Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/777746-fbef-4e58-afdf-b551e49435a2/1/7FMDlnM-DdKowYPnlEMjKhTfX0A.roa
File:                     7FMDlnM-DdKowYPnlEMjKhTfX0A.roa (raw, json)
Hash identifier:          2vr8MGX0j/hoNg1Or9iP3izFGPt+ptD29LUgQy2FP8w=
Subject key identifier:   EC:53:03:96:73:3E:0D:D2:A8:C1:83:E7:94:43:23:2A:14:DF:5F:40
Certificate issuer:       /CN=6b19d1bcac752312ec4de6f5bd39acce32ab6bd6
Certificate serial:       018CC3B6EEC3729AA5459D423CD3374026B8
Authority key identifier: 6B:19:D1:BC:AC:75:23:12:EC:4D:E6:F5:BD:39:AC:CE:32:AB:6B:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/axnRvKx1IxLsTeb1vTmszjKra9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/777746-fbef-4e58-afdf-b551e49435a2/1/7FMDlnM-DdKowYPnlEMjKhTfX0A.roa
Signing time:             Mon 01 Jan 2024 06:29:54 +0000
ROA not before:           Mon 01 Jan 2024 06:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60918
IP address blocks:        2001:67c:1720::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/777746-fbef-4e58-afdf-b551e49435a2/1/axnRvKx1IxLsTeb1vTmszjKra9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/777746-fbef-4e58-afdf-b551e49435a2/1/axnRvKx1IxLsTeb1vTmszjKra9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/axnRvKx1IxLsTeb1vTmszjKra9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jul 2024 20:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ee:c3:72:9a:a5:45:9d:42:3c:d3:37:40:26:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b19d1bcac752312ec4de6f5bd39acce32ab6bd6
        Validity
            Not Before: Jan  1 06:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec530396733e0dd2a8c183e79443232a14df5f40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:64:1b:3e:ba:4e:44:8e:41:1a:ac:4b:8f:a6:
                    c9:3e:4f:a0:d9:1b:14:7c:ee:e3:ca:32:0a:71:34:
                    d8:d3:ec:3b:4a:a8:69:bb:44:c6:08:56:cc:cb:c5:
                    6e:09:b5:22:63:c2:ea:33:35:37:33:85:91:51:c2:
                    46:3f:d5:aa:d1:a4:42:f9:db:86:57:29:02:b3:dc:
                    11:85:0e:e0:75:76:bd:73:df:64:7c:31:98:8e:c0:
                    28:f3:79:07:9c:00:fe:0a:28:f8:99:09:f2:f7:14:
                    a1:c1:49:8c:58:b0:a8:0a:fa:a4:4e:56:e8:ea:32:
                    d7:b1:5b:2a:f4:a6:20:5a:ad:c7:5a:ae:c6:3f:32:
                    e7:a0:87:9f:a7:4d:fe:bc:2d:1c:43:e4:08:7e:0d:
                    e0:2e:8f:d8:71:b7:cf:11:64:4b:9a:21:17:a3:ce:
                    c9:ce:85:24:57:63:43:e1:27:ba:06:24:38:61:05:
                    30:27:c0:a0:a8:dc:56:15:01:f9:3e:70:f6:19:73:
                    47:dc:d8:9f:c5:d1:a1:65:be:bb:d8:3a:b4:7b:17:
                    ba:ad:8c:a1:f1:c0:df:5f:e2:58:6c:58:f0:3b:d3:
                    32:b1:02:b7:0f:5f:ce:fb:bb:56:c2:9f:61:22:db:
                    25:25:0b:d4:0d:68:89:fd:07:10:9f:36:0f:6e:97:
                    6c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:53:03:96:73:3E:0D:D2:A8:C1:83:E7:94:43:23:2A:14:DF:5F:40
            X509v3 Authority Key Identifier:
                keyid:6B:19:D1:BC:AC:75:23:12:EC:4D:E6:F5:BD:39:AC:CE:32:AB:6B:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/axnRvKx1IxLsTeb1vTmszjKra9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/777746-fbef-4e58-afdf-b551e49435a2/1/7FMDlnM-DdKowYPnlEMjKhTfX0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/777746-fbef-4e58-afdf-b551e49435a2/1/axnRvKx1IxLsTeb1vTmszjKra9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1720::/48

    Signature Algorithm: sha256WithRSAEncryption
         9f:73:9a:36:09:6a:7b:15:bb:98:21:d2:8b:5e:af:a1:18:3e:
         b3:98:8c:37:aa:0d:35:bf:eb:e4:a0:ef:10:9c:92:d9:95:14:
         28:f8:75:a7:45:98:78:40:cf:68:ce:31:17:ea:36:cc:c9:2b:
         42:bb:f6:17:54:54:cc:b1:25:60:f1:93:d0:59:2f:61:3d:a2:
         68:70:ae:c6:a2:24:a8:01:35:37:f2:d2:a2:bf:0c:dc:6a:c4:
         d2:fc:50:bf:e0:73:c9:7b:d6:6d:1d:a1:65:78:77:9b:d2:1f:
         ee:13:29:eb:de:00:fa:b5:c0:c3:97:9a:06:1b:8c:99:07:4b:
         b9:cb:93:49:48:e7:c2:b3:6d:98:bd:8d:a9:d1:cf:cc:a5:38:
         0c:02:1f:0a:f9:22:81:af:05:69:c7:49:d0:71:bb:4f:af:eb:
         58:22:ea:d4:e7:87:f6:48:8a:9e:41:5e:d9:25:e2:a4:a5:b2:
         d3:31:ff:a5:c4:16:b2:da:01:40:1f:c7:6b:75:08:d0:7c:c9:
         e8:da:b5:56:43:70:37:05:ea:29:b1:c9:47:b8:43:69:da:19:
         7f:fe:4a:c2:2d:1d:d8:09:06:41:b9:23:d6:1b:21:b6:17:83:
         c8:cd:9d:30:15:d1:7f:7f:7f:bc:c3:54:00:3c:49:e6:a3:36:
         25:8d:73:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtu7DcpqlRZ1CPNM3QCa4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMTlkMWJjYWM3NTIzMTJlYzRkZTZmNWJkMzlhY2NlMzJh
YjZiZDYwHhcNMjQwMTAxMDYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzUzMDM5NjczM2UwZGQyYThjMTgzZTc5NDQzMjMyYTE0ZGY1ZjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA62QbPrpORI5BGqxLj6bJPk+g2RsU
fO7jyjIKcTTY0+w7Sqhpu0TGCFbMy8VuCbUiY8LqMzU3M4WRUcJGP9Wq0aRC+duG
VykCs9wRhQ7gdXa9c99kfDGYjsAo83kHnAD+Cij4mQny9xShwUmMWLCoCvqkTlbo
6jLXsVsq9KYgWq3HWq7GPzLnoIefp03+vC0cQ+QIfg3gLo/YcbfPEWRLmiEXo87J
zoUkV2ND4Se6BiQ4YQUwJ8CgqNxWFQH5PnD2GXNH3NifxdGhZb672Dq0exe6rYyh
8cDfX+JYbFjwO9MysQK3D1/O+7tWwp9hItslJQvUDWiJ/QcQnzYPbpdsLwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOxTA5ZzPg3SqMGD55RDIyoU319AMB8GA1UdIwQY
MBaAFGsZ0bysdSMS7E3m9b05rM4yq2vWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXhuUnZLeDFJeExzVGViMXZUbXN6aktyYTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC83Nzc3NDYtZmJlZi00ZTU4LWFmZGYt
YjU1MWU0OTQzNWEyLzEvN0ZNRGxuTS1EZEtvd1lQbmxFTWpLaFRmWDBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC83Nzc3NDYtZmJlZi00ZTU4LWFmZGYtYjU1MWU0OTQzNWEy
LzEvYXhuUnZLeDFJeExzVGViMXZUbXN6aktyYTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBcg
MA0GCSqGSIb3DQEBCwUAA4IBAQCfc5o2CWp7FbuYIdKLXq+hGD6zmIw3qg01v+vk
oO8QnJLZlRQo+HWnRZh4QM9ozjEX6jbMyStCu/YXVFTMsSVg8ZPQWS9hPaJocK7G
oiSoATU38tKivwzcasTS/FC/4HPJe9ZtHaFleHeb0h/uEynr3gD6tcDDl5oGG4yZ
B0u5y5NJSOfCs22YvY2p0c/MpTgMAh8K+SKBrwVpx0nQcbtPr+tYIurU54f2SIqe
QV7ZJeKkpbLTMf+lxBay2gFAH8drdQjQfMno2rVWQ3A3BeopsclHuENp2hl//krC
LR3YCQZBuSPWGyG2F4PIzZ0wFdF/f3+8w1QAPEnmozYljXN7
-----END CERTIFICATE-----