Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/ae2EuunLqYk3eqNTCaHc1dNYm6g.roa
File:                     ae2EuunLqYk3eqNTCaHc1dNYm6g.roa (raw, json)
Hash identifier:          1et/qKyHzFihy287JrknRzQdDphC/+p48crgfp44Ho8=
Subject key identifier:   69:ED:84:BA:E9:CB:A9:89:37:7A:A3:53:09:A1:DC:D5:D3:58:9B:A8
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B622FBC6C29E10F3BA4C5E8B14B28
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/ae2EuunLqYk3eqNTCaHc1dNYm6g.roa
Signing time:             Tue 02 Jan 2024 12:34:49 +0000
ROA not before:           Tue 02 Jan 2024 12:34:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205613
IP address blocks:        2a06:8ec6:2::/48 maxlen: 48
                          2a06:8ec6:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:62:2f:bc:6c:29:e1:0f:3b:a4:c5:e8:b1:4b:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69ed84bae9cba989377aa35309a1dcd5d3589ba8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d9:cf:f7:ad:70:16:0d:c1:52:13:42:e3:c6:
                    2a:4e:6b:47:9d:c0:b3:f6:fd:94:a7:86:a4:94:ff:
                    e4:b7:81:97:42:fe:d8:d2:de:05:40:94:83:d5:0a:
                    89:ee:de:f3:f5:71:4b:81:32:71:fe:3d:7e:14:00:
                    69:48:3b:f4:7e:0d:c8:b8:42:6a:01:79:93:03:9c:
                    0c:0d:c4:ed:d9:e7:ea:8f:7a:0c:dd:e6:63:ee:72:
                    ce:f2:93:74:e5:b7:b6:0e:dc:4a:0c:fe:c8:7b:d7:
                    41:2c:18:ee:9b:eb:c5:f1:62:c9:10:4d:b2:48:6f:
                    5e:88:b6:35:ee:bd:5a:5a:95:dd:73:81:83:ac:53:
                    57:42:ed:4a:db:39:aa:04:6b:98:73:d1:08:83:7a:
                    b9:b4:c9:61:4b:53:8d:14:39:5d:4f:ed:23:45:51:
                    45:06:8c:8f:fe:75:4e:07:1b:ff:b9:72:e7:38:ab:
                    ce:84:0b:3f:cf:1c:02:20:ca:93:22:05:a7:7d:13:
                    6e:22:0d:9e:a4:e0:fe:44:80:3d:4a:bb:30:7a:36:
                    2e:3e:e6:52:39:4e:50:43:46:71:be:a0:b0:e8:05:
                    f4:74:07:7a:33:5f:02:2a:f1:57:fc:0d:93:b5:2a:
                    b1:bf:b6:1e:af:16:8f:ea:d1:1b:f5:ec:42:4a:e3:
                    70:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:ED:84:BA:E9:CB:A9:89:37:7A:A3:53:09:A1:DC:D5:D3:58:9B:A8
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/ae2EuunLqYk3eqNTCaHc1dNYm6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:8ec6:1::-2a06:8ec6:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         1d:e1:59:5d:67:e4:1b:be:3f:8c:73:ae:1e:cc:72:74:cb:82:
         db:b0:5d:62:89:87:d4:ac:3c:19:a1:4c:56:65:1a:e0:c3:f3:
         58:f0:49:51:46:56:7b:ae:80:3c:9f:5d:13:06:fb:da:93:9b:
         09:a2:53:2d:95:d7:67:5f:b1:0f:4c:cc:d6:b9:a8:b2:a2:7b:
         ff:b4:c5:af:fe:fe:c5:9d:81:43:2d:70:62:17:ba:3f:01:58:
         50:fe:22:48:ab:42:93:af:e1:8e:ca:15:ec:08:9a:67:b1:e9:
         3b:87:04:6d:80:59:7c:d1:de:87:39:00:a1:8c:b1:ca:60:da:
         a4:a8:bf:6c:78:05:b8:c3:93:d8:bc:93:1d:ad:7f:0c:d6:fe:
         cc:a8:a3:cd:41:33:7d:9c:ca:40:58:8f:c6:2f:1f:7e:7b:e2:
         cb:a2:50:22:27:26:2c:59:76:13:02:2a:a2:5e:03:a6:f9:32:
         0f:68:ff:62:09:62:50:a9:ab:a8:9d:d4:82:38:d8:a1:d3:0d:
         32:25:e9:ce:84:94:dc:09:4b:96:e8:f6:2d:6e:8d:1c:ff:2a:
         95:3d:ac:82:46:d7:b5:4c:71:16:2a:e4:0a:0f:93:bd:e2:74:
         66:50:aa:bd:86:d6:8a:58:8a:5d:b5:f6:16:34:e3:f1:5c:69:
         4f:72:44:20
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzKK2IvvGwp4Q87pMXosUsoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWVkODRiYWU5Y2JhOTg5Mzc3YWEzNTMwOWExZGNkNWQzNTg5YmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9nP961wFg3BUhNC48YqTmtHncCz
9v2Up4aklP/kt4GXQv7Y0t4FQJSD1QqJ7t7z9XFLgTJx/j1+FABpSDv0fg3IuEJq
AXmTA5wMDcTt2efqj3oM3eZj7nLO8pN05be2DtxKDP7Ie9dBLBjum+vF8WLJEE2y
SG9eiLY17r1aWpXdc4GDrFNXQu1K2zmqBGuYc9EIg3q5tMlhS1ONFDldT+0jRVFF
BoyP/nVOBxv/uXLnOKvOhAs/zxwCIMqTIgWnfRNuIg2epOD+RIA9SrswejYuPuZS
OU5QQ0ZxvqCw6AX0dAd6M18CKvFX/A2TtSqxv7YerxaP6tEb9exCSuNw4wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGnthLrpy6mJN3qjUwmh3NXTWJuoMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvYWUyRXV1bkxxWWszZXFOVENhSGMxZE5ZbTZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqBo7G
AAEDBwAqBo7GAAIwDQYJKoZIhvcNAQELBQADggEBAB3hWV1n5Bu+P4xzrh7McnTL
gtuwXWKJh9SsPBmhTFZlGuDD81jwSVFGVnuugDyfXRMG+9qTmwmiUy2V12dfsQ9M
zNa5qLKie/+0xa/+/sWdgUMtcGIXuj8BWFD+IkirQpOv4Y7KFewImmex6TuHBG2A
WXzR3oc5AKGMscpg2qSov2x4BbjDk9i8kx2tfwzW/syoo81BM32cykBYj8YvH357
4suiUCInJixZdhMCKqJeA6b5Mg9o/2IJYlCpq6id1II42KHTDTIl6c6ElNwJS5bo
9i1ujRz/KpU9rIJG17VMcRYq5AoPk73idGZQqr2G1opYil219hY04/FcaU9yRCA=
-----END CERTIFICATE-----