Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/23bea6-9001-441d-8364-61cb43c2db85/1/upBu8MDd6z7gSI7TXB58F4z8KF0.roa
File:                     upBu8MDd6z7gSI7TXB58F4z8KF0.roa (raw, json)
Hash identifier:          HnBG5Xxx0f6dEVHfZHGfrT2i/Y4X+WJxNm96aBobVDc=
Subject key identifier:   BA:90:6E:F0:C0:DD:EB:3E:E0:48:8E:D3:5C:1E:7C:17:8C:FC:28:5D
Certificate issuer:       /CN=860d9f01a98b514ebd3c2723d7f7eb448326f5e2
Certificate serial:       018CCA604ADE1D28C4E5FA2F66A636CBCFBD
Authority key identifier: 86:0D:9F:01:A9:8B:51:4E:BD:3C:27:23:D7:F7:EB:44:83:26:F5:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hg2fAamLUU69PCcj1_frRIMm9eI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/23bea6-9001-441d-8364-61cb43c2db85/1/upBu8MDd6z7gSI7TXB58F4z8KF0.roa
Signing time:             Tue 02 Jan 2024 13:32:37 +0000
ROA not before:           Tue 02 Jan 2024 13:32:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13020
IP address blocks:        2001:67c:20a1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/23bea6-9001-441d-8364-61cb43c2db85/1/hg2fAamLUU69PCcj1_frRIMm9eI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/23bea6-9001-441d-8364-61cb43c2db85/1/hg2fAamLUU69PCcj1_frRIMm9eI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hg2fAamLUU69PCcj1_frRIMm9eI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:60:4a:de:1d:28:c4:e5:fa:2f:66:a6:36:cb:cf:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=860d9f01a98b514ebd3c2723d7f7eb448326f5e2
        Validity
            Not Before: Jan  2 13:32:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba906ef0c0ddeb3ee0488ed35c1e7c178cfc285d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:8c:2c:93:84:6b:cf:16:fd:57:42:14:f9:5f:
                    0d:7d:f1:c6:9a:83:5d:78:ad:a5:bf:40:db:cc:05:
                    d2:9b:a1:a2:52:19:67:d2:17:0c:56:9c:95:35:bb:
                    16:26:9e:b6:aa:84:cd:56:85:bd:a5:19:ed:5a:3b:
                    09:c2:23:9c:e6:70:bf:4d:b9:e7:d7:c4:09:20:01:
                    72:99:65:eb:ba:86:dd:f9:39:b4:8f:76:36:4f:34:
                    95:a7:ca:92:cc:42:61:7a:cb:cb:47:31:d9:23:1f:
                    1d:a4:15:cd:45:c4:b9:b1:cd:96:76:8b:b1:9f:6f:
                    0f:9f:e3:c6:9f:c3:a5:6e:47:0a:4d:c8:73:f9:a9:
                    a7:6a:d3:f4:f2:6c:3c:fb:ca:b9:ce:72:42:33:25:
                    32:d1:08:cc:07:7f:e0:e9:07:e7:98:1d:ad:3e:4a:
                    e9:4e:e2:72:70:d1:88:ee:a2:46:10:af:17:46:de:
                    1c:8a:98:e3:8b:95:af:cb:21:6b:06:6c:62:de:ad:
                    c1:8f:ca:69:f1:09:5a:54:3e:88:b4:d2:25:1f:cf:
                    85:f3:9a:da:e1:de:d6:9c:d6:3e:8b:e7:cc:e7:6b:
                    2c:e4:3b:f8:42:99:1b:53:d9:9e:8e:07:36:09:e6:
                    2b:d3:99:a5:cc:e3:53:be:b5:c8:8a:6a:1a:7b:6b:
                    0f:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:90:6E:F0:C0:DD:EB:3E:E0:48:8E:D3:5C:1E:7C:17:8C:FC:28:5D
            X509v3 Authority Key Identifier:
                keyid:86:0D:9F:01:A9:8B:51:4E:BD:3C:27:23:D7:F7:EB:44:83:26:F5:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hg2fAamLUU69PCcj1_frRIMm9eI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/23bea6-9001-441d-8364-61cb43c2db85/1/upBu8MDd6z7gSI7TXB58F4z8KF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/23bea6-9001-441d-8364-61cb43c2db85/1/hg2fAamLUU69PCcj1_frRIMm9eI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:20a1::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:6d:d3:c1:03:ad:e4:f5:8c:46:23:16:2e:14:7c:c5:ac:b0:
         c9:43:42:f5:54:ef:9f:c1:df:86:6a:69:b4:57:3c:b1:c4:6b:
         dc:c1:1a:40:a5:f8:48:67:8d:f1:25:fe:bf:2c:03:bd:f2:9d:
         db:bd:7c:40:e6:f3:f4:92:59:d7:a4:58:40:fe:ae:2b:d7:d9:
         5c:a8:f0:f8:bb:fc:38:c4:23:67:ec:c5:de:da:3f:e5:96:85:
         3d:ce:d3:39:2f:bc:b3:f6:46:40:ba:dd:a9:1e:83:ca:9f:57:
         60:08:95:a0:ec:a9:ca:f3:dd:fe:01:b6:40:6a:bf:9a:40:4b:
         1b:74:bd:f5:d3:34:97:f3:99:94:f1:00:9f:f1:36:f7:01:bc:
         8f:3e:34:7d:dc:47:6a:6a:4f:2f:07:09:1e:d5:f1:9f:94:df:
         2c:c2:db:db:27:44:74:0c:f6:30:55:b5:f5:ef:62:0e:a0:b2:
         80:ed:d8:5b:de:ec:69:7a:fa:b6:4f:e4:35:07:0a:d4:e8:f3:
         94:16:1c:ea:fc:24:2c:06:21:71:45:51:c4:28:8f:34:9d:cc:
         70:91:b8:9d:ca:44:f3:42:2e:74:0b:a3:b0:aa:27:65:4f:c2:
         24:2a:9d:77:34:b4:05:42:04:9f:07:85:7c:96:b0:bc:5b:0f:
         bf:30:d8:88
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKYEreHSjE5fovZqY2y8+9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MGQ5ZjAxYTk4YjUxNGViZDNjMjcyM2Q3ZjdlYjQ0ODMy
NmY1ZTIwHhcNMjQwMTAyMTMzMjM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTkwNmVmMGMwZGRlYjNlZTA0ODhlZDM1YzFlN2MxNzhjZmMyODVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYwsk4Rrzxb9V0IU+V8NffHGmoNd
eK2lv0DbzAXSm6GiUhln0hcMVpyVNbsWJp62qoTNVoW9pRntWjsJwiOc5nC/Tbnn
18QJIAFymWXruobd+Tm0j3Y2TzSVp8qSzEJhesvLRzHZIx8dpBXNRcS5sc2Wdoux
n28Pn+PGn8OlbkcKTchz+amnatP08mw8+8q5znJCMyUy0QjMB3/g6QfnmB2tPkrp
TuJycNGI7qJGEK8XRt4cipjji5WvyyFrBmxi3q3Bj8pp8QlaVD6ItNIlH8+F85ra
4d7WnNY+i+fM52ss5Dv4QpkbU9mejgc2CeYr05mlzONTvrXIimoae2sPFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLqQbvDA3es+4EiO01wefBeM/ChdMB8GA1UdIwQY
MBaAFIYNnwGpi1FOvTwnI9f360SDJvXiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGcyZkFhbUxVVTY5UENjajFfZnJSSU1tOWVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8yM2JlYTYtOTAwMS00NDFkLTgzNjQt
NjFjYjQzYzJkYjg1LzEvdXBCdThNRGQ2ejdnU0k3VFhCNThGNHo4S0YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8yM2JlYTYtOTAwMS00NDFkLTgzNjQtNjFjYjQzYzJkYjg1
LzEvaGcyZkFhbUxVVTY5UENjajFfZnJSSU1tOWVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCCh
MA0GCSqGSIb3DQEBCwUAA4IBAQCnbdPBA63k9YxGIxYuFHzFrLDJQ0L1VO+fwd+G
amm0VzyxxGvcwRpApfhIZ43xJf6/LAO98p3bvXxA5vP0klnXpFhA/q4r19lcqPD4
u/w4xCNn7MXe2j/lloU9ztM5L7yz9kZAut2pHoPKn1dgCJWg7KnK893+AbZAar+a
QEsbdL310zSX85mU8QCf8Tb3AbyPPjR93Edqak8vBwke1fGflN8swtvbJ0R0DPYw
VbX172IOoLKA7dhb3uxpevq2T+Q1BwrU6POUFhzq/CQsBiFxRVHEKI80ncxwkbid
ykTzQi50C6OwqidlT8IkKp13NLQFQgSfB4V8lrC8Ww+/MNiI
-----END CERTIFICATE-----