Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/1b645c-50e2-408b-be68-4eb383ff13b9/1/6LutgqR6q4o7_5UE-NRjJCPX8xM.roa
File:                     6LutgqR6q4o7_5UE-NRjJCPX8xM.roa (raw, json)
Hash identifier:          9cvxYnbAPLQ+DK6e1jAH/dJZYY+/cogrV/TOPQYtgl0=
Subject key identifier:   E8:BB:AD:82:A4:7A:AB:8A:3B:FF:95:04:F8:D4:63:24:23:D7:F3:13
Certificate issuer:       /CN=f76be99e8be2c5400d010542bf2058bdbb88502d
Certificate serial:       018CC4244BB48CEC7ED1968FE0F3FF07D37C
Authority key identifier: F7:6B:E9:9E:8B:E2:C5:40:0D:01:05:42:BF:20:58:BD:BB:88:50:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92vpnovixUANAQVCvyBYvbuIUC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/1b645c-50e2-408b-be68-4eb383ff13b9/1/6LutgqR6q4o7_5UE-NRjJCPX8xM.roa
Signing time:             Mon 01 Jan 2024 08:29:22 +0000
ROA not before:           Mon 01 Jan 2024 08:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212925
IP address blocks:        2001:67c:8fc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/1b645c-50e2-408b-be68-4eb383ff13b9/1/92vpnovixUANAQVCvyBYvbuIUC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/1b645c-50e2-408b-be68-4eb383ff13b9/1/92vpnovixUANAQVCvyBYvbuIUC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92vpnovixUANAQVCvyBYvbuIUC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:4b:b4:8c:ec:7e:d1:96:8f:e0:f3:ff:07:d3:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f76be99e8be2c5400d010542bf2058bdbb88502d
        Validity
            Not Before: Jan  1 08:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8bbad82a47aab8a3bff9504f8d4632423d7f313
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:3a:79:0a:90:91:c2:08:64:37:9f:50:66:13:
                    24:c3:24:38:76:5a:f9:63:ec:b2:e3:ca:f5:d8:de:
                    4b:b4:75:b4:41:94:14:64:3a:72:b1:c7:a7:d6:c7:
                    e0:01:44:21:0e:05:79:dc:a0:df:85:0f:15:bd:6b:
                    83:af:9e:e7:05:f1:ac:3c:84:6d:1c:00:21:af:08:
                    ec:1e:7a:ce:1d:4f:ec:1a:35:43:c5:ea:a2:b2:1c:
                    e0:39:e0:c5:a8:f9:51:7a:b7:4f:a0:4b:0d:61:6d:
                    2e:eb:8c:d9:81:d1:0e:4b:fa:b1:dd:2d:c4:e2:13:
                    e5:1b:cb:da:2c:c6:6c:2d:0b:78:57:90:f1:e9:8c:
                    28:19:ef:ab:1f:26:4e:cc:2f:ef:b4:e7:ad:d4:8c:
                    57:68:52:ff:f0:e5:43:c1:b2:d8:e7:09:65:8b:a9:
                    58:e8:cb:73:46:06:de:4d:3c:6d:84:83:68:0e:b1:
                    79:b1:c6:18:65:fd:ef:6d:e4:65:eb:2f:25:4f:20:
                    2b:69:54:ca:61:bd:ea:3c:8e:ff:0a:1e:94:55:cd:
                    9d:e2:27:2c:ac:d5:1e:fe:2a:37:ae:9c:ff:ec:5e:
                    07:61:59:0d:dc:32:1c:20:fb:bd:1a:cb:fa:9e:56:
                    14:a6:ae:e5:51:2d:49:fb:42:e4:1a:df:46:e8:2f:
                    bb:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:BB:AD:82:A4:7A:AB:8A:3B:FF:95:04:F8:D4:63:24:23:D7:F3:13
            X509v3 Authority Key Identifier:
                keyid:F7:6B:E9:9E:8B:E2:C5:40:0D:01:05:42:BF:20:58:BD:BB:88:50:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92vpnovixUANAQVCvyBYvbuIUC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/1b645c-50e2-408b-be68-4eb383ff13b9/1/6LutgqR6q4o7_5UE-NRjJCPX8xM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/1b645c-50e2-408b-be68-4eb383ff13b9/1/92vpnovixUANAQVCvyBYvbuIUC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:8fc::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:30:9b:aa:52:1a:ac:d0:40:ef:68:71:ce:2a:ff:a3:9d:3e:
         d2:c2:d9:81:73:97:69:92:81:b1:1b:2e:1c:38:84:c2:a2:cd:
         13:72:08:46:58:56:d4:bc:1c:9d:ca:93:b4:a8:ed:77:e5:f6:
         8b:11:37:1f:0f:23:76:c0:ec:44:05:9b:f6:92:e6:05:f1:d0:
         bb:92:24:87:06:13:b1:ab:d9:09:0e:56:c0:76:84:52:87:25:
         c7:ab:09:a4:ce:d0:50:93:0d:3f:70:83:62:d9:ed:29:b4:7c:
         05:a0:c9:a0:10:ec:cc:10:36:34:ee:43:b5:7b:04:e7:ee:69:
         be:e3:bd:f8:b2:4a:84:82:e8:67:91:b0:60:62:eb:db:5c:6f:
         a8:5b:b9:12:6f:99:2b:26:2c:56:e0:86:e9:d9:e3:04:ca:f1:
         e0:72:45:68:98:3b:9f:be:f1:94:79:1a:4a:04:0c:aa:4c:99:
         64:ee:78:50:6e:da:56:9c:47:e0:80:36:29:2a:01:5d:72:9b:
         62:54:1d:fd:81:57:7b:84:bd:50:3d:5f:a7:0a:d9:2b:5e:44:
         ba:31:c7:fb:63:76:cd:85:0c:88:ec:ab:19:36:73:1d:f8:82:
         04:53:03:b1:3b:da:74:03:7d:21:67:86:b0:2b:50:7f:06:87:
         e0:dd:3d:69
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJEu0jOx+0ZaP4PP/B9N8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NmJlOTllOGJlMmM1NDAwZDAxMDU0MmJmMjA1OGJkYmI4
ODUwMmQwHhcNMjQwMTAxMDgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGJiYWQ4MmE0N2FhYjhhM2JmZjk1MDRmOGQ0NjMyNDIzZDdmMzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTp5CpCRwghkN59QZhMkwyQ4dlr5
Y+yy48r12N5LtHW0QZQUZDpyscen1sfgAUQhDgV53KDfhQ8VvWuDr57nBfGsPIRt
HAAhrwjsHnrOHU/sGjVDxeqishzgOeDFqPlRerdPoEsNYW0u64zZgdEOS/qx3S3E
4hPlG8vaLMZsLQt4V5Dx6YwoGe+rHyZOzC/vtOet1IxXaFL/8OVDwbLY5wlli6lY
6MtzRgbeTTxthINoDrF5scYYZf3vbeRl6y8lTyAraVTKYb3qPI7/Ch6UVc2d4ics
rNUe/io3rpz/7F4HYVkN3DIcIPu9Gsv6nlYUpq7lUS1J+0LkGt9G6C+7IwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOi7rYKkequKO/+VBPjUYyQj1/MTMB8GA1UdIwQY
MBaAFPdr6Z6L4sVADQEFQr8gWL27iFAtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTJ2cG5vdml4VUFOQVFWQ3Z5Qll2YnVJVUMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8xYjY0NWMtNTBlMi00MDhiLWJlNjgt
NGViMzgzZmYxM2I5LzEvNkx1dGdxUjZxNG83XzVVRS1OUmpKQ1BYOHhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8xYjY0NWMtNTBlMi00MDhiLWJlNjgtNGViMzgzZmYxM2I5
LzEvOTJ2cG5vdml4VUFOQVFWQ3Z5Qll2YnVJVUMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAj8
MA0GCSqGSIb3DQEBCwUAA4IBAQBzMJuqUhqs0EDvaHHOKv+jnT7SwtmBc5dpkoGx
Gy4cOITCos0TcghGWFbUvBydypO0qO135faLETcfDyN2wOxEBZv2kuYF8dC7kiSH
BhOxq9kJDlbAdoRShyXHqwmkztBQkw0/cINi2e0ptHwFoMmgEOzMEDY07kO1ewTn
7mm+4734skqEguhnkbBgYuvbXG+oW7kSb5krJixW4Ibp2eMEyvHgckVomDufvvGU
eRpKBAyqTJlk7nhQbtpWnEfggDYpKgFdcptiVB39gVd7hL1QPV+nCtkrXkS6Mcf7
Y3bNhQyI7KsZNnMd+IIEUwOxO9p0A30hZ4awK1B/Bofg3T1p
-----END CERTIFICATE-----