Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/Wp6_GeHw6C1DrWKI0VCt2DpI3M0.roa
File:                     Wp6_GeHw6C1DrWKI0VCt2DpI3M0.roa (raw, json)
Hash identifier:          pZYQtrFKXSz+jjg1GeXOU2ODdGMy/LGb4ecm8IyIFcM=
Subject key identifier:   5A:9E:BF:19:E1:F0:E8:2D:43:AD:62:88:D1:50:AD:D8:3A:48:DC:CD
Certificate issuer:       /CN=667d377dd4c830c246cb48a934699699e4b37741
Certificate serial:       018CC7933900A37F2CA7FE66DFA98327B5F2
Authority key identifier: 66:7D:37:7D:D4:C8:30:C2:46:CB:48:A9:34:69:96:99:E4:B3:77:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zn03fdTIMMJGy0ipNGmWmeSzd0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/Wp6_GeHw6C1DrWKI0VCt2DpI3M0.roa
Signing time:             Tue 02 Jan 2024 00:29:23 +0000
ROA not before:           Tue 02 Jan 2024 00:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199116
IP address blocks:        2a09:6847::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/Zn03fdTIMMJGy0ipNGmWmeSzd0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/Zn03fdTIMMJGy0ipNGmWmeSzd0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zn03fdTIMMJGy0ipNGmWmeSzd0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:39:00:a3:7f:2c:a7:fe:66:df:a9:83:27:b5:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=667d377dd4c830c246cb48a934699699e4b37741
        Validity
            Not Before: Jan  2 00:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a9ebf19e1f0e82d43ad6288d150add83a48dccd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:84:60:f5:27:30:a6:ea:10:f7:f4:67:4c:57:
                    8b:83:e6:dc:c3:d0:4d:7d:79:a0:56:07:0d:b2:22:
                    08:97:69:1c:3b:87:4a:71:7a:50:3b:6a:80:8f:be:
                    eb:56:e7:23:d4:17:1d:02:18:47:0d:32:36:2b:1b:
                    c4:ae:4f:b7:6a:74:4d:02:2f:bf:4f:9d:1a:55:94:
                    78:02:1d:ad:62:99:53:9a:6b:a9:a6:61:33:a5:39:
                    44:2e:b7:7a:b3:01:4d:c1:34:2b:9d:7b:3a:9b:8a:
                    af:57:df:d0:6f:ae:11:33:6f:3b:b8:ba:70:a6:56:
                    d9:55:f6:d3:95:38:c3:4f:4b:80:61:24:a2:a8:56:
                    2a:fa:d5:9f:ee:bc:1d:1e:34:78:15:e1:a4:6d:94:
                    5b:22:47:67:e7:9d:1c:94:5d:24:4e:a3:92:70:3d:
                    11:32:a5:50:0d:45:77:d3:2f:4a:c1:38:3e:7d:31:
                    6f:c9:5c:ae:72:ab:c4:20:b0:e0:b6:78:49:0f:d1:
                    be:c6:ab:71:28:f1:c1:e5:e0:12:0a:ec:54:18:ed:
                    86:82:6b:a5:26:3d:ac:7c:17:a4:33:06:81:a4:11:
                    f6:db:d9:dd:80:0a:c4:2e:e5:ef:d7:2e:6e:5f:29:
                    df:20:62:08:68:35:7c:52:98:4d:46:5b:1b:32:55:
                    9f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:9E:BF:19:E1:F0:E8:2D:43:AD:62:88:D1:50:AD:D8:3A:48:DC:CD
            X509v3 Authority Key Identifier:
                keyid:66:7D:37:7D:D4:C8:30:C2:46:CB:48:A9:34:69:96:99:E4:B3:77:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zn03fdTIMMJGy0ipNGmWmeSzd0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/Wp6_GeHw6C1DrWKI0VCt2DpI3M0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/Zn03fdTIMMJGy0ipNGmWmeSzd0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6847::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:39:47:4d:c7:38:84:02:d7:ec:a0:9f:c9:fb:02:d4:ac:e4:
         c0:19:69:92:a5:54:06:41:f6:51:66:fc:51:db:9f:42:59:81:
         8d:ba:a0:07:08:d7:29:7a:fe:c1:0a:96:eb:bf:b8:4c:42:6e:
         9a:7c:39:c4:70:20:8b:b9:9b:0b:8b:4e:1b:c5:b6:db:6f:00:
         6f:4d:98:8f:62:46:3c:a4:e4:e3:4a:13:79:8b:be:88:ab:4f:
         81:f3:94:c1:34:61:7b:bd:93:38:f0:58:19:af:d2:47:e4:49:
         d0:c1:94:16:36:62:dd:a3:63:c4:24:b4:e8:59:0b:8d:ee:7e:
         50:44:f3:8d:a8:49:c6:e6:c2:45:fe:68:77:a0:6d:c3:09:77:
         43:71:21:3f:55:8c:8e:c7:3b:2f:94:6d:b7:5c:10:9e:55:21:
         d5:2d:eb:31:07:bd:ae:77:df:8c:df:7a:db:b4:91:cc:3f:d3:
         32:dd:76:8b:9b:e4:47:65:8d:ff:de:dc:ef:0d:26:ab:9f:6c:
         94:e7:4f:6f:03:0b:cb:1a:1c:d9:97:ae:5a:b7:ec:ff:43:6c:
         56:00:1d:df:10:89:9e:b7:36:70:f6:e3:1c:cb:65:87:0c:de:
         08:2b:6b:6e:05:a3:de:dc:97:04:b9:4e:8d:d7:43:5b:57:d7:
         79:3a:74:98
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHkzkAo38sp/5m36mDJ7XyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2N2QzNzdkZDRjODMwYzI0NmNiNDhhOTM0Njk5Njk5ZTRi
Mzc3NDEwHhcNMjQwMTAyMDAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTllYmYxOWUxZjBlODJkNDNhZDYyODhkMTUwYWRkODNhNDhkY2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoRg9ScwpuoQ9/RnTFeLg+bcw9BN
fXmgVgcNsiIIl2kcO4dKcXpQO2qAj77rVucj1BcdAhhHDTI2KxvErk+3anRNAi+/
T50aVZR4Ah2tYplTmmuppmEzpTlELrd6swFNwTQrnXs6m4qvV9/Qb64RM287uLpw
plbZVfbTlTjDT0uAYSSiqFYq+tWf7rwdHjR4FeGkbZRbIkdn550clF0kTqOScD0R
MqVQDUV30y9KwTg+fTFvyVyucqvEILDgtnhJD9G+xqtxKPHB5eASCuxUGO2Ggmul
Jj2sfBekMwaBpBH229ndgArELuXv1y5uXynfIGIIaDV8UphNRlsbMlWfowIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFqevxnh8OgtQ61iiNFQrdg6SNzNMB8GA1UdIwQY
MBaAFGZ9N33UyDDCRstIqTRplpnks3dBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm4wM2ZkVElNTUpHeTBpcE5HbVdtZVN6ZDBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9lNjgxMmUtOTZhNC00OGI0LWFiNjEt
MTIxZmY0NjAxOGYzLzEvV3A2X0dlSHc2QzFEcldLSTBWQ3QyRHBJM00wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9lNjgxMmUtOTZhNC00OGI0LWFiNjEtMTIxZmY0NjAxOGYz
LzEvWm4wM2ZkVElNTUpHeTBpcE5HbVdtZVN6ZDBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgloRzAN
BgkqhkiG9w0BAQsFAAOCAQEAXjlHTcc4hALX7KCfyfsC1KzkwBlpkqVUBkH2UWb8
UdufQlmBjbqgBwjXKXr+wQqW67+4TEJumnw5xHAgi7mbC4tOG8W2228Ab02Yj2JG
PKTk40oTeYu+iKtPgfOUwTRhe72TOPBYGa/SR+RJ0MGUFjZi3aNjxCS06FkLje5+
UETzjahJxubCRf5od6Btwwl3Q3EhP1WMjsc7L5Rtt1wQnlUh1S3rMQe9rnffjN96
27SRzD/TMt12i5vkR2WN/97c7w0mq59slOdPbwMLyxoc2ZeuWrfs/0NsVgAd3xCJ
nrc2cPbjHMtlhwzeCCtrbgWj3tyXBLlOjddDW1fXeTp0mA==
-----END CERTIFICATE-----