Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/e76701-9873-4fe0-9b71-f89bcff6959f/1/6QLyHwfElo31BT2Y33HHj_XU8Yo.roa
File:                     6QLyHwfElo31BT2Y33HHj_XU8Yo.roa (raw, json)
Hash identifier:          m/bmxl9cIRk2im4KUHNS8fXj3RABfjc3GUsvl44wreU=
Subject key identifier:   E9:02:F2:1F:07:C4:96:8D:F5:05:3D:98:DF:71:C7:8F:F5:D4:F1:8A
Certificate issuer:       /CN=e738a5f93064239ab4ff793df8a879e1baa8e1c7
Certificate serial:       018CC3B6F388F1E02A8833BAE26602F64614
Authority key identifier: E7:38:A5:F9:30:64:23:9A:B4:FF:79:3D:F8:A8:79:E1:BA:A8:E1:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5zil-TBkI5q0_3k9-Kh54bqo4cc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/e76701-9873-4fe0-9b71-f89bcff6959f/1/6QLyHwfElo31BT2Y33HHj_XU8Yo.roa
Signing time:             Mon 01 Jan 2024 06:29:56 +0000
ROA not before:           Mon 01 Jan 2024 06:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212596
IP address blocks:        2001:678:e60::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/e76701-9873-4fe0-9b71-f89bcff6959f/1/5zil-TBkI5q0_3k9-Kh54bqo4cc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/e76701-9873-4fe0-9b71-f89bcff6959f/1/5zil-TBkI5q0_3k9-Kh54bqo4cc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5zil-TBkI5q0_3k9-Kh54bqo4cc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 15:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f3:88:f1:e0:2a:88:33:ba:e2:66:02:f6:46:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e738a5f93064239ab4ff793df8a879e1baa8e1c7
        Validity
            Not Before: Jan  1 06:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e902f21f07c4968df5053d98df71c78ff5d4f18a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:8f:10:9a:66:6c:53:fa:8c:51:d6:3a:c0:fd:
                    64:a9:c4:6d:e1:f3:d4:20:4a:81:50:b1:52:7d:fa:
                    6f:94:47:cc:1e:db:ec:6c:31:d4:26:ed:d3:c9:69:
                    13:e5:36:da:6c:fd:89:a6:9a:68:11:2e:09:ea:ad:
                    60:ec:6c:cd:4d:55:b1:d9:7a:f1:7a:6c:c9:f8:7d:
                    3c:c3:ac:fd:7d:5d:ad:32:89:de:e9:29:d1:ee:e7:
                    f6:2c:ae:e8:db:5d:05:5b:f7:cd:42:5f:ea:0c:af:
                    3a:e5:32:6e:fa:37:75:98:43:d3:3d:a2:2d:31:fd:
                    16:1e:d7:05:ff:18:10:a9:c6:59:8e:c7:9e:3a:18:
                    9e:ac:61:d3:7f:22:34:92:d7:75:33:25:65:f6:54:
                    f1:99:46:3c:00:6e:a4:e4:a2:33:5e:f7:d5:50:d8:
                    27:b6:11:52:92:0f:8a:13:34:11:1f:88:f4:04:7c:
                    12:8e:87:7d:4f:49:cf:f2:3b:87:6a:57:a4:1c:17:
                    65:ef:fc:28:68:d5:85:4e:09:69:c9:00:90:26:21:
                    7b:80:00:7c:cd:47:ae:ff:bb:5f:3e:8a:41:e1:f1:
                    86:60:c3:89:20:21:ee:8f:5e:b0:9e:c4:6f:6f:1d:
                    0c:30:a2:2b:b3:d6:9b:85:08:de:de:26:9b:af:aa:
                    cd:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:02:F2:1F:07:C4:96:8D:F5:05:3D:98:DF:71:C7:8F:F5:D4:F1:8A
            X509v3 Authority Key Identifier:
                keyid:E7:38:A5:F9:30:64:23:9A:B4:FF:79:3D:F8:A8:79:E1:BA:A8:E1:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5zil-TBkI5q0_3k9-Kh54bqo4cc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/e76701-9873-4fe0-9b71-f89bcff6959f/1/6QLyHwfElo31BT2Y33HHj_XU8Yo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/e76701-9873-4fe0-9b71-f89bcff6959f/1/5zil-TBkI5q0_3k9-Kh54bqo4cc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:e60::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:37:84:ce:20:69:83:61:15:6b:b8:d9:e7:b8:89:4f:0a:86:
         12:b9:3c:85:97:cc:c1:be:8d:3a:e5:c9:0e:cc:d3:5b:ec:59:
         26:2e:b5:45:10:b4:4b:54:71:74:c3:87:3e:5f:df:2b:91:02:
         84:dc:5e:72:b2:9e:44:9c:f8:73:c1:8b:36:b4:f6:34:f8:84:
         b7:6f:3e:5d:90:18:51:7b:c5:46:05:d3:b3:3b:d4:9b:e4:7e:
         23:61:c4:4c:e6:81:38:1b:28:e6:00:5b:8b:b0:7a:27:f7:b6:
         ca:d6:a7:6f:2d:34:6c:4e:f1:fa:f8:73:40:19:29:55:24:ae:
         c8:80:7e:03:60:12:df:0d:c2:21:dd:1f:ba:72:5e:24:64:a5:
         36:03:eb:78:2a:07:57:52:ee:6b:71:3f:37:de:ce:dc:20:52:
         d4:17:96:8b:44:03:f2:0d:5a:62:a5:3c:52:bd:a6:0a:eb:c9:
         13:dd:67:b9:9a:b9:44:8e:58:44:c1:f6:6a:3c:cd:43:9a:39:
         5b:a0:32:4e:c6:b0:d8:b6:ba:0f:9a:dd:f2:d5:20:d5:eb:89:
         72:1a:3e:11:1d:bc:ce:2c:c1:56:b6:c8:bb:a2:ff:c9:95:d6:
         3b:12:29:37:b3:6b:fe:24:b2:c5:c6:4a:72:8b:22:a4:5a:15:
         d3:c4:00:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtvOI8eAqiDO64mYC9kYUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MzhhNWY5MzA2NDIzOWFiNGZmNzkzZGY4YTg3OWUxYmFh
OGUxYzcwHhcNMjQwMTAxMDYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTAyZjIxZjA3YzQ5NjhkZjUwNTNkOThkZjcxYzc4ZmY1ZDRmMThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnI8QmmZsU/qMUdY6wP1kqcRt4fPU
IEqBULFSffpvlEfMHtvsbDHUJu3TyWkT5TbabP2JpppoES4J6q1g7GzNTVWx2Xrx
emzJ+H08w6z9fV2tMone6SnR7uf2LK7o210FW/fNQl/qDK865TJu+jd1mEPTPaIt
Mf0WHtcF/xgQqcZZjseeOhierGHTfyI0ktd1MyVl9lTxmUY8AG6k5KIzXvfVUNgn
thFSkg+KEzQRH4j0BHwSjod9T0nP8juHalekHBdl7/woaNWFTglpyQCQJiF7gAB8
zUeu/7tfPopB4fGGYMOJICHuj16wnsRvbx0MMKIrs9abhQje3iabr6rN1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOkC8h8HxJaN9QU9mN9xx4/11PGKMB8GA1UdIwQY
MBaAFOc4pfkwZCOatP95PfioeeG6qOHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXppbC1UQmtJNXEwXzNrOS1LaDU0YnFvNGNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9lNzY3MDEtOTg3My00ZmUwLTliNzEt
Zjg5YmNmZjY5NTlmLzEvNlFMeUh3ZkVsbzMxQlQyWTMzSEhqX1hVOFlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9lNzY3MDEtOTg3My00ZmUwLTliNzEtZjg5YmNmZjY5NTlm
LzEvNXppbC1UQmtJNXEwXzNrOS1LaDU0YnFvNGNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA5g
MA0GCSqGSIb3DQEBCwUAA4IBAQAbN4TOIGmDYRVruNnnuIlPCoYSuTyFl8zBvo06
5ckOzNNb7FkmLrVFELRLVHF0w4c+X98rkQKE3F5ysp5EnPhzwYs2tPY0+IS3bz5d
kBhRe8VGBdOzO9Sb5H4jYcRM5oE4GyjmAFuLsHon97bK1qdvLTRsTvH6+HNAGSlV
JK7IgH4DYBLfDcIh3R+6cl4kZKU2A+t4KgdXUu5rcT833s7cIFLUF5aLRAPyDVpi
pTxSvaYK68kT3We5mrlEjlhEwfZqPM1DmjlboDJOxrDYtroPmt3y1SDV64lyGj4R
HbzOLMFWtsi7ov/JldY7Eik3s2v+JLLFxkpyiyKkWhXTxAB3
-----END CERTIFICATE-----