Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/26ca92-6fb8-4dd2-9795-9bc5c26d4be8/1/GhA_obCYpvq0jt-TYWdZEdiq25A.roa
File:                     GhA_obCYpvq0jt-TYWdZEdiq25A.roa (raw, json)
Hash identifier:          IYic0xKOceEEzXe1yIjUo6iDLvUaiB9ofkYtdYCC0zY=
Subject key identifier:   1A:10:3F:A1:B0:98:A6:FA:B4:8E:DF:93:61:67:59:11:D8:AA:DB:90
Certificate issuer:       /CN=f9c18cb1a5027fa1726f114b3efe62a3a979ce1b
Certificate serial:       018DA79BB40431DAB0FCB37AD875AF678BC0
Authority key identifier: F9:C1:8C:B1:A5:02:7F:A1:72:6F:11:4B:3E:FE:62:A3:A9:79:CE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-cGMsaUCf6FybxFLPv5io6l5zhs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/26ca92-6fb8-4dd2-9795-9bc5c26d4be8/1/GhA_obCYpvq0jt-TYWdZEdiq25A.roa
Signing time:             Wed 14 Feb 2024 12:33:35 +0000
ROA not before:           Wed 14 Feb 2024 12:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215578
IP address blocks:        2001:67c:dc8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/26ca92-6fb8-4dd2-9795-9bc5c26d4be8/1/1-cGMsaUCf6FybxFLPv5io6l5zhs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/26ca92-6fb8-4dd2-9795-9bc5c26d4be8/1/1-cGMsaUCf6FybxFLPv5io6l5zhs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-cGMsaUCf6FybxFLPv5io6l5zhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:9b:b4:04:31:da:b0:fc:b3:7a:d8:75:af:67:8b:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9c18cb1a5027fa1726f114b3efe62a3a979ce1b
        Validity
            Not Before: Feb 14 12:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a103fa1b098a6fab48edf9361675911d8aadb90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:0e:05:70:b4:d5:b0:46:a7:71:66:ce:52:31:
                    2f:b0:77:8d:ea:c7:16:a1:df:c2:7a:4d:e5:2d:73:
                    78:c9:46:ed:3b:f2:62:fb:6b:5a:71:98:23:65:3c:
                    70:50:21:61:c8:a8:7b:04:2f:32:1e:bd:c8:f9:83:
                    ea:e4:5a:4e:a6:03:d5:39:74:3f:8c:98:4b:1a:ac:
                    ab:da:31:8d:83:04:b4:7e:9f:df:cf:26:e9:f7:26:
                    4a:6d:e6:4f:3e:66:06:4a:84:d6:e8:c6:9b:cf:40:
                    57:43:44:a2:d6:46:b0:4d:ae:b3:38:cd:2a:3a:8f:
                    63:6e:21:d8:0a:a2:9e:1a:c7:b9:0c:d7:c3:8d:90:
                    80:e0:65:d7:a0:3f:0a:1c:f0:10:2b:d2:b2:13:9c:
                    21:99:cc:ac:65:4e:7d:0a:64:15:86:3f:30:89:e8:
                    af:33:e3:e2:98:27:e9:1d:2b:ae:da:94:4c:f6:bd:
                    7f:15:b2:34:db:a5:31:19:fe:bc:c2:5d:f2:1b:17:
                    3f:e9:0a:36:b1:95:b7:98:35:2e:c9:b8:5b:16:a9:
                    7f:f4:b4:36:38:78:09:80:24:6c:87:59:63:de:8b:
                    fa:e9:76:0d:39:55:89:51:58:f9:cc:08:13:a4:46:
                    3d:e5:95:3e:c5:a0:49:8a:90:f4:a8:78:28:5a:f2:
                    41:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:10:3F:A1:B0:98:A6:FA:B4:8E:DF:93:61:67:59:11:D8:AA:DB:90
            X509v3 Authority Key Identifier:
                keyid:F9:C1:8C:B1:A5:02:7F:A1:72:6F:11:4B:3E:FE:62:A3:A9:79:CE:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-cGMsaUCf6FybxFLPv5io6l5zhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/26ca92-6fb8-4dd2-9795-9bc5c26d4be8/1/GhA_obCYpvq0jt-TYWdZEdiq25A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/26ca92-6fb8-4dd2-9795-9bc5c26d4be8/1/1-cGMsaUCf6FybxFLPv5io6l5zhs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:dc8::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:3e:5a:9f:af:11:8e:ae:9f:a1:c9:b9:35:e4:a8:74:5e:fb:
         09:29:45:d8:b4:0d:f0:3f:c2:35:a8:ea:32:46:3f:18:2a:6d:
         ef:06:5a:b9:5b:b0:5d:5c:fc:9c:86:de:5f:8d:9a:6b:a0:3e:
         e3:33:16:ad:10:44:67:ec:01:9a:e4:1d:06:d7:bb:ba:48:de:
         43:26:82:7c:26:63:83:53:7e:e4:ba:06:53:f0:6b:d8:e3:75:
         9a:1c:c1:c1:11:fc:71:c3:26:c2:dc:c8:59:62:20:be:2d:e5:
         59:8a:d0:66:de:0c:3d:83:8c:96:44:7f:b5:c2:55:7f:44:5b:
         fa:c7:36:62:75:c2:9b:31:c4:6a:05:c2:20:52:88:86:7b:38:
         59:31:86:94:05:95:b6:3a:8f:95:19:42:3b:0a:38:2d:0e:eb:
         ca:66:3b:0b:19:12:7d:0e:26:07:34:ae:b2:a5:2f:0c:a7:61:
         43:3c:2b:ec:3d:89:7d:06:47:6f:74:3d:af:1f:ae:a3:25:36:
         8f:d9:13:45:84:26:41:46:4e:da:a9:91:0f:de:fe:50:a4:f5:
         44:e9:d3:41:dd:fe:8f:5c:ff:bf:e4:28:6f:61:4c:cf:43:f4:
         b1:fe:13:e4:b8:14:b5:7b:ba:44:05:e3:ed:6a:bd:d4:4d:b7:
         36:cc:9b:12
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAY2nm7QEMdqw/LN62HWvZ4vAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5YzE4Y2IxYTUwMjdmYTE3MjZmMTE0YjNlZmU2MmEzYTk3
OWNlMWIwHhcNMjQwMjE0MTIzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTEwM2ZhMWIwOThhNmZhYjQ4ZWRmOTM2MTY3NTkxMWQ4YWFkYjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiw4FcLTVsEancWbOUjEvsHeN6scW
od/Cek3lLXN4yUbtO/Ji+2tacZgjZTxwUCFhyKh7BC8yHr3I+YPq5FpOpgPVOXQ/
jJhLGqyr2jGNgwS0fp/fzybp9yZKbeZPPmYGSoTW6Mabz0BXQ0Si1kawTa6zOM0q
Oo9jbiHYCqKeGse5DNfDjZCA4GXXoD8KHPAQK9KyE5whmcysZU59CmQVhj8wieiv
M+PimCfpHSuu2pRM9r1/FbI026UxGf68wl3yGxc/6Qo2sZW3mDUuybhbFql/9LQ2
OHgJgCRsh1lj3ov66XYNOVWJUVj5zAgTpEY95ZU+xaBJipD0qHgoWvJBuQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFBoQP6GwmKb6tI7fk2FnWRHYqtuQMB8GA1UdIwQY
MBaAFPnBjLGlAn+hcm8RSz7+YqOpec4bMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1jR01zYVVDZjZGeWJ4RkxQdjVpbzZsNXpocy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzUvMjZjYTkyLTZmYjgtNGRkMi05Nzk1
LTliYzVjMjZkNGJlOC8xL0doQV9vYkNZcHZxMGp0LVRZV2RaRWRpcTI1QS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzUvMjZjYTkyLTZmYjgtNGRkMi05Nzk1LTliYzVjMjZkNGJl
OC8xLzEtY0dNc2FVQ2Y2RnlieEZMUHY1aW82bDV6aHMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQZ8
DcgwDQYJKoZIhvcNAQELBQADggEBAG8+Wp+vEY6un6HJuTXkqHRe+wkpRdi0DfA/
wjWo6jJGPxgqbe8GWrlbsF1c/JyG3l+NmmugPuMzFq0QRGfsAZrkHQbXu7pI3kMm
gnwmY4NTfuS6BlPwa9jjdZocwcER/HHDJsLcyFliIL4t5VmK0GbeDD2DjJZEf7XC
VX9EW/rHNmJ1wpsxxGoFwiBSiIZ7OFkxhpQFlbY6j5UZQjsKOC0O68pmOwsZEn0O
Jgc0rrKlLwynYUM8K+w9iX0GR290Pa8frqMlNo/ZE0WEJkFGTtqpkQ/e/lCk9UTp
00Hd/o9c/7/kKG9hTM9D9LH+E+S4FLV7ukQF4+1qvdRNtzbMmxI=
-----END CERTIFICATE-----