Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/adb871-6972-4dd6-8360-f1982a691d45/1/i_Cr2hfC_pKwLWTc-eap3006Hig.roa
File:                     i_Cr2hfC_pKwLWTc-eap3006Hig.roa (raw, json)
Hash identifier:          RsZSZ9jS5y55M88ewu6l0chaKkvwrAuY5EDl0pt/0j8=
Subject key identifier:   8B:F0:AB:DA:17:C2:FE:92:B0:2D:64:DC:F9:E6:A9:DF:4D:3A:1E:28
Certificate issuer:       /CN=408fa017532ff6d9fb38b40037896afaf0aacf8b
Certificate serial:       018CC424B4C2EE69C90467C0ABB406805E09
Authority key identifier: 40:8F:A0:17:53:2F:F6:D9:FB:38:B4:00:37:89:6A:FA:F0:AA:CF:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QI-gF1Mv9tn7OLQAN4lq-vCqz4s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/adb871-6972-4dd6-8360-f1982a691d45/1/i_Cr2hfC_pKwLWTc-eap3006Hig.roa
Signing time:             Mon 01 Jan 2024 08:29:49 +0000
ROA not before:           Mon 01 Jan 2024 08:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213052
IP address blocks:        2001:67c:10c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/adb871-6972-4dd6-8360-f1982a691d45/1/QI-gF1Mv9tn7OLQAN4lq-vCqz4s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/adb871-6972-4dd6-8360-f1982a691d45/1/QI-gF1Mv9tn7OLQAN4lq-vCqz4s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QI-gF1Mv9tn7OLQAN4lq-vCqz4s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:b4:c2:ee:69:c9:04:67:c0:ab:b4:06:80:5e:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408fa017532ff6d9fb38b40037896afaf0aacf8b
        Validity
            Not Before: Jan  1 08:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bf0abda17c2fe92b02d64dcf9e6a9df4d3a1e28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ce:5e:b4:9c:00:97:aa:5b:d8:17:04:dc:90:
                    ba:3d:1d:e4:b3:d2:39:7b:c6:27:60:d3:33:0e:d2:
                    5a:d6:ea:75:76:6a:95:ef:05:a8:70:ad:42:e9:59:
                    bb:73:45:52:2f:e7:b6:93:8a:ce:0a:43:09:49:cf:
                    56:d9:11:c9:03:f1:a9:ae:cf:a0:b1:51:e5:30:be:
                    9f:ff:f3:b1:eb:df:89:91:19:b4:3e:96:3b:94:9e:
                    fe:38:27:15:05:a3:ee:e8:7d:f7:d0:f3:d7:7a:e8:
                    d2:e5:aa:5d:5e:79:e9:80:bd:c3:55:83:b3:e4:b7:
                    88:12:4a:38:42:aa:c0:3a:48:f7:b8:2e:7d:5c:a9:
                    1c:20:35:f0:36:1d:93:8c:f0:07:10:c5:2b:8a:a6:
                    f4:5f:17:7f:09:e8:c2:09:95:64:b3:17:c4:8d:2c:
                    45:df:51:e9:45:86:69:b5:3b:73:9e:3f:94:0b:c6:
                    66:d1:87:4b:89:dc:44:a6:ba:2c:2f:9a:dc:57:9e:
                    16:3d:f4:43:f4:f7:29:5f:1b:b8:bb:47:db:2e:a7:
                    63:d2:ed:34:4a:4a:dc:cc:1d:fd:69:05:71:41:32:
                    fb:54:21:67:f1:b3:ff:de:89:5f:3f:3d:4d:91:97:
                    2f:b4:b4:6b:44:32:a6:f8:da:ab:92:3d:63:9a:19:
                    f3:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:F0:AB:DA:17:C2:FE:92:B0:2D:64:DC:F9:E6:A9:DF:4D:3A:1E:28
            X509v3 Authority Key Identifier:
                keyid:40:8F:A0:17:53:2F:F6:D9:FB:38:B4:00:37:89:6A:FA:F0:AA:CF:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QI-gF1Mv9tn7OLQAN4lq-vCqz4s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/adb871-6972-4dd6-8360-f1982a691d45/1/i_Cr2hfC_pKwLWTc-eap3006Hig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/adb871-6972-4dd6-8360-f1982a691d45/1/QI-gF1Mv9tn7OLQAN4lq-vCqz4s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:10c::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:40:3f:f8:72:62:a2:db:3c:a8:07:77:c0:da:14:5a:c4:96:
         66:c6:f2:ad:08:e3:be:f4:b6:7e:21:62:cd:83:7a:c4:24:7e:
         97:80:e3:45:26:df:8b:fe:76:f0:fd:41:3c:50:b1:f2:79:6e:
         7b:20:f1:d6:d9:f7:1b:90:68:eb:81:c5:82:83:7a:20:0e:b8:
         33:b1:28:bd:f8:2f:da:4f:be:d6:b4:bd:18:69:59:49:ee:09:
         5e:d4:f2:74:9a:b5:36:87:fd:9a:8f:7a:07:9a:12:75:e4:f3:
         64:0c:32:19:3c:c0:37:74:8d:73:02:0c:03:b9:86:b3:08:5a:
         17:b0:7b:db:19:5b:ba:aa:34:e3:ec:87:5b:f3:d3:51:52:87:
         e4:d5:02:cc:c8:46:9a:17:36:49:6c:6e:a7:97:14:7d:9e:14:
         a4:ce:42:a0:53:7f:ac:1e:7f:80:b1:f8:3a:4a:c1:85:37:03:
         57:94:e6:6c:43:50:24:d3:1a:a0:d5:63:43:cd:7d:14:ec:c6:
         e5:53:1d:62:45:ee:cf:20:e8:47:63:9b:41:76:d4:28:1a:2f:
         3c:5c:eb:f1:4d:c4:d4:14:00:d4:a2:62:6d:0b:be:a2:16:56:
         cc:fc:1e:2b:c3:82:e0:d4:c2:8f:d2:a7:3a:04:ff:8c:fe:34:
         77:79:88:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJLTC7mnJBGfAq7QGgF4JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGZhMDE3NTMyZmY2ZDlmYjM4YjQwMDM3ODk2YWZhZjBh
YWNmOGIwHhcNMjQwMTAxMDgyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmYwYWJkYTE3YzJmZTkyYjAyZDY0ZGNmOWU2YTlkZjRkM2ExZTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArs5etJwAl6pb2BcE3JC6PR3ks9I5
e8YnYNMzDtJa1up1dmqV7wWocK1C6Vm7c0VSL+e2k4rOCkMJSc9W2RHJA/Gprs+g
sVHlML6f//Ox69+JkRm0PpY7lJ7+OCcVBaPu6H330PPXeujS5apdXnnpgL3DVYOz
5LeIEko4QqrAOkj3uC59XKkcIDXwNh2TjPAHEMUriqb0Xxd/CejCCZVksxfEjSxF
31HpRYZptTtznj+UC8Zm0YdLidxEprosL5rcV54WPfRD9PcpXxu4u0fbLqdj0u00
SkrczB39aQVxQTL7VCFn8bP/3olfPz1NkZcvtLRrRDKm+Nqrkj1jmhnzeQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIvwq9oXwv6SsC1k3Pnmqd9NOh4oMB8GA1UdIwQY
MBaAFECPoBdTL/bZ+zi0ADeJavrwqs+LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUktZ0YxTXY5dG43T0xRQU40bHEtdkNxejRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hZGI4NzEtNjk3Mi00ZGQ2LTgzNjAt
ZjE5ODJhNjkxZDQ1LzEvaV9DcjJoZkNfcEt3TFdUYy1lYXAzMDA2SGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hZGI4NzEtNjk3Mi00ZGQ2LTgzNjAtZjE5ODJhNjkxZDQ1
LzEvUUktZ0YxTXY5dG43T0xRQU40bHEtdkNxejRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAEM
MA0GCSqGSIb3DQEBCwUAA4IBAQCnQD/4cmKi2zyoB3fA2hRaxJZmxvKtCOO+9LZ+
IWLNg3rEJH6XgONFJt+L/nbw/UE8ULHyeW57IPHW2fcbkGjrgcWCg3ogDrgzsSi9
+C/aT77WtL0YaVlJ7gle1PJ0mrU2h/2aj3oHmhJ15PNkDDIZPMA3dI1zAgwDuYaz
CFoXsHvbGVu6qjTj7Idb89NRUofk1QLMyEaaFzZJbG6nlxR9nhSkzkKgU3+sHn+A
sfg6SsGFNwNXlOZsQ1Ak0xqg1WNDzX0U7MblUx1iRe7PIOhHY5tBdtQoGi88XOvx
TcTUFADUomJtC76iFlbM/B4rw4Lg1MKP0qc6BP+M/jR3eYje
-----END CERTIFICATE-----