Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/a0b395-61ff-457d-8ff8-ec084137e242/1/8sKf1Wz2zDy7KbCOcyRcQaUIAjU.roa
File:                     8sKf1Wz2zDy7KbCOcyRcQaUIAjU.roa (raw, json)
Hash identifier:          Mlkx41zYrZ4Iu4I4w4ez1Q8lzWsB5pFDJmG1lve0pUI=
Subject key identifier:   F2:C2:9F:D5:6C:F6:CC:3C:BB:29:B0:8E:73:24:5C:41:A5:08:02:35
Certificate issuer:       /CN=74bf07f04cc76a90ad97f9f1749fabcf05c35d62
Certificate serial:       018CC94D73F728343E705D4AFD500E61E07E
Authority key identifier: 74:BF:07:F0:4C:C7:6A:90:AD:97:F9:F1:74:9F:AB:CF:05:C3:5D:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dL8H8EzHapCtl_nxdJ-rzwXDXWI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/a0b395-61ff-457d-8ff8-ec084137e242/1/8sKf1Wz2zDy7KbCOcyRcQaUIAjU.roa
Signing time:             Tue 02 Jan 2024 08:32:25 +0000
ROA not before:           Tue 02 Jan 2024 08:32:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205384
IP address blocks:        2001:67c:11e8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/a0b395-61ff-457d-8ff8-ec084137e242/1/dL8H8EzHapCtl_nxdJ-rzwXDXWI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/a0b395-61ff-457d-8ff8-ec084137e242/1/dL8H8EzHapCtl_nxdJ-rzwXDXWI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dL8H8EzHapCtl_nxdJ-rzwXDXWI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:73:f7:28:34:3e:70:5d:4a:fd:50:0e:61:e0:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74bf07f04cc76a90ad97f9f1749fabcf05c35d62
        Validity
            Not Before: Jan  2 08:32:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2c29fd56cf6cc3cbb29b08e73245c41a5080235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:a9:14:65:71:78:6c:fe:f8:de:ac:e3:5a:ab:
                    6b:49:75:a1:5d:2e:8b:e8:f4:29:66:3f:a3:81:67:
                    63:5c:82:d4:c7:0b:fe:d2:a8:fe:f6:4d:fb:e3:2d:
                    6b:f8:b2:04:39:cf:86:2b:a2:6d:e0:79:f1:42:59:
                    56:86:c3:02:54:c3:b9:c5:15:af:32:f7:fc:ad:6d:
                    ce:55:7e:7e:51:23:0f:e0:0a:cb:e2:83:26:bf:9f:
                    80:30:68:28:a5:c9:e9:13:4b:8a:47:d4:c6:ec:0f:
                    fc:9e:53:75:a8:78:cc:f7:66:4f:f1:38:7b:12:3b:
                    b5:35:9e:8c:24:7e:e3:b3:c3:83:a4:42:7d:a0:78:
                    b7:0c:3b:e4:15:98:34:44:62:ff:33:99:42:55:5c:
                    4d:aa:04:90:d2:f4:bc:f1:91:2f:57:c1:68:55:55:
                    8c:99:6e:07:bc:ad:b4:eb:79:32:1d:a0:52:4e:df:
                    82:83:9c:bf:85:1a:d5:08:2d:ea:22:ca:50:78:be:
                    45:cd:43:e2:e4:88:4d:dd:2b:29:48:5f:ce:bc:be:
                    74:8c:87:a7:ad:77:66:c3:f5:11:0e:ab:df:58:76:
                    d0:74:6e:26:ed:4d:23:49:9b:d8:8e:41:84:5b:70:
                    31:ce:21:da:49:a4:ff:2c:d0:49:db:ae:f7:6a:02:
                    18:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:C2:9F:D5:6C:F6:CC:3C:BB:29:B0:8E:73:24:5C:41:A5:08:02:35
            X509v3 Authority Key Identifier:
                keyid:74:BF:07:F0:4C:C7:6A:90:AD:97:F9:F1:74:9F:AB:CF:05:C3:5D:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dL8H8EzHapCtl_nxdJ-rzwXDXWI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/a0b395-61ff-457d-8ff8-ec084137e242/1/8sKf1Wz2zDy7KbCOcyRcQaUIAjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/a0b395-61ff-457d-8ff8-ec084137e242/1/dL8H8EzHapCtl_nxdJ-rzwXDXWI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:11e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:1a:0c:8a:82:ed:04:3b:ee:f0:02:00:36:c2:97:ba:0d:bf:
         c9:60:03:5d:04:b0:4f:56:9d:ba:d8:c7:64:90:88:64:b4:5b:
         3d:e3:68:a3:b4:0d:ff:a3:69:f2:2f:e4:8d:24:7b:e7:66:7c:
         2f:67:06:0d:68:33:5c:39:5c:1b:d9:db:60:f0:bb:b9:27:22:
         73:4e:0b:b6:94:28:92:5b:3e:b0:f2:8e:f8:5e:5c:1e:85:3d:
         0f:cc:7c:c7:ea:c7:a8:f7:61:1e:b4:b8:5b:81:ff:50:7b:11:
         4b:d1:e2:08:b9:cd:22:2e:5b:d5:ba:3e:ad:1c:e7:39:f4:cd:
         c0:dd:ee:77:fb:1e:02:97:d3:43:de:d3:47:09:0d:8d:4f:bc:
         02:9f:a4:89:fd:d0:07:c7:f2:9c:d9:85:15:e7:e8:0a:ff:43:
         dd:25:07:84:a0:06:5c:25:b2:e4:73:ca:17:d5:04:23:80:a8:
         c8:ff:f1:1b:16:49:ca:25:82:33:2a:fa:e4:10:dc:3e:ce:ce:
         ca:91:5e:58:a6:a1:b1:d3:74:90:4d:97:de:7c:a5:25:01:1c:
         b5:7a:a4:df:88:a7:fd:1d:c2:7f:47:24:9c:ba:fa:a8:dc:9a:
         ed:91:5f:e6:71:91:c9:af:3f:ee:39:61:9c:82:db:44:b8:f9:
         2d:0a:62:64
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTXP3KDQ+cF1K/VAOYeB+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YmYwN2YwNGNjNzZhOTBhZDk3ZjlmMTc0OWZhYmNmMDVj
MzVkNjIwHhcNMjQwMTAyMDgzMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmMyOWZkNTZjZjZjYzNjYmIyOWIwOGU3MzI0NWM0MWE1MDgwMjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6kUZXF4bP743qzjWqtrSXWhXS6L
6PQpZj+jgWdjXILUxwv+0qj+9k374y1r+LIEOc+GK6Jt4HnxQllWhsMCVMO5xRWv
Mvf8rW3OVX5+USMP4ArL4oMmv5+AMGgopcnpE0uKR9TG7A/8nlN1qHjM92ZP8Th7
Eju1NZ6MJH7js8ODpEJ9oHi3DDvkFZg0RGL/M5lCVVxNqgSQ0vS88ZEvV8FoVVWM
mW4HvK2063kyHaBSTt+Cg5y/hRrVCC3qIspQeL5FzUPi5IhN3SspSF/OvL50jIen
rXdmw/URDqvfWHbQdG4m7U0jSZvYjkGEW3AxziHaSaT/LNBJ2673agIYnQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPLCn9Vs9sw8uymwjnMkXEGlCAI1MB8GA1UdIwQY
MBaAFHS/B/BMx2qQrZf58XSfq88Fw11iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEw4SDhFekhhcEN0bF9ueGRKLXJ6d1hEWFdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hMGIzOTUtNjFmZi00NTdkLThmZjgt
ZWMwODQxMzdlMjQyLzEvOHNLZjFXejJ6RHk3S2JDT2N5UmNRYVVJQWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hMGIzOTUtNjFmZi00NTdkLThmZjgtZWMwODQxMzdlMjQy
LzEvZEw4SDhFekhhcEN0bF9ueGRKLXJ6d1hEWFdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBHo
MA0GCSqGSIb3DQEBCwUAA4IBAQAGGgyKgu0EO+7wAgA2wpe6Db/JYANdBLBPVp26
2MdkkIhktFs942ijtA3/o2nyL+SNJHvnZnwvZwYNaDNcOVwb2dtg8Lu5JyJzTgu2
lCiSWz6w8o74XlwehT0PzHzH6seo92EetLhbgf9QexFL0eIIuc0iLlvVuj6tHOc5
9M3A3e53+x4Cl9ND3tNHCQ2NT7wCn6SJ/dAHx/Kc2YUV5+gK/0PdJQeEoAZcJbLk
c8oX1QQjgKjI//EbFknKJYIzKvrkENw+zs7KkV5YpqGx03SQTZfefKUlARy1eqTf
iKf9HcJ/RyScuvqo3JrtkV/mcZHJrz/uOWGcgttEuPktCmJk
-----END CERTIFICATE-----