Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/6c4131-365c-4c14-9e0b-502a957fdaf8/1/iibkHCp-3UZG_SN11P5o52k9yeg.roa
File:                     iibkHCp-3UZG_SN11P5o52k9yeg.roa (raw, json)
Hash identifier:          twGw3g55smPOegmJidXfhcxa/+3/Po2VBFSbQMGGUJ0=
Subject key identifier:   8A:26:E4:1C:2A:7E:DD:46:46:FD:23:75:D4:FE:68:E7:69:3D:C9:E8
Certificate issuer:       /CN=1deb3faa8388549b55cb3f3abd4c6c15106cf53b
Certificate serial:       018E0E2182F9D15F56E84CF2E084AB4BCE02
Authority key identifier: 1D:EB:3F:AA:83:88:54:9B:55:CB:3F:3A:BD:4C:6C:15:10:6C:F5:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hes_qoOIVJtVyz86vUxsFRBs9Ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/6c4131-365c-4c14-9e0b-502a957fdaf8/1/iibkHCp-3UZG_SN11P5o52k9yeg.roa
Signing time:             Tue 05 Mar 2024 10:21:01 +0000
ROA not before:           Tue 05 Mar 2024 10:21:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215389
IP address blocks:        2001:67c:280::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/6c4131-365c-4c14-9e0b-502a957fdaf8/1/Hes_qoOIVJtVyz86vUxsFRBs9Ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/6c4131-365c-4c14-9e0b-502a957fdaf8/1/Hes_qoOIVJtVyz86vUxsFRBs9Ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hes_qoOIVJtVyz86vUxsFRBs9Ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0e:21:82:f9:d1:5f:56:e8:4c:f2:e0:84:ab:4b:ce:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1deb3faa8388549b55cb3f3abd4c6c15106cf53b
        Validity
            Not Before: Mar  5 10:21:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a26e41c2a7edd4646fd2375d4fe68e7693dc9e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b4:a2:66:7f:e3:f0:85:4b:3d:3f:c3:da:46:
                    2f:70:63:ce:8c:b7:74:a3:ad:5d:8c:fe:2e:a6:fd:
                    d2:8b:ef:29:cb:9a:08:4f:53:88:78:78:6f:35:52:
                    6f:78:42:e6:e7:6c:30:e6:67:e7:02:6f:43:c9:5c:
                    fa:2e:54:49:eb:d9:0b:e9:56:f0:65:58:93:f0:d3:
                    52:06:19:c8:e2:24:b4:97:0d:99:00:cd:9f:d0:ac:
                    43:a4:86:6c:0a:a2:b4:37:bb:37:b2:d3:ec:a6:0f:
                    ba:2b:58:be:9b:a8:77:d7:15:87:eb:1f:69:27:e3:
                    6b:00:cf:c4:b6:66:b3:13:ae:4b:ec:8b:cf:3e:e8:
                    c6:3a:c5:7a:96:da:02:7c:14:4d:09:43:c2:24:06:
                    87:ab:d2:0e:98:0a:5c:2f:0f:c2:3b:1e:0e:60:e1:
                    98:c3:8c:9c:4e:ce:34:38:05:fc:8a:ee:3f:a9:f9:
                    6e:cb:e6:7c:cb:57:d6:ab:aa:6f:bf:9c:30:64:90:
                    b7:1f:01:55:09:c5:e3:38:ec:2d:f3:ef:b6:c0:d2:
                    70:26:17:b8:66:b2:d5:d6:72:41:1b:71:6c:f9:64:
                    42:54:6e:3a:61:71:f9:42:3b:9f:7b:d3:63:25:ed:
                    ca:f2:6a:94:31:bf:f3:a4:3d:42:f3:b0:b8:d3:88:
                    4e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:26:E4:1C:2A:7E:DD:46:46:FD:23:75:D4:FE:68:E7:69:3D:C9:E8
            X509v3 Authority Key Identifier:
                keyid:1D:EB:3F:AA:83:88:54:9B:55:CB:3F:3A:BD:4C:6C:15:10:6C:F5:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hes_qoOIVJtVyz86vUxsFRBs9Ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/6c4131-365c-4c14-9e0b-502a957fdaf8/1/iibkHCp-3UZG_SN11P5o52k9yeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/6c4131-365c-4c14-9e0b-502a957fdaf8/1/Hes_qoOIVJtVyz86vUxsFRBs9Ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:280::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:83:74:d1:06:57:f2:de:c7:e3:3b:6a:46:89:2e:1f:ee:24:
         74:e7:c2:47:8c:5a:03:a5:af:6c:f3:7c:ab:1f:de:e3:e4:2c:
         54:d0:06:c1:f4:41:1a:5c:5f:08:8d:86:ab:2c:a2:39:be:e4:
         86:4b:70:f0:9f:fb:af:f4:25:7a:55:68:45:2a:7b:03:0b:bc:
         62:f0:19:90:fb:ac:9a:3d:aa:00:e4:2e:54:7f:8f:4b:b0:f2:
         55:21:45:9d:82:70:a9:80:e4:6a:d3:fa:3b:d2:d1:85:72:a2:
         8a:8b:ed:4f:d0:06:98:cd:ef:4c:63:fc:af:01:87:f9:22:61:
         b2:af:c1:7a:4b:f9:73:be:5a:02:93:1b:37:68:7b:8c:40:25:
         3c:96:32:22:1c:f2:34:b4:9a:b2:f7:4a:5d:b5:16:56:b2:00:
         70:3b:02:36:01:a9:91:0b:5c:cc:0b:b1:8c:77:5e:bb:c4:02:
         5c:4b:aa:77:e3:cf:c5:26:2f:67:3c:43:51:89:a7:74:1e:a9:
         77:87:19:bc:b3:6e:ab:4e:01:3f:c8:31:19:8b:10:89:98:b3:
         60:b5:a3:37:ed:cc:d7:69:e1:75:64:da:ff:9e:6d:2e:01:76:
         62:24:78:2c:88:cd:00:26:c8:59:f4:ec:fd:c1:a0:f9:24:3a:
         61:0b:46:47
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4OIYL50V9W6Ezy4ISrS84CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkZWIzZmFhODM4ODU0OWI1NWNiM2YzYWJkNGM2YzE1MTA2
Y2Y1M2IwHhcNMjQwMzA1MTAyMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTI2ZTQxYzJhN2VkZDQ2NDZmZDIzNzVkNGZlNjhlNzY5M2RjOWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7SiZn/j8IVLPT/D2kYvcGPOjLd0
o61djP4upv3Si+8py5oIT1OIeHhvNVJveELm52ww5mfnAm9DyVz6LlRJ69kL6Vbw
ZViT8NNSBhnI4iS0lw2ZAM2f0KxDpIZsCqK0N7s3stPspg+6K1i+m6h31xWH6x9p
J+NrAM/EtmazE65L7IvPPujGOsV6ltoCfBRNCUPCJAaHq9IOmApcLw/COx4OYOGY
w4ycTs40OAX8iu4/qfluy+Z8y1fWq6pvv5wwZJC3HwFVCcXjOOwt8++2wNJwJhe4
ZrLV1nJBG3Fs+WRCVG46YXH5Qjufe9NjJe3K8mqUMb/zpD1C87C404hOJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIom5Bwqft1GRv0jddT+aOdpPcnoMB8GA1UdIwQY
MBaAFB3rP6qDiFSbVcs/Or1MbBUQbPU7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGVzX3FvT0lWSnRWeXo4NnZVeHNGUkJzOVRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS82YzQxMzEtMzY1Yy00YzE0LTllMGIt
NTAyYTk1N2ZkYWY4LzEvaWlia0hDcC0zVVpHX1NOMTFQNW81Mms5eWVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS82YzQxMzEtMzY1Yy00YzE0LTllMGItNTAyYTk1N2ZkYWY4
LzEvSGVzX3FvT0lWSnRWeXo4NnZVeHNGUkJzOVRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAKA
MA0GCSqGSIb3DQEBCwUAA4IBAQAZg3TRBlfy3sfjO2pGiS4f7iR058JHjFoDpa9s
83yrH97j5CxU0AbB9EEaXF8IjYarLKI5vuSGS3Dwn/uv9CV6VWhFKnsDC7xi8BmQ
+6yaPaoA5C5Uf49LsPJVIUWdgnCpgORq0/o70tGFcqKKi+1P0AaYze9MY/yvAYf5
ImGyr8F6S/lzvloCkxs3aHuMQCU8ljIiHPI0tJqy90pdtRZWsgBwOwI2AamRC1zM
C7GMd167xAJcS6p348/FJi9nPENRiad0Hql3hxm8s26rTgE/yDEZixCJmLNgtaM3
7czXaeF1ZNr/nm0uAXZiJHgsiM0AJshZ9Oz9waD5JDphC0ZH
-----END CERTIFICATE-----