Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/kLmTGMT64V_r9iBhmYXhsIylSZ8.roa
File:                     kLmTGMT64V_r9iBhmYXhsIylSZ8.roa (raw, json)
Hash identifier:          AEMqYkuLgT/4w0cG/PGxXrZfXOh1RfljKomZGfDwYjY=
Subject key identifier:   90:B9:93:18:C4:FA:E1:5F:EB:F6:20:61:99:85:E1:B0:8C:A5:49:9F
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D81F065CDA9422AB374DB62C7F71553F1
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/kLmTGMT64V_r9iBhmYXhsIylSZ8.roa
Signing time:             Wed 07 Feb 2024 05:00:32 +0000
ROA not before:           Wed 07 Feb 2024 05:00:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57417
IP address blocks:        2a0f:b241:30::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:81:f0:65:cd:a9:42:2a:b3:74:db:62:c7:f7:15:53:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  7 05:00:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90b99318c4fae15febf620619985e1b08ca5499f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:55:dd:9a:ab:72:5d:b7:ea:65:21:2d:c0:a8:
                    b0:c4:55:fa:35:19:a2:09:f7:a0:24:a7:25:51:fc:
                    31:41:ac:c0:74:f7:42:f8:53:57:f4:90:46:57:3f:
                    9d:1d:33:9f:ee:2c:1a:9d:3b:4e:52:c9:99:15:eb:
                    7c:f0:ad:78:0e:e6:36:e7:9a:22:b6:68:81:dc:8e:
                    a2:df:98:f3:e9:24:ac:6a:cb:d6:21:f5:2a:2a:48:
                    65:d7:58:bf:2b:1c:5b:fa:c4:d9:18:12:df:e9:bc:
                    71:fc:ac:c1:3b:01:54:c9:46:56:b0:4a:05:48:9a:
                    cd:0d:5c:e9:d8:62:fd:3d:c7:1c:82:b1:99:71:0c:
                    56:18:d1:1c:2f:30:ba:b8:b1:b7:0f:9a:68:cd:44:
                    a9:e4:fa:d6:05:58:d0:e5:0e:78:68:33:c3:94:ba:
                    c7:2d:66:bb:8f:ee:56:49:5b:29:ad:33:18:b2:e7:
                    a3:99:a7:df:14:d8:80:7a:d0:2b:28:d8:b6:f4:7f:
                    42:ec:98:8a:88:3d:03:7f:41:f1:cd:52:ad:a5:e6:
                    3b:14:d3:b5:bc:e8:cf:a8:fd:6e:de:e8:0c:98:08:
                    09:9f:ec:bc:38:48:20:d6:38:93:da:bc:bf:10:3c:
                    4b:53:01:f8:f6:52:90:4f:29:8d:9b:ae:35:cb:13:
                    4c:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B9:93:18:C4:FA:E1:5F:EB:F6:20:61:99:85:E1:B0:8C:A5:49:9F
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/kLmTGMT64V_r9iBhmYXhsIylSZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:30::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:af:54:53:43:be:e4:8e:a0:92:9f:93:d4:c0:f2:48:f4:1e:
         fa:c4:e2:93:8f:d3:6f:31:48:00:7d:3c:4d:6c:c4:b4:df:f2:
         92:10:cd:24:60:fd:5d:cc:8c:a2:29:e1:ed:e8:10:49:66:f8:
         14:c1:19:d7:0f:11:fb:2c:ed:52:9b:99:c4:38:b3:76:b6:f0:
         73:5d:4f:f5:ea:56:20:e4:ea:4d:62:b8:bd:9e:55:1b:4b:2f:
         9c:90:f5:ee:71:cd:e0:17:77:91:6e:5f:8e:a2:11:ae:53:94:
         60:70:4c:de:3e:b4:7c:fe:0e:d2:2e:70:ea:c0:61:73:52:4d:
         ad:aa:ac:e3:ef:8d:61:ad:3a:a8:cf:7a:96:33:9c:5e:29:16:
         4d:93:e8:98:e2:d8:1f:c7:bf:ce:7d:2e:e4:11:58:bf:8a:c0:
         4c:a0:57:f8:29:f6:62:a7:d7:29:3c:67:dd:97:6c:e2:91:f8:
         46:fb:ae:3d:7a:69:36:e8:b1:39:ad:89:1f:af:a1:e1:04:20:
         d9:48:e8:ea:c3:55:99:ab:6e:4d:b6:71:00:bf:22:43:a1:31:
         64:4d:9a:62:bf:a2:1a:9d:9c:64:84:4d:08:1b:e7:2c:5d:dd:
         f9:a7:9d:63:01:fd:ee:e0:9d:84:e4:2c:bf:89:19:0d:8b:d2:
         8d:f2:1c:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2B8GXNqUIqs3TbYsf3FVPxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA3MDUwMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGI5OTMxOGM0ZmFlMTVmZWJmNjIwNjE5OTg1ZTFiMDhjYTU0OTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllXdmqtyXbfqZSEtwKiwxFX6NRmi
CfegJKclUfwxQazAdPdC+FNX9JBGVz+dHTOf7iwanTtOUsmZFet88K14DuY255oi
tmiB3I6i35jz6SSsasvWIfUqKkhl11i/Kxxb+sTZGBLf6bxx/KzBOwFUyUZWsEoF
SJrNDVzp2GL9PcccgrGZcQxWGNEcLzC6uLG3D5pozUSp5PrWBVjQ5Q54aDPDlLrH
LWa7j+5WSVsprTMYsuejmaffFNiAetArKNi29H9C7JiKiD0Df0HxzVKtpeY7FNO1
vOjPqP1u3ugMmAgJn+y8OEgg1jiT2ry/EDxLUwH49lKQTymNm641yxNM1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJC5kxjE+uFf6/YgYZmF4bCMpUmfMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEva0xtVEdNVDY0Vl9yOWlCaG1ZWGhzSXlsU1o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQAw
MA0GCSqGSIb3DQEBCwUAA4IBAQBJr1RTQ77kjqCSn5PUwPJI9B76xOKTj9NvMUgA
fTxNbMS03/KSEM0kYP1dzIyiKeHt6BBJZvgUwRnXDxH7LO1Sm5nEOLN2tvBzXU/1
6lYg5OpNYri9nlUbSy+ckPXucc3gF3eRbl+OohGuU5RgcEzePrR8/g7SLnDqwGFz
Uk2tqqzj741hrTqoz3qWM5xeKRZNk+iY4tgfx7/OfS7kEVi/isBMoFf4KfZip9cp
PGfdl2zikfhG+649emk26LE5rYkfr6HhBCDZSOjqw1WZq25NtnEAvyJDoTFkTZpi
v6IanZxkhE0IG+csXd35p51jAf3u4J2E5Cy/iRkNi9KN8hyW
-----END CERTIFICATE-----