Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/e85c71-26cd-472b-bd9a-c3f8a8cee9eb/1/Ddt11r4KTOu4-iGllnZjy_mgsF4.roa
File:                     Ddt11r4KTOu4-iGllnZjy_mgsF4.roa (raw, json)
Hash identifier:          Th4/KLHitv7ty9K8/pxSnMIA6bIPcW/23rqmdb0Dp1I=
Subject key identifier:   0D:DB:75:D6:BE:0A:4C:EB:B8:FA:21:A5:96:76:63:CB:F9:A0:B0:5E
Certificate issuer:       /CN=885bb9b88cf489e80fee61f098e8086811038719
Certificate serial:       018CC5013B16B584DDAA47EC91CCC1AE2BA2
Authority key identifier: 88:5B:B9:B8:8C:F4:89:E8:0F:EE:61:F0:98:E8:08:68:11:03:87:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFu5uIz0iegP7mHwmOgIaBEDhxk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/e85c71-26cd-472b-bd9a-c3f8a8cee9eb/1/Ddt11r4KTOu4-iGllnZjy_mgsF4.roa
Signing time:             Mon 01 Jan 2024 12:30:41 +0000
ROA not before:           Mon 01 Jan 2024 12:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198305
IP address blocks:        2001:67c:226c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/e85c71-26cd-472b-bd9a-c3f8a8cee9eb/1/iFu5uIz0iegP7mHwmOgIaBEDhxk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/e85c71-26cd-472b-bd9a-c3f8a8cee9eb/1/iFu5uIz0iegP7mHwmOgIaBEDhxk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFu5uIz0iegP7mHwmOgIaBEDhxk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 21:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3b:16:b5:84:dd:aa:47:ec:91:cc:c1:ae:2b:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885bb9b88cf489e80fee61f098e8086811038719
        Validity
            Not Before: Jan  1 12:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ddb75d6be0a4cebb8fa21a5967663cbf9a0b05e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:27:25:ca:d8:e4:4b:dd:aa:3d:99:f9:7a:3e:
                    6f:5c:ec:ef:5e:fc:50:5a:48:39:71:1e:e9:a3:de:
                    d8:55:5c:1f:2e:00:f0:d7:2b:ec:6d:2a:1f:00:03:
                    70:7c:cf:a4:f0:72:a6:d6:e1:b7:11:97:db:4a:a9:
                    c1:0e:8a:da:65:e8:c0:e9:cf:eb:ff:cc:65:0b:93:
                    d5:86:36:5f:ae:50:8f:b3:cc:c3:03:c1:d9:be:55:
                    41:9f:0a:1f:77:76:d0:f9:b4:b9:e9:51:b5:83:19:
                    d9:a7:84:81:e6:23:a9:32:05:96:30:71:2b:fe:af:
                    e0:20:2a:d2:c1:5b:d5:09:b4:fd:50:90:a5:f0:59:
                    1a:00:6a:86:50:2b:f2:44:b0:44:9c:7d:7f:93:47:
                    4d:25:e0:cc:11:ab:d5:18:2d:66:2f:9e:fb:8f:a5:
                    82:8d:2e:d8:dd:ae:8b:55:ac:e4:16:bb:f1:5d:b3:
                    51:c2:b4:77:f4:1f:28:64:9e:72:14:06:fe:71:a5:
                    f7:e8:9b:97:cc:da:d1:65:5c:50:6d:46:ae:24:60:
                    32:eb:92:68:4d:c9:79:dc:4c:de:97:d2:06:6f:6c:
                    c8:ab:51:a5:81:1c:61:6d:ac:2b:ab:5c:9d:48:b4:
                    94:bc:98:5f:9e:ae:8a:59:12:4e:b5:b2:9a:97:e5:
                    7e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:DB:75:D6:BE:0A:4C:EB:B8:FA:21:A5:96:76:63:CB:F9:A0:B0:5E
            X509v3 Authority Key Identifier:
                keyid:88:5B:B9:B8:8C:F4:89:E8:0F:EE:61:F0:98:E8:08:68:11:03:87:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFu5uIz0iegP7mHwmOgIaBEDhxk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/e85c71-26cd-472b-bd9a-c3f8a8cee9eb/1/Ddt11r4KTOu4-iGllnZjy_mgsF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/e85c71-26cd-472b-bd9a-c3f8a8cee9eb/1/iFu5uIz0iegP7mHwmOgIaBEDhxk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:226c::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:79:f9:25:70:da:15:fb:76:54:d9:f1:e7:a7:40:30:2b:55:
         ba:45:62:66:8e:82:c9:b3:b8:0a:cf:ca:c1:e9:61:e6:9e:d9:
         37:bf:9a:6f:b0:aa:61:40:8d:e4:63:86:a1:5a:fe:d0:72:5c:
         d0:f1:c5:3c:80:aa:a7:e8:3d:9a:ac:48:7b:cf:ec:dd:58:0f:
         08:a6:60:79:ce:77:73:8f:24:41:06:8f:df:03:03:42:8f:7c:
         1b:1d:0c:01:8e:08:8e:51:64:f2:3a:77:fa:ef:9f:fe:40:d4:
         c5:71:37:43:f7:7e:da:1b:59:c7:93:b7:ef:8d:1d:1f:22:a7:
         a5:52:13:85:4d:98:70:b1:b8:91:75:4a:16:36:85:b9:5c:98:
         42:62:2f:c1:a6:47:31:66:9c:0e:47:e4:49:52:70:df:14:f6:
         fb:3d:0a:6d:0f:2d:e6:51:02:24:69:36:2e:33:1f:3f:44:61:
         84:31:ed:bd:02:fa:a1:6f:33:a3:95:64:f5:c3:22:f2:63:1f:
         e4:64:97:7c:bb:7b:31:9d:43:3d:bd:92:ff:7b:ce:8b:d1:dd:
         cd:4d:5d:71:5c:14:1e:5f:08:18:2d:bc:a8:de:3a:93:bf:1b:
         be:8e:ef:b9:0d:d2:7d:26:72:f6:8e:f1:c7:fe:48:93:fd:1d:
         f1:b6:06:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFATsWtYTdqkfskczBriuiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWJiOWI4OGNmNDg5ZTgwZmVlNjFmMDk4ZTgwODY4MTEw
Mzg3MTkwHhcNMjQwMTAxMTIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGRiNzVkNmJlMGE0Y2ViYjhmYTIxYTU5Njc2NjNjYmY5YTBiMDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCclytjkS92qPZn5ej5vXOzvXvxQ
Wkg5cR7po97YVVwfLgDw1yvsbSofAANwfM+k8HKm1uG3EZfbSqnBDoraZejA6c/r
/8xlC5PVhjZfrlCPs8zDA8HZvlVBnwofd3bQ+bS56VG1gxnZp4SB5iOpMgWWMHEr
/q/gICrSwVvVCbT9UJCl8FkaAGqGUCvyRLBEnH1/k0dNJeDMEavVGC1mL577j6WC
jS7Y3a6LVazkFrvxXbNRwrR39B8oZJ5yFAb+caX36JuXzNrRZVxQbUauJGAy65Jo
Tcl53Ezel9IGb2zIq1GlgRxhbawrq1ydSLSUvJhfnq6KWRJOtbKal+V+KwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA3bdda+CkzruPohpZZ2Y8v5oLBeMB8GA1UdIwQY
MBaAFIhbubiM9InoD+5h8JjoCGgRA4cZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1NXVJejBpZWdQN21Id21PZ0lhQkVEaHhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9lODVjNzEtMjZjZC00NzJiLWJkOWEt
YzNmOGE4Y2VlOWViLzEvRGR0MTFyNEtUT3U0LWlHbGxuWmp5X21nc0Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9lODVjNzEtMjZjZC00NzJiLWJkOWEtYzNmOGE4Y2VlOWVi
LzEvaUZ1NXVJejBpZWdQN21Id21PZ0lhQkVEaHhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCJs
MA0GCSqGSIb3DQEBCwUAA4IBAQBzefklcNoV+3ZU2fHnp0AwK1W6RWJmjoLJs7gK
z8rB6WHmntk3v5pvsKphQI3kY4ahWv7QclzQ8cU8gKqn6D2arEh7z+zdWA8IpmB5
zndzjyRBBo/fAwNCj3wbHQwBjgiOUWTyOnf675/+QNTFcTdD937aG1nHk7fvjR0f
IqelUhOFTZhwsbiRdUoWNoW5XJhCYi/BpkcxZpwOR+RJUnDfFPb7PQptDy3mUQIk
aTYuMx8/RGGEMe29AvqhbzOjlWT1wyLyYx/kZJd8u3sxnUM9vZL/e86L0d3NTV1x
XBQeXwgYLbyo3jqTvxu+ju+5DdJ9JnL2jvHH/kiT/R3xtgYL
-----END CERTIFICATE-----