Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/co6ssF_g8tv83fTebYMrctj08TM.roa
File:                     co6ssF_g8tv83fTebYMrctj08TM.roa (raw, json)
Hash identifier:          aktx4/7300dNfUk7zoirOrDqBcGk0l7//llU7SKEqeg=
Subject key identifier:   72:8E:AC:B0:5F:E0:F2:DB:FC:DD:F4:DE:6D:83:2B:72:D8:F4:F1:33
Certificate issuer:       /CN=77bc534ba44e9d3cba2f2446d4a3dd6eea9b8f61
Certificate serial:       01856DDD603256B1121766BE09A44A929FFA
Authority key identifier: 77:BC:53:4B:A4:4E:9D:3C:BA:2F:24:46:D4:A3:DD:6E:EA:9B:8F:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d7xTS6ROnTy6LyRG1KPdbuqbj2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/co6ssF_g8tv83fTebYMrctj08TM.roa
Signing time:             Sun 01 Jan 2023 15:05:02 +0000
ROA not before:           Sun 01 Jan 2023 15:05:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20473
IP address blocks:        2a11:60c0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/d7xTS6ROnTy6LyRG1KPdbuqbj2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/d7xTS6ROnTy6LyRG1KPdbuqbj2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d7xTS6ROnTy6LyRG1KPdbuqbj2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Mar 2023 07:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:dd:60:32:56:b1:12:17:66:be:09:a4:4a:92:9f:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77bc534ba44e9d3cba2f2446d4a3dd6eea9b8f61
        Validity
            Not Before: Jan  1 15:05:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=728eacb05fe0f2dbfcddf4de6d832b72d8f4f133
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:6d:2b:4a:9d:92:7e:61:8b:4e:18:5d:52:67:
                    72:c9:e9:d1:8d:1c:db:3e:0d:96:9b:4b:fd:24:14:
                    aa:51:ce:f2:ab:20:9d:dd:30:f7:06:03:7e:4b:84:
                    04:7f:b6:c1:06:04:f6:57:5d:ea:1d:7a:e6:f2:ea:
                    47:1d:97:61:db:5c:ef:10:23:d2:54:b2:7c:9e:2e:
                    d4:79:53:d1:df:23:75:35:b3:74:3c:86:5c:a6:c8:
                    e8:5e:a1:1a:1e:97:85:a2:5a:14:1f:d3:46:fb:af:
                    a2:b3:4b:fd:b9:3b:a8:32:3e:85:32:39:c2:f5:18:
                    c9:ba:36:6e:c7:cf:44:59:25:83:0a:65:52:87:1f:
                    ed:39:2b:90:6a:03:1f:e9:68:f3:d4:d2:c0:0b:a9:
                    31:12:28:10:ab:d2:0b:8b:f6:84:cf:78:ec:5a:fe:
                    3a:78:17:16:fe:8e:ba:91:49:6b:08:73:b5:51:f6:
                    35:0c:92:0b:b8:c1:f5:8f:c1:ed:0b:30:ca:df:15:
                    3f:02:d8:f6:1d:40:45:70:1f:bc:81:8d:00:83:ca:
                    2a:10:14:53:7a:1d:4c:e5:fe:48:a2:13:63:d7:8a:
                    d2:13:89:53:f2:10:b0:d1:44:d1:d8:3c:92:84:4e:
                    86:3d:fe:69:4e:44:e0:96:2c:c9:c9:0a:2d:cd:3b:
                    d0:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                72:8E:AC:B0:5F:E0:F2:DB:FC:DD:F4:DE:6D:83:2B:72:D8:F4:F1:33
            X509v3 Authority Key Identifier: 
                keyid:77:BC:53:4B:A4:4E:9D:3C:BA:2F:24:46:D4:A3:DD:6E:EA:9B:8F:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7xTS6ROnTy6LyRG1KPdbuqbj2E.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/co6ssF_g8tv83fTebYMrctj08TM.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/d7xTS6ROnTy6LyRG1KPdbuqbj2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:60c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:e9:f9:2d:f6:aa:91:02:c9:1d:95:ad:e8:02:ff:8f:85:85:
         eb:14:44:d3:00:8a:65:3c:e3:b4:24:13:c3:1c:be:c8:ee:0f:
         ce:3d:7f:23:9c:f6:c5:23:95:b0:84:2a:b0:76:05:c1:28:bc:
         c4:09:07:8b:14:3c:08:30:42:50:ba:83:a4:e8:b8:dd:d3:85:
         20:f4:5a:84:fa:42:4d:07:16:7e:08:fa:96:3e:95:ab:d7:7d:
         01:56:4e:67:78:2d:4b:0a:93:88:12:41:03:a1:63:ce:ab:43:
         40:d8:c7:92:8b:51:57:a6:1f:97:0e:03:49:63:3e:be:26:8f:
         5b:cb:1e:8e:a2:2e:b9:fa:bd:dd:44:a9:5e:18:5c:1e:6a:8d:
         c3:73:bd:06:4d:6c:3c:ef:f7:a9:81:32:38:2b:51:59:d1:88:
         45:ae:1d:94:a4:5a:87:c7:e0:19:f9:88:04:63:e3:85:71:4a:
         bb:ee:e4:f5:dc:2c:9c:d0:91:8e:7b:d5:c3:75:2a:5f:9d:7b:
         4d:85:d7:49:39:09:d2:a8:32:43:e8:a6:10:f9:52:1c:51:11:
         65:b2:9f:7e:7f:e6:13:ec:4f:4e:40:0d:1b:40:db:7b:59:10:
         9c:b6:d9:56:6c:83:2f:75:77:a0:47:ee:5c:bf:56:fd:da:1d:
         ca:99:a6:46
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVt3WAyVrESF2a+CaRKkp/6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YmM1MzRiYTQ0ZTlkM2NiYTJmMjQ0NmQ0YTNkZDZlZWE5
YjhmNjEwHhcNMjMwMTAxMTUwNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjhlYWNiMDVmZTBmMmRiZmNkZGY0ZGU2ZDgzMmI3MmQ4ZjRmMTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqm0rSp2SfmGLThhdUmdyyenRjRzb
Pg2Wm0v9JBSqUc7yqyCd3TD3BgN+S4QEf7bBBgT2V13qHXrm8upHHZdh21zvECPS
VLJ8ni7UeVPR3yN1NbN0PIZcpsjoXqEaHpeFoloUH9NG+6+is0v9uTuoMj6FMjnC
9RjJujZux89EWSWDCmVShx/tOSuQagMf6Wjz1NLAC6kxEigQq9ILi/aEz3jsWv46
eBcW/o66kUlrCHO1UfY1DJILuMH1j8HtCzDK3xU/Atj2HUBFcB+8gY0Ag8oqEBRT
eh1M5f5IohNj14rSE4lT8hCw0UTR2DyShE6GPf5pTkTglizJyQotzTvQHwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHKOrLBf4PLb/N303m2DK3LY9PEzMB8GA1UdIwQY
MBaAFHe8U0ukTp08ui8kRtSj3W7qm49hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDd4VFM2Uk9uVHk2THlSRzFLUGRidXFiajJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi8yZmRkNTYtYmEyYy00NmZiLTk4ODIt
OWIyNTdmNGZlYThkLzEvY282c3NGX2c4dHY4M2ZUZWJZTXJjdGowOFRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi8yZmRkNTYtYmEyYy00NmZiLTk4ODItOWIyNTdmNGZlYThk
LzEvZDd4VFM2Uk9uVHk2THlSRzFLUGRidXFiajJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhFgwAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBL6fkt9qqRAskdla3oAv+PhYXrFETTAIplPOO0
JBPDHL7I7g/OPX8jnPbFI5WwhCqwdgXBKLzECQeLFDwIMEJQuoOk6Ljd04Ug9FqE
+kJNBxZ+CPqWPpWr130BVk5neC1LCpOIEkEDoWPOq0NA2MeSi1FXph+XDgNJYz6+
Jo9byx6Ooi65+r3dRKleGFweao3Dc70GTWw87/epgTI4K1FZ0YhFrh2UpFqHx+AZ
+YgEY+OFcUq77uT13Cyc0JGOe9XDdSpfnXtNhddJOQnSqDJD6KYQ+VIcURFlsp9+
f+YT7E9OQA0bQNt7WRCcttlWbIMvdXegR+5cv1b92h3KmaZG
-----END CERTIFICATE-----
Generated at Wed Mar 15 12:42:56 2023 by rpki-client on console-fra.rpki-client.org