Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/0a51b7-6b5e-421a-bde2-c3da58b4ec4d/1/Tz3g_aMxCeLFhKoBdrf9NIMK-jE.roa
File:                     Tz3g_aMxCeLFhKoBdrf9NIMK-jE.roa (raw, json)
Hash identifier:          kdawtKqIQJrbA8ctck4YmwB9z0kd9ZXSurUrUrkdWPI=
Subject key identifier:   4F:3D:E0:FD:A3:31:09:E2:C5:84:AA:01:76:B7:FD:34:83:0A:FA:31
Certificate issuer:       /CN=d26741d31d28d3865dd5381dfbd0bea2f66ff323
Certificate serial:       018CC9BCE7538BE246D0087D07275070A20B
Authority key identifier: D2:67:41:D3:1D:28:D3:86:5D:D5:38:1D:FB:D0:BE:A2:F6:6F:F3:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0mdB0x0o04Zd1Tgd-9C-ovZv8yM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/0a51b7-6b5e-421a-bde2-c3da58b4ec4d/1/Tz3g_aMxCeLFhKoBdrf9NIMK-jE.roa
Signing time:             Tue 02 Jan 2024 10:34:09 +0000
ROA not before:           Tue 02 Jan 2024 10:34:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208824
IP address blocks:        2001:67c:1804::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/0a51b7-6b5e-421a-bde2-c3da58b4ec4d/1/0mdB0x0o04Zd1Tgd-9C-ovZv8yM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/0a51b7-6b5e-421a-bde2-c3da58b4ec4d/1/0mdB0x0o04Zd1Tgd-9C-ovZv8yM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0mdB0x0o04Zd1Tgd-9C-ovZv8yM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e7:53:8b:e2:46:d0:08:7d:07:27:50:70:a2:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d26741d31d28d3865dd5381dfbd0bea2f66ff323
        Validity
            Not Before: Jan  2 10:34:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f3de0fda33109e2c584aa0176b7fd34830afa31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:fb:32:bc:f9:58:83:7d:96:64:12:eb:c9:2d:
                    59:3d:2c:d2:6d:c3:eb:d6:1f:1d:cf:46:64:be:8b:
                    3c:0e:82:ee:3e:9e:e7:9d:f6:ab:59:08:96:f7:7a:
                    19:85:cd:40:bc:9b:81:60:de:47:65:05:f5:d5:d5:
                    d4:67:4a:3d:01:a5:22:7c:45:f0:1c:99:b8:03:51:
                    99:04:d3:a6:b8:07:44:79:19:9e:91:ed:33:09:93:
                    5a:e2:78:47:a4:94:7a:a3:4e:d6:54:52:6d:0b:4d:
                    d1:38:36:ad:b8:91:42:5a:8c:1e:20:c7:ed:78:a9:
                    dd:c8:7c:da:6b:cd:17:dc:8b:cf:e1:87:8e:c7:0a:
                    b1:5d:6f:43:b2:73:5b:32:1c:40:51:00:17:ca:ab:
                    f0:9d:fc:b4:94:ab:66:51:7d:d4:28:7f:87:ab:5d:
                    6a:09:73:05:5f:10:42:a0:4f:f4:f1:8f:7c:c1:37:
                    a8:cd:07:0b:52:c6:89:1d:75:40:4d:5c:ab:cc:cc:
                    3e:2f:5d:94:b9:6c:11:3a:b2:43:02:ad:03:b4:87:
                    b5:d2:5c:be:5c:a4:d0:f3:81:38:e7:83:b8:aa:b6:
                    e5:79:fc:07:93:76:13:76:56:e2:01:2f:2b:9b:07:
                    ec:fc:02:b0:e6:8e:56:9c:a1:08:aa:30:2a:87:f0:
                    3f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:3D:E0:FD:A3:31:09:E2:C5:84:AA:01:76:B7:FD:34:83:0A:FA:31
            X509v3 Authority Key Identifier:
                keyid:D2:67:41:D3:1D:28:D3:86:5D:D5:38:1D:FB:D0:BE:A2:F6:6F:F3:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0mdB0x0o04Zd1Tgd-9C-ovZv8yM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/0a51b7-6b5e-421a-bde2-c3da58b4ec4d/1/Tz3g_aMxCeLFhKoBdrf9NIMK-jE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/0a51b7-6b5e-421a-bde2-c3da58b4ec4d/1/0mdB0x0o04Zd1Tgd-9C-ovZv8yM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1804::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:28:fe:e6:e0:b6:85:62:d7:7c:eb:42:d7:88:07:89:d4:23:
         fc:71:fa:3e:d1:b5:bf:21:fe:d4:b3:37:2b:dd:b0:a9:1e:e1:
         f1:29:62:b8:20:8c:3c:33:19:3c:73:c4:98:d4:d6:90:75:e5:
         a2:fe:b8:0b:4d:08:d1:25:a9:df:28:36:c2:41:0d:a0:1f:89:
         13:d4:cf:92:76:13:be:cf:5d:ed:ed:23:ee:73:aa:a8:f0:7e:
         26:e1:7e:e3:ef:80:d7:4d:d5:84:ba:83:58:1f:5f:8d:49:e0:
         86:b6:f7:78:7f:28:ea:8a:22:45:28:c1:ee:93:64:f0:a2:8b:
         76:da:3c:32:99:65:79:fb:c5:9f:d6:0f:d2:3e:55:e1:f0:b5:
         8d:0f:2f:6a:4b:75:a9:2f:a2:70:87:23:19:8f:8a:aa:9a:bb:
         80:7b:72:17:00:eb:d8:9b:b3:6d:c9:6b:01:46:90:ec:65:99:
         1f:c4:99:81:44:39:e9:55:fd:47:a7:13:97:88:8e:06:a4:c2:
         2a:ac:2a:cc:b6:48:fc:cb:88:4f:58:d8:54:53:0e:8d:04:3f:
         79:13:4a:2b:34:ba:9d:8c:12:8c:3f:7d:00:91:20:99:21:58:
         05:40:25:7f:4e:37:30:69:2f:97:8d:1a:d2:03:9d:ec:02:58:
         a0:89:fb:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvOdTi+JG0Ah9BydQcKILMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNjc0MWQzMWQyOGQzODY1ZGQ1MzgxZGZiZDBiZWEyZjY2
ZmYzMjMwHhcNMjQwMTAyMTAzNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjNkZTBmZGEzMzEwOWUyYzU4NGFhMDE3NmI3ZmQzNDgzMGFmYTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPsyvPlYg32WZBLryS1ZPSzSbcPr
1h8dz0Zkvos8DoLuPp7nnfarWQiW93oZhc1AvJuBYN5HZQX11dXUZ0o9AaUifEXw
HJm4A1GZBNOmuAdEeRmeke0zCZNa4nhHpJR6o07WVFJtC03RODatuJFCWoweIMft
eKndyHzaa80X3IvP4YeOxwqxXW9DsnNbMhxAUQAXyqvwnfy0lKtmUX3UKH+Hq11q
CXMFXxBCoE/08Y98wTeozQcLUsaJHXVATVyrzMw+L12UuWwROrJDAq0DtIe10ly+
XKTQ84E454O4qrblefwHk3YTdlbiAS8rmwfs/AKw5o5WnKEIqjAqh/A/awIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE894P2jMQnixYSqAXa3/TSDCvoxMB8GA1UdIwQY
MBaAFNJnQdMdKNOGXdU4HfvQvqL2b/MjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG1kQjB4MG8wNFpkMVRnZC05Qy1vdlp2OHlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8wYTUxYjctNmI1ZS00MjFhLWJkZTIt
YzNkYTU4YjRlYzRkLzEvVHozZ19hTXhDZUxGaEtvQmRyZjlOSU1LLWpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8wYTUxYjctNmI1ZS00MjFhLWJkZTItYzNkYTU4YjRlYzRk
LzEvMG1kQjB4MG8wNFpkMVRnZC05Qy1vdlp2OHlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBgE
MA0GCSqGSIb3DQEBCwUAA4IBAQCyKP7m4LaFYtd860LXiAeJ1CP8cfo+0bW/If7U
szcr3bCpHuHxKWK4IIw8Mxk8c8SY1NaQdeWi/rgLTQjRJanfKDbCQQ2gH4kT1M+S
dhO+z13t7SPuc6qo8H4m4X7j74DXTdWEuoNYH1+NSeCGtvd4fyjqiiJFKMHuk2Tw
oot22jwymWV5+8Wf1g/SPlXh8LWNDy9qS3WpL6JwhyMZj4qqmruAe3IXAOvYm7Nt
yWsBRpDsZZkfxJmBRDnpVf1HpxOXiI4GpMIqrCrMtkj8y4hPWNhUUw6NBD95E0or
NLqdjBKMP30AkSCZIVgFQCV/TjcwaS+XjRrSA53sAligifuk
-----END CERTIFICATE-----