Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/uZWZeMXU7WD_LPcWVbMPmhHvUdE.roa
File:                     uZWZeMXU7WD_LPcWVbMPmhHvUdE.roa (raw, json)
Hash identifier:          3WhVU6VFLhnf8q1ARJilFKVMPRRa0ukMFA83JeyXx0Q=
Subject key identifier:   B9:95:99:78:C5:D4:ED:60:FF:2C:F7:16:55:B3:0F:9A:11:EF:51:D1
Certificate issuer:       /CN=a60e46d63a7183f70da492f02b8098c2bffc28be
Certificate serial:       018CC6B77F52F8290665DD992274BC316376
Authority key identifier: A6:0E:46:D6:3A:71:83:F7:0D:A4:92:F0:2B:80:98:C2:BF:FC:28:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pg5G1jpxg_cNpJLwK4CYwr_8KL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/uZWZeMXU7WD_LPcWVbMPmhHvUdE.roa
Signing time:             Mon 01 Jan 2024 20:29:23 +0000
ROA not before:           Mon 01 Jan 2024 20:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204660
IP address blocks:        2001:67c:a18::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/pg5G1jpxg_cNpJLwK4CYwr_8KL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/pg5G1jpxg_cNpJLwK4CYwr_8KL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pg5G1jpxg_cNpJLwK4CYwr_8KL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:7f:52:f8:29:06:65:dd:99:22:74:bc:31:63:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60e46d63a7183f70da492f02b8098c2bffc28be
        Validity
            Not Before: Jan  1 20:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9959978c5d4ed60ff2cf71655b30f9a11ef51d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:96:41:56:c0:a6:2c:97:ee:8b:16:75:ea:ab:
                    ba:ad:9b:a0:e1:00:22:ea:85:7d:1f:33:93:ff:56:
                    39:7e:09:90:3d:05:dc:2d:d0:6a:e5:2b:24:b0:c5:
                    73:46:03:4f:bf:5a:27:8c:91:18:04:6b:1c:17:04:
                    48:b0:08:60:51:3a:a3:b0:28:bb:bd:75:79:59:72:
                    c9:7d:bd:f1:dc:63:f3:38:9c:86:60:02:08:9f:b6:
                    ff:ee:68:d0:3e:44:d2:df:43:02:91:02:1d:38:0c:
                    a3:da:d3:e4:9b:1c:00:33:5d:ea:7c:51:c1:ad:f2:
                    07:4c:8d:53:80:93:8c:ac:39:6f:d5:0f:45:18:d7:
                    28:e4:a9:b4:5f:22:72:f4:fc:7e:bf:55:d3:2a:26:
                    11:f3:4c:8c:be:4c:8d:e9:d1:a4:c6:77:11:55:31:
                    6f:4c:02:ea:eb:ff:3f:36:e4:80:e6:0f:d0:6f:00:
                    47:bc:12:44:44:7a:5b:0d:57:68:c0:4c:fc:da:a2:
                    8e:d9:ba:6b:76:b5:24:f0:42:7d:9c:e5:34:88:b4:
                    f4:50:4d:2f:b3:d8:d8:86:35:78:ac:a9:2c:91:72:
                    37:22:c4:a2:12:63:15:02:c6:6f:4b:13:6b:55:c0:
                    26:4b:0b:5c:ca:a9:15:e9:19:37:76:71:0f:67:62:
                    21:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:95:99:78:C5:D4:ED:60:FF:2C:F7:16:55:B3:0F:9A:11:EF:51:D1
            X509v3 Authority Key Identifier:
                keyid:A6:0E:46:D6:3A:71:83:F7:0D:A4:92:F0:2B:80:98:C2:BF:FC:28:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pg5G1jpxg_cNpJLwK4CYwr_8KL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/uZWZeMXU7WD_LPcWVbMPmhHvUdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f0cfa7-6254-4a81-996c-3b7ef25cfe83/1/pg5G1jpxg_cNpJLwK4CYwr_8KL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a18::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:da:64:09:24:f3:b5:67:1d:e4:b0:e8:7f:1f:b8:15:c8:9f:
         63:85:7a:47:4b:a4:10:f6:bd:ed:9b:30:0c:f3:18:09:a4:bd:
         f2:8f:75:c4:87:03:0d:4c:da:2d:60:01:90:37:67:ed:30:bc:
         2b:03:8e:ef:18:5c:ce:b7:15:0a:15:9b:cc:34:f0:13:da:88:
         a2:ae:9b:5d:9b:06:a8:ed:03:3c:e8:b3:17:b8:21:ca:60:02:
         a0:df:fb:17:a4:d2:ea:58:5a:d8:80:e3:7d:5c:21:03:80:a3:
         1b:06:0d:3d:d9:87:23:b7:64:fe:77:f1:f5:89:1e:dd:e4:8a:
         fd:df:66:ee:00:96:0c:07:a0:f4:b0:1b:8a:d2:6a:6a:a1:b7:
         77:dc:94:1a:5d:90:d0:36:ee:ab:85:1f:22:b8:26:d3:be:1f:
         eb:9b:55:83:00:6a:60:b6:f5:38:35:4d:79:6c:df:5b:83:49:
         37:8e:36:1d:af:eb:ba:51:0a:f9:dd:98:65:21:ea:50:18:49:
         1e:70:20:d9:c0:75:cc:c1:b7:73:f7:22:2a:b8:6d:fb:fb:f2:
         15:af:3f:a1:e4:cc:20:3d:e1:d2:a9:e8:8a:95:bc:83:43:88:
         ca:03:79:5a:52:61:b0:e3:08:e6:7a:b3:4c:93:12:c9:8f:81:
         d8:46:8b:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGt39S+CkGZd2ZInS8MWN2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MGU0NmQ2M2E3MTgzZjcwZGE0OTJmMDJiODA5OGMyYmZm
YzI4YmUwHhcNMjQwMTAxMjAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTk1OTk3OGM1ZDRlZDYwZmYyY2Y3MTY1NWIzMGY5YTExZWY1MWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppZBVsCmLJfuixZ16qu6rZug4QAi
6oV9HzOT/1Y5fgmQPQXcLdBq5SsksMVzRgNPv1onjJEYBGscFwRIsAhgUTqjsCi7
vXV5WXLJfb3x3GPzOJyGYAIIn7b/7mjQPkTS30MCkQIdOAyj2tPkmxwAM13qfFHB
rfIHTI1TgJOMrDlv1Q9FGNco5Km0XyJy9Px+v1XTKiYR80yMvkyN6dGkxncRVTFv
TALq6/8/NuSA5g/QbwBHvBJERHpbDVdowEz82qKO2bprdrUk8EJ9nOU0iLT0UE0v
s9jYhjV4rKkskXI3IsSiEmMVAsZvSxNrVcAmSwtcyqkV6Rk3dnEPZ2IhzQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLmVmXjF1O1g/yz3FlWzD5oR71HRMB8GA1UdIwQY
MBaAFKYORtY6cYP3DaSS8CuAmMK//Ci+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGc1RzFqcHhnX2NOcEpMd0s0Q1l3cl84S0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mMGNmYTctNjI1NC00YTgxLTk5NmMt
M2I3ZWYyNWNmZTgzLzEvdVpXWmVNWFU3V0RfTFBjV1ZiTVBtaEh2VWRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mMGNmYTctNjI1NC00YTgxLTk5NmMtM2I3ZWYyNWNmZTgz
LzEvcGc1RzFqcHhnX2NOcEpMd0s0Q1l3cl84S0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAoY
MA0GCSqGSIb3DQEBCwUAA4IBAQCQ2mQJJPO1Zx3ksOh/H7gVyJ9jhXpHS6QQ9r3t
mzAM8xgJpL3yj3XEhwMNTNotYAGQN2ftMLwrA47vGFzOtxUKFZvMNPAT2oiirptd
mwao7QM86LMXuCHKYAKg3/sXpNLqWFrYgON9XCEDgKMbBg092Ycjt2T+d/H1iR7d
5Ir932buAJYMB6D0sBuK0mpqobd33JQaXZDQNu6rhR8iuCbTvh/rm1WDAGpgtvU4
NU15bN9bg0k3jjYdr+u6UQr53ZhlIepQGEkecCDZwHXMwbdz9yIquG37+/IVrz+h
5MwgPeHSqeiKlbyDQ4jKA3laUmGw4wjmerNMkxLJj4HYRov0
-----END CERTIFICATE-----