Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/017f89-9130-4a4e-8547-f3b9741d1d4f/1/p2VzljyIf7LvNMX0sxnsxfW8r3g.roa
File:                     p2VzljyIf7LvNMX0sxnsxfW8r3g.roa (raw, json)
Hash identifier:          u4zSF+HUGYwx5CX4seLQpFdH/lDcVRqW/fJnqV/Pr3A=
Subject key identifier:   A7:65:73:96:3C:88:7F:B2:EF:34:C5:F4:B3:19:EC:C5:F5:BC:AF:78
Certificate issuer:       /CN=ff2a50eedfe78040209d6c0ab95f83b5460398dd
Certificate serial:       018CC7934F9AFF367579D7EC79BF14466411
Authority key identifier: FF:2A:50:EE:DF:E7:80:40:20:9D:6C:0A:B9:5F:83:B5:46:03:98:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_ypQ7t_ngEAgnWwKuV-DtUYDmN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/017f89-9130-4a4e-8547-f3b9741d1d4f/1/p2VzljyIf7LvNMX0sxnsxfW8r3g.roa
Signing time:             Tue 02 Jan 2024 00:29:29 +0000
ROA not before:           Tue 02 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207076
IP address blocks:        2001:67c:1430::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/017f89-9130-4a4e-8547-f3b9741d1d4f/1/_ypQ7t_ngEAgnWwKuV-DtUYDmN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/017f89-9130-4a4e-8547-f3b9741d1d4f/1/_ypQ7t_ngEAgnWwKuV-DtUYDmN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_ypQ7t_ngEAgnWwKuV-DtUYDmN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:4f:9a:ff:36:75:79:d7:ec:79:bf:14:46:64:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff2a50eedfe78040209d6c0ab95f83b5460398dd
        Validity
            Not Before: Jan  2 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a76573963c887fb2ef34c5f4b319ecc5f5bcaf78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:06:89:26:fb:fd:31:09:c1:ab:39:ca:96:46:
                    ad:ad:35:99:f7:25:b4:36:3e:26:d0:6b:2a:f2:e9:
                    f8:a4:16:fc:c2:23:b2:05:59:b2:12:27:3f:e8:47:
                    a9:3e:06:15:b0:ab:44:88:75:63:11:ba:78:04:d6:
                    03:64:a8:85:39:10:f0:9d:8b:62:da:6b:b7:99:cf:
                    f0:95:7f:cc:ee:03:a2:ea:15:79:8c:85:1f:5c:5f:
                    11:d6:de:6a:76:6a:3d:aa:73:4a:82:a1:59:93:71:
                    67:74:64:4b:b9:da:7e:37:b6:fe:96:d8:cc:71:b8:
                    70:a6:53:c9:54:47:2f:4a:9d:51:cf:36:e1:df:85:
                    28:95:06:8c:2c:49:17:87:9b:57:b8:45:85:20:40:
                    c7:83:c1:55:5b:16:56:86:c4:f9:86:0a:08:45:8f:
                    c9:8c:46:51:5b:86:8b:e7:40:75:dd:a5:88:8a:a2:
                    4a:82:6f:b0:49:ef:08:39:e1:b9:3b:9a:01:12:a6:
                    0b:12:c7:b1:3a:bf:79:8c:60:c8:c5:68:5d:af:4c:
                    63:d9:52:c1:13:79:d6:b4:d0:07:1b:77:21:3a:e5:
                    26:a0:fc:29:4f:12:51:5f:5d:05:06:e2:57:0d:a3:
                    64:d6:61:ca:81:63:fe:8d:f3:9f:74:7b:e2:6b:f4:
                    30:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:65:73:96:3C:88:7F:B2:EF:34:C5:F4:B3:19:EC:C5:F5:BC:AF:78
            X509v3 Authority Key Identifier:
                keyid:FF:2A:50:EE:DF:E7:80:40:20:9D:6C:0A:B9:5F:83:B5:46:03:98:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_ypQ7t_ngEAgnWwKuV-DtUYDmN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/017f89-9130-4a4e-8547-f3b9741d1d4f/1/p2VzljyIf7LvNMX0sxnsxfW8r3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/017f89-9130-4a4e-8547-f3b9741d1d4f/1/_ypQ7t_ngEAgnWwKuV-DtUYDmN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1430::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:24:b6:ef:90:57:b2:2f:06:1a:40:c6:1d:3f:04:28:81:32:
         7c:5d:a0:76:15:af:68:0e:0c:3c:97:07:7e:f5:d9:d3:c5:ec:
         22:03:af:a1:e0:41:a3:1b:7a:ed:e0:05:3d:f1:c8:00:4a:4c:
         41:3e:46:00:55:c9:7b:bf:f1:c0:10:99:c3:d3:6d:40:d8:67:
         97:e9:57:fd:42:d5:a9:c6:37:3f:e2:e8:f7:ba:4f:7f:aa:de:
         99:1c:11:fc:a8:6a:0c:db:f8:5a:29:d0:23:d3:8a:4a:e1:d2:
         19:7d:19:62:5f:d0:dd:89:83:da:35:e0:29:df:f9:d1:70:1d:
         1e:bd:20:31:d0:b0:7c:57:d9:42:21:9c:b8:da:1d:69:62:14:
         be:d7:24:10:a7:05:da:f6:b6:4d:5e:9d:4d:65:d8:1a:af:84:
         b7:98:fd:78:c2:7d:81:25:13:8b:27:78:15:5e:b8:63:c9:23:
         ba:94:cd:52:fb:00:6f:ed:e6:91:18:58:1e:6f:2e:59:80:be:
         5b:e1:6d:4a:45:05:ca:64:85:f6:26:63:ad:55:df:86:0b:66:
         0f:4a:3d:4e:e6:70:f8:9f:09:f7:7a:f9:8b:9c:5c:bd:7f:78:
         7d:ab:6d:6f:a5:45:89:1f:75:36:bf:24:4d:46:52:a4:ad:2b:
         98:be:22:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHk0+a/zZ1edfseb8URmQRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMmE1MGVlZGZlNzgwNDAyMDlkNmMwYWI5NWY4M2I1NDYw
Mzk4ZGQwHhcNMjQwMTAyMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzY1NzM5NjNjODg3ZmIyZWYzNGM1ZjRiMzE5ZWNjNWY1YmNhZjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAaJJvv9MQnBqznKlkatrTWZ9yW0
Nj4m0Gsq8un4pBb8wiOyBVmyEic/6EepPgYVsKtEiHVjEbp4BNYDZKiFORDwnYti
2mu3mc/wlX/M7gOi6hV5jIUfXF8R1t5qdmo9qnNKgqFZk3FndGRLudp+N7b+ltjM
cbhwplPJVEcvSp1Rzzbh34UolQaMLEkXh5tXuEWFIEDHg8FVWxZWhsT5hgoIRY/J
jEZRW4aL50B13aWIiqJKgm+wSe8IOeG5O5oBEqYLEsexOr95jGDIxWhdr0xj2VLB
E3nWtNAHG3chOuUmoPwpTxJRX10FBuJXDaNk1mHKgWP+jfOfdHvia/QwqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKdlc5Y8iH+y7zTF9LMZ7MX1vK94MB8GA1UdIwQY
MBaAFP8qUO7f54BAIJ1sCrlfg7VGA5jdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3lwUTd0X25nRUFnbld3S3VWLUR0VVlEbU4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8wMTdmODktOTEzMC00YTRlLTg1NDct
ZjNiOTc0MWQxZDRmLzEvcDJWemxqeUlmN0x2Tk1YMHN4bnN4Zlc4cjNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8wMTdmODktOTEzMC00YTRlLTg1NDctZjNiOTc0MWQxZDRm
LzEvX3lwUTd0X25nRUFnbld3S3VWLUR0VVlEbU4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBQw
MA0GCSqGSIb3DQEBCwUAA4IBAQBoJLbvkFeyLwYaQMYdPwQogTJ8XaB2Fa9oDgw8
lwd+9dnTxewiA6+h4EGjG3rt4AU98cgASkxBPkYAVcl7v/HAEJnD021A2GeX6Vf9
QtWpxjc/4uj3uk9/qt6ZHBH8qGoM2/haKdAj04pK4dIZfRliX9DdiYPaNeAp3/nR
cB0evSAx0LB8V9lCIZy42h1pYhS+1yQQpwXa9rZNXp1NZdgar4S3mP14wn2BJROL
J3gVXrhjySO6lM1S+wBv7eaRGFgeby5ZgL5b4W1KRQXKZIX2JmOtVd+GC2YPSj1O
5nD4nwn3evmLnFy9f3h9q21vpUWJH3U2vyRNRlKkrSuYviIA
-----END CERTIFICATE-----