Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/b49460-c42f-4186-a556-b2426736c1e5/1/EyDvH0uBJ9QJkqjXfWZa4XqNdG4.roa
File:                     EyDvH0uBJ9QJkqjXfWZa4XqNdG4.roa (raw, json)
Hash identifier:          QvtHnmGfnryJpbqn3yjanMcZb0o3HqBC919l0nHf8gA=
Subject key identifier:   13:20:EF:1F:4B:81:27:D4:09:92:A8:D7:7D:66:5A:E1:7A:8D:74:6E
Certificate issuer:       /CN=c3a3c2bd16f8318bdd9c3eb20a8a8a701f3e27c7
Certificate serial:       018CC726F75CA327F10AE77D3916B77BDB67
Authority key identifier: C3:A3:C2:BD:16:F8:31:8B:DD:9C:3E:B2:0A:8A:8A:70:1F:3E:27:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w6PCvRb4MYvdnD6yCoqKcB8-J8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/b49460-c42f-4186-a556-b2426736c1e5/1/EyDvH0uBJ9QJkqjXfWZa4XqNdG4.roa
Signing time:             Mon 01 Jan 2024 22:31:08 +0000
ROA not before:           Mon 01 Jan 2024 22:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212123
IP address blocks:        2001:67c:9d8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/b49460-c42f-4186-a556-b2426736c1e5/1/w6PCvRb4MYvdnD6yCoqKcB8-J8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/b49460-c42f-4186-a556-b2426736c1e5/1/w6PCvRb4MYvdnD6yCoqKcB8-J8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w6PCvRb4MYvdnD6yCoqKcB8-J8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f7:5c:a3:27:f1:0a:e7:7d:39:16:b7:7b:db:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3a3c2bd16f8318bdd9c3eb20a8a8a701f3e27c7
        Validity
            Not Before: Jan  1 22:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1320ef1f4b8127d40992a8d77d665ae17a8d746e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:80:b7:a4:38:01:c2:5d:cb:2f:1a:e4:08:09:
                    9d:b2:4e:fa:f3:c1:f8:d9:f3:01:5c:0a:7b:b1:b2:
                    d8:e9:18:7d:77:21:30:32:3f:29:2b:d0:47:8f:7f:
                    8a:5e:8d:63:da:79:04:c8:48:d5:52:f0:b2:fe:5e:
                    97:ac:ef:83:75:65:9f:51:7a:28:39:86:dc:ca:00:
                    ba:cc:24:3c:7b:31:b6:1e:d9:77:85:d4:4f:bc:6e:
                    0b:d8:48:32:08:0d:ac:36:07:bc:90:99:74:c3:ba:
                    45:c3:2d:6f:a8:f0:43:8b:c8:88:28:a6:62:c0:f7:
                    48:e7:6e:d2:46:2b:78:d1:49:97:99:2f:b7:76:e5:
                    20:ff:01:ce:57:25:83:3b:6f:69:9f:0b:5a:b5:dc:
                    20:0f:e1:2b:f1:65:d4:6a:ee:82:ac:66:e1:d8:68:
                    36:18:38:39:a9:1a:eb:89:ed:c9:be:d2:cc:be:60:
                    60:86:40:44:de:ec:d0:62:8d:90:da:6c:a1:9b:85:
                    4a:cf:99:96:8b:bf:d7:49:0b:25:e0:3b:05:65:f5:
                    9d:b7:f1:ba:b7:37:53:a9:36:4a:9b:e3:74:90:02:
                    f0:04:a3:5b:d1:58:63:ae:a2:0a:68:86:d0:6c:f7:
                    51:8d:2c:dd:f5:89:8f:b8:e8:8e:d9:06:ee:3d:ec:
                    97:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:20:EF:1F:4B:81:27:D4:09:92:A8:D7:7D:66:5A:E1:7A:8D:74:6E
            X509v3 Authority Key Identifier:
                keyid:C3:A3:C2:BD:16:F8:31:8B:DD:9C:3E:B2:0A:8A:8A:70:1F:3E:27:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w6PCvRb4MYvdnD6yCoqKcB8-J8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/b49460-c42f-4186-a556-b2426736c1e5/1/EyDvH0uBJ9QJkqjXfWZa4XqNdG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/b49460-c42f-4186-a556-b2426736c1e5/1/w6PCvRb4MYvdnD6yCoqKcB8-J8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:9d8::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:c8:7b:b5:6a:f7:48:f8:c4:3a:b7:78:90:82:05:ad:c3:ec:
         f9:c0:dc:f8:a4:d7:87:04:18:06:92:4d:0c:68:ae:91:ff:5d:
         26:27:b4:e7:3c:6a:06:05:ad:07:fb:cb:ed:e9:59:75:d4:2f:
         0d:34:60:7f:73:6d:ff:aa:31:5a:92:d0:5b:bf:aa:fa:3a:c0:
         2b:48:19:f0:95:2a:ff:1c:bf:bc:3a:77:4b:01:9f:f9:d0:af:
         c9:52:79:6b:1d:b7:c0:ab:0f:5c:94:53:3f:b4:91:15:c7:c0:
         2f:d1:12:b7:8f:36:22:f0:b8:60:1e:c0:0f:1d:f6:ec:8b:ed:
         db:c7:56:8c:55:ea:7d:cc:64:24:26:20:69:22:5f:ec:dd:60:
         a6:65:8f:21:01:41:9b:b2:a0:05:6c:f0:77:7e:82:c2:af:05:
         99:4f:d5:d2:43:f4:fc:9d:7e:14:c8:6c:25:11:31:9c:9c:18:
         39:ad:7f:6d:e9:af:22:bf:0b:24:42:28:af:32:52:ca:c3:da:
         4d:dc:41:a6:51:41:c4:c8:4f:79:73:50:66:84:27:37:7b:fa:
         d1:e3:bc:30:62:1b:f3:ea:dc:26:fa:fb:d8:ec:11:6c:ac:7c:
         6b:5b:56:65:f6:99:53:2c:f2:e8:c2:d5:5a:15:bb:52:f3:05:
         49:a5:ee:07
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJvdcoyfxCud9ORa3e9tnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYTNjMmJkMTZmODMxOGJkZDljM2ViMjBhOGE4YTcwMWYz
ZTI3YzcwHhcNMjQwMTAxMjIzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzIwZWYxZjRiODEyN2Q0MDk5MmE4ZDc3ZDY2NWFlMTdhOGQ3NDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4C3pDgBwl3LLxrkCAmdsk7688H4
2fMBXAp7sbLY6Rh9dyEwMj8pK9BHj3+KXo1j2nkEyEjVUvCy/l6XrO+DdWWfUXoo
OYbcygC6zCQ8ezG2Htl3hdRPvG4L2EgyCA2sNge8kJl0w7pFwy1vqPBDi8iIKKZi
wPdI527SRit40UmXmS+3duUg/wHOVyWDO29pnwtatdwgD+Er8WXUau6CrGbh2Gg2
GDg5qRrrie3JvtLMvmBghkBE3uzQYo2Q2myhm4VKz5mWi7/XSQsl4DsFZfWdt/G6
tzdTqTZKm+N0kALwBKNb0VhjrqIKaIbQbPdRjSzd9YmPuOiO2QbuPeyXOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBMg7x9LgSfUCZKo131mWuF6jXRuMB8GA1UdIwQY
MBaAFMOjwr0W+DGL3Zw+sgqKinAfPifHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzZQQ3ZSYjRNWXZkbkQ2eUNvcUtjQjgtSjhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9iNDk0NjAtYzQyZi00MTg2LWE1NTYt
YjI0MjY3MzZjMWU1LzEvRXlEdkgwdUJKOVFKa3FqWGZXWmE0WHFOZEc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9iNDk0NjAtYzQyZi00MTg2LWE1NTYtYjI0MjY3MzZjMWU1
LzEvdzZQQ3ZSYjRNWXZkbkQ2eUNvcUtjQjgtSjhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAnY
MA0GCSqGSIb3DQEBCwUAA4IBAQCbyHu1avdI+MQ6t3iQggWtw+z5wNz4pNeHBBgG
kk0MaK6R/10mJ7TnPGoGBa0H+8vt6Vl11C8NNGB/c23/qjFaktBbv6r6OsArSBnw
lSr/HL+8OndLAZ/50K/JUnlrHbfAqw9clFM/tJEVx8Av0RK3jzYi8LhgHsAPHfbs
i+3bx1aMVep9zGQkJiBpIl/s3WCmZY8hAUGbsqAFbPB3foLCrwWZT9XSQ/T8nX4U
yGwlETGcnBg5rX9t6a8ivwskQiivMlLKw9pN3EGmUUHEyE95c1BmhCc3e/rR47ww
Yhvz6twm+vvY7BFsrHxrW1Zl9plTLPLowtVaFbtS8wVJpe4H
-----END CERTIFICATE-----