Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/6CQeRNCMj34miSvN0uraP2fzYcA.roa
File:                     6CQeRNCMj34miSvN0uraP2fzYcA.roa (raw, json)
Hash identifier:          2cEVX6CrM2Sh8dxgJPLsxL/OaaBDFNG3xzNtPEkuvEM=
Subject key identifier:   E8:24:1E:44:D0:8C:8F:7E:26:89:2B:CD:D2:EA:DA:3F:67:F3:61:C0
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D44810746B0AB5BA67527619E8586
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/6CQeRNCMj34miSvN0uraP2fzYcA.roa
Signing time:             Mon 01 Jan 2024 00:29:50 +0000
ROA not before:           Mon 01 Jan 2024 00:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212690
IP address blocks:        2a0e:aa07:e022::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:44:81:07:46:b0:ab:5b:a6:75:27:61:9e:85:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8241e44d08c8f7e26892bcdd2eada3f67f361c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ef:15:f4:bb:f5:52:62:e7:5f:39:ed:b7:d1:
                    71:16:16:65:e2:af:0e:da:34:a5:33:29:d3:cf:c0:
                    df:20:5a:dd:b1:e8:ab:cc:9d:83:c7:23:b0:c8:82:
                    f9:eb:e4:b6:c6:f1:53:71:cd:c9:a8:23:ca:59:0d:
                    58:74:63:8e:56:f1:e3:d9:23:71:d2:38:33:98:e7:
                    4e:ae:8b:11:51:cc:08:db:3c:d8:17:49:ba:f6:a7:
                    9e:63:f6:11:08:24:b4:63:91:8c:b4:93:6f:44:0a:
                    d9:6f:b3:57:4c:c5:f2:5f:01:26:e6:50:07:5e:16:
                    0c:ef:ba:26:04:3c:a5:1c:8a:0c:c0:9b:a5:c6:42:
                    8b:34:59:e3:a3:d3:da:cd:5d:e4:c2:3e:ad:46:97:
                    f9:34:02:5f:81:06:0c:71:cd:26:03:ce:93:d3:2c:
                    75:fa:da:c8:b7:93:ed:c1:c1:83:e5:c0:e3:1c:70:
                    9e:21:7d:a7:8e:ae:fe:ab:f6:0c:cb:17:ef:d8:fa:
                    f8:75:b8:e3:05:59:56:f5:ec:f1:23:fd:e6:43:b8:
                    e7:dc:5f:f4:36:d8:9e:aa:a5:fa:9a:3e:ee:1c:75:
                    22:cd:39:3c:76:ac:a3:b8:27:07:d1:15:9b:85:49:
                    b9:52:eb:81:3a:f1:d3:53:9a:cc:8d:11:e9:be:8b:
                    0f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:24:1E:44:D0:8C:8F:7E:26:89:2B:CD:D2:EA:DA:3F:67:F3:61:C0
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/6CQeRNCMj34miSvN0uraP2fzYcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e022::/48

    Signature Algorithm: sha256WithRSAEncryption
         b6:4d:da:6c:a1:b9:c1:d0:a7:ab:96:80:1b:eb:59:26:77:50:
         ea:cb:9d:fc:cb:8c:f7:4b:97:51:ce:1b:00:c9:34:dd:94:c2:
         8e:62:c2:ef:4e:e5:2a:b3:bf:f4:df:03:a5:a1:3a:68:ac:ca:
         d5:8e:79:54:a5:88:2f:0b:8f:d2:2e:53:6f:fc:74:0e:c0:9a:
         88:68:8d:05:74:5e:28:2f:c6:7b:01:0d:53:38:a5:88:bb:3b:
         ca:47:62:73:83:ed:1b:7f:83:a9:82:d8:d9:12:28:be:19:2a:
         8f:cd:e3:bf:bb:e7:e8:0c:21:16:83:c0:52:3f:64:a9:78:e5:
         3b:b9:8e:15:76:04:46:ad:be:e6:d4:c6:a1:76:5a:1b:e3:8a:
         b7:12:a4:e4:bb:33:fb:bd:95:f6:46:ce:9f:71:89:09:60:ec:
         5f:f0:8b:d2:7b:e5:5c:3e:55:2b:e3:0b:e9:8a:3f:eb:71:e7:
         9f:38:68:f2:f7:27:8f:e1:62:22:2b:19:a4:09:9c:cb:b2:69:
         d9:fd:f4:b6:f5:d4:e4:09:51:8f:b2:fd:4a:78:96:8e:30:d0:
         1e:25:8c:1b:ff:2d:26:a4:cc:3f:f2:7e:6c:91:1b:7c:68:8a:
         a9:13:6b:66:3e:ab:1e:9a:9f:e7:e4:ee:a3:0a:45:3e:6d:6a:
         6d:b3:64:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbUSBB0awq1umdSdhnoWGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODI0MWU0NGQwOGM4ZjdlMjY4OTJiY2RkMmVhZGEzZjY3ZjM2MWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwu8V9Lv1UmLnXzntt9FxFhZl4q8O
2jSlMynTz8DfIFrdseirzJ2DxyOwyIL56+S2xvFTcc3JqCPKWQ1YdGOOVvHj2SNx
0jgzmOdOrosRUcwI2zzYF0m69qeeY/YRCCS0Y5GMtJNvRArZb7NXTMXyXwEm5lAH
XhYM77omBDylHIoMwJulxkKLNFnjo9PazV3kwj6tRpf5NAJfgQYMcc0mA86T0yx1
+trIt5PtwcGD5cDjHHCeIX2njq7+q/YMyxfv2Pr4dbjjBVlW9ezxI/3mQ7jn3F/0
NtieqqX6mj7uHHUizTk8dqyjuCcH0RWbhUm5UuuBOvHTU5rMjRHpvosPAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOgkHkTQjI9+JokrzdLq2j9n82HAMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvNkNRZVJOQ01qMzRtaVN2TjB1cmFQMmZ6WWNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+Ai
MA0GCSqGSIb3DQEBCwUAA4IBAQC2TdpsobnB0KerloAb61kmd1Dqy538y4z3S5dR
zhsAyTTdlMKOYsLvTuUqs7/03wOloTporMrVjnlUpYgvC4/SLlNv/HQOwJqIaI0F
dF4oL8Z7AQ1TOKWIuzvKR2Jzg+0bf4OpgtjZEii+GSqPzeO/u+foDCEWg8BSP2Sp
eOU7uY4VdgRGrb7m1Mahdlob44q3EqTkuzP7vZX2Rs6fcYkJYOxf8IvSe+VcPlUr
4wvpij/rceefOGjy9yeP4WIiKxmkCZzLsmnZ/fS29dTkCVGPsv1KeJaOMNAeJYwb
/y0mpMw/8n5skRt8aIqpE2tmPqsemp/n5O6jCkU+bWpts2S4
-----END CERTIFICATE-----