Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/fcfec7-d6c3-4b40-ba2c-f988d48e51e8/1/n6bIDzDvFOD1wwWY66NXA76hacc.roa
File:                     n6bIDzDvFOD1wwWY66NXA76hacc.roa (raw, json)
Hash identifier:          D0fCMhjJVhYFGLZgqDi6VomwxU3ODoqvDawZkliMQWI=
Subject key identifier:   9F:A6:C8:0F:30:EF:14:E0:F5:C3:05:98:EB:A3:57:03:BE:A1:69:C7
Certificate issuer:       /CN=6dfecfa0e6692595cfbea5266076e8e53efd9461
Certificate serial:       018CC348A6B1710513E470116605115DFB8E
Authority key identifier: 6D:FE:CF:A0:E6:69:25:95:CF:BE:A5:26:60:76:E8:E5:3E:FD:94:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bf7PoOZpJZXPvqUmYHbo5T79lGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/fcfec7-d6c3-4b40-ba2c-f988d48e51e8/1/n6bIDzDvFOD1wwWY66NXA76hacc.roa
Signing time:             Mon 01 Jan 2024 04:29:27 +0000
ROA not before:           Mon 01 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208529
IP address blocks:        2a0c:e304:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/fcfec7-d6c3-4b40-ba2c-f988d48e51e8/1/bf7PoOZpJZXPvqUmYHbo5T79lGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/fcfec7-d6c3-4b40-ba2c-f988d48e51e8/1/bf7PoOZpJZXPvqUmYHbo5T79lGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bf7PoOZpJZXPvqUmYHbo5T79lGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a6:b1:71:05:13:e4:70:11:66:05:11:5d:fb:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6dfecfa0e6692595cfbea5266076e8e53efd9461
        Validity
            Not Before: Jan  1 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fa6c80f30ef14e0f5c30598eba35703bea169c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:55:f8:c4:68:6a:32:6d:42:42:1a:6c:8f:80:
                    8c:92:4b:fd:bf:79:09:44:48:52:08:a2:81:75:94:
                    cc:ec:6f:1a:19:0d:68:66:ef:67:90:61:96:e0:50:
                    8b:85:90:4f:6d:de:b1:14:6c:bc:ee:b2:78:9e:bd:
                    34:e1:4f:dd:cd:8a:8a:93:2b:6a:6e:42:f7:42:fe:
                    6b:8b:a8:f6:e0:aa:46:0d:4b:ff:69:0c:1f:9a:34:
                    c4:10:26:8d:ad:e6:c4:4b:99:88:eb:46:44:db:53:
                    24:02:4d:c1:78:67:17:97:1b:81:88:11:b3:c5:29:
                    09:d2:eb:93:9f:bd:26:4c:97:99:75:76:c0:e1:a8:
                    c9:a3:a3:eb:96:06:44:f1:e9:75:29:d6:de:89:95:
                    8a:d0:97:dd:e3:6f:83:2a:e9:db:bf:db:46:08:93:
                    44:30:b8:3c:6d:92:58:df:f6:1e:34:05:17:c2:9e:
                    71:14:c6:21:1e:d5:04:70:3d:a2:ae:41:2e:44:2c:
                    14:ca:b1:cb:5a:01:00:68:db:02:b0:a1:52:4d:00:
                    1d:c1:c0:2e:d4:96:30:86:82:d0:12:02:dd:b0:68:
                    3f:f6:5c:47:7a:32:e5:d9:f8:9f:f4:af:f3:69:14:
                    26:6b:d0:a1:b5:10:42:f0:7b:14:ef:e6:2c:3e:74:
                    0f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:A6:C8:0F:30:EF:14:E0:F5:C3:05:98:EB:A3:57:03:BE:A1:69:C7
            X509v3 Authority Key Identifier:
                keyid:6D:FE:CF:A0:E6:69:25:95:CF:BE:A5:26:60:76:E8:E5:3E:FD:94:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf7PoOZpJZXPvqUmYHbo5T79lGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/fcfec7-d6c3-4b40-ba2c-f988d48e51e8/1/n6bIDzDvFOD1wwWY66NXA76hacc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/fcfec7-d6c3-4b40-ba2c-f988d48e51e8/1/bf7PoOZpJZXPvqUmYHbo5T79lGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:e304:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:42:ce:2a:15:7f:80:ad:07:17:88:72:d9:6c:b5:d4:c9:ef:
         22:7a:4b:26:6a:eb:b3:f9:6c:2d:0e:51:06:b1:e0:19:c6:40:
         3a:a4:db:47:56:ba:1c:21:bf:c2:3d:2f:0c:d8:60:a8:57:2c:
         21:61:9b:ac:82:dd:13:2f:cb:14:42:da:f5:9e:7e:67:4b:99:
         ab:d2:61:22:96:e8:7b:2c:57:15:49:73:53:fc:aa:e2:8b:75:
         31:d1:77:bb:e2:5d:0d:3c:9f:93:9a:d1:7a:49:5f:e2:f4:04:
         b2:aa:05:2c:39:14:96:b7:d1:13:e4:28:e0:63:47:38:63:db:
         25:ce:c5:bc:42:8a:3d:57:dd:80:b6:6c:7a:43:ae:86:37:66:
         f1:9f:ff:fe:42:f5:6c:23:ce:a0:50:ee:ee:fe:61:c1:b6:d2:
         08:e3:f6:f2:90:2d:3c:1f:53:45:0c:04:30:06:5a:5e:04:19:
         d3:06:d7:2a:f7:24:27:04:20:ff:7d:32:49:37:a4:e6:da:35:
         9c:ae:34:00:ac:67:c3:58:4e:ce:43:b7:40:f1:fd:2d:d1:0d:
         95:4a:32:f9:60:68:fa:df:fa:98:0f:17:b4:4b:10:ec:1d:9d:
         6d:ec:2a:45:fe:a4:35:ce:54:f5:d9:b2:be:c2:e0:75:27:4e:
         f4:07:8c:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSKaxcQUT5HARZgURXfuOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZmVjZmEwZTY2OTI1OTVjZmJlYTUyNjYwNzZlOGU1M2Vm
ZDk0NjEwHhcNMjQwMTAxMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmE2YzgwZjMwZWYxNGUwZjVjMzA1OThlYmEzNTcwM2JlYTE2OWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglX4xGhqMm1CQhpsj4CMkkv9v3kJ
REhSCKKBdZTM7G8aGQ1oZu9nkGGW4FCLhZBPbd6xFGy87rJ4nr004U/dzYqKkytq
bkL3Qv5ri6j24KpGDUv/aQwfmjTEECaNrebES5mI60ZE21MkAk3BeGcXlxuBiBGz
xSkJ0uuTn70mTJeZdXbA4ajJo6PrlgZE8el1KdbeiZWK0Jfd42+DKunbv9tGCJNE
MLg8bZJY3/YeNAUXwp5xFMYhHtUEcD2irkEuRCwUyrHLWgEAaNsCsKFSTQAdwcAu
1JYwhoLQEgLdsGg/9lxHejLl2fif9K/zaRQma9ChtRBC8HsU7+YsPnQPPQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ+myA8w7xTg9cMFmOujVwO+oWnHMB8GA1UdIwQY
MBaAFG3+z6DmaSWVz76lJmB26OU+/ZRhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmY3UG9PWnBKWlhQdnFVbVlIYm81VDc5bEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9mY2ZlYzctZDZjMy00YjQwLWJhMmMt
Zjk4OGQ0OGU1MWU4LzEvbjZiSUR6RHZGT0Qxd3dXWTY2TlhBNzZoYWNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9mY2ZlYzctZDZjMy00YjQwLWJhMmMtZjk4OGQ0OGU1MWU4
LzEvYmY3UG9PWnBKWlhQdnFVbVlIYm81VDc5bEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgzjBAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBpQs4qFX+ArQcXiHLZbLXUye8ieksmauuz+Wwt
DlEGseAZxkA6pNtHVrocIb/CPS8M2GCoVywhYZusgt0TL8sUQtr1nn5nS5mr0mEi
luh7LFcVSXNT/Krii3Ux0Xe74l0NPJ+TmtF6SV/i9ASyqgUsORSWt9ET5CjgY0c4
Y9slzsW8Qoo9V92Atmx6Q66GN2bxn//+QvVsI86gUO7u/mHBttII4/bykC08H1NF
DAQwBlpeBBnTBtcq9yQnBCD/fTJJN6Tm2jWcrjQArGfDWE7OQ7dA8f0t0Q2VSjL5
YGj63/qYDxe0SxDsHZ1t7CpF/qQ1zlT12bK+wuB1J070B4wL
-----END CERTIFICATE-----