Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/5b7387-3aae-497d-aabd-abb7438bc8a5/1/Auz_YhnD-jko2BzJWfDsS5d1580.roa
File:                     Auz_YhnD-jko2BzJWfDsS5d1580.roa (raw, json)
Hash identifier:          CJEKXWvNDahrWIQuEoQapdbVEv+D1nJghdompHDTyhQ=
Subject key identifier:   02:EC:FF:62:19:C3:FA:39:28:D8:1C:C9:59:F0:EC:4B:97:75:E7:CD
Certificate issuer:       /CN=c7cfccd68957a0f70439a8d60ff3c8b8d911a308
Certificate serial:       018CC348A8D0AEA7A0EAC31F0F35945D3579
Authority key identifier: C7:CF:CC:D6:89:57:A0:F7:04:39:A8:D6:0F:F3:C8:B8:D9:11:A3:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x8_M1olXoPcEOajWD_PIuNkRowg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/5b7387-3aae-497d-aabd-abb7438bc8a5/1/Auz_YhnD-jko2BzJWfDsS5d1580.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20932
IP address blocks:        2001:67c:1368::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/5b7387-3aae-497d-aabd-abb7438bc8a5/1/x8_M1olXoPcEOajWD_PIuNkRowg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/5b7387-3aae-497d-aabd-abb7438bc8a5/1/x8_M1olXoPcEOajWD_PIuNkRowg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x8_M1olXoPcEOajWD_PIuNkRowg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a8:d0:ae:a7:a0:ea:c3:1f:0f:35:94:5d:35:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7cfccd68957a0f70439a8d60ff3c8b8d911a308
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02ecff6219c3fa3928d81cc959f0ec4b9775e7cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:1b:8d:19:70:3f:d0:4d:37:91:81:13:02:3d:
                    66:a6:03:ea:e0:a4:4f:2c:4f:67:50:b5:f2:c5:7b:
                    da:e4:3a:06:65:34:78:a9:0c:66:03:28:64:7b:ad:
                    c8:9f:19:2b:42:ba:9f:c4:d4:45:4d:ff:69:62:45:
                    33:e1:d5:63:41:67:a8:da:8c:ec:e4:79:94:34:b3:
                    2e:fc:0f:93:73:22:d0:ab:e8:63:15:12:a4:28:ea:
                    41:80:ce:99:9e:2b:c5:26:af:87:5e:82:97:6a:14:
                    2d:c3:e1:85:25:83:0f:e5:ea:74:1e:fb:66:a3:d7:
                    34:40:7d:28:2d:e9:71:40:6f:98:3c:ef:5c:d7:4d:
                    38:cb:b9:b5:cc:cd:e1:27:0e:de:06:e9:8d:20:1b:
                    60:43:b9:4f:2d:16:b1:23:be:b2:c4:c6:5b:a5:62:
                    ac:92:5d:4d:66:a1:d4:96:81:47:19:5b:b9:c3:d6:
                    91:9e:ad:0f:5a:9d:42:1f:0e:4e:23:0d:04:f3:ae:
                    d5:52:32:13:a5:16:49:11:00:02:71:83:64:4f:a6:
                    98:cb:b7:ce:f3:a6:85:24:52:12:7d:59:7f:92:68:
                    44:c3:1a:a9:68:52:32:aa:6e:5b:2a:24:5f:c4:76:
                    fa:41:eb:d9:c5:79:30:9f:af:9c:8b:0a:3b:a3:64:
                    47:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:EC:FF:62:19:C3:FA:39:28:D8:1C:C9:59:F0:EC:4B:97:75:E7:CD
            X509v3 Authority Key Identifier:
                keyid:C7:CF:CC:D6:89:57:A0:F7:04:39:A8:D6:0F:F3:C8:B8:D9:11:A3:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x8_M1olXoPcEOajWD_PIuNkRowg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/5b7387-3aae-497d-aabd-abb7438bc8a5/1/Auz_YhnD-jko2BzJWfDsS5d1580.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/5b7387-3aae-497d-aabd-abb7438bc8a5/1/x8_M1olXoPcEOajWD_PIuNkRowg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1368::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:98:e7:b7:a5:bc:3d:92:13:6b:54:eb:50:df:2c:2a:eb:19:
         19:3f:81:83:20:89:af:8e:07:a4:da:30:22:3b:5a:ee:c3:5f:
         2f:ff:db:79:9d:7c:e7:a0:34:f3:9f:38:e7:1c:0e:97:c4:33:
         14:3c:19:ee:09:d4:25:41:55:07:95:ce:49:a8:93:ca:b3:89:
         c8:e7:d2:60:61:f1:03:84:8e:bf:b8:da:c3:02:86:2c:28:5c:
         72:91:30:d3:2f:c6:20:25:2d:71:c6:c3:42:00:a2:47:92:dc:
         57:c4:a5:f9:4f:08:cb:08:f5:80:88:f3:1f:b2:d9:5e:b3:ed:
         8d:d0:3f:a5:90:32:9e:37:81:b3:ad:aa:89:1f:34:ae:05:a3:
         83:ef:b4:5e:0d:72:45:5d:d8:33:a6:f3:6a:72:a2:5e:67:eb:
         7c:b3:89:5b:9b:87:1a:64:d3:48:6e:66:16:bf:2a:36:97:a7:
         93:45:da:b0:36:d1:d0:ba:5e:d5:2f:31:28:c0:e6:7d:65:dd:
         c9:a0:15:d1:dd:21:a0:89:0a:43:5e:39:45:12:18:3e:e0:c3:
         19:65:91:e3:ee:09:90:c8:aa:25:1c:29:94:5b:4d:08:85:4f:
         ff:9e:a9:e2:5e:57:19:4a:a2:08:96:6f:b9:23:2f:0c:54:45:
         b5:0d:f5:3f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSKjQrqeg6sMfDzWUXTV5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3Y2ZjY2Q2ODk1N2EwZjcwNDM5YThkNjBmZjNjOGI4ZDkx
MWEzMDgwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmVjZmY2MjE5YzNmYTM5MjhkODFjYzk1OWYwZWM0Yjk3NzVlN2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgBuNGXA/0E03kYETAj1mpgPq4KRP
LE9nULXyxXva5DoGZTR4qQxmAyhke63InxkrQrqfxNRFTf9pYkUz4dVjQWeo2ozs
5HmUNLMu/A+TcyLQq+hjFRKkKOpBgM6ZnivFJq+HXoKXahQtw+GFJYMP5ep0Hvtm
o9c0QH0oLelxQG+YPO9c1004y7m1zM3hJw7eBumNIBtgQ7lPLRaxI76yxMZbpWKs
kl1NZqHUloFHGVu5w9aRnq0PWp1CHw5OIw0E867VUjITpRZJEQACcYNkT6aYy7fO
86aFJFISfVl/kmhEwxqpaFIyqm5bKiRfxHb6QevZxXkwn6+ciwo7o2RHUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFALs/2IZw/o5KNgcyVnw7EuXdefNMB8GA1UdIwQY
MBaAFMfPzNaJV6D3BDmo1g/zyLjZEaMIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDhfTTFvbFhvUGNFT2FqV0RfUEl1TmtSb3dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi81YjczODctM2FhZS00OTdkLWFhYmQt
YWJiNzQzOGJjOGE1LzEvQXV6X1lobkQtamtvMkJ6SldmRHNTNWQxNTgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi81YjczODctM2FhZS00OTdkLWFhYmQtYWJiNzQzOGJjOGE1
LzEveDhfTTFvbFhvUGNFT2FqV0RfUEl1TmtSb3dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBNo
MA0GCSqGSIb3DQEBCwUAA4IBAQBsmOe3pbw9khNrVOtQ3ywq6xkZP4GDIImvjgek
2jAiO1ruw18v/9t5nXznoDTznzjnHA6XxDMUPBnuCdQlQVUHlc5JqJPKs4nI59Jg
YfEDhI6/uNrDAoYsKFxykTDTL8YgJS1xxsNCAKJHktxXxKX5TwjLCPWAiPMfstle
s+2N0D+lkDKeN4GzraqJHzSuBaOD77ReDXJFXdgzpvNqcqJeZ+t8s4lbm4caZNNI
bmYWvyo2l6eTRdqwNtHQul7VLzEowOZ9Zd3JoBXR3SGgiQpDXjlFEhg+4MMZZZHj
7gmQyKolHCmUW00IhU//nqniXlcZSqIIlm+5Iy8MVEW1DfU/
-----END CERTIFICATE-----