Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/d29730-515a-4bfb-ad55-e038d81b3f97/1/Y6Dt40G1DBswykKSQU7my8WjqNY.roa
File:                     Y6Dt40G1DBswykKSQU7my8WjqNY.roa (raw, json)
Hash identifier:          6ZtfJrpFQPmN2YlO6yx/f4FUkarMv+WlQ3wrEJYs+PU=
Subject key identifier:   63:A0:ED:E3:41:B5:0C:1B:30:CA:42:92:41:4E:E6:CB:C5:A3:A8:D6
Certificate issuer:       /CN=493469544203082d2c3c1ddf0f0bbd90bdc56941
Certificate serial:       018CC492F9B660231C9724B71ECD6A18826B
Authority key identifier: 49:34:69:54:42:03:08:2D:2C:3C:1D:DF:0F:0B:BD:90:BD:C5:69:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/STRpVEIDCC0sPB3fDwu9kL3FaUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/d29730-515a-4bfb-ad55-e038d81b3f97/1/Y6Dt40G1DBswykKSQU7my8WjqNY.roa
Signing time:             Mon 01 Jan 2024 10:30:15 +0000
ROA not before:           Mon 01 Jan 2024 10:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206884
IP address blocks:        2001:678:8f8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/d29730-515a-4bfb-ad55-e038d81b3f97/1/STRpVEIDCC0sPB3fDwu9kL3FaUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/d29730-515a-4bfb-ad55-e038d81b3f97/1/STRpVEIDCC0sPB3fDwu9kL3FaUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/STRpVEIDCC0sPB3fDwu9kL3FaUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:f9:b6:60:23:1c:97:24:b7:1e:cd:6a:18:82:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=493469544203082d2c3c1ddf0f0bbd90bdc56941
        Validity
            Not Before: Jan  1 10:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63a0ede341b50c1b30ca4292414ee6cbc5a3a8d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:80:25:63:c8:37:35:e5:c2:0b:46:5f:46:e6:
                    68:81:b8:72:39:ba:aa:86:a6:02:3b:7d:c3:35:28:
                    3d:64:95:e4:f9:e6:c7:84:36:a8:f1:4b:4c:7c:e9:
                    0a:c3:15:58:b6:04:b0:ad:7f:37:1b:d3:8c:7f:0f:
                    b7:02:51:f3:56:58:90:24:90:64:1a:03:2c:47:80:
                    77:fc:81:9b:33:66:c4:8f:71:c2:63:cd:49:df:f3:
                    51:bf:7c:19:ad:92:5e:65:05:88:c6:18:17:4a:fe:
                    4b:ae:0f:41:2f:db:98:12:25:66:79:d6:43:9f:f4:
                    77:2d:b7:73:a3:b3:1f:e7:e7:02:c4:e8:ac:a4:26:
                    37:43:99:ef:e4:fc:a3:e5:84:9f:35:80:79:a8:c2:
                    69:0b:79:c4:23:21:19:c5:a7:3e:7f:08:bb:e1:26:
                    ce:29:db:2d:f6:30:99:aa:4e:61:85:27:db:fe:6a:
                    d9:0d:82:80:54:9e:b2:ef:57:27:9d:ce:4d:d2:81:
                    08:3a:a3:de:84:d3:b3:b6:d1:57:f1:71:50:4d:be:
                    f5:0a:48:90:ac:81:ce:61:a4:c1:98:40:34:5a:d9:
                    2f:b2:a1:c4:88:17:95:c9:82:62:da:60:de:18:21:
                    18:22:71:1c:54:94:e5:31:29:2e:06:f3:3a:15:4c:
                    29:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:A0:ED:E3:41:B5:0C:1B:30:CA:42:92:41:4E:E6:CB:C5:A3:A8:D6
            X509v3 Authority Key Identifier:
                keyid:49:34:69:54:42:03:08:2D:2C:3C:1D:DF:0F:0B:BD:90:BD:C5:69:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/STRpVEIDCC0sPB3fDwu9kL3FaUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/d29730-515a-4bfb-ad55-e038d81b3f97/1/Y6Dt40G1DBswykKSQU7my8WjqNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/d29730-515a-4bfb-ad55-e038d81b3f97/1/STRpVEIDCC0sPB3fDwu9kL3FaUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:8f8::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:0a:3c:56:9e:45:9d:fc:f1:00:8e:e2:69:0e:e5:aa:d6:c2:
         95:73:e2:59:e5:a3:42:75:59:79:e7:ec:73:47:df:f9:68:da:
         fe:3c:be:cf:d3:3d:61:c7:f2:f8:f6:10:ca:d3:02:4b:e8:66:
         03:0c:8f:b8:01:59:c4:3c:e5:98:23:38:a1:0b:de:79:19:83:
         79:d3:4e:7f:40:a2:67:42:f6:ac:c8:0f:ee:a0:54:90:1b:ad:
         a7:e6:60:43:c6:13:1d:e0:5b:e5:d4:18:43:cc:39:c6:7a:17:
         28:ad:06:c8:09:ca:73:74:89:62:37:f7:c4:7f:b5:10:93:e7:
         46:f3:00:0b:dc:19:85:84:e4:46:a4:83:a9:d7:c1:d6:97:c7:
         08:77:76:a8:ba:5a:58:31:17:bb:78:f2:69:57:3d:e7:ea:2e:
         35:74:a9:e0:64:7f:fb:95:91:8a:61:de:da:0a:b4:76:db:e3:
         da:61:1a:fa:a9:48:14:f3:77:22:e0:de:38:d7:68:7b:ac:d8:
         c4:29:4d:7b:40:1a:ea:86:4b:89:07:b8:95:43:80:e1:bb:62:
         cc:3b:99:25:36:98:05:34:c0:ff:cc:c1:4b:35:e0:21:eb:f2:
         84:d4:13:78:a7:76:4f:32:4a:ee:b0:d8:33:a0:7b:03:42:e6:
         a8:30:50:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkvm2YCMclyS3Hs1qGIJrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MzQ2OTU0NDIwMzA4MmQyYzNjMWRkZjBmMGJiZDkwYmRj
NTY5NDEwHhcNMjQwMTAxMTAzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2EwZWRlMzQxYjUwYzFiMzBjYTQyOTI0MTRlZTZjYmM1YTNhOGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIAlY8g3NeXCC0ZfRuZogbhyObqq
hqYCO33DNSg9ZJXk+ebHhDao8UtMfOkKwxVYtgSwrX83G9OMfw+3AlHzVliQJJBk
GgMsR4B3/IGbM2bEj3HCY81J3/NRv3wZrZJeZQWIxhgXSv5Lrg9BL9uYEiVmedZD
n/R3Lbdzo7Mf5+cCxOispCY3Q5nv5Pyj5YSfNYB5qMJpC3nEIyEZxac+fwi74SbO
Kdst9jCZqk5hhSfb/mrZDYKAVJ6y71cnnc5N0oEIOqPehNOzttFX8XFQTb71CkiQ
rIHOYaTBmEA0WtkvsqHEiBeVyYJi2mDeGCEYInEcVJTlMSkuBvM6FUwpbwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGOg7eNBtQwbMMpCkkFO5svFo6jWMB8GA1UdIwQY
MBaAFEk0aVRCAwgtLDwd3w8LvZC9xWlBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1RScFZFSURDQzBzUEIzZkR3dTlrTDNGYVVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9kMjk3MzAtNTE1YS00YmZiLWFkNTUt
ZTAzOGQ4MWIzZjk3LzEvWTZEdDQwRzFEQnN3eWtLU1FVN215OFdqcU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9kMjk3MzAtNTE1YS00YmZiLWFkNTUtZTAzOGQ4MWIzZjk3
LzEvU1RScFZFSURDQzBzUEIzZkR3dTlrTDNGYVVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAj4
MA0GCSqGSIb3DQEBCwUAA4IBAQB2CjxWnkWd/PEAjuJpDuWq1sKVc+JZ5aNCdVl5
5+xzR9/5aNr+PL7P0z1hx/L49hDK0wJL6GYDDI+4AVnEPOWYIzihC955GYN5005/
QKJnQvasyA/uoFSQG62n5mBDxhMd4Fvl1BhDzDnGehcorQbICcpzdIliN/fEf7UQ
k+dG8wAL3BmFhORGpIOp18HWl8cId3aoulpYMRe7ePJpVz3n6i41dKngZH/7lZGK
Yd7aCrR22+PaYRr6qUgU83ci4N4412h7rNjEKU17QBrqhkuJB7iVQ4Dhu2LMO5kl
NpgFNMD/zMFLNeAh6/KE1BN4p3ZPMkrusNgzoHsDQuaoMFDi
-----END CERTIFICATE-----