Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/6GMz6HrG4CmkoY4FYdNv3ZZZsfU.roa
File:                     6GMz6HrG4CmkoY4FYdNv3ZZZsfU.roa (raw, json)
Hash identifier:          D6KkuY5KrQAXrlhw72esUlARUjx0mHTWETxothMbICc=
Subject key identifier:   E8:63:33:E8:7A:C6:E0:29:A4:A1:8E:05:61:D3:6F:DD:96:59:B1:F5
Certificate issuer:       /CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
Certificate serial:       018CC9BB947C37934E725820E3C7C2D4319A
Authority key identifier: D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/6GMz6HrG4CmkoY4FYdNv3ZZZsfU.roa
Signing time:             Tue 02 Jan 2024 10:32:42 +0000
ROA not before:           Tue 02 Jan 2024 10:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2613
IP address blocks:        2a02:2528:2613::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 02:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:94:7c:37:93:4e:72:58:20:e3:c7:c2:d4:31:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
        Validity
            Not Before: Jan  2 10:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e86333e87ac6e029a4a18e0561d36fdd9659b1f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:98:cb:4b:4b:38:88:12:2b:80:38:22:49:19:
                    10:1c:3a:03:8a:e1:b6:6b:68:a4:c0:ed:60:12:af:
                    5b:24:64:52:2e:f1:4d:22:fd:23:30:27:a1:4e:42:
                    f8:00:2a:23:ca:4a:d1:b2:5e:18:78:a0:57:00:ae:
                    fc:64:34:7f:b1:63:ba:3c:33:4b:d7:fe:9c:c6:b9:
                    42:65:4c:bd:9e:a8:33:5c:75:a7:ec:b5:a3:37:ae:
                    d9:de:fe:0c:05:4c:be:3e:44:33:3d:d2:d8:40:2a:
                    57:2d:2f:e9:fb:23:08:77:a4:b8:4f:cc:48:0c:e7:
                    44:22:c5:9f:1f:80:ca:19:02:7c:29:55:95:d8:bb:
                    60:27:a8:11:df:ba:1b:44:1a:3a:05:fc:26:b6:c3:
                    83:cb:f0:63:1e:bc:4c:d7:93:78:8b:63:5c:c7:c3:
                    8f:17:94:04:52:fd:95:f8:84:b1:0c:b2:cf:27:68:
                    f3:e4:ca:7b:17:6e:61:58:21:e0:e4:db:f6:4b:5f:
                    4c:6c:28:17:06:ab:b5:38:f8:9e:bb:9d:de:72:25:
                    45:34:b9:f3:f5:0a:ad:e5:03:80:4f:27:1c:ba:30:
                    17:57:68:3e:d0:07:a4:31:93:19:72:bf:42:11:90:
                    90:73:34:f8:68:e9:77:95:91:bb:56:a3:c5:d3:45:
                    97:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:63:33:E8:7A:C6:E0:29:A4:A1:8E:05:61:D3:6F:DD:96:59:B1:F5
            X509v3 Authority Key Identifier:
                keyid:D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/6GMz6HrG4CmkoY4FYdNv3ZZZsfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2528:2613::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:a4:0a:14:42:17:f2:c7:06:00:af:15:37:63:16:4b:45:c0:
         4c:ed:ef:72:66:73:2d:62:2c:9f:d5:5a:ab:03:5d:17:d9:f0:
         a1:ac:7c:d1:cb:2d:4d:a8:42:57:9b:bc:24:c0:61:ac:86:7e:
         29:75:04:53:aa:e0:c5:a6:5c:16:c2:a1:57:fb:cc:85:ea:c1:
         6f:7a:8f:31:57:a4:d0:26:db:8a:70:c2:8c:0d:d0:66:e0:d7:
         24:5f:20:cd:08:39:02:70:03:f4:5e:48:4b:0d:70:c6:ce:f5:
         f2:ed:87:23:4b:8d:72:cc:4b:00:7c:86:02:7e:e8:4e:18:d9:
         e5:6e:76:7b:02:f5:5e:9a:64:b0:16:48:ca:9c:6b:aa:29:ad:
         4d:8a:a7:73:dd:ef:9e:54:13:0f:41:ea:88:39:c0:15:bf:b0:
         38:d3:54:5c:1e:21:ce:80:79:18:f8:8b:0e:3c:9b:49:10:29:
         94:6e:97:0b:af:bf:b6:09:bf:c9:ae:fd:86:c4:5e:df:e2:33:
         73:53:53:70:93:0f:f9:13:87:0e:34:cf:d6:0e:81:eb:a1:44:
         23:8a:94:f5:18:a4:9b:b8:f1:2b:87:93:81:2a:19:4b:e0:71:
         cc:59:7c:7d:90:7f:e1:04:29:3f:1f:60:92:53:12:a6:ec:e2:
         c1:9a:21:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJu5R8N5NOclgg48fC1DGaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZmMwYmVjNjBkMGJhY2UxODg5Njc3YmQ5YmI5MDE5MGNj
NGZkMjIwHhcNMjQwMTAyMTAzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODYzMzNlODdhYzZlMDI5YTRhMThlMDU2MWQzNmZkZDk2NTliMWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpjLS0s4iBIrgDgiSRkQHDoDiuG2
a2ikwO1gEq9bJGRSLvFNIv0jMCehTkL4ACojykrRsl4YeKBXAK78ZDR/sWO6PDNL
1/6cxrlCZUy9nqgzXHWn7LWjN67Z3v4MBUy+PkQzPdLYQCpXLS/p+yMId6S4T8xI
DOdEIsWfH4DKGQJ8KVWV2LtgJ6gR37obRBo6BfwmtsODy/BjHrxM15N4i2Ncx8OP
F5QEUv2V+ISxDLLPJ2jz5Mp7F25hWCHg5Nv2S19MbCgXBqu1OPieu53eciVFNLnz
9Qqt5QOATyccujAXV2g+0AekMZMZcr9CEZCQczT4aOl3lZG7VqPF00WX5wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOhjM+h6xuAppKGOBWHTb92WWbH1MB8GA1UdIwQY
MBaAFNn8C+xg0LrOGIlne9m7kBkMxP0iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjkt
MzQ2OTAzNGZhNDQxLzEvNkdNejZIckc0Q21rb1k0RllkTnYzWlpac2ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjktMzQ2OTAzNGZhNDQx
LzEvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIlKCYT
MA0GCSqGSIb3DQEBCwUAA4IBAQBOpAoUQhfyxwYArxU3YxZLRcBM7e9yZnMtYiyf
1VqrA10X2fChrHzRyy1NqEJXm7wkwGGshn4pdQRTquDFplwWwqFX+8yF6sFveo8x
V6TQJtuKcMKMDdBm4NckXyDNCDkCcAP0XkhLDXDGzvXy7YcjS41yzEsAfIYCfuhO
GNnlbnZ7AvVemmSwFkjKnGuqKa1Niqdz3e+eVBMPQeqIOcAVv7A401RcHiHOgHkY
+IsOPJtJECmUbpcLr7+2Cb/Jrv2GxF7f4jNzU1Nwkw/5E4cONM/WDoHroUQjipT1
GKSbuPErh5OBKhlL4HHMWXx9kH/hBCk/H2CSUxKm7OLBmiHJ
-----END CERTIFICATE-----