Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/6P5QhBox8f1FD5DRtL_bSAN92yQ.roa
File:                     6P5QhBox8f1FD5DRtL_bSAN92yQ.roa (raw, json)
Hash identifier:          M45HxJTMaprsaE1PmI1YokaWjkTOLJZLeS5VKH+0JsA=
Subject key identifier:   E8:FE:50:84:1A:31:F1:FD:45:0F:90:D1:B4:BF:DB:48:03:7D:DB:24
Certificate issuer:       /CN=93503061e1ae503ec63d970b30875dd93ffabbdf
Certificate serial:       018CC348AB91A7AF12BC551042626BDFCF38
Authority key identifier: 93:50:30:61:E1:AE:50:3E:C6:3D:97:0B:30:87:5D:D9:3F:FA:BB:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k1AwYeGuUD7GPZcLMIdd2T_6u98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/6P5QhBox8f1FD5DRtL_bSAN92yQ.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61969
IP address blocks:        2a01:bb20::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/k1AwYeGuUD7GPZcLMIdd2T_6u98.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/k1AwYeGuUD7GPZcLMIdd2T_6u98.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k1AwYeGuUD7GPZcLMIdd2T_6u98.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ab:91:a7:af:12:bc:55:10:42:62:6b:df:cf:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93503061e1ae503ec63d970b30875dd93ffabbdf
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8fe50841a31f1fd450f90d1b4bfdb48037ddb24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:58:a6:e1:2c:64:01:59:53:6f:25:db:84:1a:
                    65:57:22:dd:3a:0b:11:9e:d6:aa:d9:32:c0:24:75:
                    d3:d4:4b:80:d0:dc:35:b4:07:a1:80:b3:a0:34:3e:
                    d1:51:09:da:5f:f8:0f:4f:b8:d3:b5:31:8a:83:c2:
                    5a:5a:71:54:f4:c9:62:16:38:a0:fe:e6:c9:be:9f:
                    b5:d6:7f:6a:71:74:18:14:cd:a2:db:90:ab:66:69:
                    cc:02:86:b9:98:d5:0d:d3:d6:e6:2b:bf:3a:1f:89:
                    14:d0:e2:e6:41:53:c8:8d:6a:5d:45:cb:66:0a:b5:
                    86:a4:44:37:76:c5:49:f2:bf:5a:2d:6a:33:00:81:
                    4e:1e:27:6c:c4:5f:97:30:20:5e:0d:63:1e:7e:05:
                    77:17:b7:4c:4e:3c:20:08:53:9a:11:bc:4e:8c:d4:
                    64:93:67:0c:41:49:aa:a6:13:08:1b:61:1d:bf:76:
                    c3:f5:4e:9e:5a:1a:88:cf:4c:17:ef:81:a5:7c:3e:
                    83:80:12:54:a6:2c:99:bb:6b:2c:56:2a:4d:3e:44:
                    89:19:04:bc:e7:9b:e1:16:20:ac:98:b6:00:65:48:
                    e3:b4:d8:69:2e:08:09:75:10:e6:4f:73:0d:ee:5b:
                    ce:a9:d0:7a:5c:94:dd:ce:ac:bf:04:1f:c4:cc:12:
                    4f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:FE:50:84:1A:31:F1:FD:45:0F:90:D1:B4:BF:DB:48:03:7D:DB:24
            X509v3 Authority Key Identifier:
                keyid:93:50:30:61:E1:AE:50:3E:C6:3D:97:0B:30:87:5D:D9:3F:FA:BB:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k1AwYeGuUD7GPZcLMIdd2T_6u98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/6P5QhBox8f1FD5DRtL_bSAN92yQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/k1AwYeGuUD7GPZcLMIdd2T_6u98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:bb20::/32

    Signature Algorithm: sha256WithRSAEncryption
         8b:e0:f7:14:50:c1:da:c0:a5:f7:5d:c2:c5:80:41:f9:a7:15:
         13:bc:92:d0:1c:f4:5a:b8:00:62:14:3e:87:71:e4:2d:ac:d5:
         47:ec:85:34:76:ab:99:06:75:64:f4:15:ca:b5:84:02:96:9d:
         75:be:8a:54:af:7f:85:3a:11:5a:91:f4:67:11:67:bf:eb:56:
         2c:59:88:fb:c0:af:ee:c1:cd:f6:8e:8b:af:f3:b4:ab:f3:b0:
         6c:9b:24:96:14:3d:a9:f0:f6:e2:33:16:bb:49:fa:02:4a:d0:
         17:20:90:2b:cc:ac:cf:2b:10:48:46:4a:87:0f:25:35:85:8e:
         db:b3:fe:c0:ea:61:87:7b:1d:5c:be:98:78:ef:42:9d:18:ba:
         04:d3:ce:38:79:a7:bf:43:c9:95:f2:07:03:c9:bc:e5:03:91:
         91:33:7e:29:04:79:67:61:95:46:23:78:db:5d:9b:c7:23:0f:
         0d:fb:69:a8:dd:bc:93:cf:33:92:ef:3c:a1:e3:db:13:51:71:
         b8:6e:02:de:70:68:ed:c0:cd:d0:65:86:3a:aa:d2:ab:7a:0b:
         3c:e1:f2:3e:99:ef:6f:f7:17:0d:30:82:4e:8c:99:a9:f2:81:
         7f:fc:7c:cb:32:dd:0f:19:01:29:90:90:d6:a5:10:05:3a:63:
         9d:21:71:be
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSKuRp68SvFUQQmJr3884MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNTAzMDYxZTFhZTUwM2VjNjNkOTcwYjMwODc1ZGQ5M2Zm
YWJiZGYwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGZlNTA4NDFhMzFmMWZkNDUwZjkwZDFiNGJmZGI0ODAzN2RkYjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlim4SxkAVlTbyXbhBplVyLdOgsR
ntaq2TLAJHXT1EuA0Nw1tAehgLOgND7RUQnaX/gPT7jTtTGKg8JaWnFU9MliFjig
/ubJvp+11n9qcXQYFM2i25CrZmnMAoa5mNUN09bmK786H4kU0OLmQVPIjWpdRctm
CrWGpEQ3dsVJ8r9aLWozAIFOHidsxF+XMCBeDWMefgV3F7dMTjwgCFOaEbxOjNRk
k2cMQUmqphMIG2Edv3bD9U6eWhqIz0wX74GlfD6DgBJUpiyZu2ssVipNPkSJGQS8
55vhFiCsmLYAZUjjtNhpLggJdRDmT3MN7lvOqdB6XJTdzqy/BB/EzBJPSwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOj+UIQaMfH9RQ+Q0bS/20gDfdskMB8GA1UdIwQY
MBaAFJNQMGHhrlA+xj2XCzCHXdk/+rvfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazFBd1llR3VVRDdHUFpjTE1JZGQyVF82dTk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9hNzZhYzEtNWYyMi00N2QxLWI4YzEt
YzYyM2VkOGYyZjI4LzEvNlA1UWhCb3g4ZjFGRDVEUnRMX2JTQU45MnlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9hNzZhYzEtNWYyMi00N2QxLWI4YzEtYzYyM2VkOGYyZjI4
LzEvazFBd1llR3VVRDdHUFpjTE1JZGQyVF82dTk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgG7IDAN
BgkqhkiG9w0BAQsFAAOCAQEAi+D3FFDB2sCl913CxYBB+acVE7yS0Bz0WrgAYhQ+
h3HkLazVR+yFNHarmQZ1ZPQVyrWEApaddb6KVK9/hToRWpH0ZxFnv+tWLFmI+8Cv
7sHN9o6Lr/O0q/OwbJsklhQ9qfD24jMWu0n6AkrQFyCQK8yszysQSEZKhw8lNYWO
27P+wOphh3sdXL6YeO9CnRi6BNPOOHmnv0PJlfIHA8m85QORkTN+KQR5Z2GVRiN4
212bxyMPDftpqN28k88zku88oePbE1FxuG4C3nBo7cDN0GWGOqrSq3oLPOHyPpnv
b/cXDTCCToyZqfKBf/x8yzLdDxkBKZCQ1qUQBTpjnSFxvg==
-----END CERTIFICATE-----