Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/srmmTgMLRm0CPG-BIhv3UaX0v5o.roa
File:                     srmmTgMLRm0CPG-BIhv3UaX0v5o.roa (raw, json)
Hash identifier:          2EBtvsAQd40gI/7hx9Lx0d+6jJaV2g8ODlw/2OMbsCc=
Subject key identifier:   B2:B9:A6:4E:03:0B:46:6D:02:3C:6F:81:22:1B:F7:51:A5:F4:BF:9A
Certificate issuer:       /CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
Certificate serial:       018CC26D1C4C2AAB9FB83EB81C53B2C2265A
Authority key identifier: EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/srmmTgMLRm0CPG-BIhv3UaX0v5o.roa
Signing time:             Mon 01 Jan 2024 00:29:39 +0000
ROA not before:           Mon 01 Jan 2024 00:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60915
IP address blocks:        2001:6d0:4004::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 23:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1c:4c:2a:ab:9f:b8:3e:b8:1c:53:b2:c2:26:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
        Validity
            Not Before: Jan  1 00:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2b9a64e030b466d023c6f81221bf751a5f4bf9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:25:5a:31:b3:b9:ce:f4:54:50:5d:42:f2:dc:
                    cd:f3:ad:ec:a9:db:09:10:13:82:d9:1f:0f:26:f8:
                    6c:92:3c:66:b6:e4:c0:95:1e:1b:ce:8f:f4:23:09:
                    27:73:f8:b9:96:85:a0:4d:1b:2b:01:ae:63:6f:0a:
                    90:9e:60:25:b5:c5:ab:90:66:b7:8d:9c:26:d2:eb:
                    88:e0:dc:0f:a3:87:a8:1b:c4:a8:5d:79:5e:3c:11:
                    7b:a9:6a:80:58:31:09:65:db:a1:dc:e9:ef:0b:27:
                    df:b0:cb:3f:30:b8:fa:2e:22:e0:e5:36:b0:ef:30:
                    66:b1:e4:f2:17:f9:b5:c6:92:3b:66:5d:c2:cd:79:
                    f4:f5:bb:b1:5d:cb:30:9e:1b:81:0c:67:c8:cd:35:
                    91:c6:37:27:b6:a6:a5:2a:ff:3f:ab:86:49:8f:5a:
                    b8:fd:66:a6:bd:0a:fc:4b:f9:3f:cb:ea:fb:e2:79:
                    d7:e2:2d:b0:b0:d8:bd:b3:01:da:f0:3b:87:9c:b7:
                    4e:e8:4c:44:1d:a2:38:34:1f:c7:87:47:3c:1a:0c:
                    c8:eb:a2:57:e2:f0:e5:3f:21:d5:94:9b:0a:d6:6e:
                    26:37:c3:18:21:78:b9:37:9d:94:91:5d:05:d5:4a:
                    e5:9c:01:ba:9e:ad:60:2c:3d:a2:4c:bb:f9:76:7b:
                    99:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:B9:A6:4E:03:0B:46:6D:02:3C:6F:81:22:1B:F7:51:A5:F4:BF:9A
            X509v3 Authority Key Identifier:
                keyid:EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/srmmTgMLRm0CPG-BIhv3UaX0v5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:6d0:4004::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:09:fa:e4:76:81:b8:ff:bf:de:a0:14:95:60:be:71:6b:3c:
         42:12:46:9a:27:df:9e:b8:f1:b4:df:a8:82:c6:42:3b:27:c6:
         ba:12:84:18:d0:5c:85:df:89:3b:68:37:11:02:4d:4c:74:10:
         f0:bb:ac:ff:3f:e0:e0:97:0b:7d:22:13:c0:19:00:68:fd:ad:
         97:aa:ce:84:6d:f1:5d:33:48:70:98:90:06:ea:63:aa:a6:90:
         a8:e8:b2:63:25:35:83:ce:03:d0:26:c3:7c:6d:f4:6f:f5:20:
         1e:16:30:43:f3:6d:f2:33:dd:67:a5:47:93:eb:51:02:4f:34:
         f5:b5:38:14:21:b2:99:52:c0:4f:55:a1:33:6b:8c:9a:b2:d3:
         c6:96:2f:c0:07:46:66:85:0f:92:a6:25:59:d1:9d:99:aa:8b:
         2d:9c:24:e7:50:dc:af:ad:82:fd:d6:72:7f:1e:04:10:0d:8e:
         2d:15:08:83:d4:8f:61:d7:02:4c:2b:93:49:88:93:22:bf:b9:
         cb:79:86:aa:32:dc:37:70:12:da:a0:47:e2:d3:3f:c4:6e:c8:
         e0:f6:e7:d4:fd:62:91:10:57:ac:88:23:75:75:3d:67:c3:58:
         13:8c:e7:a2:c8:05:83:ac:7b:2d:0b:81:79:10:c7:19:eb:e3:
         6f:f8:13:a8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbRxMKqufuD64HFOywiZaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMWM2NjViMDM4NjkyYjkzYmRmNWQxZDhmM2NlYTNlOTg2
OTdhMDMwHhcNMjQwMTAxMDAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmI5YTY0ZTAzMGI0NjZkMDIzYzZmODEyMjFiZjc1MWE1ZjRiZjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiVaMbO5zvRUUF1C8tzN863sqdsJ
EBOC2R8PJvhskjxmtuTAlR4bzo/0Iwknc/i5loWgTRsrAa5jbwqQnmAltcWrkGa3
jZwm0uuI4NwPo4eoG8SoXXlePBF7qWqAWDEJZduh3OnvCyffsMs/MLj6LiLg5Taw
7zBmseTyF/m1xpI7Zl3CzXn09buxXcswnhuBDGfIzTWRxjcntqalKv8/q4ZJj1q4
/WamvQr8S/k/y+r74nnX4i2wsNi9swHa8DuHnLdO6ExEHaI4NB/Hh0c8GgzI66JX
4vDlPyHVlJsK1m4mN8MYIXi5N52UkV0F1UrlnAG6nq1gLD2iTLv5dnuZHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLK5pk4DC0ZtAjxvgSIb91Gl9L+aMB8GA1UdIwQY
MBaAFO8cZlsDhpK5O99dHY886j6YaXoDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAt
Njg4ZDMzM2VkOWQ1LzEvc3JtbVRnTUxSbTBDUEctQklodjNVYVgwdjVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAtNjg4ZDMzM2VkOWQ1
LzEvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEG0EAE
MA0GCSqGSIb3DQEBCwUAA4IBAQB5CfrkdoG4/7/eoBSVYL5xazxCEkaaJ9+euPG0
36iCxkI7J8a6EoQY0FyF34k7aDcRAk1MdBDwu6z/P+Dglwt9IhPAGQBo/a2Xqs6E
bfFdM0hwmJAG6mOqppCo6LJjJTWDzgPQJsN8bfRv9SAeFjBD823yM91npUeT61EC
TzT1tTgUIbKZUsBPVaEza4yastPGli/AB0ZmhQ+SpiVZ0Z2ZqostnCTnUNyvrYL9
1nJ/HgQQDY4tFQiD1I9h1wJMK5NJiJMiv7nLeYaqMtw3cBLaoEfi0z/Ebsjg9ufU
/WKREFesiCN1dT1nw1gTjOeiyAWDrHstC4F5EMcZ6+Nv+BOo
-----END CERTIFICATE-----