Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/6P8Phl4gzf-saQlnlRam8BuObHo.roa
File:                     6P8Phl4gzf-saQlnlRam8BuObHo.roa (raw, json)
Hash identifier:          EIMm6ohIGTZoOUhwVLQ1QSz6vSeipeWxvkz3rtjSZcQ=
Subject key identifier:   E8:FF:0F:86:5E:20:CD:FF:AC:69:09:67:95:16:A6:F0:1B:8E:6C:7A
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D366FE4C39B47F8EF231DB9783B47
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/6P8Phl4gzf-saQlnlRam8BuObHo.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208698
IP address blocks:        2a0e:aa07:f0d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:36:6f:e4:c3:9b:47:f8:ef:23:1d:b9:78:3b:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8ff0f865e20cdffac6909679516a6f01b8e6c7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:96:0d:ac:25:e4:07:cd:3c:dc:20:ea:01:6d:
                    29:0c:e3:e9:2e:b5:67:5d:0c:7d:54:f7:3b:2f:e0:
                    6d:a9:d7:95:85:53:2c:16:bb:c6:1c:89:37:2c:30:
                    ca:39:70:ec:fb:35:16:8a:bd:d9:3f:ab:88:fc:d6:
                    ed:c8:36:02:49:06:62:b0:56:b7:ac:c0:7a:e9:aa:
                    ce:b9:30:aa:4e:2b:3e:e2:c4:85:cd:f9:21:75:c7:
                    d1:1e:ce:6d:e7:c6:59:8d:a4:93:b7:3a:ac:26:d5:
                    61:e6:3c:b5:67:65:6b:55:8b:74:6c:40:7c:3d:5f:
                    85:f0:6b:40:d1:be:a0:4a:02:5e:63:79:c3:9c:0e:
                    e8:07:81:59:d8:9c:f7:ac:e8:ee:ef:d1:7a:dd:bc:
                    c2:a1:8b:df:f0:59:d3:ea:97:47:57:73:12:55:4b:
                    4b:16:92:37:ef:b4:0d:d0:aa:7a:d9:77:1b:19:7e:
                    c4:53:b9:90:e8:65:c2:7b:38:e1:22:89:41:ad:0b:
                    69:97:d8:80:51:11:82:2b:8d:90:19:a7:15:9d:e2:
                    4a:68:03:bf:2e:46:50:02:d1:76:38:65:33:0f:fb:
                    af:fc:5d:52:1a:3e:1a:9f:2c:b4:b3:cd:c7:81:ab:
                    32:04:1a:96:c8:fb:da:6f:8b:2c:f7:af:a4:e5:33:
                    77:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:FF:0F:86:5E:20:CD:FF:AC:69:09:67:95:16:A6:F0:1B:8E:6C:7A
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/6P8Phl4gzf-saQlnlRam8BuObHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:f0d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a6:e9:0c:7b:36:5b:f0:27:4c:e3:55:9c:1a:8f:60:8f:41:ef:
         cc:3e:0b:bd:95:17:74:88:83:f7:48:13:ba:dc:d5:cb:86:20:
         91:7f:5d:c2:8b:ab:3c:91:eb:4a:85:f9:18:e1:15:b0:4f:63:
         fb:42:2d:c1:3d:ac:98:fa:43:5d:fe:ec:22:32:d9:93:16:02:
         4c:85:1a:53:90:e4:d5:4c:8d:43:fb:4e:a7:db:f4:cb:5c:a8:
         d7:43:b5:83:27:20:56:39:45:ca:b8:f5:77:46:68:ea:56:7a:
         ee:ee:4a:da:7d:5b:bf:1c:02:7a:30:3b:9d:60:5e:20:06:9a:
         08:56:50:c2:e7:70:25:fb:8d:d7:b5:48:b0:7e:ea:f3:f9:f4:
         91:9e:19:28:72:d4:ac:68:3e:5c:ee:d9:62:aa:3f:b0:06:7b:
         55:9e:53:c2:e6:7a:51:63:0e:01:52:52:62:46:cc:e6:39:12:
         be:6e:e8:82:d5:57:f1:2e:2f:d2:44:25:e1:72:f9:24:a6:11:
         2c:d9:4b:c6:f9:0f:48:66:68:bd:7d:04:6c:66:53:27:3c:06:
         c0:a2:c5:f8:e4:a1:9f:21:66:0e:21:8c:b8:74:db:ab:49:07:
         01:ef:c4:78:1d:0e:cf:87:9b:04:19:ed:7d:3f:4b:7f:ca:66:
         8f:d5:d5:66
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbTZv5MObR/jvIx25eDtHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGZmMGY4NjVlMjBjZGZmYWM2OTA5Njc5NTE2YTZmMDFiOGU2YzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZYNrCXkB8083CDqAW0pDOPpLrVn
XQx9VPc7L+BtqdeVhVMsFrvGHIk3LDDKOXDs+zUWir3ZP6uI/NbtyDYCSQZisFa3
rMB66arOuTCqTis+4sSFzfkhdcfRHs5t58ZZjaSTtzqsJtVh5jy1Z2VrVYt0bEB8
PV+F8GtA0b6gSgJeY3nDnA7oB4FZ2Jz3rOju79F63bzCoYvf8FnT6pdHV3MSVUtL
FpI377QN0Kp62XcbGX7EU7mQ6GXCezjhIolBrQtpl9iAURGCK42QGacVneJKaAO/
LkZQAtF2OGUzD/uv/F1SGj4anyy0s83HgasyBBqWyPvab4ss96+k5TN3rwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOj/D4ZeIM3/rGkJZ5UWpvAbjmx6MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvNlA4UGhsNGd6Zi1zYVFsbmxSYW04QnVPYkhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB/DQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCm6Qx7NlvwJ0zjVZwaj2CPQe/MPgu9lRd0iIP3
SBO63NXLhiCRf13Ci6s8ketKhfkY4RWwT2P7Qi3BPayY+kNd/uwiMtmTFgJMhRpT
kOTVTI1D+06n2/TLXKjXQ7WDJyBWOUXKuPV3RmjqVnru7krafVu/HAJ6MDudYF4g
BpoIVlDC53Al+43XtUiwfurz+fSRnhkoctSsaD5c7tliqj+wBntVnlPC5npRYw4B
UlJiRszmORK+buiC1VfxLi/SRCXhcvkkphEs2UvG+Q9IZmi9fQRsZlMnPAbAosX4
5KGfIWYOIYy4dNurSQcB78R4HQ7Ph5sEGe19P0t/ymaP1dVm
-----END CERTIFICATE-----