Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/07d146-ef22-4e5c-bd5c-42ed3e373679/1/CWyfJTXCx0wQPKhXzmdnE6MnYLI.roa
File:                     CWyfJTXCx0wQPKhXzmdnE6MnYLI.roa (raw, json)
Hash identifier:          ThzuhEBJzcI748xo+Izb5BAPSfY4SltGrbBWgAqnbtA=
Subject key identifier:   09:6C:9F:25:35:C2:C7:4C:10:3C:A8:57:CE:67:67:13:A3:27:60:B2
Certificate issuer:       /CN=317bf260bcda302be2c207628cfb164478614fe5
Certificate serial:       018CC5DC7464EAE7A5ED2DC53EE572516A6D
Authority key identifier: 31:7B:F2:60:BC:DA:30:2B:E2:C2:07:62:8C:FB:16:44:78:61:4F:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MXvyYLzaMCviwgdijPsWRHhhT-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/07d146-ef22-4e5c-bd5c-42ed3e373679/1/CWyfJTXCx0wQPKhXzmdnE6MnYLI.roa
Signing time:             Mon 01 Jan 2024 16:30:08 +0000
ROA not before:           Mon 01 Jan 2024 16:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207716
IP address blocks:        2001:67c:988::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/07d146-ef22-4e5c-bd5c-42ed3e373679/1/MXvyYLzaMCviwgdijPsWRHhhT-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/07d146-ef22-4e5c-bd5c-42ed3e373679/1/MXvyYLzaMCviwgdijPsWRHhhT-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MXvyYLzaMCviwgdijPsWRHhhT-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:74:64:ea:e7:a5:ed:2d:c5:3e:e5:72:51:6a:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=317bf260bcda302be2c207628cfb164478614fe5
        Validity
            Not Before: Jan  1 16:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=096c9f2535c2c74c103ca857ce676713a32760b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:da:e2:0b:39:e1:11:65:c8:64:2f:12:2a:f1:
                    08:31:9d:da:d1:ba:43:b5:38:16:ff:6f:18:2c:89:
                    a7:92:cf:ef:92:15:f6:f0:ce:48:78:61:ff:6e:d7:
                    d3:a6:30:32:66:66:8a:a1:33:8a:a3:dc:50:fe:b5:
                    37:33:2a:18:e1:40:e9:02:c5:0e:ef:37:83:18:bb:
                    10:1c:e3:b7:0d:0f:61:61:20:b4:5f:82:3d:5c:a1:
                    8c:4b:61:f0:13:7f:cf:3f:31:42:ea:d2:94:a2:44:
                    bf:5f:a1:da:c9:9f:d8:66:4f:f5:65:54:4e:c0:c9:
                    9f:cb:17:1b:b5:96:4a:bf:fd:95:48:91:50:6a:da:
                    96:f2:3f:2a:d2:d7:32:e9:7e:26:e4:36:b3:03:18:
                    d9:83:29:fa:c9:e0:40:d0:44:ce:bf:77:7b:d6:19:
                    34:6e:c0:5f:98:b1:58:f4:1a:c3:0b:b5:dd:07:86:
                    ed:7e:ea:e0:71:3d:3a:79:2e:f5:d3:6c:72:fc:a5:
                    72:c8:e3:79:d6:cd:01:1e:14:92:6d:a7:29:ef:f6:
                    32:35:f7:7e:b6:98:2e:68:a5:0b:b8:a1:88:b1:66:
                    fe:ee:90:59:78:78:1a:2e:9b:3c:51:07:13:67:9b:
                    df:91:d3:a2:4b:b8:0d:a2:c7:ed:82:7c:4b:64:bc:
                    36:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:6C:9F:25:35:C2:C7:4C:10:3C:A8:57:CE:67:67:13:A3:27:60:B2
            X509v3 Authority Key Identifier:
                keyid:31:7B:F2:60:BC:DA:30:2B:E2:C2:07:62:8C:FB:16:44:78:61:4F:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MXvyYLzaMCviwgdijPsWRHhhT-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/07d146-ef22-4e5c-bd5c-42ed3e373679/1/CWyfJTXCx0wQPKhXzmdnE6MnYLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/07d146-ef22-4e5c-bd5c-42ed3e373679/1/MXvyYLzaMCviwgdijPsWRHhhT-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:988::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:58:4a:41:72:d1:7a:ad:80:31:9c:38:02:b1:e0:af:c4:d4:
         31:e9:8f:fa:fa:a2:4b:75:3d:53:e2:d3:bd:5b:b0:41:e8:51:
         f7:5b:c2:e0:ac:59:ef:99:29:0b:cc:9b:ac:3a:f9:d5:0b:4b:
         ac:ec:13:95:b6:53:e0:fd:40:f0:15:8e:e2:09:bb:70:e0:9b:
         6e:4e:32:16:0b:5b:cc:30:56:ab:01:af:d7:1e:e8:5e:8d:33:
         7b:04:d5:fb:b1:c3:27:35:85:05:58:c1:76:9f:d0:69:36:fb:
         5a:a6:ef:90:6f:01:3a:be:f5:68:55:7d:f2:f9:48:e3:6c:ba:
         48:bf:b1:56:ec:19:b6:cd:c5:9e:f0:68:91:0c:76:40:2e:d7:
         93:0e:04:8d:4b:f3:ca:3e:ce:9b:b0:6a:ab:2f:4d:43:3a:e5:
         7f:de:b3:db:e9:6d:89:b2:c1:5c:fa:34:28:82:fa:6c:e3:61:
         e4:dd:db:34:bf:39:57:95:1b:97:98:01:fc:76:d8:8a:f0:27:
         9a:d5:6e:e5:0a:94:78:cf:89:5b:83:79:4e:b4:c5:53:dc:ac:
         f7:53:e2:c1:6d:2d:a6:95:94:f7:f3:dd:b4:17:c7:03:bd:39:
         e7:28:1a:63:69:f4:02:5f:7b:4b:88:45:65:f6:1a:01:ae:80:
         06:1e:96:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3HRk6uel7S3FPuVyUWptMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxN2JmMjYwYmNkYTMwMmJlMmMyMDc2MjhjZmIxNjQ0Nzg2
MTRmZTUwHhcNMjQwMTAxMTYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTZjOWYyNTM1YzJjNzRjMTAzY2E4NTdjZTY3NjcxM2EzMjc2MGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptriCznhEWXIZC8SKvEIMZ3a0bpD
tTgW/28YLImnks/vkhX28M5IeGH/btfTpjAyZmaKoTOKo9xQ/rU3MyoY4UDpAsUO
7zeDGLsQHOO3DQ9hYSC0X4I9XKGMS2HwE3/PPzFC6tKUokS/X6HayZ/YZk/1ZVRO
wMmfyxcbtZZKv/2VSJFQatqW8j8q0tcy6X4m5DazAxjZgyn6yeBA0ETOv3d71hk0
bsBfmLFY9BrDC7XdB4btfurgcT06eS7102xy/KVyyON51s0BHhSSbacp7/YyNfd+
tpguaKULuKGIsWb+7pBZeHgaLps8UQcTZ5vfkdOiS7gNosftgnxLZLw2IQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAlsnyU1wsdMEDyoV85nZxOjJ2CyMB8GA1UdIwQY
MBaAFDF78mC82jAr4sIHYoz7FkR4YU/lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVh2eVlMemFNQ3Zpd2dkaWpQc1dSSGhoVC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8wN2QxNDYtZWYyMi00ZTVjLWJkNWMt
NDJlZDNlMzczNjc5LzEvQ1d5ZkpUWEN4MHdRUEtoWHptZG5FNk1uWUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8wN2QxNDYtZWYyMi00ZTVjLWJkNWMtNDJlZDNlMzczNjc5
LzEvTVh2eVlMemFNQ3Zpd2dkaWpQc1dSSGhoVC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAmI
MA0GCSqGSIb3DQEBCwUAA4IBAQAPWEpBctF6rYAxnDgCseCvxNQx6Y/6+qJLdT1T
4tO9W7BB6FH3W8LgrFnvmSkLzJusOvnVC0us7BOVtlPg/UDwFY7iCbtw4JtuTjIW
C1vMMFarAa/XHuhejTN7BNX7scMnNYUFWMF2n9BpNvtapu+QbwE6vvVoVX3y+Ujj
bLpIv7FW7Bm2zcWe8GiRDHZALteTDgSNS/PKPs6bsGqrL01DOuV/3rPb6W2JssFc
+jQogvps42Hk3ds0vzlXlRuXmAH8dtiK8Cea1W7lCpR4z4lbg3lOtMVT3Kz3U+LB
bS2mlZT38920F8cDvTnnKBpjafQCX3tLiEVl9hoBroAGHpaK
-----END CERTIFICATE-----