Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/7ce3dc-68db-45bb-8e57-3e6198a512e0/1/Md6jVbwT8xxD7xwCJxK9l1XQWZM.roa
File:                     Md6jVbwT8xxD7xwCJxK9l1XQWZM.roa (raw, json)
Hash identifier:          KmtVhLOy5SDhMEe6uHIozX8HUQqAZadj8WTHWB5/sGk=
Subject key identifier:   31:DE:A3:55:BC:13:F3:1C:43:EF:1C:02:27:12:BD:97:55:D0:59:93
Certificate issuer:       /CN=d7cb616ccfe0e866b427c0a45ef4181b0981e631
Certificate serial:       018CC94BEBD423B1381548B8E63DBAE31738
Authority key identifier: D7:CB:61:6C:CF:E0:E8:66:B4:27:C0:A4:5E:F4:18:1B:09:81:E6:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/18thbM_g6Ga0J8CkXvQYGwmB5jE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/7ce3dc-68db-45bb-8e57-3e6198a512e0/1/Md6jVbwT8xxD7xwCJxK9l1XQWZM.roa
Signing time:             Tue 02 Jan 2024 08:30:45 +0000
ROA not before:           Tue 02 Jan 2024 08:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8365
IP address blocks:        2001:67c:295c::/48 maxlen: 48
                          2001:67c:2184::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/7ce3dc-68db-45bb-8e57-3e6198a512e0/1/18thbM_g6Ga0J8CkXvQYGwmB5jE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/7ce3dc-68db-45bb-8e57-3e6198a512e0/1/18thbM_g6Ga0J8CkXvQYGwmB5jE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/18thbM_g6Ga0J8CkXvQYGwmB5jE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:50:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:eb:d4:23:b1:38:15:48:b8:e6:3d:ba:e3:17:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7cb616ccfe0e866b427c0a45ef4181b0981e631
        Validity
            Not Before: Jan  2 08:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31dea355bc13f31c43ef1c022712bd9755d05993
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:78:68:b0:e9:dd:80:b7:f0:5b:c1:7c:c1:c8:
                    42:c4:d3:da:b0:ea:d5:68:96:50:a7:13:18:ce:05:
                    44:28:0c:25:ed:38:59:e5:89:95:01:2a:f0:83:fe:
                    96:cb:6f:5f:15:7c:46:6b:c0:bd:eb:6a:10:d8:2e:
                    c6:d9:e9:f2:2c:63:50:44:63:11:d4:24:d3:86:f8:
                    89:76:a0:e1:86:19:4a:6d:b5:73:0c:3a:b8:66:3d:
                    5d:e2:a7:fe:54:01:f7:cc:73:7e:8d:1a:6d:b4:f9:
                    87:ff:8e:65:a8:0e:24:c1:bc:6d:3e:4d:89:c0:1f:
                    c9:a7:07:fb:a9:d3:ef:3f:9b:72:f1:5c:04:cc:1a:
                    e7:0a:ab:c2:93:04:1f:30:88:15:52:d1:4e:65:fc:
                    55:b1:6f:b9:8e:2b:b3:2f:1c:53:30:f7:9b:49:b4:
                    12:15:a9:43:16:b5:5d:63:9e:44:1f:1b:7e:05:c7:
                    1e:c6:fb:aa:3b:b6:8b:a3:eb:8b:7b:b8:b3:79:13:
                    c0:43:40:87:be:7d:8f:b3:a5:8a:a3:32:95:28:0c:
                    46:16:94:3e:ea:e3:18:d8:ab:9a:31:66:54:b2:a9:
                    cc:49:7f:be:df:87:df:92:2a:9d:5f:c6:ff:2f:d0:
                    c2:48:3d:47:1c:89:50:c3:4d:a6:ed:bc:d2:d8:b0:
                    83:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:DE:A3:55:BC:13:F3:1C:43:EF:1C:02:27:12:BD:97:55:D0:59:93
            X509v3 Authority Key Identifier:
                keyid:D7:CB:61:6C:CF:E0:E8:66:B4:27:C0:A4:5E:F4:18:1B:09:81:E6:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/18thbM_g6Ga0J8CkXvQYGwmB5jE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/7ce3dc-68db-45bb-8e57-3e6198a512e0/1/Md6jVbwT8xxD7xwCJxK9l1XQWZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/7ce3dc-68db-45bb-8e57-3e6198a512e0/1/18thbM_g6Ga0J8CkXvQYGwmB5jE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2184::/48
                  2001:67c:295c::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:8e:3a:25:c6:78:d5:66:32:b4:fd:2e:f1:e3:7c:a1:96:63:
         4c:c8:ff:a5:85:e5:0f:47:57:cc:d4:35:d8:f3:d5:49:92:30:
         b5:fa:5d:6a:fd:9d:80:0a:fc:56:d1:6e:d2:aa:3a:b0:e5:8a:
         67:f5:c2:28:e3:b0:6c:14:5c:f3:a0:eb:b9:42:b8:c8:4d:4f:
         93:35:8d:83:8d:d5:b7:9d:6b:2e:69:67:5b:48:fe:7a:9a:05:
         4e:01:8e:a8:8c:73:97:a8:5c:14:fb:d1:ff:76:36:a3:b9:68:
         c6:24:d4:d1:10:c6:d3:a6:ab:30:58:31:60:08:fe:83:d4:43:
         dc:25:77:6d:da:cf:2b:ed:ca:57:6a:db:87:c8:bd:0a:70:91:
         75:a4:71:e6:76:3b:c0:d9:93:89:12:a7:87:15:97:ca:06:78:
         b5:e9:09:d7:6d:96:05:66:0a:ba:b1:cd:0c:91:2a:34:5d:d1:
         4a:9c:4d:33:5d:97:fe:c9:e0:a6:4c:e5:b5:b9:90:3b:a8:dd:
         cf:ea:8e:c0:65:ea:3b:5a:6e:08:b7:01:1c:7a:cb:2d:8f:22:
         11:38:92:f0:39:b6:89:bb:e8:cd:e8:78:88:30:b0:c3:50:27:
         11:8b:c0:b6:a9:65:60:cd:8e:77:a1:d4:22:1d:a0:04:be:38:
         29:47:f5:9e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJS+vUI7E4FUi45j264xc4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3Y2I2MTZjY2ZlMGU4NjZiNDI3YzBhNDVlZjQxODFiMDk4
MWU2MzEwHhcNMjQwMTAyMDgzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWRlYTM1NWJjMTNmMzFjNDNlZjFjMDIyNzEyYmQ5NzU1ZDA1OTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3hosOndgLfwW8F8wchCxNPasOrV
aJZQpxMYzgVEKAwl7ThZ5YmVASrwg/6Wy29fFXxGa8C962oQ2C7G2enyLGNQRGMR
1CTThviJdqDhhhlKbbVzDDq4Zj1d4qf+VAH3zHN+jRpttPmH/45lqA4kwbxtPk2J
wB/Jpwf7qdPvP5ty8VwEzBrnCqvCkwQfMIgVUtFOZfxVsW+5jiuzLxxTMPebSbQS
FalDFrVdY55EHxt+BccexvuqO7aLo+uLe7izeRPAQ0CHvn2Ps6WKozKVKAxGFpQ+
6uMY2KuaMWZUsqnMSX++34ffkiqdX8b/L9DCSD1HHIlQw02m7bzS2LCDvQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDHeo1W8E/McQ+8cAicSvZdV0FmTMB8GA1UdIwQY
MBaAFNfLYWzP4OhmtCfApF70GBsJgeYxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTh0aGJNX2c2R2EwSjhDa1h2UVlHd21CNWpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC83Y2UzZGMtNjhkYi00NWJiLThlNTct
M2U2MTk4YTUxMmUwLzEvTWQ2alZid1Q4eHhEN3h3Q0p4SzlsMVhRV1pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC83Y2UzZGMtNjhkYi00NWJiLThlNTctM2U2MTk4YTUxMmUw
LzEvMTh0aGJNX2c2R2EwSjhDa1h2UVlHd21CNWpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGfCGE
AwcAIAEGfClcMA0GCSqGSIb3DQEBCwUAA4IBAQBjjjolxnjVZjK0/S7x43yhlmNM
yP+lheUPR1fM1DXY89VJkjC1+l1q/Z2ACvxW0W7Sqjqw5Ypn9cIo47BsFFzzoOu5
QrjITU+TNY2DjdW3nWsuaWdbSP56mgVOAY6ojHOXqFwU+9H/djajuWjGJNTREMbT
pqswWDFgCP6D1EPcJXdt2s8r7cpXatuHyL0KcJF1pHHmdjvA2ZOJEqeHFZfKBni1
6QnXbZYFZgq6sc0MkSo0XdFKnE0zXZf+yeCmTOW1uZA7qN3P6o7AZeo7Wm4ItwEc
esstjyIROJLwObaJu+jN6HiIMLDDUCcRi8C2qWVgzY53odQiHaAEvjgpR/We
-----END CERTIFICATE-----