Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/36e3cb-477e-4f5e-bd56-9102c3c05138/1/cW6pgAW6E9TNlsqAE1uA2qcU8bM.roa
File:                     cW6pgAW6E9TNlsqAE1uA2qcU8bM.roa (raw, json)
Hash identifier:          E4cyReKCF4aRius+sZJpiTi2AOL0e8e/xND/keteLQQ=
Subject key identifier:   71:6E:A9:80:05:BA:13:D4:CD:96:CA:80:13:5B:80:DA:A7:14:F1:B3
Certificate issuer:       /CN=599a740f4bc30a2c04cdcb3344af0d6a2d05a481
Certificate serial:       018CC8010B874BB668417F45207EC82B4411
Authority key identifier: 59:9A:74:0F:4B:C3:0A:2C:04:CD:CB:33:44:AF:0D:6A:2D:05:A4:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WZp0D0vDCiwEzcszRK8Nai0FpIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/36e3cb-477e-4f5e-bd56-9102c3c05138/1/cW6pgAW6E9TNlsqAE1uA2qcU8bM.roa
Signing time:             Tue 02 Jan 2024 02:29:20 +0000
ROA not before:           Tue 02 Jan 2024 02:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57295
IP address blocks:        2001:67c:2ba8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/36e3cb-477e-4f5e-bd56-9102c3c05138/1/WZp0D0vDCiwEzcszRK8Nai0FpIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/36e3cb-477e-4f5e-bd56-9102c3c05138/1/WZp0D0vDCiwEzcszRK8Nai0FpIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WZp0D0vDCiwEzcszRK8Nai0FpIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:0b:87:4b:b6:68:41:7f:45:20:7e:c8:2b:44:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=599a740f4bc30a2c04cdcb3344af0d6a2d05a481
        Validity
            Not Before: Jan  2 02:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=716ea98005ba13d4cd96ca80135b80daa714f1b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6b:31:41:f4:da:10:3a:14:a2:25:3b:68:a2:
                    71:fa:53:19:de:96:71:30:64:ef:1a:fd:00:94:0f:
                    73:b7:d9:e1:59:4a:3f:81:d4:4a:a7:41:28:11:e9:
                    ca:45:e8:95:3a:67:9e:70:b3:90:50:a4:82:04:2d:
                    34:5a:c9:f5:b4:d5:14:9f:7f:c8:bd:e4:7f:4f:06:
                    ec:a2:cb:6e:f8:cb:e8:52:16:0f:e8:b6:0a:c8:6d:
                    5e:49:bc:c2:3e:b5:8e:7f:4b:1e:a6:3f:14:77:48:
                    7c:5b:87:fb:a3:82:51:cc:d2:4e:aa:bd:a0:9e:1d:
                    36:dc:75:b5:a3:b9:56:f1:41:4f:94:45:4d:73:30:
                    94:2c:0a:e5:a1:33:d1:c2:58:23:bc:fb:95:89:cb:
                    a0:17:db:e9:36:6f:58:91:67:91:28:b5:11:bf:00:
                    e4:2f:bf:a6:00:76:a4:e3:3e:9b:3c:66:81:87:59:
                    dd:de:64:75:66:05:de:72:d4:4c:d6:ca:49:55:ff:
                    c6:c1:15:83:31:21:b3:a2:ec:c9:3c:df:ff:02:d7:
                    0d:10:86:81:c0:65:1d:2e:89:d0:68:a3:3b:25:ef:
                    33:78:12:7b:45:fb:c4:e8:01:e1:da:53:64:7e:5c:
                    7e:8c:9f:6e:b5:96:d3:ab:bb:4c:62:ce:22:39:b8:
                    f0:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:6E:A9:80:05:BA:13:D4:CD:96:CA:80:13:5B:80:DA:A7:14:F1:B3
            X509v3 Authority Key Identifier:
                keyid:59:9A:74:0F:4B:C3:0A:2C:04:CD:CB:33:44:AF:0D:6A:2D:05:A4:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WZp0D0vDCiwEzcszRK8Nai0FpIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/36e3cb-477e-4f5e-bd56-9102c3c05138/1/cW6pgAW6E9TNlsqAE1uA2qcU8bM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/36e3cb-477e-4f5e-bd56-9102c3c05138/1/WZp0D0vDCiwEzcszRK8Nai0FpIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2ba8::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:6f:4c:c2:f3:0f:be:8b:c1:b6:b1:e5:4f:2c:d0:77:b0:21:
         8a:43:f5:98:95:ce:67:e1:06:4e:32:a2:dd:dd:81:a6:cb:05:
         db:37:13:3d:9b:ed:06:fe:d0:fc:42:42:61:dd:b3:ca:e9:3b:
         ed:20:fd:e6:67:d1:7a:fd:e3:13:2c:b6:37:fb:42:b6:aa:9e:
         67:43:f0:65:60:d4:29:a4:6b:ab:0f:df:da:a7:76:22:ea:2a:
         9b:70:31:2b:c2:45:0c:23:ca:47:08:3c:cd:33:11:cb:9a:e5:
         4f:20:03:3e:03:da:cb:d2:bc:ff:a4:8e:b8:64:04:53:5d:a5:
         8e:e4:93:d8:14:18:a1:b2:91:91:15:f3:3c:85:42:1d:57:ca:
         08:84:15:b9:38:66:c1:e6:a0:ba:e3:f1:67:0f:ab:2f:37:80:
         a3:e8:d1:59:5f:62:5b:83:2c:e7:7c:46:9b:9b:ad:83:eb:f1:
         f5:dc:18:92:5e:3f:7c:fa:13:c7:7c:1b:87:e9:9d:eb:64:7b:
         f2:fb:e3:cc:cc:bb:34:90:b5:0d:59:05:5a:cb:a6:74:33:9b:
         3e:54:48:60:84:b7:bc:ee:8d:2e:ff:f1:53:13:22:51:c6:08:
         c9:d8:1a:33:bf:97:6d:61:03:31:b5:56:43:cb:94:80:d7:29:
         90:3c:a6:17
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAQuHS7ZoQX9FIH7IK0QRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5OWE3NDBmNGJjMzBhMmMwNGNkY2IzMzQ0YWYwZDZhMmQw
NWE0ODEwHhcNMjQwMTAyMDIyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTZlYTk4MDA1YmExM2Q0Y2Q5NmNhODAxMzViODBkYWE3MTRmMWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWsxQfTaEDoUoiU7aKJx+lMZ3pZx
MGTvGv0AlA9zt9nhWUo/gdRKp0EoEenKReiVOmeecLOQUKSCBC00Wsn1tNUUn3/I
veR/Twbsostu+MvoUhYP6LYKyG1eSbzCPrWOf0sepj8Ud0h8W4f7o4JRzNJOqr2g
nh023HW1o7lW8UFPlEVNczCULArloTPRwlgjvPuVicugF9vpNm9YkWeRKLURvwDk
L7+mAHak4z6bPGaBh1nd3mR1ZgXectRM1spJVf/GwRWDMSGzouzJPN//AtcNEIaB
wGUdLonQaKM7Je8zeBJ7RfvE6AHh2lNkflx+jJ9utZbTq7tMYs4iObjw6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHFuqYAFuhPUzZbKgBNbgNqnFPGzMB8GA1UdIwQY
MBaAFFmadA9LwwosBM3LM0SvDWotBaSBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1pwMEQwdkRDaXdFemNzelJLOE5haTBGcElFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8zNmUzY2ItNDc3ZS00ZjVlLWJkNTYt
OTEwMmMzYzA1MTM4LzEvY1c2cGdBVzZFOVRObHNxQUUxdUEycWNVOGJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8zNmUzY2ItNDc3ZS00ZjVlLWJkNTYtOTEwMmMzYzA1MTM4
LzEvV1pwMEQwdkRDaXdFemNzelJLOE5haTBGcElFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCuo
MA0GCSqGSIb3DQEBCwUAA4IBAQALb0zC8w++i8G2seVPLNB3sCGKQ/WYlc5n4QZO
MqLd3YGmywXbNxM9m+0G/tD8QkJh3bPK6TvtIP3mZ9F6/eMTLLY3+0K2qp5nQ/Bl
YNQppGurD9/ap3Yi6iqbcDErwkUMI8pHCDzNMxHLmuVPIAM+A9rL0rz/pI64ZART
XaWO5JPYFBihspGRFfM8hUIdV8oIhBW5OGbB5qC64/FnD6svN4Cj6NFZX2Jbgyzn
fEabm62D6/H13BiSXj98+hPHfBuH6Z3rZHvy++PMzLs0kLUNWQVay6Z0M5s+VEhg
hLe87o0u//FTEyJRxgjJ2Bozv5dtYQMxtVZDy5SA1ymQPKYX
-----END CERTIFICATE-----