Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/5a1ef7-f3a4-473c-a69c-48225f3111cf/1/dfAmnZ6YPbMSokMkj9aXTnimKts.roa
File:                     dfAmnZ6YPbMSokMkj9aXTnimKts.roa (raw, json)
Hash identifier:          8LGK+DWJC/3OvyMbK8W8yNDsWsF5KUzZzJ/j9zBob00=
Subject key identifier:   75:F0:26:9D:9E:98:3D:B3:12:A2:43:24:8F:D6:97:4E:78:A6:2A:DB
Certificate issuer:       /CN=6ad0b0e44cc86a51769547c22ad796184b54b092
Certificate serial:       018CC5DD2C70D5E75F4237309B21EB35644E
Authority key identifier: 6A:D0:B0:E4:4C:C8:6A:51:76:95:47:C2:2A:D7:96:18:4B:54:B0:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/atCw5EzIalF2lUfCKteWGEtUsJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/5a1ef7-f3a4-473c-a69c-48225f3111cf/1/dfAmnZ6YPbMSokMkj9aXTnimKts.roa
Signing time:             Mon 01 Jan 2024 16:30:55 +0000
ROA not before:           Mon 01 Jan 2024 16:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25446
IP address blocks:        2a0c:c580::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/5a1ef7-f3a4-473c-a69c-48225f3111cf/1/atCw5EzIalF2lUfCKteWGEtUsJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/5a1ef7-f3a4-473c-a69c-48225f3111cf/1/atCw5EzIalF2lUfCKteWGEtUsJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/atCw5EzIalF2lUfCKteWGEtUsJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:2c:70:d5:e7:5f:42:37:30:9b:21:eb:35:64:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ad0b0e44cc86a51769547c22ad796184b54b092
        Validity
            Not Before: Jan  1 16:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75f0269d9e983db312a243248fd6974e78a62adb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:1f:2e:37:e0:07:68:27:4d:6e:43:06:cd:d7:
                    e2:06:88:4d:a0:22:b7:76:7f:51:e8:a2:c2:89:b5:
                    9c:e6:df:5c:ff:b7:2f:56:74:90:87:90:f3:03:e3:
                    89:fb:12:cd:31:79:25:c8:15:a5:4d:3e:df:fa:e4:
                    16:95:b2:50:ef:ab:bf:db:6d:b2:dd:fb:98:88:f3:
                    99:8e:44:75:1d:7d:4f:5b:f4:54:46:e2:9c:66:f7:
                    25:d3:40:9f:a7:48:d8:5a:22:0b:b2:ee:4e:97:3c:
                    a7:ff:bd:07:95:9d:1f:a3:dc:a1:c6:ef:b0:96:db:
                    d8:a4:6e:06:3f:3a:e7:85:3f:18:2d:17:23:b3:e6:
                    82:f8:b7:68:dd:f6:4c:a4:14:fc:5f:d8:a8:e7:d4:
                    01:5e:44:0c:ff:0b:3c:e3:b3:7f:ee:ef:54:6a:db:
                    85:9b:24:fb:6b:7e:31:39:69:bc:a0:ea:b6:bc:18:
                    0f:a9:b4:9c:24:bc:4f:8d:9e:79:dd:6f:22:75:16:
                    75:52:bd:f8:51:13:5f:ed:6f:d0:54:56:f2:99:51:
                    dc:aa:44:20:6a:9f:68:22:25:f4:82:a9:1f:5d:3a:
                    77:7b:11:8a:97:b7:21:a5:e7:04:81:0a:c1:72:fa:
                    76:c4:1b:50:6a:33:05:75:32:a2:d5:40:e9:62:33:
                    51:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:F0:26:9D:9E:98:3D:B3:12:A2:43:24:8F:D6:97:4E:78:A6:2A:DB
            X509v3 Authority Key Identifier:
                keyid:6A:D0:B0:E4:4C:C8:6A:51:76:95:47:C2:2A:D7:96:18:4B:54:B0:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/atCw5EzIalF2lUfCKteWGEtUsJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/5a1ef7-f3a4-473c-a69c-48225f3111cf/1/dfAmnZ6YPbMSokMkj9aXTnimKts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/5a1ef7-f3a4-473c-a69c-48225f3111cf/1/atCw5EzIalF2lUfCKteWGEtUsJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:c580::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:ac:34:5d:61:3f:2c:ac:d0:91:fb:4b:85:d8:aa:b3:13:95:
         4b:d8:0f:27:27:03:ac:3c:db:6c:e4:4d:78:e9:78:82:58:38:
         fb:11:93:bb:ad:79:60:57:7b:d9:be:d9:d7:33:da:8c:32:38:
         ee:bb:65:70:7f:ce:f2:4c:ca:84:5c:3d:67:65:fc:d0:ef:cc:
         92:cb:9d:8a:b6:17:c5:c7:fc:3e:a5:42:d7:0a:c2:c7:31:6c:
         35:de:51:7c:c3:54:7d:2f:45:a8:06:7b:8b:bc:fe:bc:8d:3a:
         b2:83:84:ac:01:17:88:15:52:bc:da:32:e9:b2:d2:08:bb:66:
         b1:1a:f2:14:99:52:4f:8c:a3:4f:a8:03:2b:97:a3:f7:f1:94:
         9f:19:69:d3:23:52:0c:55:d7:5f:56:c1:ee:c4:ae:07:65:e8:
         79:6e:b6:7b:86:d7:4d:79:a1:a8:2e:3b:8c:c4:2c:ff:d8:e5:
         64:f6:95:a9:d7:6a:b6:9a:44:5b:ca:9d:cf:52:c4:21:07:d4:
         8a:ba:ac:4b:04:53:02:a5:0d:32:8f:1b:80:b0:af:b8:26:58:
         91:03:10:7d:42:26:31:3c:f6:1b:79:08:5d:b0:8e:c0:1a:86:
         97:96:d1:b1:8d:c2:bc:24:b4:fd:6b:c9:f6:d2:21:27:ff:e7:
         ea:31:b7:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3Sxw1edfQjcwmyHrNWROMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhZDBiMGU0NGNjODZhNTE3Njk1NDdjMjJhZDc5NjE4NGI1
NGIwOTIwHhcNMjQwMTAxMTYzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWYwMjY5ZDllOTgzZGIzMTJhMjQzMjQ4ZmQ2OTc0ZTc4YTYyYWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlB8uN+AHaCdNbkMGzdfiBohNoCK3
dn9R6KLCibWc5t9c/7cvVnSQh5DzA+OJ+xLNMXklyBWlTT7f+uQWlbJQ76u/222y
3fuYiPOZjkR1HX1PW/RURuKcZvcl00Cfp0jYWiILsu5Olzyn/70HlZ0fo9yhxu+w
ltvYpG4GPzrnhT8YLRcjs+aC+Ldo3fZMpBT8X9io59QBXkQM/ws847N/7u9UatuF
myT7a34xOWm8oOq2vBgPqbScJLxPjZ553W8idRZ1Ur34URNf7W/QVFbymVHcqkQg
ap9oIiX0gqkfXTp3exGKl7chpecEgQrBcvp2xBtQajMFdTKi1UDpYjNRbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHXwJp2emD2zEqJDJI/Wl054pirbMB8GA1UdIwQY
MBaAFGrQsORMyGpRdpVHwirXlhhLVLCSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXRDdzVFeklhbEYybFVmQ0t0ZVdHRXRVc0pJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81YTFlZjctZjNhNC00NzNjLWE2OWMt
NDgyMjVmMzExMWNmLzEvZGZBbW5aNllQYk1Tb2tNa2o5YVhUbmltS3RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81YTFlZjctZjNhNC00NzNjLWE2OWMtNDgyMjVmMzExMWNm
LzEvYXRDdzVFeklhbEYybFVmQ0t0ZVdHRXRVc0pJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgzFgAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA1rDRdYT8srNCR+0uF2KqzE5VL2A8nJwOsPNts
5E146XiCWDj7EZO7rXlgV3vZvtnXM9qMMjjuu2Vwf87yTMqEXD1nZfzQ78ySy52K
thfFx/w+pULXCsLHMWw13lF8w1R9L0WoBnuLvP68jTqyg4SsAReIFVK82jLpstII
u2axGvIUmVJPjKNPqAMrl6P38ZSfGWnTI1IMVddfVsHuxK4HZeh5brZ7htdNeaGo
LjuMxCz/2OVk9pWp12q2mkRbyp3PUsQhB9SKuqxLBFMCpQ0yjxuAsK+4JliRAxB9
QiYxPPYbeQhdsI7AGoaXltGxjcK8JLT9a8n20iEn/+fqMbe7
-----END CERTIFICATE-----