Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/lm6_nqh-QCZz_jv_Sit_txJMb8U.roa
File:                     lm6_nqh-QCZz_jv_Sit_txJMb8U.roa (raw, json)
Hash identifier:          hbn8jPhZ5K8nKjTW770jPppirrg2T62VNrPNtkcJe10=
Subject key identifier:   96:6E:BF:9E:A8:7E:40:26:73:FE:3B:FF:4A:2B:7F:B7:12:4C:6F:C5
Certificate issuer:       /CN=c72a524f9b1b3801dbd7c89a160aec076b57e729
Certificate serial:       018D898250F68F0CD85ECD9700DE67946BB5
Authority key identifier: C7:2A:52:4F:9B:1B:38:01:DB:D7:C8:9A:16:0A:EC:07:6B:57:E7:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xypST5sbOAHb18iaFgrsB2tX5yk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/lm6_nqh-QCZz_jv_Sit_txJMb8U.roa
Signing time:             Thu 08 Feb 2024 16:17:15 +0000
ROA not before:           Thu 08 Feb 2024 16:17:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206810
IP address blocks:        2a0c:70c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/xypST5sbOAHb18iaFgrsB2tX5yk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/xypST5sbOAHb18iaFgrsB2tX5yk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xypST5sbOAHb18iaFgrsB2tX5yk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:89:82:50:f6:8f:0c:d8:5e:cd:97:00:de:67:94:6b:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c72a524f9b1b3801dbd7c89a160aec076b57e729
        Validity
            Not Before: Feb  8 16:17:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=966ebf9ea87e402673fe3bff4a2b7fb7124c6fc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ab:95:f2:66:e0:03:82:df:a7:90:76:fb:a5:
                    4b:ee:0f:bb:63:dd:d6:20:e4:f6:7b:77:33:11:1f:
                    49:ac:1b:b9:ec:e8:41:48:8e:3e:de:63:ce:bf:4c:
                    f6:45:4a:3f:bf:90:6c:ea:ef:8e:9b:45:93:29:e0:
                    2f:d1:4b:c4:27:4d:3a:4e:cf:2e:82:be:3f:72:89:
                    a7:cd:20:5d:7e:0e:c7:4e:47:30:c6:f2:bf:b8:3b:
                    71:91:2c:6b:81:ee:ac:cb:db:9a:d9:39:c4:ed:58:
                    cc:71:5b:00:46:86:09:b5:82:83:e5:8d:9e:b9:a7:
                    5e:4b:a2:11:05:77:f3:bd:35:27:e8:61:a8:26:8f:
                    26:44:9e:e0:6f:4d:a4:93:e4:9b:b5:a0:ca:3b:e1:
                    20:97:f5:b4:65:f9:6a:1d:88:8a:46:ae:54:f4:26:
                    8b:28:c4:ae:d3:28:b3:c5:06:02:30:69:63:40:63:
                    1b:b3:d8:9c:71:ec:9f:b7:95:eb:86:94:5e:54:2e:
                    70:2f:cb:fe:a1:7f:0e:69:3b:37:a0:37:76:fe:fd:
                    24:fe:d3:17:f3:14:e8:5e:89:da:cc:17:3b:9f:a5:
                    42:47:c8:c4:c1:26:a9:81:95:d0:d4:5f:ca:c1:ec:
                    70:a9:c4:1b:55:4d:0a:1f:df:42:9c:a0:46:9f:df:
                    30:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:6E:BF:9E:A8:7E:40:26:73:FE:3B:FF:4A:2B:7F:B7:12:4C:6F:C5
            X509v3 Authority Key Identifier:
                keyid:C7:2A:52:4F:9B:1B:38:01:DB:D7:C8:9A:16:0A:EC:07:6B:57:E7:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xypST5sbOAHb18iaFgrsB2tX5yk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/lm6_nqh-QCZz_jv_Sit_txJMb8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/xypST5sbOAHb18iaFgrsB2tX5yk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:70c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:a4:08:85:7f:52:39:c4:ca:34:4e:d9:0b:21:55:91:be:36:
         9d:1d:ae:7e:d3:e2:80:70:1a:7a:ca:1c:33:8d:e6:92:fc:4e:
         cc:5a:03:8e:88:cb:21:62:44:0d:b2:0d:8d:95:6c:df:8f:10:
         66:fd:c5:cd:05:3a:84:0d:f5:e8:60:1b:da:50:05:a2:f3:85:
         5e:9d:0e:13:e8:61:d7:60:c7:49:57:15:96:32:91:af:56:f7:
         48:31:39:f0:d6:fd:ed:df:33:68:f1:c0:ee:58:a9:86:29:b3:
         b1:49:99:8f:06:06:4d:55:db:a3:05:cc:f9:33:08:f9:26:49:
         75:9c:6f:5f:4d:59:46:99:f8:f9:c2:83:bf:1b:5d:17:98:62:
         4d:8b:e2:5f:1c:73:f1:79:52:43:d2:12:8c:46:f9:cf:19:bb:
         be:4e:4e:d5:88:d2:7e:e6:02:b8:90:a4:9d:51:2d:0c:46:ad:
         8a:75:e4:01:d7:28:df:56:c3:33:7c:93:43:29:4e:65:bf:58:
         48:5d:e5:cf:88:f4:42:9b:ae:55:59:c5:03:3a:84:bb:9d:90:
         12:ef:91:76:fc:b5:35:f2:39:c0:c7:58:c1:f1:44:d2:d4:63:
         b5:d2:47:86:6c:e6:d7:36:fc:98:d0:70:29:88:89:b3:7a:aa:
         ba:1b:3c:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2JglD2jwzYXs2XAN5nlGu1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3MmE1MjRmOWIxYjM4MDFkYmQ3Yzg5YTE2MGFlYzA3NmI1
N2U3MjkwHhcNMjQwMjA4MTYxNzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjZlYmY5ZWE4N2U0MDI2NzNmZTNiZmY0YTJiN2ZiNzEyNGM2ZmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxauV8mbgA4Lfp5B2+6VL7g+7Y93W
IOT2e3czER9JrBu57OhBSI4+3mPOv0z2RUo/v5Bs6u+Om0WTKeAv0UvEJ006Ts8u
gr4/comnzSBdfg7HTkcwxvK/uDtxkSxrge6sy9ua2TnE7VjMcVsARoYJtYKD5Y2e
uadeS6IRBXfzvTUn6GGoJo8mRJ7gb02kk+SbtaDKO+Egl/W0ZflqHYiKRq5U9CaL
KMSu0yizxQYCMGljQGMbs9icceyft5XrhpReVC5wL8v+oX8OaTs3oDd2/v0k/tMX
8xToXonazBc7n6VCR8jEwSapgZXQ1F/KwexwqcQbVU0KH99CnKBGn98wCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJZuv56ofkAmc/47/0orf7cSTG/FMB8GA1UdIwQY
MBaAFMcqUk+bGzgB29fImhYK7AdrV+cpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHlwU1Q1c2JPQUhiMThpYUZncnNCMnRYNXlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My80ZTNjYzItMWEzMy00OTVhLTk5OWYt
ZDdhNjg0YTU3YjE5LzEvbG02X25xaC1RQ1p6X2p2X1NpdF90eEpNYjhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My80ZTNjYzItMWEzMy00OTVhLTk5OWYtZDdhNjg0YTU3YjE5
LzEveHlwU1Q1c2JPQUhiMThpYUZncnNCMnRYNXlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgxwwAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA4pAiFf1I5xMo0TtkLIVWRvjadHa5+0+KAcBp6
yhwzjeaS/E7MWgOOiMshYkQNsg2NlWzfjxBm/cXNBTqEDfXoYBvaUAWi84VenQ4T
6GHXYMdJVxWWMpGvVvdIMTnw1v3t3zNo8cDuWKmGKbOxSZmPBgZNVdujBcz5Mwj5
Jkl1nG9fTVlGmfj5woO/G10XmGJNi+JfHHPxeVJD0hKMRvnPGbu+Tk7ViNJ+5gK4
kKSdUS0MRq2KdeQB1yjfVsMzfJNDKU5lv1hIXeXPiPRCm65VWcUDOoS7nZAS75F2
/LU18jnAx1jB8UTS1GO10keGbObXNvyY0HApiImzeqq6GzzL
-----END CERTIFICATE-----