Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/e909f8-70c4-465d-bc6c-a34a4c8b0c8a/1/cN0_PUgXJPBOFBHOUUDtrlFfR9c.roa
File:                     cN0_PUgXJPBOFBHOUUDtrlFfR9c.roa (raw, json)
Hash identifier:          4w5SEPGe7yxhm8hRyrpngNs40TdV29Y6YgYJe24yEeM=
Subject key identifier:   70:DD:3F:3D:48:17:24:F0:4E:14:11:CE:51:40:ED:AE:51:5F:47:D7
Certificate issuer:       /CN=6f7fa37185a22944a607d9a94f9885997d851b1e
Certificate serial:       018CC6B92EFA3FCF09B4CE9329FA0699ED40
Authority key identifier: 6F:7F:A3:71:85:A2:29:44:A6:07:D9:A9:4F:98:85:99:7D:85:1B:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3-jcYWiKUSmB9mpT5iFmX2FGx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/e909f8-70c4-465d-bc6c-a34a4c8b0c8a/1/cN0_PUgXJPBOFBHOUUDtrlFfR9c.roa
Signing time:             Mon 01 Jan 2024 20:31:14 +0000
ROA not before:           Mon 01 Jan 2024 20:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198660
IP address blocks:        2001:67c:25b4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/e909f8-70c4-465d-bc6c-a34a4c8b0c8a/1/b3-jcYWiKUSmB9mpT5iFmX2FGx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/e909f8-70c4-465d-bc6c-a34a4c8b0c8a/1/b3-jcYWiKUSmB9mpT5iFmX2FGx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3-jcYWiKUSmB9mpT5iFmX2FGx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2e:fa:3f:cf:09:b4:ce:93:29:fa:06:99:ed:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f7fa37185a22944a607d9a94f9885997d851b1e
        Validity
            Not Before: Jan  1 20:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70dd3f3d481724f04e1411ce5140edae515f47d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:54:91:31:14:b3:32:8c:0e:b0:31:44:51:f5:
                    4c:5e:5f:db:a6:23:dc:ac:12:49:e4:e0:d4:c4:e5:
                    cf:d6:21:4b:49:48:ab:cb:46:6b:26:8b:08:e7:c8:
                    57:f1:3e:ac:26:61:4a:71:a5:c1:95:65:92:02:a4:
                    67:85:6d:97:4f:4c:bf:46:b4:97:a3:63:d7:cc:e5:
                    7a:b2:0b:cf:9f:88:7a:cc:53:fc:dc:35:9c:dc:74:
                    16:0c:70:2c:5f:d3:50:e2:1c:e8:31:0d:79:54:4a:
                    23:59:e6:9c:db:09:55:52:23:d2:c9:d8:ef:87:0f:
                    ca:70:c7:24:f0:09:f7:65:0f:e5:59:0e:cb:e7:b0:
                    54:06:e6:3b:41:a5:5d:b9:dc:80:bb:54:aa:a6:dd:
                    ec:87:1c:c2:cb:c8:d3:ca:77:85:3a:0c:b2:44:52:
                    93:d2:b4:c2:7b:d8:f1:aa:c2:db:fa:05:20:e4:ee:
                    5a:22:5f:ae:9c:f5:a5:04:3b:b5:07:01:bb:1f:e5:
                    d6:56:e1:9c:30:50:f0:a2:34:4d:73:3f:b8:0f:92:
                    8a:3c:7d:1f:78:5c:3b:b3:9a:85:bb:a0:5b:fd:f2:
                    5c:bd:86:28:a9:ca:28:ef:8a:d3:53:1c:3e:fe:b3:
                    ae:d9:91:2a:ec:ad:50:ab:b0:52:08:41:67:0d:e7:
                    ca:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:DD:3F:3D:48:17:24:F0:4E:14:11:CE:51:40:ED:AE:51:5F:47:D7
            X509v3 Authority Key Identifier:
                keyid:6F:7F:A3:71:85:A2:29:44:A6:07:D9:A9:4F:98:85:99:7D:85:1B:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3-jcYWiKUSmB9mpT5iFmX2FGx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/e909f8-70c4-465d-bc6c-a34a4c8b0c8a/1/cN0_PUgXJPBOFBHOUUDtrlFfR9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/e909f8-70c4-465d-bc6c-a34a4c8b0c8a/1/b3-jcYWiKUSmB9mpT5iFmX2FGx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:25b4::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:2f:69:e4:75:ec:b1:0f:68:ae:9c:8d:73:57:37:a1:ed:cf:
         ef:46:80:98:33:9b:e5:cc:f9:e0:4d:a5:4c:aa:f5:03:8a:29:
         25:bc:08:fa:1e:2a:ce:5d:b2:6f:a5:16:65:34:05:77:55:e7:
         b2:67:34:15:ed:0a:b3:5a:c2:21:f7:e3:4f:73:06:9d:e0:78:
         62:11:cc:d9:29:1f:7b:be:8c:94:23:c2:ec:05:99:cd:73:ea:
         5b:fe:fe:d7:7d:bc:2c:24:07:14:13:9e:fe:80:2a:6f:e6:fc:
         9f:f3:f2:0d:0a:9b:18:49:09:5c:02:ce:55:01:66:a7:71:07:
         82:dd:a1:b4:6b:00:68:d3:fe:48:9a:ec:4f:98:6a:46:87:11:
         cb:66:a0:74:8b:b4:4c:d1:6e:62:94:e3:98:44:25:8f:d9:14:
         d4:58:44:01:62:89:46:f9:c1:62:65:ce:ea:43:fb:ec:3a:9f:
         79:bc:90:3c:d0:5b:33:99:2d:12:eb:06:31:89:31:98:ee:25:
         b5:11:1e:24:84:17:3f:4f:b8:a1:93:dc:45:18:53:e6:d1:bb:
         a8:2e:7f:7b:35:98:49:09:93:07:22:ad:7e:67:40:5e:c7:8d:
         96:08:ae:16:78:89:d8:f7:59:99:14:53:90:fa:a8:b2:9d:65:
         07:87:48:b9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuS76P88JtM6TKfoGme1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmN2ZhMzcxODVhMjI5NDRhNjA3ZDlhOTRmOTg4NTk5N2Q4
NTFiMWUwHhcNMjQwMTAxMjAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGRkM2YzZDQ4MTcyNGYwNGUxNDExY2U1MTQwZWRhZTUxNWY0N2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlSRMRSzMowOsDFEUfVMXl/bpiPc
rBJJ5ODUxOXP1iFLSUiry0ZrJosI58hX8T6sJmFKcaXBlWWSAqRnhW2XT0y/RrSX
o2PXzOV6sgvPn4h6zFP83DWc3HQWDHAsX9NQ4hzoMQ15VEojWeac2wlVUiPSydjv
hw/KcMck8An3ZQ/lWQ7L57BUBuY7QaVdudyAu1Sqpt3shxzCy8jTyneFOgyyRFKT
0rTCe9jxqsLb+gUg5O5aIl+unPWlBDu1BwG7H+XWVuGcMFDwojRNcz+4D5KKPH0f
eFw7s5qFu6Bb/fJcvYYoqcoo74rTUxw+/rOu2ZEq7K1Qq7BSCEFnDefKiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHDdPz1IFyTwThQRzlFA7a5RX0fXMB8GA1UdIwQY
MBaAFG9/o3GFoilEpgfZqU+YhZl9hRseMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjMtamNZV2lLVVNtQjltcFQ1aUZtWDJGR3g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9lOTA5ZjgtNzBjNC00NjVkLWJjNmMt
YTM0YTRjOGIwYzhhLzEvY04wX1BVZ1hKUEJPRkJIT1VVRHRybEZmUjljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9lOTA5ZjgtNzBjNC00NjVkLWJjNmMtYTM0YTRjOGIwYzhh
LzEvYjMtamNZV2lLVVNtQjltcFQ1aUZtWDJGR3g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCW0
MA0GCSqGSIb3DQEBCwUAA4IBAQAnL2nkdeyxD2iunI1zVzeh7c/vRoCYM5vlzPng
TaVMqvUDiiklvAj6HirOXbJvpRZlNAV3VeeyZzQV7QqzWsIh9+NPcwad4HhiEczZ
KR97voyUI8LsBZnNc+pb/v7XfbwsJAcUE57+gCpv5vyf8/INCpsYSQlcAs5VAWan
cQeC3aG0awBo0/5ImuxPmGpGhxHLZqB0i7RM0W5ilOOYRCWP2RTUWEQBYolG+cFi
Zc7qQ/vsOp95vJA80FszmS0S6wYxiTGY7iW1ER4khBc/T7ihk9xFGFPm0buoLn97
NZhJCZMHIq1+Z0Bex42WCK4WeInY91mZFFOQ+qiynWUHh0i5
-----END CERTIFICATE-----