Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/0b8951-2699-44b3-9067-d9a40c4d3291/1/1Pmg7wgY_sN2ZHgU6J2CH7j6iEU.roa
File:                     1Pmg7wgY_sN2ZHgU6J2CH7j6iEU.roa (raw, json)
Hash identifier:          JIQYaizKWVuIca9jQ5e8kjuE7Gv6Z8tH6n5fTxVEY9M=
Subject key identifier:   D4:F9:A0:EF:08:18:FE:C3:76:64:78:14:E8:9D:82:1F:B8:FA:88:45
Certificate issuer:       /CN=cf89cb889f99212e8bf53d06e45d87abb9169506
Certificate serial:       018CC2DB091E45007FCAEBDB47649EE6D870
Authority key identifier: CF:89:CB:88:9F:99:21:2E:8B:F5:3D:06:E4:5D:87:AB:B9:16:95:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z4nLiJ-ZIS6L9T0G5F2Hq7kWlQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/0b8951-2699-44b3-9067-d9a40c4d3291/1/1Pmg7wgY_sN2ZHgU6J2CH7j6iEU.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29663
IP address blocks:        2001:67c:2ac0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/0b8951-2699-44b3-9067-d9a40c4d3291/1/z4nLiJ-ZIS6L9T0G5F2Hq7kWlQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/0b8951-2699-44b3-9067-d9a40c4d3291/1/z4nLiJ-ZIS6L9T0G5F2Hq7kWlQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z4nLiJ-ZIS6L9T0G5F2Hq7kWlQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:09:1e:45:00:7f:ca:eb:db:47:64:9e:e6:d8:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf89cb889f99212e8bf53d06e45d87abb9169506
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4f9a0ef0818fec376647814e89d821fb8fa8845
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:61:79:e1:1c:ea:6c:fe:ee:9d:b9:fc:2c:7a:
                    3e:0d:15:bc:47:70:08:11:a3:3d:c6:f5:f5:3b:8f:
                    4e:52:a5:4b:e1:f3:fc:1c:4c:8c:66:00:ca:e5:5b:
                    a1:6b:55:8c:c8:1e:12:02:9a:35:c9:74:e4:95:8b:
                    41:a9:bf:86:7a:2a:16:b0:e2:e1:da:c7:59:f5:c5:
                    ee:18:4a:b8:bf:88:a9:16:6e:f6:21:ac:f5:60:fa:
                    26:97:00:3d:95:20:19:52:7a:4f:ad:f7:1e:a1:04:
                    df:11:89:54:1f:e0:23:c7:12:1f:6f:a5:2c:a2:5d:
                    d5:cd:8e:14:81:df:9f:0d:6a:04:92:bf:39:ec:3b:
                    36:1e:bd:1b:44:e6:34:b2:eb:5b:8a:15:43:63:93:
                    37:bd:d7:08:b4:bf:f5:41:e9:39:a7:07:1c:98:71:
                    70:7a:b2:b9:a1:1c:f3:1a:e8:3a:64:4a:ae:2a:30:
                    92:8f:0c:3c:76:34:88:19:8a:d8:12:4a:c6:01:c4:
                    49:84:51:a2:19:01:fd:de:97:7b:3c:db:81:a8:d7:
                    21:c5:30:ab:f1:b7:5f:15:8e:a3:1e:e8:e1:91:f2:
                    a2:64:31:02:a8:2c:a4:f7:06:b1:3a:50:03:5a:91:
                    fc:c2:45:c9:b6:d6:0b:24:c4:4b:a2:da:2c:ba:5b:
                    94:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:F9:A0:EF:08:18:FE:C3:76:64:78:14:E8:9D:82:1F:B8:FA:88:45
            X509v3 Authority Key Identifier:
                keyid:CF:89:CB:88:9F:99:21:2E:8B:F5:3D:06:E4:5D:87:AB:B9:16:95:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z4nLiJ-ZIS6L9T0G5F2Hq7kWlQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/0b8951-2699-44b3-9067-d9a40c4d3291/1/1Pmg7wgY_sN2ZHgU6J2CH7j6iEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/0b8951-2699-44b3-9067-d9a40c4d3291/1/z4nLiJ-ZIS6L9T0G5F2Hq7kWlQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2ac0::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:af:91:0b:61:63:8f:49:fb:5b:2b:5b:37:e4:33:0e:a9:d7:
         9c:38:bf:b7:47:81:f4:25:61:78:fa:a6:c3:b0:d1:f9:62:b0:
         11:c1:b5:2d:c9:72:b5:55:d0:64:68:03:5d:e3:ac:3b:96:c1:
         44:62:11:7a:0c:81:f5:69:df:67:c4:4c:44:07:b6:e5:43:fa:
         8d:00:cc:38:e1:dd:0e:90:43:0c:8d:77:3e:79:64:56:2f:31:
         2b:7f:95:36:bf:2b:4b:48:86:74:66:36:ac:f7:1d:a6:ab:bf:
         c6:26:d9:fd:0a:87:4e:37:49:48:ab:e6:1d:4d:78:d3:9f:91:
         e1:c8:f0:dd:a9:df:dd:95:69:83:d3:f2:5e:23:4b:45:75:27:
         9d:c0:07:15:0f:b1:4f:de:ab:32:a6:15:ce:41:a6:5b:3f:93:
         d0:4b:1a:38:a8:08:97:79:37:6e:71:96:8a:81:df:a5:25:42:
         2a:19:14:7b:66:32:4c:43:fe:d3:94:e9:88:46:1c:6e:64:da:
         0f:b7:94:ed:b6:00:e8:57:b0:7f:f5:da:7b:9c:3d:d4:ef:2f:
         a5:20:98:ad:d3:3e:b9:99:59:b1:e5:7d:e9:f3:eb:d4:41:48:
         d0:2a:16:2b:9c:2e:dd:1b:9c:79:ee:cd:68:c2:7a:77:5e:81:
         05:df:35:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wkeRQB/yuvbR2Se5thwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmODljYjg4OWY5OTIxMmU4YmY1M2QwNmU0NWQ4N2FiYjkx
Njk1MDYwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGY5YTBlZjA4MThmZWMzNzY2NDc4MTRlODlkODIxZmI4ZmE4ODQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGF54RzqbP7unbn8LHo+DRW8R3AI
EaM9xvX1O49OUqVL4fP8HEyMZgDK5Vuha1WMyB4SApo1yXTklYtBqb+GeioWsOLh
2sdZ9cXuGEq4v4ipFm72Iaz1YPomlwA9lSAZUnpPrfceoQTfEYlUH+AjxxIfb6Us
ol3VzY4Ugd+fDWoEkr857Ds2Hr0bROY0sutbihVDY5M3vdcItL/1Qek5pwccmHFw
erK5oRzzGug6ZEquKjCSjww8djSIGYrYEkrGAcRJhFGiGQH93pd7PNuBqNchxTCr
8bdfFY6jHujhkfKiZDECqCyk9waxOlADWpH8wkXJttYLJMRLotosuluU/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNT5oO8IGP7DdmR4FOidgh+4+ohFMB8GA1UdIwQY
MBaAFM+Jy4ifmSEui/U9BuRdh6u5FpUGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejRuTGlKLVpJUzZMOVQwRzVGMkhxN2tXbFFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8wYjg5NTEtMjY5OS00NGIzLTkwNjct
ZDlhNDBjNGQzMjkxLzEvMVBtZzd3Z1lfc04yWkhnVTZKMkNIN2o2aUVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8wYjg5NTEtMjY5OS00NGIzLTkwNjctZDlhNDBjNGQzMjkx
LzEvejRuTGlKLVpJUzZMOVQwRzVGMkhxN2tXbFFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCrA
MA0GCSqGSIb3DQEBCwUAA4IBAQBBr5ELYWOPSftbK1s35DMOqdecOL+3R4H0JWF4
+qbDsNH5YrARwbUtyXK1VdBkaANd46w7lsFEYhF6DIH1ad9nxExEB7blQ/qNAMw4
4d0OkEMMjXc+eWRWLzErf5U2vytLSIZ0Zjas9x2mq7/GJtn9CodON0lIq+YdTXjT
n5HhyPDdqd/dlWmD0/JeI0tFdSedwAcVD7FP3qsyphXOQaZbP5PQSxo4qAiXeTdu
cZaKgd+lJUIqGRR7ZjJMQ/7TlOmIRhxuZNoPt5TttgDoV7B/9dp7nD3U7y+lIJit
0z65mVmx5X3p8+vUQUjQKhYrnC7dG5x57s1ownp3XoEF3zWy
-----END CERTIFICATE-----