Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/oi2elpmAeFezukMQ4qWEK1tumqc.roa
File:                     oi2elpmAeFezukMQ4qWEK1tumqc.roa (raw, json)
Hash identifier:          AjBiNHppgrAURUojyBx6dPeiqVtWCfq1Dg+Cwl+R1Q0=
Subject key identifier:   A2:2D:9E:96:99:80:78:57:B3:BA:43:10:E2:A5:84:2B:5B:6E:9A:A7
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       018CC9BCA5160A5D67598908C4907E5D6009
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/oi2elpmAeFezukMQ4qWEK1tumqc.roa
Signing time:             Tue 02 Jan 2024 10:33:52 +0000
ROA not before:           Tue 02 Jan 2024 10:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3333
IP address blocks:        2001:610:240::/42 maxlen: 42

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Jun 2024 20:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a5:16:0a:5d:67:59:89:08:c4:90:7e:5d:60:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  2 10:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a22d9e9699807857b3ba4310e2a5842b5b6e9aa7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:9c:05:55:86:5b:2e:76:31:5e:f0:52:0c:1b:
                    df:0e:74:c1:23:ea:67:40:e7:90:13:bc:68:e8:04:
                    52:fb:f9:95:f4:fe:ce:bd:95:4c:f1:3d:9f:cd:be:
                    f1:56:a7:53:0f:95:48:88:2f:a2:b2:1b:00:4f:12:
                    95:00:94:31:ef:17:1f:a0:ab:74:f7:0f:f7:3f:03:
                    e9:44:4d:c5:ca:de:12:a0:31:0c:6a:e4:07:18:31:
                    88:35:d2:44:a7:2f:b3:c9:59:89:72:fd:4b:be:23:
                    77:12:b1:8a:f7:95:12:a0:19:e2:24:0d:70:0e:41:
                    36:82:d6:d2:58:8c:bb:4c:b6:87:ec:a9:b4:c6:6c:
                    ec:fd:db:37:72:78:46:ad:01:16:23:ba:d9:c8:5b:
                    8c:e6:40:17:74:5f:86:a3:27:6d:6e:79:ea:32:e6:
                    fe:c0:57:0a:fd:40:8e:a8:fa:4d:3a:bf:64:e8:57:
                    10:72:49:c0:25:08:7b:f6:59:b9:ae:74:a8:e6:02:
                    b3:1c:9c:07:75:c6:fc:45:5e:d3:a0:9f:9e:0c:6b:
                    99:b4:ce:ed:ba:f6:af:58:bf:55:11:3c:0e:29:f3:
                    84:2c:e5:c8:6d:b3:21:69:bb:a3:7d:8a:28:4f:c8:
                    26:4a:e3:be:d8:5f:f6:48:2e:14:36:ba:4a:0f:2a:
                    71:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:2D:9E:96:99:80:78:57:B3:BA:43:10:E2:A5:84:2B:5B:6E:9A:A7
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/oi2elpmAeFezukMQ4qWEK1tumqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:610:240::/42

    Signature Algorithm: sha256WithRSAEncryption
         26:93:15:36:13:39:f6:58:71:ad:97:af:ce:e3:42:f5:2d:0b:
         b1:7f:77:2a:c9:bd:34:68:dc:c5:73:b4:c1:9d:27:f1:7c:c7:
         14:70:32:ee:5e:46:85:75:d3:af:f8:46:3f:b9:0c:6e:6e:03:
         18:51:6e:e0:f2:7d:54:54:33:a4:93:58:57:95:a9:a9:50:cc:
         d5:c6:de:40:1d:c3:bf:d2:e6:5a:df:75:b8:3c:e9:3d:64:59:
         20:dc:d7:28:b2:45:c0:57:e3:eb:99:24:b3:2e:db:a6:2f:2b:
         5f:96:68:7c:f3:95:c9:02:7f:93:61:87:4f:54:c3:64:45:5d:
         1a:f6:a3:51:ba:65:64:3f:98:4c:b4:b0:2d:bf:a7:c8:d2:48:
         ae:a5:e8:aa:db:ad:b9:ce:a1:69:19:4f:65:41:9a:31:7b:ac:
         e7:29:7d:1e:4c:5c:53:58:24:9b:3d:d9:00:8b:25:ec:63:d4:
         bf:e3:00:cb:5c:bd:1e:f0:30:f6:32:66:c0:18:8e:8b:8b:bc:
         32:05:e8:5b:ec:41:29:eb:28:95:67:54:71:74:79:18:4a:a5:
         7d:96:3e:ac:7d:1f:ec:a3:e2:65:a8:6d:15:fc:42:e9:ac:2f:
         4f:6e:aa:bf:01:5f:fc:7d:47:27:c5:1f:f0:3e:55:3d:a5:6c:
         59:b9:d6:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvKUWCl1nWYkIxJB+XWAJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjQwMTAyMTAzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjJkOWU5Njk5ODA3ODU3YjNiYTQzMTBlMmE1ODQyYjViNmU5YWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8pwFVYZbLnYxXvBSDBvfDnTBI+pn
QOeQE7xo6ARS+/mV9P7OvZVM8T2fzb7xVqdTD5VIiC+ishsATxKVAJQx7xcfoKt0
9w/3PwPpRE3Fyt4SoDEMauQHGDGINdJEpy+zyVmJcv1LviN3ErGK95USoBniJA1w
DkE2gtbSWIy7TLaH7Km0xmzs/ds3cnhGrQEWI7rZyFuM5kAXdF+GoydtbnnqMub+
wFcK/UCOqPpNOr9k6FcQcknAJQh79lm5rnSo5gKzHJwHdcb8RV7ToJ+eDGuZtM7t
uvavWL9VETwOKfOELOXIbbMhabujfYooT8gmSuO+2F/2SC4UNrpKDypx2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKItnpaZgHhXs7pDEOKlhCtbbpqnMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvb2kyZWxwbUFlRmV6dWtNUTRxV0VLMXR1bXFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGIAEGEAJA
MA0GCSqGSIb3DQEBCwUAA4IBAQAmkxU2Ezn2WHGtl6/O40L1LQuxf3cqyb00aNzF
c7TBnSfxfMcUcDLuXkaFddOv+EY/uQxubgMYUW7g8n1UVDOkk1hXlampUMzVxt5A
HcO/0uZa33W4POk9ZFkg3NcoskXAV+PrmSSzLtumLytflmh885XJAn+TYYdPVMNk
RV0a9qNRumVkP5hMtLAtv6fI0kiupeiq2625zqFpGU9lQZoxe6znKX0eTFxTWCSb
PdkAiyXsY9S/4wDLXL0e8DD2MmbAGI6Li7wyBehb7EEp6yiVZ1RxdHkYSqV9lj6s
fR/so+JlqG0V/ELprC9Pbqq/AV/8fUcnxR/wPlU9pWxZudaF
-----END CERTIFICATE-----