Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/8cc47f-0265-407c-ba45-05d7bd4a741d/1/1O9SLaQF058OEPpr_X4ggWqNENg.roa
File:                     1O9SLaQF058OEPpr_X4ggWqNENg.roa (raw, json)
Hash identifier:          IJzvOO4aVqH2XgWx63/OmHTTeBgKEuhokaNsb2SrPLU=
Subject key identifier:   D4:EF:52:2D:A4:05:D3:9F:0E:10:FA:6B:FD:7E:20:81:6A:8D:10:D8
Certificate issuer:       /CN=bc184d30d1fd2fde50bea6f70fe2dbe20518a03e
Certificate serial:       018CC8DE8693DA257208DB938BA18522B379
Authority key identifier: BC:18:4D:30:D1:FD:2F:DE:50:BE:A6:F7:0F:E2:DB:E2:05:18:A0:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vBhNMNH9L95Qvqb3D-Lb4gUYoD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/8cc47f-0265-407c-ba45-05d7bd4a741d/1/1O9SLaQF058OEPpr_X4ggWqNENg.roa
Signing time:             Tue 02 Jan 2024 06:31:15 +0000
ROA not before:           Tue 02 Jan 2024 06:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        2001:67c:2dc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/8cc47f-0265-407c-ba45-05d7bd4a741d/1/vBhNMNH9L95Qvqb3D-Lb4gUYoD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/8cc47f-0265-407c-ba45-05d7bd4a741d/1/vBhNMNH9L95Qvqb3D-Lb4gUYoD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vBhNMNH9L95Qvqb3D-Lb4gUYoD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:86:93:da:25:72:08:db:93:8b:a1:85:22:b3:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc184d30d1fd2fde50bea6f70fe2dbe20518a03e
        Validity
            Not Before: Jan  2 06:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4ef522da405d39f0e10fa6bfd7e20816a8d10d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:7e:ff:9a:b0:3c:39:da:9d:ba:54:c9:7e:ef:
                    d4:6e:03:11:d6:62:c9:ff:38:78:81:47:95:b3:f6:
                    24:84:66:7b:d4:b1:63:78:43:87:a2:f4:65:23:94:
                    b2:fd:3e:9a:71:90:f2:c9:53:bc:8d:a6:0f:64:09:
                    eb:08:39:b2:7f:24:f2:f5:32:6d:fe:bb:bf:78:b5:
                    51:fd:11:42:72:f0:bf:e8:8f:89:66:75:10:e6:d8:
                    9a:33:ae:af:a6:ec:08:67:dd:50:ac:9a:6a:f1:36:
                    39:94:fe:df:b7:5d:2b:fa:a0:9b:de:8f:17:72:34:
                    27:07:d1:81:f3:f0:fb:98:aa:4d:de:5e:a2:8c:ae:
                    8c:6e:e0:69:e6:6a:48:3d:d0:0f:9f:e7:4a:86:99:
                    26:27:a3:74:42:c6:94:bf:fa:34:24:99:a9:7f:02:
                    a2:a6:49:7f:71:e4:86:3e:b6:d6:28:90:24:2b:87:
                    39:07:31:fc:c0:cd:7a:cc:e4:3e:0a:f1:52:c8:d7:
                    8d:13:88:e9:91:c2:4e:b7:5d:9b:10:0b:60:83:64:
                    13:0c:1c:7f:a9:49:af:05:24:51:5f:a8:f6:85:00:
                    c8:0d:6f:5e:44:4a:8e:30:05:fa:8d:5e:ac:99:84:
                    3d:a0:c8:bf:7f:81:43:d0:4b:4a:cc:92:56:01:7b:
                    f6:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:EF:52:2D:A4:05:D3:9F:0E:10:FA:6B:FD:7E:20:81:6A:8D:10:D8
            X509v3 Authority Key Identifier:
                keyid:BC:18:4D:30:D1:FD:2F:DE:50:BE:A6:F7:0F:E2:DB:E2:05:18:A0:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vBhNMNH9L95Qvqb3D-Lb4gUYoD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/8cc47f-0265-407c-ba45-05d7bd4a741d/1/1O9SLaQF058OEPpr_X4ggWqNENg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/8cc47f-0265-407c-ba45-05d7bd4a741d/1/vBhNMNH9L95Qvqb3D-Lb4gUYoD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2dc::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:c2:46:a5:e0:35:64:ad:8a:87:91:db:c2:24:83:8c:6c:45:
         50:69:fe:e9:a8:89:62:80:5b:b7:e3:f8:58:b9:fa:14:6a:5b:
         eb:6c:b3:f2:02:8a:c6:39:66:c2:ba:aa:c3:e9:de:8a:e9:be:
         8c:ed:29:ed:b8:11:cd:5d:59:14:a2:b7:59:4d:56:06:02:8a:
         04:06:db:6d:82:76:c2:64:cb:7e:14:c3:ab:af:c5:53:01:4e:
         a0:b4:fe:96:30:02:fc:66:68:4a:41:4e:90:30:c4:34:88:d3:
         17:0e:9b:fb:df:5d:10:e5:53:52:40:60:66:2f:cc:03:13:83:
         21:fb:67:c4:b5:06:9b:b3:17:5b:6f:88:26:8e:f0:53:66:5d:
         b6:42:a8:75:29:5e:70:07:9f:90:ba:7e:b4:0c:ad:56:39:79:
         a7:ed:2d:03:8b:d3:9e:70:8a:39:61:e3:49:97:b0:6a:ad:cf:
         aa:cd:32:0d:04:f6:03:64:b0:cc:2b:bc:e6:f9:02:6f:b5:74:
         0e:92:8c:2f:eb:02:72:ed:34:3d:6c:30:2a:ab:18:12:ad:77:
         66:7f:7f:7b:2b:8c:ab:2c:48:8a:74:da:07:2f:4b:f0:56:cc:
         5a:5c:6f:86:fc:88:cc:04:d2:29:92:6b:18:b2:ee:41:45:4a:
         f5:68:67:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3oaT2iVyCNuTi6GFIrN5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjMTg0ZDMwZDFmZDJmZGU1MGJlYTZmNzBmZTJkYmUyMDUx
OGEwM2UwHhcNMjQwMTAyMDYzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGVmNTIyZGE0MDVkMzlmMGUxMGZhNmJmZDdlMjA4MTZhOGQxMGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi37/mrA8OdqdulTJfu/UbgMR1mLJ
/zh4gUeVs/YkhGZ71LFjeEOHovRlI5Sy/T6acZDyyVO8jaYPZAnrCDmyfyTy9TJt
/ru/eLVR/RFCcvC/6I+JZnUQ5tiaM66vpuwIZ91QrJpq8TY5lP7ft10r+qCb3o8X
cjQnB9GB8/D7mKpN3l6ijK6MbuBp5mpIPdAPn+dKhpkmJ6N0QsaUv/o0JJmpfwKi
pkl/ceSGPrbWKJAkK4c5BzH8wM16zOQ+CvFSyNeNE4jpkcJOt12bEAtgg2QTDBx/
qUmvBSRRX6j2hQDIDW9eREqOMAX6jV6smYQ9oMi/f4FD0EtKzJJWAXv2SwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNTvUi2kBdOfDhD6a/1+IIFqjRDYMB8GA1UdIwQY
MBaAFLwYTTDR/S/eUL6m9w/i2+IFGKA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkJoTk1OSDlMOTVRdnFiM0QtTGI0Z1VZb0Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC84Y2M0N2YtMDI2NS00MDdjLWJhNDUt
MDVkN2JkNGE3NDFkLzEvMU85U0xhUUYwNThPRVBwcl9YNGdnV3FORU5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC84Y2M0N2YtMDI2NS00MDdjLWJhNDUtMDVkN2JkNGE3NDFk
LzEvdkJoTk1OSDlMOTVRdnFiM0QtTGI0Z1VZb0Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfALc
MA0GCSqGSIb3DQEBCwUAA4IBAQAswkal4DVkrYqHkdvCJIOMbEVQaf7pqIligFu3
4/hYufoUalvrbLPyAorGOWbCuqrD6d6K6b6M7SntuBHNXVkUordZTVYGAooEBttt
gnbCZMt+FMOrr8VTAU6gtP6WMAL8ZmhKQU6QMMQ0iNMXDpv7310Q5VNSQGBmL8wD
E4Mh+2fEtQabsxdbb4gmjvBTZl22Qqh1KV5wB5+Qun60DK1WOXmn7S0Di9OecIo5
YeNJl7Bqrc+qzTINBPYDZLDMK7zm+QJvtXQOkowv6wJy7TQ9bDAqqxgSrXdmf397
K4yrLEiKdNoHL0vwVsxaXG+G/IjMBNIpkmsYsu5BRUr1aGcF
-----END CERTIFICATE-----