Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/AEC3PE3CXR7unuU6F3-ErDBM7B0.roa
File:                     AEC3PE3CXR7unuU6F3-ErDBM7B0.roa (raw, json)
Hash identifier:          x26U958YPJa94acmbuz+0UtcETiijPM7ZmClTqtuaHc=
Subject key identifier:   00:40:B7:3C:4D:C2:5D:1E:EE:9E:E5:3A:17:7F:84:AC:30:4C:EC:1D
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       018CC49397F17065D75C31F9DE695A35685D
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/AEC3PE3CXR7unuU6F3-ErDBM7B0.roa
Signing time:             Mon 01 Jan 2024 10:30:56 +0000
ROA not before:           Mon 01 Jan 2024 10:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6830
IP address blocks:        217.67.76.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:97:f1:70:65:d7:5c:31:f9:de:69:5a:35:68:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Jan  1 10:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0040b73c4dc25d1eee9ee53a177f84ac304cec1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:91:40:32:4f:42:47:45:c8:18:c4:6a:db:97:
                    d0:20:63:43:3c:a6:d8:af:c7:5c:a3:d3:55:79:ae:
                    22:f6:3f:0f:f0:ad:6a:83:25:63:f0:2b:0c:54:f7:
                    31:cf:73:e4:d0:f0:00:58:f8:4f:31:91:f7:20:d6:
                    ce:17:5b:eb:16:6a:5b:e5:1c:24:12:ba:b3:8a:78:
                    6e:57:60:2e:70:06:cd:d1:00:25:05:d9:22:23:fb:
                    03:81:a9:a7:6e:e1:b6:96:c5:d9:72:7e:cb:a9:5c:
                    f6:71:0f:48:f3:52:c0:6c:bb:4f:86:d9:88:ec:0c:
                    2b:25:aa:15:92:49:e4:d0:0c:09:07:19:20:6d:c3:
                    71:77:1a:32:ee:38:e6:95:a6:7d:3f:22:e9:d8:df:
                    34:c5:72:32:37:51:c4:e4:1e:e9:e0:d0:6a:55:70:
                    f7:6f:c6:eb:b0:6b:68:f3:0d:fb:55:c3:5b:10:49:
                    f3:d5:2e:34:25:d5:db:d9:2f:59:04:bc:e6:5d:a1:
                    34:84:6d:1d:06:9b:d9:79:c3:ad:b2:0f:8f:ca:6d:
                    2c:eb:ee:1e:91:b6:3c:e9:53:a7:5b:37:6f:31:d2:
                    fe:27:2b:e9:b8:36:11:3a:29:60:1a:84:4f:6a:f3:
                    bc:83:c8:d4:b9:59:b6:c1:eb:7e:b8:06:08:b6:40:
                    76:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:40:B7:3C:4D:C2:5D:1E:EE:9E:E5:3A:17:7F:84:AC:30:4C:EC:1D
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/AEC3PE3CXR7unuU6F3-ErDBM7B0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.67.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c9:3b:a3:f7:f3:c7:c0:56:a4:91:98:ef:f0:65:06:73:56:71:
         34:3a:84:34:15:d6:dd:c7:57:06:e5:c1:e3:0b:1b:d2:46:9b:
         8e:02:83:30:41:23:e7:cd:65:da:d5:66:1a:02:6c:03:23:2e:
         d8:2e:1d:9f:dd:ac:fe:83:ca:56:01:55:cd:dc:2f:f3:eb:07:
         b8:e8:e1:f1:58:d7:b9:d5:81:22:28:51:37:58:b8:8f:3c:2b:
         c7:e2:5c:d6:f2:e2:40:94:71:e1:43:6c:b2:e4:d2:02:4b:c4:
         3c:48:94:ef:d9:5a:84:35:db:28:cc:73:3f:7e:96:30:ec:7d:
         9d:76:11:12:b5:07:d2:b3:a0:de:ee:4f:bc:1d:09:6f:17:4b:
         09:6c:22:a8:f6:14:78:75:0a:1d:8b:4d:33:74:f1:e6:8f:f5:
         56:a2:bd:7a:0a:ef:71:b3:a3:36:c0:a5:fc:0d:b0:ba:9e:09:
         e5:54:93:ce:a6:c9:7f:6a:0b:b7:1d:21:90:93:32:87:36:e5:
         70:58:13:e1:9a:d3:51:ba:11:c7:a2:39:93:41:74:06:48:ae:
         80:15:42:77:44:b4:59:fb:61:9d:86:c7:24:e8:b8:3f:1f:be:
         3d:53:30:d0:eb:31:67:cc:9d:53:e6:71:ea:e6:5a:38:a9:45:
         53:2c:6c:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5fxcGXXXDH53mlaNWhdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjQwMTAxMTAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDQwYjczYzRkYzI1ZDFlZWU5ZWU1M2ExNzdmODRhYzMwNGNlYzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZFAMk9CR0XIGMRq25fQIGNDPKbY
r8dco9NVea4i9j8P8K1qgyVj8CsMVPcxz3Pk0PAAWPhPMZH3INbOF1vrFmpb5Rwk
ErqzinhuV2AucAbN0QAlBdkiI/sDgamnbuG2lsXZcn7LqVz2cQ9I81LAbLtPhtmI
7AwrJaoVkknk0AwJBxkgbcNxdxoy7jjmlaZ9PyLp2N80xXIyN1HE5B7p4NBqVXD3
b8brsGto8w37VcNbEEnz1S40JdXb2S9ZBLzmXaE0hG0dBpvZecOtsg+Pym0s6+4e
kbY86VOnWzdvMdL+JyvpuDYROilgGoRPavO8g8jUuVm2wet+uAYItkB27wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABAtzxNwl0e7p7lOhd/hKwwTOwdMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvQUVDM1BFM0NYUjd1bnVVNkYzLUVyREJNN0IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2UNMMA0G
CSqGSIb3DQEBCwUAA4IBAQDJO6P388fAVqSRmO/wZQZzVnE0OoQ0Fdbdx1cG5cHj
CxvSRpuOAoMwQSPnzWXa1WYaAmwDIy7YLh2f3az+g8pWAVXN3C/z6we46OHxWNe5
1YEiKFE3WLiPPCvH4lzW8uJAlHHhQ2yy5NICS8Q8SJTv2VqENdsozHM/fpYw7H2d
dhEStQfSs6De7k+8HQlvF0sJbCKo9hR4dQodi00zdPHmj/VWor16Cu9xs6M2wKX8
DbC6ngnlVJPOpsl/agu3HSGQkzKHNuVwWBPhmtNRuhHHojmTQXQGSK6AFUJ3RLRZ
+2Gdhsck6Lg/H749UzDQ6zFnzJ1T5nHq5lo4qUVTLGx2
-----END CERTIFICATE-----