Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/6SkkDmz0ggYjJJ4u9D5YBEyZiIk.roa
File:                     6SkkDmz0ggYjJJ4u9D5YBEyZiIk.roa (raw, json)
Hash identifier:          PI4G/ZjbmXk+tfJM35QLQIFBOqizN+krEtgyQxw4fWE=
Subject key identifier:   E9:29:24:0E:6C:F4:82:06:23:24:9E:2E:F4:3E:58:04:4C:99:88:89
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D4582BF5AFCAF100315E0EF78DE61
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/6SkkDmz0ggYjJJ4u9D5YBEyZiIk.roa
Signing time:             Mon 01 Jan 2024 00:29:50 +0000
ROA not before:           Mon 01 Jan 2024 00:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212916
IP address blocks:        2a0e:aa07:e011::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:45:82:bf:5a:fc:af:10:03:15:e0:ef:78:de:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e929240e6cf4820623249e2ef43e58044c998889
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2e:02:63:74:a6:86:3d:5a:d5:9c:f1:7a:a1:
                    d7:71:76:81:da:d4:e4:db:b2:f7:1d:62:7a:45:35:
                    5e:78:06:79:f2:83:69:b6:05:11:9c:50:4a:7c:2f:
                    d6:59:ce:bb:a3:94:5b:46:a7:1a:88:e6:ec:19:1c:
                    b9:92:6c:fb:e6:78:ed:cc:cd:71:db:c7:fd:a0:01:
                    7b:ef:cd:50:3a:be:2c:a0:1b:56:90:3f:66:3d:19:
                    9b:ce:af:c4:ce:1f:33:ca:07:bc:c8:e3:59:0c:e3:
                    a8:63:aa:f8:ba:72:ef:5c:4a:12:50:1e:de:a8:b6:
                    e0:9e:31:96:3c:e1:2f:26:74:3a:71:89:47:69:09:
                    4a:ea:97:76:61:39:d9:ad:53:75:f2:b7:af:88:b1:
                    d1:63:fb:17:64:bb:6e:d8:7b:94:b0:a4:2a:45:33:
                    31:0c:70:85:7b:40:3f:1e:69:67:13:8f:c7:08:51:
                    42:c5:4b:92:50:20:ff:b5:f0:81:56:dd:3e:8e:06:
                    c0:1a:92:2e:15:c0:ca:40:ee:0f:92:a7:12:b6:ad:
                    85:79:e3:a6:ba:a2:fe:1f:30:f6:de:5d:31:ec:e8:
                    f1:f2:ef:4c:5b:28:29:d2:95:77:94:c1:b4:62:21:
                    c1:9e:1c:6f:f0:a9:cd:3a:d7:13:04:11:1f:0f:d3:
                    41:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:29:24:0E:6C:F4:82:06:23:24:9E:2E:F4:3E:58:04:4C:99:88:89
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/6SkkDmz0ggYjJJ4u9D5YBEyZiIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e011::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:b9:0b:b8:3b:64:cf:19:43:42:bd:41:6c:65:f6:3d:8d:c7:
         f9:84:34:c7:f3:66:e0:4e:f7:53:1b:20:c9:04:fc:42:74:a2:
         b3:40:20:4d:c7:d6:99:3f:74:49:d3:db:07:ae:cf:f3:38:e8:
         ff:0d:c6:c1:6e:ca:79:84:0e:36:04:c1:f2:9f:b6:be:98:5a:
         e7:c6:55:a8:99:8c:fc:2e:22:41:f3:84:09:e7:fb:e8:fd:68:
         b8:cc:c0:68:41:0d:cd:77:d8:c2:0e:fc:39:75:fe:bd:3f:9e:
         7a:c6:5e:f0:9c:86:13:81:34:1f:13:bc:ef:9d:66:71:04:38:
         2f:2b:13:b0:b2:81:54:7a:1a:e1:68:0e:51:08:08:04:a6:07:
         35:03:97:51:df:a8:52:fc:d4:92:26:bb:e7:48:30:30:49:2c:
         71:54:52:38:44:0d:cf:ad:68:18:d2:38:0b:82:9a:6f:d2:9e:
         15:fe:0b:0c:9f:7d:e7:db:47:42:df:1d:71:c7:a6:d5:27:86:
         26:d9:fe:b6:4a:d3:29:0a:af:72:81:02:47:56:97:45:ac:e5:
         1e:78:eb:67:e3:f2:21:b7:38:ce:67:62:de:fd:35:1d:b1:7c:
         88:a4:29:d8:de:41:23:68:4a:61:17:1a:be:49:3d:15:ac:99:
         f4:46:36:f6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbUWCv1r8rxADFeDveN5hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTI5MjQwZTZjZjQ4MjA2MjMyNDllMmVmNDNlNTgwNDRjOTk4ODg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAli4CY3Smhj1a1ZzxeqHXcXaB2tTk
27L3HWJ6RTVeeAZ58oNptgURnFBKfC/WWc67o5RbRqcaiObsGRy5kmz75njtzM1x
28f9oAF7781QOr4soBtWkD9mPRmbzq/Ezh8zyge8yONZDOOoY6r4unLvXEoSUB7e
qLbgnjGWPOEvJnQ6cYlHaQlK6pd2YTnZrVN18reviLHRY/sXZLtu2HuUsKQqRTMx
DHCFe0A/HmlnE4/HCFFCxUuSUCD/tfCBVt0+jgbAGpIuFcDKQO4PkqcStq2FeeOm
uqL+HzD23l0x7Ojx8u9MWygp0pV3lMG0YiHBnhxv8KnNOtcTBBEfD9NB8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOkpJA5s9IIGIySeLvQ+WARMmYiJMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvNlNra0RtejBnZ1lqSko0dTlENVlCRXlaaUlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+AR
MA0GCSqGSIb3DQEBCwUAA4IBAQB6uQu4O2TPGUNCvUFsZfY9jcf5hDTH82bgTvdT
GyDJBPxCdKKzQCBNx9aZP3RJ09sHrs/zOOj/DcbBbsp5hA42BMHyn7a+mFrnxlWo
mYz8LiJB84QJ5/vo/Wi4zMBoQQ3Nd9jCDvw5df69P556xl7wnIYTgTQfE7zvnWZx
BDgvKxOwsoFUehrhaA5RCAgEpgc1A5dR36hS/NSSJrvnSDAwSSxxVFI4RA3PrWgY
0jgLgppv0p4V/gsMn33n20dC3x1xx6bVJ4Ym2f62StMpCq9ygQJHVpdFrOUeeOtn
4/IhtzjOZ2Le/TUdsXyIpCnY3kEjaEphFxq+ST0VrJn0Rjb2
-----END CERTIFICATE-----