Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/2a53e8-f236-4242-a13b-8f5f713b37aa/1/uB6m-1VDBFV550We5kWuHMEQ9rw.roa
File:                     uB6m-1VDBFV550We5kWuHMEQ9rw.roa (raw, json)
Hash identifier:          WLGROILwg4TPTHZ2j722h4QFmakNvRzfnUUB8n+dSEo=
Subject key identifier:   B8:1E:A6:FB:55:43:04:55:79:E7:45:9E:E6:45:AE:1C:C1:10:F6:BC
Certificate issuer:       /CN=aa907ae1977c23527aad6656a148c70372e9b256
Certificate serial:       018CC9BBF4552116B77D918701734F927A3F
Authority key identifier: AA:90:7A:E1:97:7C:23:52:7A:AD:66:56:A1:48:C7:03:72:E9:B2:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qpB64Zd8I1J6rWZWoUjHA3LpslY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/2a53e8-f236-4242-a13b-8f5f713b37aa/1/uB6m-1VDBFV550We5kWuHMEQ9rw.roa
Signing time:             Tue 02 Jan 2024 10:33:07 +0000
ROA not before:           Tue 02 Jan 2024 10:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        2001:67c:c60::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/2a53e8-f236-4242-a13b-8f5f713b37aa/1/qpB64Zd8I1J6rWZWoUjHA3LpslY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/2a53e8-f236-4242-a13b-8f5f713b37aa/1/qpB64Zd8I1J6rWZWoUjHA3LpslY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qpB64Zd8I1J6rWZWoUjHA3LpslY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f4:55:21:16:b7:7d:91:87:01:73:4f:92:7a:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa907ae1977c23527aad6656a148c70372e9b256
        Validity
            Not Before: Jan  2 10:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b81ea6fb5543045579e7459ee645ae1cc110f6bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b7:a7:6d:12:b5:1e:c5:11:b6:e4:72:85:69:
                    39:f1:78:e0:52:a1:12:a3:63:43:c9:9e:14:b5:df:
                    a6:46:77:35:22:1d:00:85:a8:f9:79:4a:eb:cd:cf:
                    63:51:ee:5d:3e:2a:0c:e2:0c:6f:75:85:b7:36:22:
                    46:b5:6a:2d:98:10:2e:8e:f3:e9:8a:cc:d8:10:37:
                    84:d1:68:7d:61:6f:a4:2b:0a:58:0e:92:e9:66:e0:
                    77:91:0e:2f:77:93:55:aa:42:4b:68:3c:96:86:ab:
                    2f:3e:92:8c:7a:5d:6b:19:73:e5:2f:2d:ab:68:86:
                    f5:7a:03:16:66:bb:f4:81:a5:a0:da:b0:1f:5d:45:
                    c3:25:fa:53:8e:b8:c0:01:0f:86:84:6d:59:26:f1:
                    e1:c5:0b:e0:ac:11:a2:c9:8f:cc:33:16:b7:80:3f:
                    ff:e8:bb:71:5e:18:c6:17:5a:a2:3f:7f:29:43:7c:
                    1a:31:44:b2:99:d9:73:cd:81:5d:a5:f0:81:6f:26:
                    b2:1c:df:a3:2e:70:7f:3c:ce:f1:66:02:09:b9:f5:
                    4a:52:46:6c:b9:d4:d6:dc:b9:71:8f:29:f6:33:5c:
                    72:b1:d4:7c:b7:41:0d:88:c0:95:c7:1d:85:99:82:
                    b1:ab:1f:62:4d:0b:18:b6:f1:e6:e3:db:2c:0e:ee:
                    df:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:1E:A6:FB:55:43:04:55:79:E7:45:9E:E6:45:AE:1C:C1:10:F6:BC
            X509v3 Authority Key Identifier:
                keyid:AA:90:7A:E1:97:7C:23:52:7A:AD:66:56:A1:48:C7:03:72:E9:B2:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qpB64Zd8I1J6rWZWoUjHA3LpslY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/2a53e8-f236-4242-a13b-8f5f713b37aa/1/uB6m-1VDBFV550We5kWuHMEQ9rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/2a53e8-f236-4242-a13b-8f5f713b37aa/1/qpB64Zd8I1J6rWZWoUjHA3LpslY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c60::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:8d:95:59:81:53:49:27:ef:e5:63:65:b3:c9:1b:16:4e:c1:
         73:ce:ee:8a:f6:80:3b:46:05:53:c6:07:93:58:fa:fa:04:a9:
         43:d4:54:fc:cd:b3:5e:34:33:c7:e1:e6:d4:3f:19:50:6e:fb:
         31:73:5d:75:9e:50:29:59:e2:74:df:54:e7:e9:43:d8:b4:99:
         8f:6b:cf:17:42:c5:4d:4a:07:42:b5:9a:c2:e9:cf:9a:6d:d4:
         6a:66:c6:3d:9e:e2:0b:38:3d:2e:cf:84:9f:8b:07:77:b1:81:
         68:57:37:0e:0a:23:bb:a6:4a:14:03:e6:ae:8c:e5:9b:fc:46:
         e6:d2:1c:3a:cf:11:03:88:c0:57:97:e8:6f:fe:bd:c3:5c:d3:
         0a:46:50:9b:71:37:d9:42:c3:02:4f:a4:22:85:78:00:2f:4d:
         01:3a:5a:60:86:ad:3a:2c:e5:f5:5a:95:30:a7:e8:c2:eb:ed:
         64:31:b7:c2:c7:82:76:06:ad:9b:89:9d:7c:a4:30:c2:df:10:
         7e:0d:3b:e1:46:1f:84:1a:8e:90:4b:42:79:a1:b8:b6:df:62:
         fc:80:97:8e:c6:46:80:2c:5a:05:2c:f8:f9:a8:b8:34:3c:96:
         3c:65:d2:be:74:57:d7:2b:74:5e:34:2c:ca:ef:41:6e:2e:a7:
         c0:aa:c9:d9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJu/RVIRa3fZGHAXNPkno/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhOTA3YWUxOTc3YzIzNTI3YWFkNjY1NmExNDhjNzAzNzJl
OWIyNTYwHhcNMjQwMTAyMTAzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODFlYTZmYjU1NDMwNDU1NzllNzQ1OWVlNjQ1YWUxY2MxMTBmNmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLenbRK1HsURtuRyhWk58XjgUqES
o2NDyZ4Utd+mRnc1Ih0Ahaj5eUrrzc9jUe5dPioM4gxvdYW3NiJGtWotmBAujvPp
iszYEDeE0Wh9YW+kKwpYDpLpZuB3kQ4vd5NVqkJLaDyWhqsvPpKMel1rGXPlLy2r
aIb1egMWZrv0gaWg2rAfXUXDJfpTjrjAAQ+GhG1ZJvHhxQvgrBGiyY/MMxa3gD//
6LtxXhjGF1qiP38pQ3waMUSymdlzzYFdpfCBbyayHN+jLnB/PM7xZgIJufVKUkZs
udTW3Llxjyn2M1xysdR8t0ENiMCVxx2FmYKxqx9iTQsYtvHm49ssDu7ftQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLgepvtVQwRVeedFnuZFrhzBEPa8MB8GA1UdIwQY
MBaAFKqQeuGXfCNSeq1mVqFIxwNy6bJWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXBCNjRaZDhJMUo2cldaV29VakhBM0xwc2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8yYTUzZTgtZjIzNi00MjQyLWExM2It
OGY1ZjcxM2IzN2FhLzEvdUI2bS0xVkRCRlY1NTBXZTVrV3VITUVROXJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8yYTUzZTgtZjIzNi00MjQyLWExM2ItOGY1ZjcxM2IzN2Fh
LzEvcXBCNjRaZDhJMUo2cldaV29VakhBM0xwc2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAxg
MA0GCSqGSIb3DQEBCwUAA4IBAQBUjZVZgVNJJ+/lY2WzyRsWTsFzzu6K9oA7RgVT
xgeTWPr6BKlD1FT8zbNeNDPH4ebUPxlQbvsxc111nlApWeJ031Tn6UPYtJmPa88X
QsVNSgdCtZrC6c+abdRqZsY9nuILOD0uz4Sfiwd3sYFoVzcOCiO7pkoUA+aujOWb
/Ebm0hw6zxEDiMBXl+hv/r3DXNMKRlCbcTfZQsMCT6QihXgAL00BOlpghq06LOX1
WpUwp+jC6+1kMbfCx4J2Bq2biZ18pDDC3xB+DTvhRh+EGo6QS0J5obi232L8gJeO
xkaALFoFLPj5qLg0PJY8ZdK+dFfXK3ReNCzK70FuLqfAqsnZ
-----END CERTIFICATE-----