Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/922f6d-7a74-4fa8-9495-184dff292a30/1/nurN1T6WcOAs_wx6T3xYJogtGHg.roa
File:                     nurN1T6WcOAs_wx6T3xYJogtGHg.roa (raw, json)
Hash identifier:          u7s1ZAle/H+kuHnW4/I/QWLshC35WR862vju0opUnvg=
Subject key identifier:   9E:EA:CD:D5:3E:96:70:E0:2C:FF:0C:7A:4F:7C:58:26:88:2D:18:78
Certificate issuer:       /CN=3e2742496400d810be5b4096fdedec30a231f9ab
Certificate serial:       018CCA2AE31D947CB455F59FC0BBC6E7183A
Authority key identifier: 3E:27:42:49:64:00:D8:10:BE:5B:40:96:FD:ED:EC:30:A2:31:F9:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PidCSWQA2BC-W0CW_e3sMKIx-as.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/922f6d-7a74-4fa8-9495-184dff292a30/1/nurN1T6WcOAs_wx6T3xYJogtGHg.roa
Signing time:             Tue 02 Jan 2024 12:34:17 +0000
ROA not before:           Tue 02 Jan 2024 12:34:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200368
IP address blocks:        2001:67c:b44::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/922f6d-7a74-4fa8-9495-184dff292a30/1/PidCSWQA2BC-W0CW_e3sMKIx-as.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/922f6d-7a74-4fa8-9495-184dff292a30/1/PidCSWQA2BC-W0CW_e3sMKIx-as.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PidCSWQA2BC-W0CW_e3sMKIx-as.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:e3:1d:94:7c:b4:55:f5:9f:c0:bb:c6:e7:18:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e2742496400d810be5b4096fdedec30a231f9ab
        Validity
            Not Before: Jan  2 12:34:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9eeacdd53e9670e02cff0c7a4f7c5826882d1878
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:2e:71:1f:92:e7:bb:82:ef:29:6a:0a:b7:ec:
                    1e:3e:81:95:7e:d6:3d:01:ee:c5:07:42:b5:4c:3c:
                    bf:c9:94:cb:61:98:b4:a6:fe:a1:9d:ac:84:8d:55:
                    6e:be:5e:60:fe:11:4b:51:74:8d:0a:dc:99:26:b3:
                    d5:14:59:82:64:0a:3f:93:95:78:0d:c2:46:d7:10:
                    47:3e:49:11:5c:44:70:0c:5b:4c:24:c3:58:82:5b:
                    dd:2f:e9:2d:9c:3a:fc:86:36:43:7c:42:7a:0f:bb:
                    81:65:e3:88:d0:9a:20:47:a5:8e:bd:23:fa:0d:a2:
                    44:05:29:e4:28:7e:32:6c:09:f2:65:f4:a3:02:13:
                    5d:e3:f3:33:8c:6c:a7:87:00:5f:76:26:01:40:44:
                    47:f4:a6:23:75:e2:58:8c:df:d7:0e:d1:7b:38:77:
                    b9:2c:c4:a7:a3:10:c1:67:a2:b1:46:1b:89:4c:e1:
                    55:01:08:cb:29:d4:db:be:4a:b8:3d:a4:33:8a:cc:
                    a9:84:7d:db:92:f6:0e:0a:37:27:78:ea:8f:e7:c0:
                    25:6b:5e:a2:5d:fe:4f:d9:6d:ae:c8:63:2d:43:ab:
                    ab:76:e3:bc:4f:69:a6:9c:59:05:72:86:45:dc:7d:
                    6c:47:4f:68:bd:cb:87:05:9c:34:3c:d5:a4:e3:5f:
                    4c:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:EA:CD:D5:3E:96:70:E0:2C:FF:0C:7A:4F:7C:58:26:88:2D:18:78
            X509v3 Authority Key Identifier:
                keyid:3E:27:42:49:64:00:D8:10:BE:5B:40:96:FD:ED:EC:30:A2:31:F9:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PidCSWQA2BC-W0CW_e3sMKIx-as.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/922f6d-7a74-4fa8-9495-184dff292a30/1/nurN1T6WcOAs_wx6T3xYJogtGHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/922f6d-7a74-4fa8-9495-184dff292a30/1/PidCSWQA2BC-W0CW_e3sMKIx-as.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b44::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:2a:a7:c3:21:bd:0d:af:4c:bf:42:d3:24:15:e8:94:d9:9e:
         a5:85:6a:84:ef:6a:c0:fe:bf:24:48:ff:a5:18:0b:5f:c2:e1:
         fd:13:d7:45:c3:c8:5d:a8:44:d0:57:a7:fe:d2:d0:d3:8b:0c:
         c3:4a:2f:cd:37:c7:14:fe:4a:b6:e2:06:2e:9c:aa:31:43:28:
         f7:ce:50:95:13:0d:9f:ca:48:01:8d:55:77:72:9d:53:64:f3:
         10:d8:1a:ed:63:02:7d:76:66:8e:3f:06:66:30:e2:9d:36:44:
         2a:00:b4:22:40:6e:c3:b9:e2:cc:2a:cd:12:9b:5e:a2:13:b1:
         94:55:c3:4c:6b:9b:51:0a:9b:91:b9:0b:11:d5:5b:31:17:a1:
         2e:b5:6e:93:96:56:9c:dd:d6:74:2f:18:81:f8:20:c9:35:e7:
         70:c1:ff:b5:0b:4d:41:63:ac:6a:f6:00:ff:e0:7e:46:2d:a4:
         72:f4:4b:03:73:c2:b7:06:ff:37:82:fb:d1:5b:b8:f2:15:b9:
         57:af:2b:05:2c:b5:76:47:a0:85:51:6b:2c:83:74:2f:7a:82:
         a4:95:e2:da:30:73:07:96:2f:70:6e:ab:68:25:a0:dc:74:fe:
         1b:74:94:86:94:0a:02:f4:34:64:12:c4:b9:31:38:2a:ff:e0:
         f0:61:f9:59
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKuMdlHy0VfWfwLvG5xg6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMjc0MjQ5NjQwMGQ4MTBiZTViNDA5NmZkZWRlYzMwYTIz
MWY5YWIwHhcNMjQwMTAyMTIzNDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWVhY2RkNTNlOTY3MGUwMmNmZjBjN2E0ZjdjNTgyNjg4MmQxODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqi5xH5Lnu4LvKWoKt+wePoGVftY9
Ae7FB0K1TDy/yZTLYZi0pv6hnayEjVVuvl5g/hFLUXSNCtyZJrPVFFmCZAo/k5V4
DcJG1xBHPkkRXERwDFtMJMNYglvdL+ktnDr8hjZDfEJ6D7uBZeOI0JogR6WOvSP6
DaJEBSnkKH4ybAnyZfSjAhNd4/MzjGynhwBfdiYBQERH9KYjdeJYjN/XDtF7OHe5
LMSnoxDBZ6KxRhuJTOFVAQjLKdTbvkq4PaQzisyphH3bkvYOCjcneOqP58Ala16i
Xf5P2W2uyGMtQ6urduO8T2mmnFkFcoZF3H1sR09ovcuHBZw0PNWk419MvQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ7qzdU+lnDgLP8Mek98WCaILRh4MB8GA1UdIwQY
MBaAFD4nQklkANgQvltAlv3t7DCiMfmrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGlkQ1NXUUEyQkMtVzBDV19lM3NNS0l4LWFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85MjJmNmQtN2E3NC00ZmE4LTk0OTUt
MTg0ZGZmMjkyYTMwLzEvbnVyTjFUNldjT0FzX3d4NlQzeFlKb2d0R0hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85MjJmNmQtN2E3NC00ZmE4LTk0OTUtMTg0ZGZmMjkyYTMw
LzEvUGlkQ1NXUUEyQkMtVzBDV19lM3NNS0l4LWFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAtE
MA0GCSqGSIb3DQEBCwUAA4IBAQARKqfDIb0Nr0y/QtMkFeiU2Z6lhWqE72rA/r8k
SP+lGAtfwuH9E9dFw8hdqETQV6f+0tDTiwzDSi/NN8cU/kq24gYunKoxQyj3zlCV
Ew2fykgBjVV3cp1TZPMQ2BrtYwJ9dmaOPwZmMOKdNkQqALQiQG7DueLMKs0Sm16i
E7GUVcNMa5tRCpuRuQsR1VsxF6EutW6Tllac3dZ0LxiB+CDJNedwwf+1C01BY6xq
9gD/4H5GLaRy9EsDc8K3Bv83gvvRW7jyFblXrysFLLV2R6CFUWssg3QveoKkleLa
MHMHli9wbqtoJaDcdP4bdJSGlAoC9DRkEsS5MTgq/+DwYflZ
-----END CERTIFICATE-----