Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/920bb6-09bb-441a-9061-15520cd0ff6b/1/cdNNuI-dQFerpdYn10Q_DTMl-Ag.roa
File:                     cdNNuI-dQFerpdYn10Q_DTMl-Ag.roa (raw, json)
Hash identifier:          IVo7U5r6lZzIHvraP1KQ3ZNEhLn3eBWnCEZvvBi/sdw=
Subject key identifier:   71:D3:4D:B8:8F:9D:40:57:AB:A5:D6:27:D7:44:3F:0D:33:25:F8:08
Certificate issuer:       /CN=f6398c302d0d16da81983e78ff4c1a96f384943c
Certificate serial:       018CC348A9654D22C78B53B85D31E12249E5
Authority key identifier: F6:39:8C:30:2D:0D:16:DA:81:98:3E:78:FF:4C:1A:96:F3:84:94:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9jmMMC0NFtqBmD54_0walvOElDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/920bb6-09bb-441a-9061-15520cd0ff6b/1/cdNNuI-dQFerpdYn10Q_DTMl-Ag.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198186
IP address blocks:        2001:67c:1244::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/920bb6-09bb-441a-9061-15520cd0ff6b/1/9jmMMC0NFtqBmD54_0walvOElDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/920bb6-09bb-441a-9061-15520cd0ff6b/1/9jmMMC0NFtqBmD54_0walvOElDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9jmMMC0NFtqBmD54_0walvOElDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a9:65:4d:22:c7:8b:53:b8:5d:31:e1:22:49:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6398c302d0d16da81983e78ff4c1a96f384943c
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71d34db88f9d4057aba5d627d7443f0d3325f808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:41:98:6d:d8:b7:3e:55:b9:e6:ca:90:35:7f:
                    20:65:5b:7e:41:19:16:99:3f:8e:d5:2a:3b:20:1b:
                    db:97:21:72:24:fd:41:c8:bf:46:af:b4:f9:25:d4:
                    6d:84:50:7b:0a:a1:00:0d:92:70:ed:9d:62:50:25:
                    8b:10:e3:e4:4c:37:b9:12:cd:1e:b8:51:70:8e:69:
                    b0:44:3c:65:3b:30:6b:dc:4f:61:cb:0a:83:04:df:
                    f3:0f:0c:55:a5:44:c1:46:a3:7d:f8:e9:66:2e:4b:
                    bd:d8:1f:8c:e5:1c:e7:91:f0:9d:fd:bc:62:68:0c:
                    ca:4d:26:a3:ff:53:1b:63:c7:a2:b0:6e:12:04:3c:
                    e4:b3:62:53:dd:84:0d:3b:8a:2b:68:f4:d3:03:54:
                    c5:fd:b2:b9:13:9f:a3:5e:c4:4a:7b:68:19:b8:11:
                    8b:7a:69:d4:f6:6d:52:43:3e:c7:5d:52:19:89:db:
                    f1:28:5c:8c:8f:80:9c:b8:15:4a:1e:5b:7c:b2:da:
                    bb:be:40:57:28:5f:86:8e:02:3f:f9:28:4d:96:c1:
                    7c:3c:39:49:b2:45:d2:51:f8:31:5e:40:d9:e1:32:
                    df:23:60:5b:86:c2:81:79:2b:71:1a:2a:54:e8:37:
                    0f:a6:cc:5d:79:e2:61:53:32:04:ce:b8:fe:b1:5a:
                    6c:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:D3:4D:B8:8F:9D:40:57:AB:A5:D6:27:D7:44:3F:0D:33:25:F8:08
            X509v3 Authority Key Identifier:
                keyid:F6:39:8C:30:2D:0D:16:DA:81:98:3E:78:FF:4C:1A:96:F3:84:94:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9jmMMC0NFtqBmD54_0walvOElDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/920bb6-09bb-441a-9061-15520cd0ff6b/1/cdNNuI-dQFerpdYn10Q_DTMl-Ag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/920bb6-09bb-441a-9061-15520cd0ff6b/1/9jmMMC0NFtqBmD54_0walvOElDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1244::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:52:d1:b8:cf:ac:06:4d:d6:0b:a5:72:84:9c:88:0a:94:23:
         91:c6:01:60:a5:9e:db:4d:9f:7a:50:ca:b3:ec:96:63:fd:4f:
         6a:84:c3:77:ea:e6:1d:ee:16:1a:9f:77:f8:f7:54:a2:b9:f0:
         e6:13:4c:b4:2c:ed:23:5c:00:d8:62:22:95:b6:2b:04:e8:5c:
         07:bf:86:a9:f5:b2:97:74:1f:05:86:a7:ec:93:d9:1d:1a:58:
         c0:66:ca:61:ee:78:f9:48:c6:ab:c7:7f:19:ee:1d:2c:53:63:
         4e:c3:f8:45:d9:25:0b:e1:d1:7b:d4:c9:30:c2:11:52:6c:0c:
         bb:bc:c5:1a:46:0a:b2:e0:69:83:02:ed:fe:86:0a:c6:68:02:
         ae:10:43:2c:3a:7a:cb:bd:92:ea:86:f5:c4:4f:e4:35:49:aa:
         9a:ff:6b:b9:b8:3e:f2:81:07:d6:59:8c:5b:b4:26:ea:a7:b1:
         91:50:8f:0b:80:7e:e1:82:2b:12:5f:7b:13:c0:dd:64:14:37:
         52:56:00:8e:69:27:f4:30:4b:5e:22:83:e7:e5:a1:9e:98:77:
         ad:03:f5:98:6e:55:0f:f9:d5:c6:40:05:b9:52:68:7c:e5:6e:
         1e:10:48:e9:df:42:9d:82:98:d5:e8:84:82:44:a3:3b:ee:12:
         c4:53:9d:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSKllTSLHi1O4XTHhIknlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2Mzk4YzMwMmQwZDE2ZGE4MTk4M2U3OGZmNGMxYTk2ZjM4
NDk0M2MwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWQzNGRiODhmOWQ0MDU3YWJhNWQ2MjdkNzQ0M2YwZDMzMjVmODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEGYbdi3PlW55sqQNX8gZVt+QRkW
mT+O1So7IBvblyFyJP1ByL9Gr7T5JdRthFB7CqEADZJw7Z1iUCWLEOPkTDe5Es0e
uFFwjmmwRDxlOzBr3E9hywqDBN/zDwxVpUTBRqN9+OlmLku92B+M5RznkfCd/bxi
aAzKTSaj/1MbY8eisG4SBDzks2JT3YQNO4oraPTTA1TF/bK5E5+jXsRKe2gZuBGL
emnU9m1SQz7HXVIZidvxKFyMj4CcuBVKHlt8stq7vkBXKF+GjgI/+ShNlsF8PDlJ
skXSUfgxXkDZ4TLfI2BbhsKBeStxGipU6DcPpsxdeeJhUzIEzrj+sVpsBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHHTTbiPnUBXq6XWJ9dEPw0zJfgIMB8GA1UdIwQY
MBaAFPY5jDAtDRbagZg+eP9MGpbzhJQ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWptTU1DME5GdHFCbUQ1NF8wd2Fsdk9FbER3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi85MjBiYjYtMDliYi00NDFhLTkwNjEt
MTU1MjBjZDBmZjZiLzEvY2ROTnVJLWRRRmVycGRZbjEwUV9EVE1sLUFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi85MjBiYjYtMDliYi00NDFhLTkwNjEtMTU1MjBjZDBmZjZi
LzEvOWptTU1DME5GdHFCbUQ1NF8wd2Fsdk9FbER3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBJE
MA0GCSqGSIb3DQEBCwUAA4IBAQCdUtG4z6wGTdYLpXKEnIgKlCORxgFgpZ7bTZ96
UMqz7JZj/U9qhMN36uYd7hYan3f491SiufDmE0y0LO0jXADYYiKVtisE6FwHv4ap
9bKXdB8Fhqfsk9kdGljAZsph7nj5SMarx38Z7h0sU2NOw/hF2SUL4dF71MkwwhFS
bAy7vMUaRgqy4GmDAu3+hgrGaAKuEEMsOnrLvZLqhvXET+Q1Saqa/2u5uD7ygQfW
WYxbtCbqp7GRUI8LgH7hgisSX3sTwN1kFDdSVgCOaSf0MEteIoPn5aGemHetA/WY
blUP+dXGQAW5Umh85W4eEEjp30KdgpjV6ISCRKM77hLEU52r
-----END CERTIFICATE-----