Route Origin Authorization

$ rpki-client -vvf rpki.folf.systems/repo/Folf-Systems/0/323030313a3637633a6233633a3a2f34382d3438203d3e20323030333630.roa
File:                     323030313a3637633a6233633a3a2f34382d3438203d3e20323030333630.roa (raw, json)
Hash identifier:          X0G2wjI3Er8hki4mlS5It1Kj+YbyA3c52yA847aZfos=
Subject key identifier:   98:4E:1D:29:CA:6F:DC:BC:C1:F2:36:CD:6F:02:0A:86:90:6B:86:30
Certificate issuer:       /CN=e883d1d2313a14e8659f604a65d65ce39a3f826b
Certificate serial:       0D8BD0280ACA77B9E5556E359DF9540CA4F4E870
Authority key identifier: E8:83:D1:D2:31:3A:14:E8:65:9F:60:4A:65:D6:5C:E3:9A:3F:82:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6IPR0jE6FOhln2BKZdZc45o_gms.cer
Subject info access:      rsync://rpki.folf.systems/repo/Folf-Systems/0/323030313a3637633a6233633a3a2f34382d3438203d3e20323030333630.roa
Signing time:             Wed 03 Jan 2024 17:03:18 +0000
ROA not before:           Wed 03 Jan 2024 16:58:18 +0000
ROA not after:            Wed 01 Jan 2025 17:03:18 +0000
asID:                     200360
IP address blocks:        2001:67c:b3c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.folf.systems/repo/Folf-Systems/0/E883D1D2313A14E8659F604A65D65CE39A3F826B.crl
                          rsync://rpki.folf.systems/repo/Folf-Systems/0/E883D1D2313A14E8659F604A65D65CE39A3F826B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6IPR0jE6FOhln2BKZdZc45o_gms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:8b:d0:28:0a:ca:77:b9:e5:55:6e:35:9d:f9:54:0c:a4:f4:e8:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e883d1d2313a14e8659f604a65d65ce39a3f826b
        Validity
            Not Before: Jan  3 16:58:18 2024 GMT
            Not After : Jan  1 17:03:18 2025 GMT
        Subject: CN=984E1D29CA6FDCBCC1F236CD6F020A86906B8630
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:00:3d:1d:cc:9f:64:0b:e4:ab:3f:6d:48:3b:
                    11:eb:7f:b9:8f:e5:96:46:01:56:43:14:1c:e8:81:
                    b7:bf:82:31:3f:b3:84:39:60:32:09:53:3d:0f:d3:
                    46:5b:06:c1:c6:49:b1:2d:21:71:9d:20:73:42:5f:
                    24:66:6f:c7:4b:18:2e:41:7e:ca:cc:a2:4e:92:77:
                    4e:70:d4:3a:87:8e:53:09:43:a8:cf:bf:7a:82:f9:
                    8b:5b:fd:21:e3:f6:35:83:42:ec:e0:7a:bb:3b:c2:
                    13:ce:20:8c:70:83:37:33:a5:28:5e:63:2a:e1:14:
                    96:35:2c:ef:e0:2e:d8:56:8e:de:3a:d2:bd:64:8b:
                    0f:8d:3a:56:e5:79:d6:dd:7b:61:86:00:a2:57:41:
                    84:ef:98:71:6b:31:2d:92:a3:d0:df:bd:91:56:05:
                    c9:05:b7:14:65:9b:84:bf:49:74:3d:62:72:55:2a:
                    24:b5:0e:36:d7:be:b7:e1:46:ba:a1:53:ea:58:ba:
                    c7:5d:d6:e4:c0:86:c5:71:ab:9a:1a:e7:01:6f:46:
                    3c:36:3d:ac:0c:e9:b9:52:8e:8f:80:1f:3c:a7:eb:
                    2b:92:7a:83:aa:99:76:78:82:91:cb:75:64:d7:e2:
                    a3:1d:ef:08:41:54:2f:e9:77:6e:57:d3:72:05:97:
                    7c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:4E:1D:29:CA:6F:DC:BC:C1:F2:36:CD:6F:02:0A:86:90:6B:86:30
            X509v3 Authority Key Identifier:
                keyid:E8:83:D1:D2:31:3A:14:E8:65:9F:60:4A:65:D6:5C:E3:9A:3F:82:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.folf.systems/repo/Folf-Systems/0/E883D1D2313A14E8659F604A65D65CE39A3F826B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6IPR0jE6FOhln2BKZdZc45o_gms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.folf.systems/repo/Folf-Systems/0/323030313a3637633a6233633a3a2f34382d3438203d3e20323030333630.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b3c::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:ea:11:a4:c8:95:3a:ba:5c:cc:2b:3b:55:22:21:ca:b4:5d:
         2e:04:1c:d9:9a:b7:63:08:2a:91:8b:25:71:3e:aa:a7:6e:39:
         bc:f3:04:d1:dc:cd:9b:d1:88:06:76:5e:84:13:de:27:39:f6:
         e5:81:bd:e2:2b:51:75:7e:ee:3d:63:65:81:d4:be:29:c1:8f:
         ef:d2:a5:fd:61:e0:f0:c3:70:88:c9:49:c8:d7:69:97:a5:a2:
         ff:3d:fd:20:42:a7:2e:23:20:81:80:e9:1b:ab:a9:5d:1e:e6:
         f6:ce:46:a0:33:88:bb:ee:45:b4:f1:09:3e:ec:d3:56:82:0e:
         d2:95:d6:2f:ab:f1:18:1d:56:d3:95:18:2c:9c:2b:34:2f:bd:
         f6:e6:b6:e8:54:ff:d6:77:5d:6a:39:f3:13:af:60:b8:e3:12:
         ec:8e:91:0e:8a:e5:51:58:03:72:6d:0b:56:5b:f0:04:9d:76:
         ea:10:a9:cd:5e:73:23:75:3c:6c:d2:0d:69:c3:32:1f:f4:b3:
         87:52:6d:a1:d1:fc:f9:ee:93:54:ae:85:d9:39:26:ba:20:41:
         bc:e3:d9:38:8f:a5:51:59:5e:2e:ac:8d:46:82:84:13:21:10:
         e5:31:23:2a:8d:ed:4e:1c:72:c0:f1:8d:41:c7:da:b0:9b:7a:
         f4:ea:a9:64
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUDYvQKArKd7nlVW41nflUDKT06HAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTg4M2QxZDIzMTNhMTRlODY1OWY2MDRhNjVkNjVjZTM5
YTNmODI2YjAeFw0yNDAxMDMxNjU4MThaFw0yNTAxMDExNzAzMThaMDMxMTAvBgNV
BAMTKDk4NEUxRDI5Q0E2RkRDQkNDMUYyMzZDRDZGMDIwQTg2OTA2Qjg2MzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSAD0dzJ9kC+SrP21IOxHrf7mP
5ZZGAVZDFBzogbe/gjE/s4Q5YDIJUz0P00ZbBsHGSbEtIXGdIHNCXyRmb8dLGC5B
fsrMok6Sd05w1DqHjlMJQ6jPv3qC+Ytb/SHj9jWDQuzgers7whPOIIxwgzczpShe
YyrhFJY1LO/gLthWjt460r1kiw+NOlbledbde2GGAKJXQYTvmHFrMS2So9DfvZFW
BckFtxRlm4S/SXQ9YnJVKiS1DjbXvrfhRrqhU+pYusdd1uTAhsVxq5oa5wFvRjw2
PawM6blSjo+AHzyn6yuSeoOqmXZ4gpHLdWTX4qMd7whBVC/pd25X03IFl3wrAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUmE4dKcpv3LzB8jbNbwIKhpBrhjAwHwYDVR0j
BBgwFoAU6IPR0jE6FOhln2BKZdZc45o/gmswDgYDVR0PAQH/BAQDAgeAMGsGA1Ud
HwRkMGIwYKBeoFyGWnJzeW5jOi8vcnBraS5mb2xmLnN5c3RlbXMvcmVwby9Gb2xm
LVN5c3RlbXMvMC9FODgzRDFEMjMxM0ExNEU4NjU5RjYwNEE2NUQ2NUNFMzlBM0Y4
MjZCLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNklQUjBqRTZGT2hsbjJCS1pk
WmM0NW9fZ21zLmNlcjCBigYIKwYBBQUHAQsEfjB8MHoGCCsGAQUFBzALhm5yc3lu
YzovL3Jwa2kuZm9sZi5zeXN0ZW1zL3JlcG8vRm9sZi1TeXN0ZW1zLzAvMzIzMDMw
MzEzYTM2Mzc2MzNhNjIzMzYzM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzIzMDMw
MzMzNjMwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAIAEGfAs8MA0GCSqGSIb3DQEBCwUAA4IBAQAu6hGk
yJU6ulzMKztVIiHKtF0uBBzZmrdjCCqRiyVxPqqnbjm88wTR3M2b0YgGdl6EE94n
Ofblgb3iK1F1fu49Y2WB1L4pwY/v0qX9YeDww3CIyUnI12mXpaL/Pf0gQqcuIyCB
gOkbq6ldHub2zkagM4i77kW08Qk+7NNWgg7SldYvq/EYHVbTlRgsnCs0L7325rbo
VP/Wd11qOfMTr2C44xLsjpEOiuVRWANybQtWW/AEnXbqEKnNXnMjdTxs0g1pwzIf
9LOHUm2h0fz57pNUroXZOSa6IEG849k4j6VRWV4urI1GgoQTIRDlMSMqje1OHHLA
8Y1Bx9qwm3r06qlk
-----END CERTIFICATE-----