Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/f0af61-8ccc-4a3b-9010-6910f399d38f/1/jGQpjX60b2iws1uN8G6sekXL2Tw.roa
File:                     jGQpjX60b2iws1uN8G6sekXL2Tw.roa (raw, json)
Hash identifier:          VEdNEHKDDjG12NFe64a4UgUvCgt/5jWVvDrJtmjNHXY=
Subject key identifier:   8C:64:29:8D:7E:B4:6F:68:B0:B3:5B:8D:F0:6E:AC:7A:45:CB:D9:3C
Certificate issuer:       /CN=b51841cdc9f63594dddc2ba59a40133182b579fa
Certificate serial:       018CC6B78CC9ECFC9B8F8AF28F052AC5ECEC
Authority key identifier: B5:18:41:CD:C9:F6:35:94:DD:DC:2B:A5:9A:40:13:31:82:B5:79:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tRhBzcn2NZTd3CulmkATMYK1efo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/f0af61-8ccc-4a3b-9010-6910f399d38f/1/jGQpjX60b2iws1uN8G6sekXL2Tw.roa
Signing time:             Mon 01 Jan 2024 20:29:27 +0000
ROA not before:           Mon 01 Jan 2024 20:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        2001:67c:16a0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/f0af61-8ccc-4a3b-9010-6910f399d38f/1/tRhBzcn2NZTd3CulmkATMYK1efo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/f0af61-8ccc-4a3b-9010-6910f399d38f/1/tRhBzcn2NZTd3CulmkATMYK1efo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tRhBzcn2NZTd3CulmkATMYK1efo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:8c:c9:ec:fc:9b:8f:8a:f2:8f:05:2a:c5:ec:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b51841cdc9f63594dddc2ba59a40133182b579fa
        Validity
            Not Before: Jan  1 20:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c64298d7eb46f68b0b35b8df06eac7a45cbd93c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c0:d1:1b:92:c4:b4:d0:0a:8f:4e:87:0e:b9:
                    ef:83:0b:82:b2:9f:07:de:27:43:71:27:06:d8:e9:
                    6d:38:4a:4a:f8:b1:3c:2e:fa:1d:85:6d:07:22:ec:
                    8b:c9:a1:8f:5e:6c:03:ca:67:a5:49:8a:8a:80:e2:
                    b6:3a:87:59:9b:f1:3f:87:71:6d:e5:de:43:c3:91:
                    84:5b:fe:c2:9b:16:96:64:2f:b4:65:ad:96:e1:00:
                    83:62:5a:aa:be:3f:ba:ce:e6:d5:23:e2:c1:71:cd:
                    4d:a8:de:50:04:5a:25:e3:e5:c6:3e:fc:40:2f:3e:
                    52:e4:9e:4b:2d:90:53:fc:6f:07:f1:83:30:f9:bb:
                    27:d6:da:01:bd:5f:ea:63:45:71:01:d6:67:d8:74:
                    97:b5:f3:9f:e4:90:e1:33:5e:38:ad:c3:09:c4:95:
                    b3:44:13:96:95:d7:cf:a0:f6:d9:6b:cc:cd:24:1d:
                    c8:40:b7:0c:77:eb:2c:3f:c1:14:ac:53:e9:73:f7:
                    25:31:e9:8e:90:98:54:b9:5f:84:5e:9b:5d:5e:2a:
                    d7:a9:d6:2f:92:4e:35:79:b4:44:6e:08:cd:be:0d:
                    24:3e:f0:66:41:1e:1c:ac:58:da:88:60:60:62:a2:
                    92:70:f6:e7:90:c6:9c:f2:7c:92:08:7d:53:e1:9e:
                    12:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:64:29:8D:7E:B4:6F:68:B0:B3:5B:8D:F0:6E:AC:7A:45:CB:D9:3C
            X509v3 Authority Key Identifier:
                keyid:B5:18:41:CD:C9:F6:35:94:DD:DC:2B:A5:9A:40:13:31:82:B5:79:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tRhBzcn2NZTd3CulmkATMYK1efo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/f0af61-8ccc-4a3b-9010-6910f399d38f/1/jGQpjX60b2iws1uN8G6sekXL2Tw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/f0af61-8ccc-4a3b-9010-6910f399d38f/1/tRhBzcn2NZTd3CulmkATMYK1efo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:16a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:13:83:a6:d9:19:d0:98:56:05:24:b4:16:41:88:9a:32:79:
         89:3c:a5:c4:54:58:ca:ee:fb:a6:c4:e5:5a:f5:e4:65:c9:d4:
         2f:f0:a9:47:7d:54:fa:ba:14:9a:fb:5c:25:a2:27:84:75:dd:
         f2:17:73:67:cb:6d:7d:8c:71:87:aa:1f:f7:71:0a:15:9e:77:
         dc:61:3b:0a:f0:fd:ef:d7:ce:e7:bc:f3:2a:46:05:49:99:c2:
         54:56:11:92:3f:e0:d9:ed:c4:d9:77:00:dd:7d:1b:ce:dd:4c:
         8b:ce:ff:2c:06:81:da:eb:2a:18:3d:81:27:67:5b:af:89:5a:
         14:f5:d0:64:4c:ae:79:9a:f3:24:48:6d:03:7c:fc:37:54:8d:
         c5:80:40:9f:76:5d:1b:9f:cf:6b:0a:6f:44:ac:81:71:ab:d6:
         a4:0b:0a:2a:d3:f2:36:ea:76:07:28:be:82:2a:a2:98:99:8e:
         69:44:b0:3e:c9:6a:d2:ac:43:ea:ee:a1:0a:5b:94:e9:e4:e3:
         37:54:08:4c:b5:86:93:0b:fb:67:1a:5e:be:c4:a7:81:2e:33:
         ab:0d:8d:59:05:d1:aa:77:61:b5:ab:66:ba:17:61:dd:24:84:
         dc:84:92:53:86:68:02:93:62:78:3f:29:42:e5:34:ec:6b:2b:
         54:11:c7:e8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGt4zJ7Pybj4ryjwUqxezsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MTg0MWNkYzlmNjM1OTRkZGRjMmJhNTlhNDAxMzMxODJi
NTc5ZmEwHhcNMjQwMTAxMjAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzY0Mjk4ZDdlYjQ2ZjY4YjBiMzViOGRmMDZlYWM3YTQ1Y2JkOTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8DRG5LEtNAKj06HDrnvgwuCsp8H
3idDcScG2OltOEpK+LE8LvodhW0HIuyLyaGPXmwDymelSYqKgOK2OodZm/E/h3Ft
5d5Dw5GEW/7CmxaWZC+0Za2W4QCDYlqqvj+6zubVI+LBcc1NqN5QBFol4+XGPvxA
Lz5S5J5LLZBT/G8H8YMw+bsn1toBvV/qY0VxAdZn2HSXtfOf5JDhM144rcMJxJWz
RBOWldfPoPbZa8zNJB3IQLcMd+ssP8EUrFPpc/clMemOkJhUuV+EXptdXirXqdYv
kk41ebREbgjNvg0kPvBmQR4crFjaiGBgYqKScPbnkMac8nySCH1T4Z4S/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIxkKY1+tG9osLNbjfBurHpFy9k8MB8GA1UdIwQY
MBaAFLUYQc3J9jWU3dwrpZpAEzGCtXn6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFJoQnpjbjJOWlRkM0N1bG1rQVRNWUsxZWZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9mMGFmNjEtOGNjYy00YTNiLTkwMTAt
NjkxMGYzOTlkMzhmLzEvakdRcGpYNjBiMml3czF1TjhHNnNla1hMMlR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9mMGFmNjEtOGNjYy00YTNiLTkwMTAtNjkxMGYzOTlkMzhm
LzEvdFJoQnpjbjJOWlRkM0N1bG1rQVRNWUsxZWZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBag
MA0GCSqGSIb3DQEBCwUAA4IBAQA8E4Om2RnQmFYFJLQWQYiaMnmJPKXEVFjK7vum
xOVa9eRlydQv8KlHfVT6uhSa+1wloieEdd3yF3Nny219jHGHqh/3cQoVnnfcYTsK
8P3v187nvPMqRgVJmcJUVhGSP+DZ7cTZdwDdfRvO3UyLzv8sBoHa6yoYPYEnZ1uv
iVoU9dBkTK55mvMkSG0DfPw3VI3FgECfdl0bn89rCm9ErIFxq9akCwoq0/I26nYH
KL6CKqKYmY5pRLA+yWrSrEPq7qEKW5Tp5OM3VAhMtYaTC/tnGl6+xKeBLjOrDY1Z
BdGqd2G1q2a6F2HdJITchJJThmgCk2J4PylC5TTsaytUEcfo
-----END CERTIFICATE-----