Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/e56811-9801-4595-87e7-13d168d59b11/1/6D-6DL4vh8cmkO60xnBNhSn1x4Q.roa
File:                     6D-6DL4vh8cmkO60xnBNhSn1x4Q.roa (raw, json)
Hash identifier:          apEdQ1ErBB1xlhnfHwqXu3pTNMDULseHfh0mW6Z2WSc=
Subject key identifier:   E8:3F:BA:0C:BE:2F:87:C7:26:90:EE:B4:C6:70:4D:85:29:F5:C7:84
Certificate issuer:       /CN=68639a21759796fe3a1d919f9b5737eb68d708e4
Certificate serial:       018CC9BAA7D0B6E29012AB0FB901E42A0CCC
Authority key identifier: 68:63:9A:21:75:97:96:FE:3A:1D:91:9F:9B:57:37:EB:68:D7:08:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aGOaIXWXlv46HZGfm1c362jXCOQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/e56811-9801-4595-87e7-13d168d59b11/1/6D-6DL4vh8cmkO60xnBNhSn1x4Q.roa
Signing time:             Tue 02 Jan 2024 10:31:42 +0000
ROA not before:           Tue 02 Jan 2024 10:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21375
IP address blocks:        82.116.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/e56811-9801-4595-87e7-13d168d59b11/1/aGOaIXWXlv46HZGfm1c362jXCOQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/e56811-9801-4595-87e7-13d168d59b11/1/aGOaIXWXlv46HZGfm1c362jXCOQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aGOaIXWXlv46HZGfm1c362jXCOQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:a7:d0:b6:e2:90:12:ab:0f:b9:01:e4:2a:0c:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68639a21759796fe3a1d919f9b5737eb68d708e4
        Validity
            Not Before: Jan  2 10:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e83fba0cbe2f87c72690eeb4c6704d8529f5c784
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:cc:2d:a4:ec:5b:7d:19:cc:40:97:1c:5a:2c:
                    4c:d0:1e:3d:08:28:dd:e4:da:3c:40:55:71:6e:c6:
                    16:98:95:8b:98:ed:c2:fa:e3:0a:00:e3:0c:44:b7:
                    8d:6b:a9:c9:51:30:73:7f:af:0c:4f:38:4d:b3:7b:
                    fc:d9:61:56:61:74:a5:2e:d2:1f:0f:53:32:8e:a8:
                    50:1d:e7:13:a2:d7:09:9c:69:c4:34:00:b0:73:3f:
                    bd:2c:82:18:ff:99:ae:1f:36:14:e8:5b:f6:64:e3:
                    72:1e:7b:60:ea:70:5b:49:e9:42:0e:10:62:cd:62:
                    17:79:f7:e4:c8:1f:51:34:5b:cd:ff:46:28:de:13:
                    22:d2:da:7f:54:af:2c:c2:4f:43:26:12:48:8e:fd:
                    a9:03:55:b1:31:12:05:75:51:93:d4:7b:ca:30:a2:
                    69:d9:48:94:23:6f:21:85:7f:35:ae:53:9d:c6:c2:
                    bd:82:e5:f4:4b:25:5a:d3:a0:81:c0:76:80:78:c9:
                    1d:ae:05:f3:ea:a8:b7:dc:13:1d:de:14:cb:50:4d:
                    ec:f4:11:23:a9:40:1f:81:6e:85:a0:27:4d:ff:f0:
                    e0:4e:91:63:5e:e5:a3:cf:6c:02:ed:6f:e1:0a:8a:
                    73:98:89:92:00:4a:49:18:75:2f:26:83:3a:22:a9:
                    2a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:3F:BA:0C:BE:2F:87:C7:26:90:EE:B4:C6:70:4D:85:29:F5:C7:84
            X509v3 Authority Key Identifier:
                keyid:68:63:9A:21:75:97:96:FE:3A:1D:91:9F:9B:57:37:EB:68:D7:08:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aGOaIXWXlv46HZGfm1c362jXCOQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/e56811-9801-4595-87e7-13d168d59b11/1/6D-6DL4vh8cmkO60xnBNhSn1x4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/e56811-9801-4595-87e7-13d168d59b11/1/aGOaIXWXlv46HZGfm1c362jXCOQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.116.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:d7:2a:a1:bc:de:5d:67:54:fc:26:8a:87:d0:44:e2:6f:39:
         08:86:0b:6f:8b:88:54:a1:08:2e:2c:83:02:bc:f2:b1:c5:b7:
         cc:aa:e7:d5:d1:15:66:5a:4a:ee:ec:2c:c6:58:cc:95:92:b6:
         24:0f:68:fd:c1:1f:4f:ce:5c:c2:6e:8c:b3:31:3e:e3:19:74:
         c6:ee:40:0f:23:5a:39:4b:a1:8f:1e:b5:88:31:c3:ea:56:85:
         ce:32:a1:53:82:31:b3:2b:5a:c6:0d:40:ec:9f:d2:71:39:4b:
         bb:e4:b1:f8:5e:ab:0a:eb:42:25:36:d7:d2:15:f0:14:c3:f1:
         b8:4c:2c:11:8f:f3:52:b5:25:06:e8:b2:c7:cf:80:f5:92:e5:
         02:d9:1d:a6:15:8f:66:98:f7:a8:93:78:b9:ff:42:4b:2d:77:
         1e:9c:3a:b8:22:b0:37:c0:79:c1:21:59:29:4c:2c:43:40:18:
         24:a8:57:7c:b9:4b:49:66:7e:0d:de:a5:bf:78:c2:18:dc:f5:
         8d:61:7f:30:52:16:a6:03:f2:b4:7e:34:90:d7:da:b5:6b:34:
         8e:d0:df:c6:fb:d9:42:32:f9:1e:33:06:ad:e0:a8:63:87:69:
         a8:54:e0:bb:3b:a3:a4:c9:83:d0:7d:6b:c6:21:74:ab:7a:18:
         91:ea:9a:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuqfQtuKQEqsPuQHkKgzMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4NjM5YTIxNzU5Nzk2ZmUzYTFkOTE5ZjliNTczN2ViNjhk
NzA4ZTQwHhcNMjQwMTAyMTAzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODNmYmEwY2JlMmY4N2M3MjY5MGVlYjRjNjcwNGQ4NTI5ZjVjNzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoswtpOxbfRnMQJccWixM0B49CCjd
5No8QFVxbsYWmJWLmO3C+uMKAOMMRLeNa6nJUTBzf68MTzhNs3v82WFWYXSlLtIf
D1MyjqhQHecTotcJnGnENACwcz+9LIIY/5muHzYU6Fv2ZONyHntg6nBbSelCDhBi
zWIXeffkyB9RNFvN/0Yo3hMi0tp/VK8swk9DJhJIjv2pA1WxMRIFdVGT1HvKMKJp
2UiUI28hhX81rlOdxsK9guX0SyVa06CBwHaAeMkdrgXz6qi33BMd3hTLUE3s9BEj
qUAfgW6FoCdN//DgTpFjXuWjz2wC7W/hCopzmImSAEpJGHUvJoM6IqkquwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOg/ugy+L4fHJpDutMZwTYUp9ceEMB8GA1UdIwQY
MBaAFGhjmiF1l5b+Oh2Rn5tXN+to1wjkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUdPYUlYV1hsdjQ2SFpHZm0xYzM2MmpYQ09RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9lNTY4MTEtOTgwMS00NTk1LTg3ZTct
MTNkMTY4ZDU5YjExLzEvNkQtNkRMNHZoOGNta082MHhuQk5oU24xeDRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9lNTY4MTEtOTgwMS00NTk1LTg3ZTctMTNkMTY4ZDU5YjEx
LzEvYUdPYUlYV1hsdjQ2SFpHZm0xYzM2MmpYQ09RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUnQ9MA0G
CSqGSIb3DQEBCwUAA4IBAQBP1yqhvN5dZ1T8JoqH0ETibzkIhgtvi4hUoQguLIMC
vPKxxbfMqufV0RVmWkru7CzGWMyVkrYkD2j9wR9PzlzCboyzMT7jGXTG7kAPI1o5
S6GPHrWIMcPqVoXOMqFTgjGzK1rGDUDsn9JxOUu75LH4XqsK60IlNtfSFfAUw/G4
TCwRj/NStSUG6LLHz4D1kuUC2R2mFY9mmPeok3i5/0JLLXcenDq4IrA3wHnBIVkp
TCxDQBgkqFd8uUtJZn4N3qW/eMIY3PWNYX8wUhamA/K0fjSQ19q1azSO0N/G+9lC
MvkeMwat4Khjh2moVOC7O6OkyYPQfWvGIXSrehiR6pp2
-----END CERTIFICATE-----