Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/8adf7e-2ded-424d-8951-e682bcb9a63a/1/YgsfBcZ5juN_9kjdn9zXMzd3Je4.roa
File:                     YgsfBcZ5juN_9kjdn9zXMzd3Je4.roa (raw, json)
Hash identifier:          XyR7IGzyeYy7FE/K7LfsXKb3JW6Hi8maCPxW7pi1040=
Subject key identifier:   62:0B:1F:05:C6:79:8E:E3:7F:F6:48:DD:9F:DC:D7:33:37:77:25:EE
Certificate issuer:       /CN=8c13eb8fd9d8db4b68a969c8ffdd4846802ab0ab
Certificate serial:       018CC500FF269D4715EEE5D5BB0D474E6C20
Authority key identifier: 8C:13:EB:8F:D9:D8:DB:4B:68:A9:69:C8:FF:DD:48:46:80:2A:B0:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBPrj9nY20toqWnI_91IRoAqsKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/8adf7e-2ded-424d-8951-e682bcb9a63a/1/YgsfBcZ5juN_9kjdn9zXMzd3Je4.roa
Signing time:             Mon 01 Jan 2024 12:30:26 +0000
ROA not before:           Mon 01 Jan 2024 12:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200856
IP address blocks:        2001:67c:b24::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/8adf7e-2ded-424d-8951-e682bcb9a63a/1/jBPrj9nY20toqWnI_91IRoAqsKs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/8adf7e-2ded-424d-8951-e682bcb9a63a/1/jBPrj9nY20toqWnI_91IRoAqsKs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBPrj9nY20toqWnI_91IRoAqsKs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 06:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:ff:26:9d:47:15:ee:e5:d5:bb:0d:47:4e:6c:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c13eb8fd9d8db4b68a969c8ffdd4846802ab0ab
        Validity
            Not Before: Jan  1 12:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=620b1f05c6798ee37ff648dd9fdcd733377725ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:c4:f2:95:c6:02:25:da:aa:83:79:23:8c:56:
                    73:48:6a:24:ac:59:4f:9a:21:fe:9a:bf:04:30:5b:
                    20:f6:d7:42:ba:ee:59:bf:f1:4d:75:6b:03:f5:e5:
                    5e:e7:2c:06:95:d5:b7:3e:52:8f:64:44:a8:74:72:
                    bb:aa:b5:10:fa:0b:77:b2:4a:2c:c2:da:52:d9:bc:
                    a3:c2:c1:92:bf:3b:a4:95:d8:e8:81:57:6b:d5:fc:
                    87:52:b8:56:00:bb:f2:19:58:8a:33:42:77:ec:49:
                    5f:a1:0b:da:70:c7:dd:54:44:db:d0:0c:46:b0:e9:
                    c7:45:8d:8b:34:2b:dd:e5:7d:15:66:da:9a:e5:1a:
                    a7:5f:11:c6:2b:a5:ac:a6:89:e2:18:66:a0:98:1a:
                    f6:8f:77:a4:54:4c:a2:94:77:b7:5b:4f:f4:cb:fb:
                    12:f6:09:e0:73:2d:35:4e:88:42:a0:5b:73:1b:b3:
                    a3:d6:28:3d:5d:9b:c1:c0:3c:96:23:ce:4c:e1:dc:
                    3b:18:44:0a:c3:9b:a9:dd:07:f1:bc:79:d3:e8:aa:
                    70:02:c1:82:22:95:d5:db:85:ac:38:24:42:f8:8c:
                    f1:58:69:32:09:6c:c5:d0:a6:d0:3f:1f:c3:72:56:
                    f7:dc:8c:d0:47:18:e1:b1:27:ad:ce:86:86:c9:c9:
                    10:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:0B:1F:05:C6:79:8E:E3:7F:F6:48:DD:9F:DC:D7:33:37:77:25:EE
            X509v3 Authority Key Identifier:
                keyid:8C:13:EB:8F:D9:D8:DB:4B:68:A9:69:C8:FF:DD:48:46:80:2A:B0:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBPrj9nY20toqWnI_91IRoAqsKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/8adf7e-2ded-424d-8951-e682bcb9a63a/1/YgsfBcZ5juN_9kjdn9zXMzd3Je4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/8adf7e-2ded-424d-8951-e682bcb9a63a/1/jBPrj9nY20toqWnI_91IRoAqsKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b24::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:51:59:5d:24:00:4a:b1:c7:d0:32:1e:4b:ad:38:ca:32:7c:
         98:04:cd:a5:a3:01:b5:e4:9a:f0:55:09:ec:5a:0a:ed:0b:76:
         6b:9e:33:64:fc:e9:6a:19:23:20:7d:3f:ca:7b:7e:c7:cb:72:
         e6:26:7b:dd:85:28:d1:fc:a2:cb:93:45:96:db:eb:5b:10:1e:
         bb:40:17:70:0e:f9:32:46:90:b9:b9:2d:b6:d6:e8:4d:5f:6b:
         01:06:90:f1:91:14:93:13:c1:2f:7d:ba:71:b3:3e:fa:eb:c4:
         d4:39:a6:8e:89:9c:7b:2d:f4:f4:5e:5b:a7:51:77:03:40:38:
         df:5e:c7:6e:d0:d9:84:54:ca:82:99:9e:4a:60:a4:b8:d5:71:
         7f:ab:b1:d8:23:60:01:a3:b4:e0:b0:45:27:14:8b:93:e2:8c:
         6a:8b:dd:bb:4a:3b:8f:76:9f:b4:fd:6e:47:0c:b9:6a:6a:d2:
         8c:79:4f:28:b0:da:98:97:c9:9a:d3:78:9f:b5:8c:e4:1e:db:
         b8:b3:af:48:c0:c6:27:b3:2e:11:9e:70:15:f6:5d:72:ed:36:
         cd:db:67:03:63:16:ed:12:d3:f3:d0:55:cf:77:fa:b9:a6:a9:
         d0:7d:2d:fb:a9:3f:91:b3:ed:71:dc:d4:fb:d3:65:09:96:48:
         c9:d3:9f:ad
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAP8mnUcV7uXVuw1HTmwgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMTNlYjhmZDlkOGRiNGI2OGE5NjljOGZmZGQ0ODQ2ODAy
YWIwYWIwHhcNMjQwMTAxMTIzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjBiMWYwNWM2Nzk4ZWUzN2ZmNjQ4ZGQ5ZmRjZDczMzM3NzcyNWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhcTylcYCJdqqg3kjjFZzSGokrFlP
miH+mr8EMFsg9tdCuu5Zv/FNdWsD9eVe5ywGldW3PlKPZESodHK7qrUQ+gt3skos
wtpS2byjwsGSvzukldjogVdr1fyHUrhWALvyGViKM0J37ElfoQvacMfdVETb0AxG
sOnHRY2LNCvd5X0VZtqa5RqnXxHGK6WsponiGGagmBr2j3ekVEyilHe3W0/0y/sS
9gngcy01TohCoFtzG7Oj1ig9XZvBwDyWI85M4dw7GEQKw5up3QfxvHnT6KpwAsGC
IpXV24WsOCRC+IzxWGkyCWzF0KbQPx/Dclb33IzQRxjhsSetzoaGyckQywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGILHwXGeY7jf/ZI3Z/c1zM3dyXuMB8GA1UdIwQY
MBaAFIwT64/Z2NtLaKlpyP/dSEaAKrCrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakJQcmo5blkyMHRvcVduSV85MUlSb0Fxc0tzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC84YWRmN2UtMmRlZC00MjRkLTg5NTEt
ZTY4MmJjYjlhNjNhLzEvWWdzZkJjWjVqdU5fOWtqZG45elhNemQzSmU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC84YWRmN2UtMmRlZC00MjRkLTg5NTEtZTY4MmJjYjlhNjNh
LzEvakJQcmo5blkyMHRvcVduSV85MUlSb0Fxc0tzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAsk
MA0GCSqGSIb3DQEBCwUAA4IBAQAVUVldJABKscfQMh5LrTjKMnyYBM2lowG15Jrw
VQnsWgrtC3ZrnjNk/OlqGSMgfT/Ke37Hy3LmJnvdhSjR/KLLk0WW2+tbEB67QBdw
DvkyRpC5uS221uhNX2sBBpDxkRSTE8Evfbpxsz7668TUOaaOiZx7LfT0XlunUXcD
QDjfXsdu0NmEVMqCmZ5KYKS41XF/q7HYI2ABo7TgsEUnFIuT4oxqi927SjuPdp+0
/W5HDLlqatKMeU8osNqYl8ma03iftYzkHtu4s69IwMYnsy4RnnAV9l1y7TbN22cD
YxbtEtPz0FXPd/q5pqnQfS37qT+Rs+1x3NT702UJlkjJ05+t
-----END CERTIFICATE-----