Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/FmgdlZ3xQO4qmAQth4U-gQ8onUo.roa
File:                     FmgdlZ3xQO4qmAQth4U-gQ8onUo.roa (raw, json)
Hash identifier:          kyWq8xRDHxiGFjhNtvVYBf5TeyDx0ITHUftBTLnycEM=
Subject key identifier:   16:68:1D:95:9D:F1:40:EE:2A:98:04:2D:87:85:3E:81:0F:28:9D:4A
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       0192953EC5658186E31DEAF08BD7F8662F2B
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/FmgdlZ3xQO4qmAQth4U-gQ8onUo.roa
Signing time:             Wed 16 Oct 2024 12:12:51 +0000
ROA not before:           Wed 16 Oct 2024 12:12:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     401363
IP address blocks:        2a0c:e643::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:95:3e:c5:65:81:86:e3:1d:ea:f0:8b:d7:f8:66:2f:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Oct 16 12:12:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16681d959df140ee2a98042d87853e810f289d4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:62:d1:bf:ee:ca:5b:95:75:df:b5:57:e3:eb:
                    9f:49:4d:aa:d2:45:b3:11:6d:6a:98:e8:b4:ae:84:
                    01:d4:de:52:91:c9:60:4a:20:0c:88:13:63:67:64:
                    79:56:b3:71:01:06:9a:ef:6a:12:83:a4:b8:13:42:
                    47:3a:69:10:d0:ca:03:82:2e:83:9b:63:67:d4:c1:
                    4d:3d:a1:8f:15:58:c6:22:ff:4b:2b:e7:90:b4:03:
                    9f:84:7f:59:ce:4c:67:82:66:cb:fe:d3:36:bb:7c:
                    97:b5:13:0c:e8:c3:b4:73:2c:32:e5:25:ec:62:8b:
                    85:6d:87:0a:21:3b:54:ce:78:ce:91:a3:d1:19:cf:
                    e8:e0:21:7b:ac:89:81:6f:30:66:91:79:d2:6b:de:
                    7a:a3:6d:bb:fc:4a:07:05:ff:67:70:18:f3:1e:99:
                    4f:64:d8:eb:ed:e1:d8:30:fe:f0:5e:36:e5:99:af:
                    82:2f:16:1d:91:c4:10:fc:63:97:3c:e1:59:91:71:
                    a0:8a:88:98:dd:60:23:55:40:3e:76:a5:31:03:bc:
                    ca:21:9e:ed:15:36:6d:8e:53:63:6d:47:33:3b:5d:
                    bc:e2:ff:85:8f:d6:32:89:a6:e0:4b:00:44:fc:2a:
                    7d:e5:58:52:a7:f9:9a:36:f7:2d:a4:4e:bd:ed:e8:
                    8d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:68:1D:95:9D:F1:40:EE:2A:98:04:2D:87:85:3E:81:0F:28:9D:4A
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/FmgdlZ3xQO4qmAQth4U-gQ8onUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:e643::/32

    Signature Algorithm: sha256WithRSAEncryption
         96:b2:30:3e:9a:f6:d1:a2:70:18:e2:fc:33:ac:61:4e:ad:d9:
         11:4c:cb:0d:ed:9f:f2:a8:e1:6a:c5:09:38:8d:e6:f5:77:4e:
         83:50:f3:b5:7f:c9:63:19:01:75:cd:24:c7:22:4f:11:d5:ab:
         66:cf:e9:53:d3:08:32:db:b1:8d:9b:a2:ac:91:7c:1e:78:d4:
         3b:8b:4a:ff:1a:37:aa:a7:3b:e6:47:f8:d0:49:51:01:35:bf:
         3a:4d:e6:fa:21:c7:9b:cc:71:0b:d6:f1:8c:70:bb:8a:63:02:
         58:5b:4e:e5:5a:e8:56:e0:be:a8:69:d5:cf:a0:9a:cc:e2:ac:
         61:51:60:92:d1:f6:84:70:c6:4b:f3:bb:ee:9a:44:1b:16:05:
         b9:8f:fa:96:4b:a1:dc:42:19:df:6d:c8:bf:61:d9:19:b1:0b:
         a5:49:cc:83:e7:93:05:e0:8d:76:7e:30:ca:01:75:33:ee:14:
         84:ff:b5:56:a9:b8:9d:a1:a4:71:a2:b0:29:92:f7:ab:93:80:
         7e:92:12:83:e7:68:9d:72:4e:9b:30:80:e5:a3:de:53:e5:af:
         69:fb:bc:b5:1e:ea:b6:1a:ae:89:75:c0:7f:8c:15:65:fe:51:
         cf:55:7e:f8:7f:cf:97:2f:5d:98:9e:76:b4:5f:a7:82:c3:e0:
         63:3e:ac:77
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZKVPsVlgYbjHerwi9f4Zi8rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQxMDE2MTIxMjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjY4MWQ5NTlkZjE0MGVlMmE5ODA0MmQ4Nzg1M2U4MTBmMjg5ZDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomLRv+7KW5V137VX4+ufSU2q0kWz
EW1qmOi0roQB1N5SkclgSiAMiBNjZ2R5VrNxAQaa72oSg6S4E0JHOmkQ0MoDgi6D
m2Nn1MFNPaGPFVjGIv9LK+eQtAOfhH9ZzkxngmbL/tM2u3yXtRMM6MO0cywy5SXs
YouFbYcKITtUznjOkaPRGc/o4CF7rImBbzBmkXnSa956o227/EoHBf9ncBjzHplP
ZNjr7eHYMP7wXjblma+CLxYdkcQQ/GOXPOFZkXGgioiY3WAjVUA+dqUxA7zKIZ7t
FTZtjlNjbUczO1284v+Fj9YyiabgSwBE/Cp95VhSp/maNvctpE697eiNywIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBZoHZWd8UDuKpgELYeFPoEPKJ1KMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvRm1nZGxaM3hRTzRxbUFRdGg0VS1nUThvblVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgzmQzAN
BgkqhkiG9w0BAQsFAAOCAQEAlrIwPpr20aJwGOL8M6xhTq3ZEUzLDe2f8qjhasUJ
OI3m9XdOg1DztX/JYxkBdc0kxyJPEdWrZs/pU9MIMtuxjZuirJF8HnjUO4tK/xo3
qqc75kf40ElRATW/Ok3m+iHHm8xxC9bxjHC7imMCWFtO5VroVuC+qGnVz6CazOKs
YVFgktH2hHDGS/O77ppEGxYFuY/6lkuh3EIZ323Iv2HZGbELpUnMg+eTBeCNdn4w
ygF1M+4UhP+1Vqm4naGkcaKwKZL3q5OAfpISg+donXJOmzCA5aPeU+Wvafu8tR7q
thquiXXAf4wVZf5Rz1V++H/Ply9dmJ52tF+ngsPgYz6sdw==
-----END CERTIFICATE-----