Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/k6vtNgF_GhN6-OrHsMo74ukOKZQ.roa
File:                     k6vtNgF_GhN6-OrHsMo74ukOKZQ.roa (raw, json)
Hash identifier:          yuKRlzVD8CJOPcgeDTO4EyyVh4eZj+we8G/z6E5iMLA=
Subject key identifier:   93:AB:ED:36:01:7F:1A:13:7A:F8:EA:C7:B0:CA:3B:E2:E9:0E:29:94
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64AE65BFE0DDA6BDCE07E2F173FB81C
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/k6vtNgF_GhN6-OrHsMo74ukOKZQ.roa
Signing time:             Mon 01 Jan 2024 18:30:46 +0000
ROA not before:           Mon 01 Jan 2024 18:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203125
IP address blocks:        2a01:367:3953::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e6:5b:fe:0d:da:6b:dc:e0:7e:2f:17:3f:b8:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93abed36017f1a137af8eac7b0ca3be2e90e2994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:1c:53:b2:c3:23:03:89:42:73:dd:fb:ff:d2:
                    ab:34:44:51:05:10:e9:ac:ec:19:95:a5:d8:14:47:
                    e6:3d:40:dd:35:19:30:87:31:4e:1e:74:72:22:0a:
                    40:5e:8a:2f:00:6c:81:81:c8:22:6f:09:d7:ce:3c:
                    6d:ef:07:2d:72:13:76:e4:c4:d6:bc:15:e5:0e:88:
                    a4:e5:1b:7e:6b:89:3d:f3:68:25:7f:37:8c:a8:6f:
                    e3:45:88:72:d4:2c:6a:50:2f:b8:f0:24:c8:8d:4b:
                    51:93:e9:5b:32:68:7c:d9:57:7c:6e:0a:be:1d:0d:
                    58:34:78:b3:72:09:7e:11:94:de:93:d1:8b:94:f3:
                    83:a9:f8:66:93:70:e0:42:25:8c:60:14:0b:61:e8:
                    de:59:18:2b:d7:f2:28:8d:05:d8:79:85:d4:f2:12:
                    23:91:0a:31:07:26:92:92:dd:41:e8:81:7d:de:cf:
                    f0:1d:81:9c:d5:fd:cc:b4:cc:71:01:11:b9:68:0a:
                    d4:7d:a0:6e:b9:70:3a:85:bb:e0:38:7e:81:cb:36:
                    83:62:b3:d6:4d:08:85:4a:be:53:bf:0f:08:ea:d0:
                    2a:09:b2:be:61:9e:4d:d2:66:4a:e2:9b:4d:16:a6:
                    dd:32:1a:94:7f:51:33:83:ac:04:0f:da:84:10:a3:
                    66:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:AB:ED:36:01:7F:1A:13:7A:F8:EA:C7:B0:CA:3B:E2:E9:0E:29:94
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/k6vtNgF_GhN6-OrHsMo74ukOKZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:367:3953::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:a0:3d:c1:d7:3c:4b:0a:22:ec:bf:d7:5d:e7:f1:51:b5:a6:
         e0:f0:01:44:22:7a:48:cc:74:b8:7f:fd:67:01:c5:e9:66:e1:
         bd:f0:af:82:bb:52:37:80:49:0b:69:ea:56:ad:3c:c7:b6:03:
         47:a4:9d:e1:97:f3:57:f7:8e:69:79:83:c3:6a:52:03:9a:5b:
         bb:b9:48:0a:d3:2b:12:39:1b:9c:d4:f7:0c:9d:98:66:6a:c3:
         c4:52:d5:36:d1:e7:8e:73:e8:76:90:bb:f3:36:90:b1:7f:e7:
         9a:7c:c2:ec:7c:6f:23:1c:e1:ee:25:e8:e1:f6:3f:5a:e5:fd:
         ce:41:91:82:85:38:97:5d:13:a2:e7:ff:b4:1f:9f:16:c4:3b:
         3e:a9:8b:ae:44:b4:b1:9e:05:2f:45:0c:40:87:59:cb:fb:3a:
         85:b9:d9:af:61:c3:7e:58:73:6f:e7:4e:dd:93:a4:33:e9:30:
         2d:77:58:c5:f2:1f:a0:28:23:4c:b2:94:37:7c:48:33:ae:d8:
         89:84:ba:39:78:fa:3a:00:9a:e4:df:b3:82:7d:21:42:a7:85:
         d6:59:8c:14:46:3b:88:3a:74:ef:eb:0a:87:18:72:13:2d:73:
         82:30:cc:25:1b:fb:72:16:9c:51:b2:cc:61:50:21:1c:a3:d2:
         a6:d6:f7:95
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSuZb/g3aa9zgfi8XP7gcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2FiZWQzNjAxN2YxYTEzN2FmOGVhYzdiMGNhM2JlMmU5MGUyOTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBxTssMjA4lCc937/9KrNERRBRDp
rOwZlaXYFEfmPUDdNRkwhzFOHnRyIgpAXoovAGyBgcgibwnXzjxt7wctchN25MTW
vBXlDoik5Rt+a4k982glfzeMqG/jRYhy1CxqUC+48CTIjUtRk+lbMmh82Vd8bgq+
HQ1YNHizcgl+EZTek9GLlPODqfhmk3DgQiWMYBQLYejeWRgr1/IojQXYeYXU8hIj
kQoxByaSkt1B6IF93s/wHYGc1f3MtMxxARG5aArUfaBuuXA6hbvgOH6ByzaDYrPW
TQiFSr5Tvw8I6tAqCbK+YZ5N0mZK4ptNFqbdMhqUf1Ezg6wED9qEEKNmKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJOr7TYBfxoTevjqx7DKO+LpDimUMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvazZ2dE5nRl9HaE42LU9ySHNNbzc0dWtPS1pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEDZzlT
MA0GCSqGSIb3DQEBCwUAA4IBAQBVoD3B1zxLCiLsv9dd5/FRtabg8AFEInpIzHS4
f/1nAcXpZuG98K+Cu1I3gEkLaepWrTzHtgNHpJ3hl/NX945peYPDalIDmlu7uUgK
0ysSORuc1PcMnZhmasPEUtU20eeOc+h2kLvzNpCxf+eafMLsfG8jHOHuJejh9j9a
5f3OQZGChTiXXROi5/+0H58WxDs+qYuuRLSxngUvRQxAh1nL+zqFudmvYcN+WHNv
507dk6Qz6TAtd1jF8h+gKCNMspQ3fEgzrtiJhLo5ePo6AJrk37OCfSFCp4XWWYwU
RjuIOnTv6wqHGHITLXOCMMwlG/tyFpxRssxhUCEco9Km1veV
-----END CERTIFICATE-----