Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/6oaKMr3WKw8ddnergIVXX7vsJnk.roa
File:                     6oaKMr3WKw8ddnergIVXX7vsJnk.roa (raw, json)
Hash identifier:          qBVdIVNN3mpTtwcxTG8W5/u/eFE9MMRv2aAppDV564o=
Subject key identifier:   EA:86:8A:32:BD:D6:2B:0F:1D:76:77:AB:80:85:57:5F:BB:EC:26:79
Certificate issuer:       /CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
Certificate serial:       018CC94CDC1C0F788C19B78A34384B79D212
Authority key identifier: FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/6oaKMr3WKw8ddnergIVXX7vsJnk.roa
Signing time:             Tue 02 Jan 2024 08:31:46 +0000
ROA not before:           Tue 02 Jan 2024 08:31:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9053
IP address blocks:        2a0a:54c1:29::/48 maxlen: 48
                          2a0a:54c1:28::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:dc:1c:0f:78:8c:19:b7:8a:34:38:4b:79:d2:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
        Validity
            Not Before: Jan  2 08:31:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea868a32bdd62b0f1d7677ab8085575fbbec2679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:e4:d3:e2:15:29:1b:69:f3:11:06:cb:a4:95:
                    49:08:87:9f:59:13:aa:67:05:f2:1f:23:e7:8a:8a:
                    07:03:ad:4e:79:f9:5a:2a:bd:8b:bf:06:2b:72:98:
                    08:ed:ac:e2:5f:9b:bb:b8:65:b3:7f:ee:92:76:9e:
                    34:1b:2b:dc:2d:f8:78:50:69:d6:b2:50:dd:92:7e:
                    40:bc:4b:43:28:79:26:86:b9:4f:df:b5:0c:9d:65:
                    f9:b2:87:c0:5d:39:78:92:a7:42:99:a5:8f:17:c3:
                    16:32:2f:8b:7c:01:45:d9:f2:f6:6c:ab:01:54:80:
                    79:5b:6f:dd:88:e2:5d:fd:eb:c2:46:90:22:ae:c7:
                    f5:d9:c6:fa:85:b8:bc:e4:ad:dd:a5:a6:26:6f:0d:
                    86:e7:03:5e:ef:78:11:2e:72:1c:80:d6:5c:94:bf:
                    74:54:ce:33:e1:ea:8d:35:ec:75:d0:2c:ef:b8:04:
                    b6:fd:d5:ff:af:4e:ec:a8:ca:f2:fd:84:d3:ff:b9:
                    1c:d6:45:6e:70:80:5c:1a:73:86:6f:9e:b0:06:75:
                    fb:85:9d:7d:8e:d8:5f:d0:bc:67:fb:ab:d9:79:1e:
                    2d:56:16:84:c6:82:c8:bb:8f:e5:99:df:4c:65:19:
                    f1:45:9c:ef:9b:44:fd:eb:36:86:6f:f9:13:88:80:
                    5d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:86:8A:32:BD:D6:2B:0F:1D:76:77:AB:80:85:57:5F:BB:EC:26:79
            X509v3 Authority Key Identifier:
                keyid:FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/6oaKMr3WKw8ddnergIVXX7vsJnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:54c1:28::/47

    Signature Algorithm: sha256WithRSAEncryption
         5e:43:74:c7:00:9b:3b:6f:e6:8c:c8:3f:76:cc:9c:49:24:ef:
         3c:27:58:6a:c2:e7:9d:ca:5f:24:d4:ea:4b:d2:5f:d4:2c:b7:
         13:7b:fa:8a:c0:13:bb:96:8b:f4:9b:30:59:8f:ea:8b:5a:90:
         d6:69:42:f1:0a:0c:60:7c:88:44:6f:da:07:71:92:08:08:cc:
         18:75:e3:a8:50:b0:a1:e8:df:1b:a7:b5:58:ca:a6:b7:15:82:
         4a:ca:10:e5:f9:e4:cd:ec:c8:74:44:a8:f7:43:4a:8a:58:3e:
         70:bc:f3:26:22:2b:ad:ce:25:fe:1f:58:86:1a:49:b2:cf:ae:
         78:72:0b:59:b7:cb:e5:d9:a9:4e:ea:6c:11:28:8e:c8:6b:0f:
         e5:58:0f:37:e1:27:2c:11:c6:a8:1e:f6:33:b6:c2:32:40:00:
         07:7d:91:8e:e3:bf:7b:f3:1b:d2:a7:62:b2:00:e9:8e:c1:79:
         20:c1:35:71:1e:f6:d8:a0:81:ed:5e:89:d9:19:d2:52:4f:6a:
         80:e2:e3:40:18:40:8a:e8:35:cb:06:8a:3a:d6:ca:e1:17:5e:
         51:dc:c8:27:43:de:79:c2:39:af:1b:84:d6:67:e4:0c:04:46:
         86:84:73:ca:2e:0d:91:20:de:a7:85:53:de:c7:de:5c:2b:31:
         80:e0:53:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTNwcD3iMGbeKNDhLedISMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGVjNGE0NmE2ZTZlNGY5YTkyZDBiYTJlMGIzYWI1NjU4
YmUxYmQwHhcNMjQwMTAyMDgzMTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTg2OGEzMmJkZDYyYjBmMWQ3Njc3YWI4MDg1NTc1ZmJiZWMyNjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOTT4hUpG2nzEQbLpJVJCIefWROq
ZwXyHyPniooHA61OeflaKr2LvwYrcpgI7aziX5u7uGWzf+6Sdp40GyvcLfh4UGnW
slDdkn5AvEtDKHkmhrlP37UMnWX5sofAXTl4kqdCmaWPF8MWMi+LfAFF2fL2bKsB
VIB5W2/diOJd/evCRpAirsf12cb6hbi85K3dpaYmbw2G5wNe73gRLnIcgNZclL90
VM4z4eqNNex10CzvuAS2/dX/r07sqMry/YTT/7kc1kVucIBcGnOGb56wBnX7hZ19
jthf0Lxn+6vZeR4tVhaExoLIu4/lmd9MZRnxRZzvm0T96zaGb/kTiIBdTwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOqGijK91isPHXZ3q4CFV1+77CZ5MB8GA1UdIwQY
MBaAFP/exKRqbm5PmpLQui4LOrVli+G9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEt
N2U4YzZkNGQ5YmVmLzEvNm9hS01yM1dLdzhkZG5lcmdJVlhYN3ZzSm5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEtN2U4YzZkNGQ5YmVm
LzEvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgpUwQAo
MA0GCSqGSIb3DQEBCwUAA4IBAQBeQ3THAJs7b+aMyD92zJxJJO88J1hqwuedyl8k
1OpL0l/ULLcTe/qKwBO7lov0mzBZj+qLWpDWaULxCgxgfIhEb9oHcZIICMwYdeOo
ULCh6N8bp7VYyqa3FYJKyhDl+eTN7Mh0RKj3Q0qKWD5wvPMmIiutziX+H1iGGkmy
z654cgtZt8vl2alO6mwRKI7Iaw/lWA834ScsEcaoHvYztsIyQAAHfZGO47978xvS
p2KyAOmOwXkgwTVxHvbYoIHtXonZGdJST2qA4uNAGECK6DXLBoo61srhF15R3Mgn
Q955wjmvG4TWZ+QMBEaGhHPKLg2RIN6nhVPex95cKzGA4FO7
-----END CERTIFICATE-----