Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/6c4f44-549b-455e-b520-f7c539fc6018/1/as6MxFnsgQJMhgg-T5A7cfc8HbQ.roa
File:                     as6MxFnsgQJMhgg-T5A7cfc8HbQ.roa (raw, json)
Hash identifier:          30x2scjO+6YRqx9FOQkN67odA/VLMtxpTl9Pkk+k/GA=
Subject key identifier:   6A:CE:8C:C4:59:EC:81:02:4C:86:08:3E:4F:90:3B:71:F7:3C:1D:B4
Certificate issuer:       /CN=47b770eac8a7363f4cb8a88c2e36e2d694b39068
Certificate serial:       018CC424794FF9E23D8174A8AF89E0BF243B
Authority key identifier: 47:B7:70:EA:C8:A7:36:3F:4C:B8:A8:8C:2E:36:E2:D6:94:B3:90:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R7dw6sinNj9MuKiMLjbi1pSzkGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/6c4f44-549b-455e-b520-f7c539fc6018/1/as6MxFnsgQJMhgg-T5A7cfc8HbQ.roa
Signing time:             Mon 01 Jan 2024 08:29:33 +0000
ROA not before:           Mon 01 Jan 2024 08:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50068
IP address blocks:        193.160.16.0/22 maxlen: 24
                          2a0c:9cc0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/6c4f44-549b-455e-b520-f7c539fc6018/1/R7dw6sinNj9MuKiMLjbi1pSzkGg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/6c4f44-549b-455e-b520-f7c539fc6018/1/R7dw6sinNj9MuKiMLjbi1pSzkGg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R7dw6sinNj9MuKiMLjbi1pSzkGg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:79:4f:f9:e2:3d:81:74:a8:af:89:e0:bf:24:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47b770eac8a7363f4cb8a88c2e36e2d694b39068
        Validity
            Not Before: Jan  1 08:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ace8cc459ec81024c86083e4f903b71f73c1db4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:46:89:2a:49:0f:88:37:e7:eb:03:55:e9:fe:
                    67:44:5f:41:5a:6f:9d:ed:14:f3:be:55:f0:37:2c:
                    d1:a6:b9:23:0a:da:f3:b5:23:ea:fa:bd:47:ef:08:
                    38:9d:4a:ad:66:00:33:ca:73:29:56:f5:cc:40:9c:
                    f1:44:0d:a8:d3:26:65:fd:c6:9a:d1:fc:92:97:1b:
                    a9:c9:0d:82:eb:f6:58:89:1f:18:08:20:73:17:ca:
                    4b:7c:91:73:22:e9:07:2b:7e:f3:89:56:fa:44:84:
                    64:c1:e5:6c:9f:21:95:62:20:d7:12:7f:e9:ee:a7:
                    1c:a0:52:7a:c6:8a:be:6c:af:6d:db:7b:78:4c:16:
                    38:d9:d2:bd:de:d4:d8:92:9a:8b:e5:8d:ac:b2:9e:
                    20:b9:89:8a:e0:60:5a:0b:43:fd:0e:d8:17:e7:1c:
                    3d:64:32:21:d4:ad:b0:98:2e:9d:58:9f:cd:88:dd:
                    eb:80:40:d8:f0:ff:e7:ff:64:7e:a8:fc:72:7c:88:
                    5f:24:2c:f6:7c:21:fe:bf:de:04:88:8e:78:6a:d2:
                    ba:44:d4:35:91:77:43:48:d8:05:8b:d2:01:f8:21:
                    8a:e1:fa:d3:54:89:ca:86:d0:ad:f6:39:b1:dd:2e:
                    1a:54:81:d9:f3:09:ea:b3:54:52:4c:7d:17:74:80:
                    89:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:CE:8C:C4:59:EC:81:02:4C:86:08:3E:4F:90:3B:71:F7:3C:1D:B4
            X509v3 Authority Key Identifier:
                keyid:47:B7:70:EA:C8:A7:36:3F:4C:B8:A8:8C:2E:36:E2:D6:94:B3:90:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R7dw6sinNj9MuKiMLjbi1pSzkGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/6c4f44-549b-455e-b520-f7c539fc6018/1/as6MxFnsgQJMhgg-T5A7cfc8HbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/6c4f44-549b-455e-b520-f7c539fc6018/1/R7dw6sinNj9MuKiMLjbi1pSzkGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.16.0/22
                IPv6:
                  2a0c:9cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2e:c4:7b:a2:9e:08:35:56:14:1e:88:cd:22:85:62:86:78:f6:
         05:45:e3:4c:2b:fb:dc:43:dc:c7:ad:ef:dd:6a:98:33:0b:51:
         cb:28:a5:75:58:c2:cb:58:8f:88:7e:9c:ad:05:97:4c:dc:dd:
         2c:c4:0c:8f:c0:00:fa:f1:cd:80:02:f6:f8:bd:73:71:71:c2:
         05:dd:bb:9f:98:64:2d:e6:d0:43:1b:38:ef:17:2e:86:86:ff:
         29:5d:1a:40:ef:83:5b:94:2e:bf:0a:de:b0:85:64:3f:88:cc:
         72:05:94:e8:e7:1a:78:7f:6b:65:c5:d5:08:51:44:6f:fc:93:
         29:97:4f:f8:aa:62:4e:f0:84:27:db:98:4a:df:b5:91:05:3d:
         fd:53:10:0c:b4:a0:41:d8:44:7b:67:33:66:aa:61:24:59:cd:
         2e:27:2e:f8:3c:a4:e4:ed:6d:ad:58:2d:4e:35:9e:53:8b:a7:
         72:40:0c:ff:2c:0c:4d:33:94:27:7d:2c:5d:ee:7e:47:94:f1:
         14:fc:9f:96:c9:06:70:d4:00:c9:24:66:a6:d4:1f:92:86:6e:
         4d:f8:c4:7c:63:8d:2a:4a:2c:84:ad:56:42:df:11:37:ff:b5:
         6f:18:39:05:0e:18:a8:17:44:11:0a:28:8c:67:eb:5e:dd:83:
         5f:d8:a0:e0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJHlP+eI9gXSor4ngvyQ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3Yjc3MGVhYzhhNzM2M2Y0Y2I4YTg4YzJlMzZlMmQ2OTRi
MzkwNjgwHhcNMjQwMTAxMDgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWNlOGNjNDU5ZWM4MTAyNGM4NjA4M2U0ZjkwM2I3MWY3M2MxZGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEaJKkkPiDfn6wNV6f5nRF9BWm+d
7RTzvlXwNyzRprkjCtrztSPq+r1H7wg4nUqtZgAzynMpVvXMQJzxRA2o0yZl/caa
0fySlxupyQ2C6/ZYiR8YCCBzF8pLfJFzIukHK37ziVb6RIRkweVsnyGVYiDXEn/p
7qccoFJ6xoq+bK9t23t4TBY42dK93tTYkpqL5Y2ssp4guYmK4GBaC0P9DtgX5xw9
ZDIh1K2wmC6dWJ/NiN3rgEDY8P/n/2R+qPxyfIhfJCz2fCH+v94EiI54atK6RNQ1
kXdDSNgFi9IB+CGK4frTVInKhtCt9jmx3S4aVIHZ8wnqs1RSTH0XdICJ2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGrOjMRZ7IECTIYIPk+QO3H3PB20MB8GA1UdIwQY
MBaAFEe3cOrIpzY/TLiojC424taUs5BoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjdkdzZzaW5OajlNdUtpTUxqYmkxcFN6a0dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC82YzRmNDQtNTQ5Yi00NTVlLWI1MjAt
ZjdjNTM5ZmM2MDE4LzEvYXM2TXhGbnNnUUpNaGdnLVQ1QTdjZmM4SGJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC82YzRmNDQtNTQ5Yi00NTVlLWI1MjAtZjdjNTM5ZmM2MDE4
LzEvUjdkdzZzaW5OajlNdUtpTUxqYmkxcFN6a0dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwaAQMA0E
AgACMAcDBQMqDJzAMA0GCSqGSIb3DQEBCwUAA4IBAQAuxHuingg1VhQeiM0ihWKG
ePYFReNMK/vcQ9zHre/dapgzC1HLKKV1WMLLWI+IfpytBZdM3N0sxAyPwAD68c2A
Avb4vXNxccIF3bufmGQt5tBDGzjvFy6Ghv8pXRpA74NblC6/Ct6whWQ/iMxyBZTo
5xp4f2tlxdUIUURv/JMpl0/4qmJO8IQn25hK37WRBT39UxAMtKBB2ER7ZzNmqmEk
Wc0uJy74PKTk7W2tWC1ONZ5Ti6dyQAz/LAxNM5QnfSxd7n5HlPEU/J+WyQZw1ADJ
JGam1B+Shm5N+MR8Y40qSiyErVZC3xE3/7VvGDkFDhioF0QRCiiMZ+te3YNf2KDg
-----END CERTIFICATE-----