Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/6SEfdSJ1BN44tXVRdTcXQoHlbq0.roa
File:                     6SEfdSJ1BN44tXVRdTcXQoHlbq0.roa (raw, json)
Hash identifier:          ty0wKQBTTBlen/EiMayT+RMrA+xztvwakGEk1h3TwnQ=
Subject key identifier:   E9:21:1F:75:22:75:04:DE:38:B5:75:51:75:37:17:42:81:E5:6E:AD
Certificate issuer:       /CN=1e4c32086e1e984505691b01f5985df7a36b24ae
Certificate serial:       018EC25EBCF68BD8AEA72360F137384A398A
Authority key identifier: 1E:4C:32:08:6E:1E:98:45:05:69:1B:01:F5:98:5D:F7:A3:6B:24:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HkwyCG4emEUFaRsB9Zhd96NrJK4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/6SEfdSJ1BN44tXVRdTcXQoHlbq0.roa
Signing time:             Tue 09 Apr 2024 10:19:32 +0000
ROA not before:           Tue 09 Apr 2024 10:19:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48586
IP address blocks:        2001:678:74c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/HkwyCG4emEUFaRsB9Zhd96NrJK4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/HkwyCG4emEUFaRsB9Zhd96NrJK4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HkwyCG4emEUFaRsB9Zhd96NrJK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 13:30:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c2:5e:bc:f6:8b:d8:ae:a7:23:60:f1:37:38:4a:39:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e4c32086e1e984505691b01f5985df7a36b24ae
        Validity
            Not Before: Apr  9 10:19:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9211f75227504de38b575517537174281e56ead
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:69:6c:38:25:5a:4c:83:28:c3:e3:55:0b:42:
                    fb:70:b1:4e:8b:70:0a:6f:95:a9:86:27:12:49:0c:
                    39:72:58:07:d9:fe:22:09:29:e3:8b:2e:e6:13:ed:
                    4c:d3:93:cc:b4:79:1b:ff:2b:f1:11:6b:fe:e9:b9:
                    d1:44:fa:ef:3b:aa:eb:22:1a:36:63:38:22:25:b9:
                    bd:93:df:69:b8:e5:1a:33:02:40:8f:a7:bf:73:54:
                    a7:b8:2e:67:4b:f2:d0:90:67:51:67:6e:bc:97:fe:
                    67:79:2b:af:9f:fb:2f:7a:0d:ef:99:bf:d6:15:e3:
                    c6:ca:7b:bb:df:99:4a:3d:55:e7:2d:6b:29:d2:37:
                    a5:a5:9a:f2:2f:81:0e:c5:ca:6e:e4:0e:fe:06:44:
                    91:e6:25:a7:44:38:f0:40:c9:50:6e:41:e6:3b:e2:
                    71:9d:f9:80:9e:41:56:1f:e0:14:e4:49:e3:ee:24:
                    34:ed:13:96:ce:bf:8c:98:f0:22:d6:d7:94:d5:b7:
                    45:e9:53:ef:5f:0a:d2:83:d6:31:63:b5:07:3b:53:
                    98:53:de:b3:2f:43:5b:d6:25:95:9d:0a:6d:df:74:
                    d3:e6:06:2e:21:e8:20:08:f5:50:0a:41:fd:35:de:
                    56:47:90:7e:43:8d:14:a3:d5:a6:19:9b:64:4a:3b:
                    7e:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:21:1F:75:22:75:04:DE:38:B5:75:51:75:37:17:42:81:E5:6E:AD
            X509v3 Authority Key Identifier:
                keyid:1E:4C:32:08:6E:1E:98:45:05:69:1B:01:F5:98:5D:F7:A3:6B:24:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HkwyCG4emEUFaRsB9Zhd96NrJK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/6SEfdSJ1BN44tXVRdTcXQoHlbq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/d48090-2dbf-4b84-8596-98ce146f1824/1/HkwyCG4emEUFaRsB9Zhd96NrJK4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:74c::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:11:3a:2f:4a:d5:d9:9c:43:d7:46:ee:ca:0a:8f:e4:7c:fd:
         9b:81:48:40:62:19:fa:ba:9e:44:9a:dd:e5:39:78:80:32:d5:
         e6:fe:f0:e3:af:90:30:bb:7f:76:39:44:a9:43:da:d6:2e:e5:
         95:29:bb:93:29:fd:90:ad:dd:e4:f3:03:59:cb:69:71:14:1a:
         fa:cb:0a:1e:aa:30:d5:3c:1e:f6:49:98:ee:ae:3d:4e:69:15:
         38:ac:09:cc:15:49:84:2a:a9:7c:22:f8:c7:ee:38:38:99:d1:
         da:a8:a0:c4:3a:a4:7e:db:1b:a2:e6:24:cb:3a:b2:89:f6:f3:
         35:29:b6:1a:40:6b:19:bc:22:a9:a0:06:f2:a3:6e:aa:bc:77:
         73:91:be:be:82:4d:99:e6:c9:63:82:19:52:f3:3b:33:d4:e7:
         ad:a3:db:e7:c1:7b:38:f7:e7:89:a1:f1:bc:84:14:53:85:ed:
         97:8c:ba:12:25:e2:36:16:32:14:1a:f1:ca:6c:fb:dd:d2:6b:
         2e:d5:06:c7:f2:9b:d3:11:1e:2d:c3:4b:5d:8b:b4:a0:28:dc:
         1c:f4:6a:d8:0f:24:79:e9:8b:da:2d:2c:a0:ff:4c:8f:a0:b1:
         6e:5e:41:21:63:9d:a4:f1:d6:e9:81:c5:8c:e3:d8:fa:ea:ea:
         ea:be:c2:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY7CXrz2i9iupyNg8Tc4SjmKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNGMzMjA4NmUxZTk4NDUwNTY5MWIwMWY1OTg1ZGY3YTM2
YjI0YWUwHhcNMjQwNDA5MTAxOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTIxMWY3NTIyNzUwNGRlMzhiNTc1NTE3NTM3MTc0MjgxZTU2ZWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWlsOCVaTIMow+NVC0L7cLFOi3AK
b5WphicSSQw5clgH2f4iCSnjiy7mE+1M05PMtHkb/yvxEWv+6bnRRPrvO6rrIho2
YzgiJbm9k99puOUaMwJAj6e/c1SnuC5nS/LQkGdRZ268l/5neSuvn/sveg3vmb/W
FePGynu735lKPVXnLWsp0jelpZryL4EOxcpu5A7+BkSR5iWnRDjwQMlQbkHmO+Jx
nfmAnkFWH+AU5Enj7iQ07ROWzr+MmPAi1teU1bdF6VPvXwrSg9YxY7UHO1OYU96z
L0Nb1iWVnQpt33TT5gYuIeggCPVQCkH9Nd5WR5B+Q40Uo9WmGZtkSjt+IwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOkhH3UidQTeOLV1UXU3F0KB5W6tMB8GA1UdIwQY
MBaAFB5MMghuHphFBWkbAfWYXfejaySuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGt3eUNHNGVtRVVGYVJzQjlaaGQ5Nk5ySks0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9kNDgwOTAtMmRiZi00Yjg0LTg1OTYt
OThjZTE0NmYxODI0LzEvNlNFZmRTSjFCTjQ0dFhWUmRUY1hRb0hsYnEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9kNDgwOTAtMmRiZi00Yjg0LTg1OTYtOThjZTE0NmYxODI0
LzEvSGt3eUNHNGVtRVVGYVJzQjlaaGQ5Nk5ySks0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAdM
MA0GCSqGSIb3DQEBCwUAA4IBAQB8ETovStXZnEPXRu7KCo/kfP2bgUhAYhn6up5E
mt3lOXiAMtXm/vDjr5Awu392OUSpQ9rWLuWVKbuTKf2Qrd3k8wNZy2lxFBr6ywoe
qjDVPB72SZjurj1OaRU4rAnMFUmEKql8IvjH7jg4mdHaqKDEOqR+2xui5iTLOrKJ
9vM1KbYaQGsZvCKpoAbyo26qvHdzkb6+gk2Z5sljghlS8zsz1Oeto9vnwXs49+eJ
ofG8hBRThe2XjLoSJeI2FjIUGvHKbPvd0msu1QbH8pvTER4tw0tdi7SgKNwc9GrY
DyR56YvaLSyg/0yPoLFuXkEhY52k8dbpgcWM49j66urqvsLb
-----END CERTIFICATE-----