Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/99800d-151f-4e30-9fd8-a89a7028d429/1/nCkX2y3Z1L_mEhP4KCw6jFbhDKM.roa
File:                     nCkX2y3Z1L_mEhP4KCw6jFbhDKM.roa (raw, json)
Hash identifier:          vepIgGWrBFv1QQA7NE739SLiG0/5GvJ6fTZP5yg3YiI=
Subject key identifier:   9C:29:17:DB:2D:D9:D4:BF:E6:12:13:F8:28:2C:3A:8C:56:E1:0C:A3
Certificate issuer:       /CN=c6fc38b2a100395fa9b9919ad792e7acb2db2e07
Certificate serial:       018D34FCAF742FE8E36A958540DF3D3FD559
Authority key identifier: C6:FC:38:B2:A1:00:39:5F:A9:B9:91:9A:D7:92:E7:AC:B2:DB:2E:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xvw4sqEAOV-puZGa15LnrLLbLgc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/99800d-151f-4e30-9fd8-a89a7028d429/1/nCkX2y3Z1L_mEhP4KCw6jFbhDKM.roa
Signing time:             Tue 23 Jan 2024 06:23:11 +0000
ROA not before:           Tue 23 Jan 2024 06:23:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215936
IP address blocks:        2001:67c:d54::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/99800d-151f-4e30-9fd8-a89a7028d429/1/xvw4sqEAOV-puZGa15LnrLLbLgc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/99800d-151f-4e30-9fd8-a89a7028d429/1/xvw4sqEAOV-puZGa15LnrLLbLgc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xvw4sqEAOV-puZGa15LnrLLbLgc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:34:fc:af:74:2f:e8:e3:6a:95:85:40:df:3d:3f:d5:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6fc38b2a100395fa9b9919ad792e7acb2db2e07
        Validity
            Not Before: Jan 23 06:23:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c2917db2dd9d4bfe61213f8282c3a8c56e10ca3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:06:ba:4f:ae:82:36:ad:ba:06:83:1b:28:53:
                    71:7c:6b:0e:56:6f:de:f7:b6:09:73:93:d2:61:43:
                    03:20:45:a8:99:7c:01:23:33:0d:9e:52:af:39:3e:
                    8d:7f:ae:53:46:84:55:c9:e5:95:97:27:bf:54:80:
                    db:f6:dd:aa:d1:59:35:a0:fd:a0:f5:c9:66:1c:cb:
                    98:63:df:fc:f0:f1:f7:3f:41:f0:83:21:73:b3:e5:
                    ae:65:ec:c6:c8:dd:a4:00:98:3c:cc:c4:24:05:17:
                    c5:e5:38:c6:e0:5e:b8:1f:7b:f2:8f:85:40:3e:ce:
                    73:5d:21:bc:ba:ca:ca:39:ed:96:1f:2c:38:d5:bd:
                    22:4b:1f:7f:84:86:bb:90:0c:fd:ad:15:17:c5:90:
                    9a:33:32:d5:b0:64:92:df:4b:17:f6:14:dd:b1:0a:
                    ef:49:b4:20:5f:ac:84:2f:8b:7d:bb:7a:96:91:50:
                    95:58:81:6a:78:26:0e:ce:fa:ed:73:3c:63:4d:4f:
                    3e:63:e7:db:9e:92:c5:85:51:df:d3:90:38:87:97:
                    32:7a:4b:1c:8e:e2:e4:75:e0:e6:4a:8f:6c:e6:ea:
                    be:9c:9a:34:46:af:e2:0d:e5:3c:4c:21:39:8a:be:
                    6c:dc:6d:8b:c2:52:5a:38:32:bb:c6:d7:8c:27:b4:
                    3f:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:29:17:DB:2D:D9:D4:BF:E6:12:13:F8:28:2C:3A:8C:56:E1:0C:A3
            X509v3 Authority Key Identifier:
                keyid:C6:FC:38:B2:A1:00:39:5F:A9:B9:91:9A:D7:92:E7:AC:B2:DB:2E:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xvw4sqEAOV-puZGa15LnrLLbLgc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/99800d-151f-4e30-9fd8-a89a7028d429/1/nCkX2y3Z1L_mEhP4KCw6jFbhDKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/99800d-151f-4e30-9fd8-a89a7028d429/1/xvw4sqEAOV-puZGa15LnrLLbLgc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d54::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:e4:5c:c5:53:a2:45:23:14:61:8c:a2:75:7d:82:89:5d:a0:
         bc:66:70:c5:6c:2c:f4:ab:17:73:3a:f5:74:6b:f9:34:b7:4f:
         dd:44:3a:78:b8:e8:cf:d2:19:2d:e1:6f:10:24:64:05:a3:9f:
         05:85:2e:ba:8e:ad:12:4c:e7:b1:de:c5:aa:af:53:0e:5d:a0:
         77:29:6d:25:bb:ce:01:21:10:97:78:ef:0a:c5:6c:64:10:94:
         76:1e:dd:d1:db:19:a3:2d:00:1e:23:26:3d:a9:86:5d:cf:f0:
         80:b1:44:0c:50:03:b2:1d:cd:42:e2:0a:84:de:9d:c6:55:d6:
         62:40:d9:50:80:36:9a:91:d9:17:df:96:9c:ed:54:8a:c5:6c:
         00:a2:23:34:12:ca:63:48:ed:0f:04:e3:73:00:2e:7c:53:4b:
         39:d0:65:1b:81:ea:ce:be:af:e0:4f:ec:56:6e:e5:15:c3:9f:
         48:0b:c5:4c:7f:65:a6:ab:c2:df:64:72:fe:25:45:3d:9d:85:
         a5:a9:a0:e6:35:59:1b:c2:0f:b4:cc:6c:1b:6a:89:c1:d3:41:
         6d:34:3b:27:79:7b:1e:91:76:e6:9f:66:f9:18:b6:d8:f4:04:
         88:d0:02:41:e3:73:42:fd:91:b5:4b:f3:e2:7f:c7:2f:0e:97:
         80:ba:18:59
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY00/K90L+jjapWFQN89P9VZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2ZmMzOGIyYTEwMDM5NWZhOWI5OTE5YWQ3OTJlN2FjYjJk
YjJlMDcwHhcNMjQwMTIzMDYyMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzI5MTdkYjJkZDlkNGJmZTYxMjEzZjgyODJjM2E4YzU2ZTEwY2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0wa6T66CNq26BoMbKFNxfGsOVm/e
97YJc5PSYUMDIEWomXwBIzMNnlKvOT6Nf65TRoRVyeWVlye/VIDb9t2q0Vk1oP2g
9clmHMuYY9/88PH3P0HwgyFzs+WuZezGyN2kAJg8zMQkBRfF5TjG4F64H3vyj4VA
Ps5zXSG8usrKOe2WHyw41b0iSx9/hIa7kAz9rRUXxZCaMzLVsGSS30sX9hTdsQrv
SbQgX6yEL4t9u3qWkVCVWIFqeCYOzvrtczxjTU8+Y+fbnpLFhVHf05A4h5cyeksc
juLkdeDmSo9s5uq+nJo0Rq/iDeU8TCE5ir5s3G2LwlJaODK7xteMJ7Q/HQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJwpF9st2dS/5hIT+CgsOoxW4QyjMB8GA1UdIwQY
MBaAFMb8OLKhADlfqbmRmteS56yy2y4HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHZ3NHNxRUFPVi1wdVpHYTE1TG5yTExiTGdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OTgwMGQtMTUxZi00ZTMwLTlmZDgt
YTg5YTcwMjhkNDI5LzEvbkNrWDJ5M1oxTF9tRWhQNEtDdzZqRmJoREtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OTgwMGQtMTUxZi00ZTMwLTlmZDgtYTg5YTcwMjhkNDI5
LzEveHZ3NHNxRUFPVi1wdVpHYTE1TG5yTExiTGdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA1U
MA0GCSqGSIb3DQEBCwUAA4IBAQCi5FzFU6JFIxRhjKJ1fYKJXaC8ZnDFbCz0qxdz
OvV0a/k0t0/dRDp4uOjP0hkt4W8QJGQFo58FhS66jq0STOex3sWqr1MOXaB3KW0l
u84BIRCXeO8KxWxkEJR2Ht3R2xmjLQAeIyY9qYZdz/CAsUQMUAOyHc1C4gqE3p3G
VdZiQNlQgDaakdkX35ac7VSKxWwAoiM0EspjSO0PBONzAC58U0s50GUbgerOvq/g
T+xWbuUVw59IC8VMf2Wmq8LfZHL+JUU9nYWlqaDmNVkbwg+0zGwbaonB00FtNDsn
eXsekXbmn2b5GLbY9ASI0AJB43NC/ZG1S/Pif8cvDpeAuhhZ
-----END CERTIFICATE-----