:67:f1:
                    a3:84:78:48:73:2b:16:15:c4:ee:9b:84:e6:8e:6b:
                    4d:5f:13:12:eb:c4:5d:09:cc:42:12:53:40:dc:e6:
                    e3:55:e2:cd:b8:a8:3e:78:78:89:21:6c:75:90:49:
                    a2:0f:1b:67:37:fc:ef:55:52:14:e6:18:04:d7:7a:
                    54:46:85:ec:96:d2:d8:2d:5d:3f:ad:e4:f9:2e:8e:
                    f8:c4:a3:e6:f7:09:7e:86:e8:51:47:86:b0:ad:ec:
                    1c:93:c4:bc:37:74:73:48:9a:ed:5d:09:0b:d0:be:
                    e1:33:04:13:cb:9c:e7:fc:d7:08:77:24:4d:e2:2e:
                    9e:7f:b7:c5:26:ab:9a:6c:b2:69:66:c0:bf:bf:af:
                    ae:a1:d0:78:9a:3b:ac:0d:bc:29:9d:80:ef:bf:e0:
                    12:5b:1c:7c:1b:e4:a4:67:42:49:23:b1:c7:43:e8:
                    38:30:70:99:55:95:57:d4:e4:ec:e0:df:fd:aa:47:
                    ee:8d:c2:1c:53:da:0b:eb:11:7c:3b:e2:61:b5:43:
                    2b:d1:9e:ab:f3:e6:4d:36:af:17:53:ec:32:12:75:
                    9d:df:5e:f2:a1:40:d8:68:55:ba:b4:55:15:5b:5d:
                    c6:7e:0a:d2:0c:a2:3d:06:3b:06:68:33:c8:7f:47:
                    c2:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:14:8A:48:53:A3:9D:0A:9C:E9:2B:59:2D:58:10:BE:A5:FF:90:11
            X509v3 Authority Key Identifier:
                keyid:55:3F:4C:46:31:A3:38:5C:5E:39:5E:E1:D9:DA:A0:76:B0:BC:CF:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VT9MRjGjOFxeOV7h2dqgdrC8z_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/9a8d08-e4bb-492f-9863-454f99c74f11/1/2BSKSFOjnQqc6StZLVgQvqX_kBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/9a8d08-e4bb-492f-9863-454f99c74f11/1/VT9MRjGjOFxeOV7h2dqgdrC8z_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2fbc::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:cc:2c:87:1c:5d:53:be:e6:f6:11:2a:37:a7:20:66:4b:4e:
         90:08:66:98:e9:d3:71:19:72:9f:12:c3:d2:fc:18:c8:0f:be:
         10:c5:15:15:7f:59:b5:a1:22:40:96:4a:85:bb:58:91:d9:40:
         d4:f0:07:60:9b:f0:1d:6a:7f:b1:ec:03:0b:fd:de:ba:80:eb:
         31:85:0b:6d:f5:96:b2:22:d6:1f:21:50:2f:57:f4:98:06:e5:
         ff:7d:48:d5:e4:20:1e:3b:42:5b:a4:74:4f:a0:48:3b:83:ff:
         b6:bf:55:1d:94:d5:19:52:5d:f6:24:33:48:b4:2e:2a:d4:fe:
         83:9e:87:f0:1a:91:74:93:97:a0:47:fd:63:15:de:e6:d4:17:
         a3:a5:f7:27:ab:16:37:1c:e5:20:54:f1:ed:05:4b:b9:f2:3d:
         b2:f4:78:47:60:b8:ed:27:ba:0a:29:af:0c:b2:9c:0b:4b:1a:
         7f:69:be:65:86:d8:ed:f7:4f:55:a6:43:68:17:fd:1f:3d:ca:
         b8:9d:2b:09:56:6a:e1:a8:41:91:6e:da:ca:88:6f:19:de:d5:
         b4:36:2f:19:5d:01:5f:65:0a:70:6e:d8:34:cb:5a:45:60:82:
         8b:61:e9:e7:b7:26:d9:00:09:f9:8e:f3:46:e2:5d:fd:16:2a:
         26:59:f3:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2vDNB+5oUk96J5Pqnx4hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1M2Y0YzQ2MzFhMzM4NWM1ZTM5NWVlMWQ5ZGFhMDc2YjBi
Y2NmZjEwHhcNMjQwMTAxMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODE0OGE0ODUzYTM5ZDBhOWNlOTJiNTkyZDU4MTBiZWE1ZmY5MDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7aDzp5U3PJEP/qhZ/GjhHhIcysW
FcTum4TmjmtNXxMS68RdCcxCElNA3ObjVeLNuKg+eHiJIWx1kEmiDxtnN/zvVVIU
5hgE13pURoXsltLYLV0/reT5Lo74xKPm9wl+huhRR4awrewck8S8N3RzSJrtXQkL
0L7hMwQTy5zn/NcIdyRN4i6ef7fFJquabLJpZsC/v6+uodB4mjusDbwpnYDvv+AS
Wxx8G+SkZ0JJI7HHQ+g4MHCZVZVX1OTs4N/9qkfujcIcU9oL6xF8O+JhtUMr0Z6r
8+ZNNq8XU+wyEnWd317yoUDYaFW6tFUVW13GfgrSDKI9BjsGaDPIf0fCAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNgUikhTo50KnOkrWS1YEL6l/5ARMB8GA1UdIwQY
MBaAFFU/TEYxozhcXjle4dnaoHawvM/xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlQ5TVJqR2pPRnhlT1Y3aDJkcWdkckM4el9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy85YThkMDgtZTRiYi00OTJmLTk4NjMt
NDU0Zjk5Yzc0ZjExLzEvMkJTS1NGT2puUXFjNlN0WkxWZ1F2cVhfa0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy85YThkMDgtZTRiYi00OTJmLTk4NjMtNDU0Zjk5Yzc0ZjEx
LzEvVlQ5TVJqR2pPRnhlT1Y3aDJkcWdkckM4el9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC+8
MA0GCSqGSIb3DQEBCwUAA4IBAQBuzCyHHF1Tvub2ESo3pyBmS06QCGaY6dNxGXKf
EsPS/BjID74QxRUVf1m1oSJAlkqFu1iR2UDU8Adgm/Adan+x7AML/d66gOsxhQtt
9ZayItYfIVAvV/SYBuX/fUjV5CAeO0JbpHRPoEg7g/+2v1UdlNUZUl32JDNItC4q
1P6DnofwGpF0k5egR/1jFd7m1BejpfcnqxY3HOUgVPHtBUu58j2y9HhHYLjtJ7oK
Ka8MspwLSxp/ab5lhtjt909VpkNoF/0fPcq4nSsJVmrhqEGRbtrKiG8Z3tW0Ni8Z
XQFfZQpwbtg0y1pFYIKLYenntybZAAn5jvNG4l39FiomWfNK
-----END CERTIFICATE-----