Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/f377bd-8e42-4875-a124-3abfafe74aa9/1/6zGACkyw-xJ6CYAypatRtuynAIM.roa
File:                     6zGACkyw-xJ6CYAypatRtuynAIM.roa (raw, json)
Hash identifier:          bpmTiu+w5RyrJ1Htrk1C0FgACYcUIBbHQFBzRcmPThU=
Subject key identifier:   EB:31:80:0A:4C:B0:FB:12:7A:09:80:32:A5:AB:51:B6:EC:A7:00:83
Certificate issuer:       /CN=60acd7d96b956de5db03673cd1d1e3a37b8dd9dd
Certificate serial:       018E08807B6EDDF0C186D037EDBB7BEC3756
Authority key identifier: 60:AC:D7:D9:6B:95:6D:E5:DB:03:67:3C:D1:D1:E3:A3:7B:8D:D9:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YKzX2WuVbeXbA2c80dHjo3uN2d0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/f377bd-8e42-4875-a124-3abfafe74aa9/1/6zGACkyw-xJ6CYAypatRtuynAIM.roa
Signing time:             Mon 04 Mar 2024 08:07:01 +0000
ROA not before:           Mon 04 Mar 2024 08:07:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215633
IP address blocks:        2a0c:6e00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/f377bd-8e42-4875-a124-3abfafe74aa9/1/YKzX2WuVbeXbA2c80dHjo3uN2d0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/f377bd-8e42-4875-a124-3abfafe74aa9/1/YKzX2WuVbeXbA2c80dHjo3uN2d0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YKzX2WuVbeXbA2c80dHjo3uN2d0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:08:80:7b:6e:dd:f0:c1:86:d0:37:ed:bb:7b:ec:37:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60acd7d96b956de5db03673cd1d1e3a37b8dd9dd
        Validity
            Not Before: Mar  4 08:07:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb31800a4cb0fb127a098032a5ab51b6eca70083
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b7:d8:a2:7f:bb:7f:13:4f:ed:b7:80:9b:68:
                    2d:d9:12:f3:d1:92:d3:18:4d:5a:1c:5f:74:bd:c9:
                    a7:86:f3:d9:4d:73:6b:7b:b4:95:56:7e:69:7d:1a:
                    8b:eb:5a:ee:2c:1e:9d:91:5a:92:99:92:aa:70:e2:
                    04:90:08:92:62:fa:7c:60:83:90:e5:4e:a6:21:63:
                    63:1c:1b:d3:14:fa:d7:63:f9:3e:e5:a4:e7:b3:ba:
                    d9:18:04:ec:66:6b:05:8d:3f:84:10:03:36:e1:f1:
                    88:0b:31:a1:4f:df:13:14:35:c6:15:6f:7c:39:5a:
                    84:7b:86:18:eb:db:f6:d3:40:83:7b:61:af:94:0a:
                    02:30:6c:0e:3e:64:e4:d3:09:f0:f6:15:f3:ed:55:
                    d3:cd:ad:f3:dc:b7:33:74:f9:dd:19:f6:01:98:89:
                    12:76:60:df:70:98:d7:38:84:ec:5a:f7:dc:12:94:
                    4b:06:61:7a:c0:be:2e:05:ab:77:42:a0:a9:8c:2c:
                    20:50:04:9b:55:d6:4d:84:96:47:4a:7d:b5:8a:dc:
                    c7:7c:ba:32:aa:09:8b:0b:0e:cd:74:99:3a:99:68:
                    8e:e8:dc:24:4d:68:91:94:19:4c:9f:0f:2f:a0:84:
                    9e:08:20:80:56:ef:e7:92:41:4c:11:2a:f6:e9:53:
                    fc:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:31:80:0A:4C:B0:FB:12:7A:09:80:32:A5:AB:51:B6:EC:A7:00:83
            X509v3 Authority Key Identifier:
                keyid:60:AC:D7:D9:6B:95:6D:E5:DB:03:67:3C:D1:D1:E3:A3:7B:8D:D9:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YKzX2WuVbeXbA2c80dHjo3uN2d0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f377bd-8e42-4875-a124-3abfafe74aa9/1/6zGACkyw-xJ6CYAypatRtuynAIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f377bd-8e42-4875-a124-3abfafe74aa9/1/YKzX2WuVbeXbA2c80dHjo3uN2d0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:6e00::/32

    Signature Algorithm: sha256WithRSAEncryption
         4a:08:f9:d2:cc:bc:62:bb:3d:ce:e2:47:71:4b:15:df:0b:58:
         52:d7:65:b3:72:86:af:93:fd:48:11:db:ea:d2:f0:fc:60:b9:
         57:bb:5e:28:45:19:3e:2e:89:70:c0:3c:6c:5a:a1:be:a7:6d:
         f9:9c:ca:08:c9:6d:ed:b3:d2:b4:80:ad:b9:8a:cc:89:04:85:
         94:03:c2:d9:65:87:90:28:b3:e2:1a:1d:32:bf:92:47:c1:18:
         b6:92:9f:d2:8d:3f:f8:ea:8d:be:d8:ef:dc:ac:6f:34:61:5e:
         2a:48:1e:ce:36:77:a2:9c:84:98:8a:2a:1d:cd:e6:01:62:c7:
         95:32:81:6c:3d:a5:78:b6:60:c8:a1:5c:82:ff:1e:2c:48:99:
         4f:60:e7:14:a8:25:f7:5d:bc:0c:b5:0b:ae:36:a7:e9:5f:80:
         6f:c3:1e:7b:50:a3:92:cb:b0:ff:eb:14:fc:93:f9:26:89:d8:
         44:c7:a0:22:b7:2d:7a:e3:f9:db:d8:dc:54:80:f1:16:a3:35:
         39:da:03:54:53:9f:d9:1d:b3:8f:f5:ef:a0:fe:f5:a5:70:25:
         52:b5:ed:f1:0a:40:a4:0d:6d:53:4f:d9:15:0e:7b:79:68:60:
         3b:fc:e1:27:b4:2a:9b:d1:1c:4e:a6:27:d3:64:b8:87:cc:36:
         68:91:45:76
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY4IgHtu3fDBhtA37bt77DdWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYWNkN2Q5NmI5NTZkZTVkYjAzNjczY2QxZDFlM2EzN2I4
ZGQ5ZGQwHhcNMjQwMzA0MDgwNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjMxODAwYTRjYjBmYjEyN2EwOTgwMzJhNWFiNTFiNmVjYTcwMDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7fYon+7fxNP7beAm2gt2RLz0ZLT
GE1aHF90vcmnhvPZTXNre7SVVn5pfRqL61ruLB6dkVqSmZKqcOIEkAiSYvp8YIOQ
5U6mIWNjHBvTFPrXY/k+5aTns7rZGATsZmsFjT+EEAM24fGICzGhT98TFDXGFW98
OVqEe4YY69v200CDe2GvlAoCMGwOPmTk0wnw9hXz7VXTza3z3LczdPndGfYBmIkS
dmDfcJjXOITsWvfcEpRLBmF6wL4uBat3QqCpjCwgUASbVdZNhJZHSn21itzHfLoy
qgmLCw7NdJk6mWiO6NwkTWiRlBlMnw8voISeCCCAVu/nkkFMESr26VP8yQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOsxgApMsPsSegmAMqWrUbbspwCDMB8GA1UdIwQY
MBaAFGCs19lrlW3l2wNnPNHR46N7jdndMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUt6WDJXdVZiZVhiQTJjODBkSGpvM3VOMmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9mMzc3YmQtOGU0Mi00ODc1LWExMjQt
M2FiZmFmZTc0YWE5LzEvNnpHQUNreXcteEo2Q1lBeXBhdFJ0dXluQUlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9mMzc3YmQtOGU0Mi00ODc1LWExMjQtM2FiZmFmZTc0YWE5
LzEvWUt6WDJXdVZiZVhiQTJjODBkSGpvM3VOMmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgxuADAN
BgkqhkiG9w0BAQsFAAOCAQEASgj50sy8Yrs9zuJHcUsV3wtYUtdls3KGr5P9SBHb
6tLw/GC5V7teKEUZPi6JcMA8bFqhvqdt+ZzKCMlt7bPStICtuYrMiQSFlAPC2WWH
kCiz4hodMr+SR8EYtpKf0o0/+OqNvtjv3KxvNGFeKkgezjZ3opyEmIoqHc3mAWLH
lTKBbD2leLZgyKFcgv8eLEiZT2DnFKgl9128DLULrjan6V+Ab8Mee1Cjksuw/+sU
/JP5JonYRMegIrcteuP529jcVIDxFqM1OdoDVFOf2R2zj/XvoP71pXAlUrXt8QpA
pA1tU0/ZFQ57eWhgO/zhJ7Qqm9EcTqYn02S4h8w2aJFFdg==
-----END CERTIFICATE-----