Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/ccf93b-8ff9-4eb6-8c34-4aa3c3dd4d6b/1/iUbbbNE_q3DSajNRudQfPDK6bp0.roa
File:                     iUbbbNE_q3DSajNRudQfPDK6bp0.roa (raw, json)
Hash identifier:          hT9C3xIFqO+wuMpfxbIGdg2kgYbkYxrZQ+BJGUv74mI=
Subject key identifier:   89:46:DB:6C:D1:3F:AB:70:D2:6A:33:51:B9:D4:1F:3C:32:BA:6E:9D
Certificate issuer:       /CN=82f08f263c37459b5fd6fc06fd9f0e5f6d622759
Certificate serial:       018CC9BB1F1C88B393EF7268B15CCA52D5FC
Authority key identifier: 82:F0:8F:26:3C:37:45:9B:5F:D6:FC:06:FD:9F:0E:5F:6D:62:27:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gvCPJjw3RZtf1vwG_Z8OX21iJ1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/ccf93b-8ff9-4eb6-8c34-4aa3c3dd4d6b/1/iUbbbNE_q3DSajNRudQfPDK6bp0.roa
Signing time:             Tue 02 Jan 2024 10:32:12 +0000
ROA not before:           Tue 02 Jan 2024 10:32:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204896
IP address blocks:        2001:67c:4e4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/ccf93b-8ff9-4eb6-8c34-4aa3c3dd4d6b/1/gvCPJjw3RZtf1vwG_Z8OX21iJ1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/ccf93b-8ff9-4eb6-8c34-4aa3c3dd4d6b/1/gvCPJjw3RZtf1vwG_Z8OX21iJ1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gvCPJjw3RZtf1vwG_Z8OX21iJ1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:1f:1c:88:b3:93:ef:72:68:b1:5c:ca:52:d5:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82f08f263c37459b5fd6fc06fd9f0e5f6d622759
        Validity
            Not Before: Jan  2 10:32:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8946db6cd13fab70d26a3351b9d41f3c32ba6e9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:2d:8e:d7:0f:5a:26:0b:ba:13:b0:01:1f:e0:
                    1d:74:75:1f:29:b7:40:6a:02:81:3f:17:98:2f:91:
                    b9:bb:c8:0a:9c:6b:34:26:01:46:77:58:cd:53:4d:
                    14:dc:f1:1f:bd:cc:a3:78:fe:fd:fb:8b:b7:71:c3:
                    87:dc:bb:f9:0c:35:15:b7:d1:90:89:64:7e:7e:ed:
                    78:bb:63:61:0d:92:e7:32:cf:65:17:c4:1b:46:86:
                    e3:ed:ce:8e:f3:11:c1:1f:ff:42:19:b8:eb:8a:0f:
                    d6:6d:2b:ad:a5:76:38:6e:24:b3:89:31:d2:14:65:
                    5a:81:98:a1:7e:28:e2:8d:2a:96:91:9e:d9:43:f8:
                    46:f4:36:51:1b:78:c3:39:ce:10:85:42:23:a3:bb:
                    00:27:5b:0f:b0:91:70:96:37:12:03:d6:a2:e8:01:
                    cf:6b:ba:2b:af:c8:ad:0c:a6:80:c2:55:8d:0e:63:
                    bd:6e:58:74:d6:b4:46:27:2c:04:ca:0e:54:ef:48:
                    73:ef:b1:cf:38:72:01:4d:62:5d:9f:4d:a8:75:98:
                    a0:97:5d:a0:e7:2a:89:a0:db:56:a9:a2:a9:43:9c:
                    85:01:c7:93:88:4d:54:ad:24:82:4d:09:3f:1f:3e:
                    ba:50:b8:42:90:80:8e:98:c6:c5:6f:41:ad:e1:bf:
                    aa:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:46:DB:6C:D1:3F:AB:70:D2:6A:33:51:B9:D4:1F:3C:32:BA:6E:9D
            X509v3 Authority Key Identifier:
                keyid:82:F0:8F:26:3C:37:45:9B:5F:D6:FC:06:FD:9F:0E:5F:6D:62:27:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gvCPJjw3RZtf1vwG_Z8OX21iJ1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/ccf93b-8ff9-4eb6-8c34-4aa3c3dd4d6b/1/iUbbbNE_q3DSajNRudQfPDK6bp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/ccf93b-8ff9-4eb6-8c34-4aa3c3dd4d6b/1/gvCPJjw3RZtf1vwG_Z8OX21iJ1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:4e4::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:30:f0:7a:b6:a6:2f:b0:86:20:6a:a6:5f:b7:e4:d9:2c:d2:
         51:ce:95:8c:d3:e3:aa:64:0f:9e:76:3e:16:3a:f0:60:d8:80:
         41:49:6b:e0:82:c8:36:96:db:a0:c9:0c:63:b5:81:b3:54:aa:
         c5:78:76:89:94:cf:6c:e3:86:d4:45:2d:ab:95:43:cd:72:f8:
         d0:a8:f5:1c:23:84:3b:e3:5c:a5:24:40:19:49:f1:85:2d:f9:
         f3:6a:7a:3d:ec:15:e1:df:b4:a6:c6:e4:b0:02:e9:e8:45:30:
         59:34:13:84:03:39:47:92:45:0c:95:6d:87:76:7c:85:22:b7:
         67:9c:67:fb:81:b8:80:41:a2:29:7e:b9:88:21:2c:d2:b1:bd:
         08:b4:49:fd:18:a5:4d:7d:8a:66:19:43:ee:db:e2:4b:84:50:
         cb:64:09:e3:92:1a:36:c5:82:aa:6d:13:a4:9f:a9:10:0f:90:
         b1:b1:6c:2e:46:fc:69:ed:38:70:02:92:fe:48:a9:ad:24:01:
         6c:ad:9d:74:d9:90:18:64:f5:f5:33:c8:69:2a:87:96:1a:9d:
         e1:92:99:d6:4c:23:49:ed:a7:47:6d:2e:ec:92:e1:0d:fa:0e:
         90:80:7b:ee:8b:1e:e1:34:f9:c3:66:d1:08:f2:ba:c0:d3:6f:
         3c:b3:55:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJux8ciLOT73JosVzKUtX8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyZjA4ZjI2M2MzNzQ1OWI1ZmQ2ZmMwNmZkOWYwZTVmNmQ2
MjI3NTkwHhcNMjQwMTAyMTAzMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTQ2ZGI2Y2QxM2ZhYjcwZDI2YTMzNTFiOWQ0MWYzYzMyYmE2ZTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnC2O1w9aJgu6E7ABH+AddHUfKbdA
agKBPxeYL5G5u8gKnGs0JgFGd1jNU00U3PEfvcyjeP79+4u3ccOH3Lv5DDUVt9GQ
iWR+fu14u2NhDZLnMs9lF8QbRobj7c6O8xHBH/9CGbjrig/WbSutpXY4biSziTHS
FGVagZihfijijSqWkZ7ZQ/hG9DZRG3jDOc4QhUIjo7sAJ1sPsJFwljcSA9ai6AHP
a7orr8itDKaAwlWNDmO9blh01rRGJywEyg5U70hz77HPOHIBTWJdn02odZigl12g
5yqJoNtWqaKpQ5yFAceTiE1UrSSCTQk/Hz66ULhCkICOmMbFb0Gt4b+qzwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIlG22zRP6tw0mozUbnUHzwyum6dMB8GA1UdIwQY
MBaAFILwjyY8N0WbX9b8Bv2fDl9tYidZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3ZDUEpqdzNSWnRmMXZ3R19aOE9YMjFpSjFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9jY2Y5M2ItOGZmOS00ZWI2LThjMzQt
NGFhM2MzZGQ0ZDZiLzEvaVViYmJORV9xM0RTYWpOUnVkUWZQREs2YnAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9jY2Y5M2ItOGZmOS00ZWI2LThjMzQtNGFhM2MzZGQ0ZDZi
LzEvZ3ZDUEpqdzNSWnRmMXZ3R19aOE9YMjFpSjFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfATk
MA0GCSqGSIb3DQEBCwUAA4IBAQCdMPB6tqYvsIYgaqZft+TZLNJRzpWM0+OqZA+e
dj4WOvBg2IBBSWvggsg2ltugyQxjtYGzVKrFeHaJlM9s44bURS2rlUPNcvjQqPUc
I4Q741ylJEAZSfGFLfnzano97BXh37SmxuSwAunoRTBZNBOEAzlHkkUMlW2HdnyF
IrdnnGf7gbiAQaIpfrmIISzSsb0ItEn9GKVNfYpmGUPu2+JLhFDLZAnjkho2xYKq
bROkn6kQD5CxsWwuRvxp7ThwApL+SKmtJAFsrZ102ZAYZPX1M8hpKoeWGp3hkpnW
TCNJ7adHbS7skuEN+g6QgHvuix7hNPnDZtEI8rrA0288s1V5
-----END CERTIFICATE-----