Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/aMe5WuwZpL17TAZxFGv5tXiMiYI.roa
File:                     aMe5WuwZpL17TAZxFGv5tXiMiYI.roa (raw, json)
Hash identifier:          dvlSo0L6P/DkygE/qlV6VriOCfK1dJRyqLBbOoN2DDQ=
Subject key identifier:   68:C7:B9:5A:EC:19:A4:BD:7B:4C:06:71:14:6B:F9:B5:78:8C:89:82
Certificate issuer:       /CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
Certificate serial:       018CC795481D0A57ADB8FECF292AAAC7FB58
Authority key identifier: 32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/aMe5WuwZpL17TAZxFGv5tXiMiYI.roa
Signing time:             Tue 02 Jan 2024 00:31:38 +0000
ROA not before:           Tue 02 Jan 2024 00:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208753
IP address blocks:        2a09:b280:ff60::/48 maxlen: 48
                          2a09:b280:ff61::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:48:1d:0a:57:ad:b8:fe:cf:29:2a:aa:c7:fb:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
        Validity
            Not Before: Jan  2 00:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68c7b95aec19a4bd7b4c0671146bf9b5788c8982
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:66:81:e2:21:3e:5b:e7:bc:80:6d:b5:3f:cc:
                    84:f5:b3:e2:0b:29:97:3f:aa:89:f3:55:c4:bc:ac:
                    ed:57:77:de:51:9c:4d:3f:6d:00:29:6f:8c:9e:5f:
                    b6:43:52:5f:b8:b5:63:8f:66:d7:81:0f:de:4f:fa:
                    ae:c0:eb:e6:fe:2e:ed:28:3c:ef:b0:31:cf:26:53:
                    c6:49:59:20:92:a0:c1:b6:84:d0:ce:28:1d:d6:d5:
                    b6:5d:96:8f:eb:98:c8:12:62:0f:ad:dd:12:12:0d:
                    ce:38:09:19:80:1e:fb:c7:30:2c:d5:59:ed:ae:22:
                    87:55:be:4f:55:46:7e:ee:9a:0f:51:d8:74:23:70:
                    ce:bf:98:9f:83:a3:ef:46:56:85:2f:f6:81:76:ac:
                    4b:26:71:bc:5e:ea:4f:fd:ff:4b:55:99:af:ee:0c:
                    1e:65:53:b5:d3:ae:8f:e3:5a:4d:4b:a4:ac:d2:da:
                    2a:f5:ab:a7:e7:fc:75:e8:18:e3:dc:84:2e:d7:b6:
                    f2:31:77:ea:40:17:de:71:a0:36:e5:5a:f8:3d:54:
                    4e:08:62:ef:1b:d0:26:da:41:e6:d1:e6:a0:dd:ff:
                    27:0f:3b:3d:fc:58:df:5c:3d:e1:20:6c:d3:26:1e:
                    e6:46:48:c1:42:08:f5:60:87:a0:20:73:79:44:1d:
                    38:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:C7:B9:5A:EC:19:A4:BD:7B:4C:06:71:14:6B:F9:B5:78:8C:89:82
            X509v3 Authority Key Identifier:
                keyid:32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/aMe5WuwZpL17TAZxFGv5tXiMiYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:b280:ff60::/47

    Signature Algorithm: sha256WithRSAEncryption
         34:0b:1d:6b:6f:4a:d0:63:23:e3:b8:bd:06:f3:a7:f3:1d:e5:
         3c:25:08:63:68:02:33:21:ea:e5:e2:ad:8e:79:8d:16:75:d5:
         58:3f:e3:5e:af:9f:d3:16:6a:b8:7a:a2:1a:c8:e8:b4:73:2e:
         70:5e:58:7e:54:86:b6:8b:b7:84:69:32:1a:cc:e1:74:ce:c8:
         85:8d:42:53:96:aa:44:70:3f:17:83:16:10:cd:43:86:cb:4c:
         90:24:9a:a4:e9:19:8a:19:8b:81:7f:1a:9d:de:6d:74:e2:50:
         c8:a1:cc:3c:26:47:f9:44:d9:19:cd:01:16:4e:5b:a1:36:9f:
         67:03:34:03:04:bf:5f:93:ba:05:ce:b0:aa:b8:30:87:f2:c6:
         4b:07:2a:b3:0b:1a:f3:7c:6c:2b:ca:b7:c8:68:1b:ec:25:b9:
         81:49:90:69:49:b6:59:78:92:25:33:be:86:9b:0d:68:b0:1a:
         b5:17:0b:85:82:a4:fe:b4:9b:9c:3b:8e:9b:0f:8b:43:e4:6d:
         37:41:45:40:2f:02:22:1d:3b:77:be:13:14:21:ef:24:d9:7d:
         6c:8d:60:79:ff:45:3d:cc:45:21:e3:23:04:e9:a3:d9:ad:3c:
         b1:e7:6a:55:2a:07:cc:f8:51:2f:b0:c2:e4:1d:50:a5:9e:58:
         e1:fb:dd:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlUgdCletuP7PKSqqx/tYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNTA4ZmI3ODFjYTZkYmQ4MjIxZjJjMmY5NTRhM2E3NDQ2
YjJiNDIwHhcNMjQwMTAyMDAzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGM3Yjk1YWVjMTlhNGJkN2I0YzA2NzExNDZiZjliNTc4OGM4OTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWaB4iE+W+e8gG21P8yE9bPiCymX
P6qJ81XEvKztV3feUZxNP20AKW+Mnl+2Q1JfuLVjj2bXgQ/eT/quwOvm/i7tKDzv
sDHPJlPGSVkgkqDBtoTQzigd1tW2XZaP65jIEmIPrd0SEg3OOAkZgB77xzAs1Vnt
riKHVb5PVUZ+7poPUdh0I3DOv5ifg6PvRlaFL/aBdqxLJnG8XupP/f9LVZmv7gwe
ZVO1066P41pNS6Ss0toq9aun5/x16Bjj3IQu17byMXfqQBfecaA25Vr4PVROCGLv
G9Am2kHm0eag3f8nDzs9/FjfXD3hIGzTJh7mRkjBQgj1YIegIHN5RB047wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGjHuVrsGaS9e0wGcRRr+bV4jImCMB8GA1UdIwQY
MBaAFDJQj7eBym29giHywvlUo6dEaytCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDkt
YzEyMjE4NzY1MTU0LzEvYU1lNVd1d1pwTDE3VEFaeEZHdjV0WGlNaVlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDktYzEyMjE4NzY1MTU0
LzEvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgmygP9g
MA0GCSqGSIb3DQEBCwUAA4IBAQA0Cx1rb0rQYyPjuL0G86fzHeU8JQhjaAIzIerl
4q2OeY0WddVYP+Ner5/TFmq4eqIayOi0cy5wXlh+VIa2i7eEaTIazOF0zsiFjUJT
lqpEcD8XgxYQzUOGy0yQJJqk6RmKGYuBfxqd3m104lDIocw8Jkf5RNkZzQEWTluh
Np9nAzQDBL9fk7oFzrCquDCH8sZLByqzCxrzfGwryrfIaBvsJbmBSZBpSbZZeJIl
M76Gmw1osBq1FwuFgqT+tJucO46bD4tD5G03QUVALwIiHTt3vhMUIe8k2X1sjWB5
/0U9zEUh4yME6aPZrTyx52pVKgfM+FEvsMLkHVClnljh+91M
-----END CERTIFICATE-----