Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/cd4624-620a-4cb2-a416-6be92b1aa8b3/1/w8MfNEl6M2BLG_0KH3WU4s_i9Xs.roa
File:                     w8MfNEl6M2BLG_0KH3WU4s_i9Xs.roa (raw, json)
Hash identifier:          e2K29DcReUKPdCVbjr2wwIYys3ep4VUqmtUCI0W+quQ=
Subject key identifier:   C3:C3:1F:34:49:7A:33:60:4B:1B:FD:0A:1F:75:94:E2:CF:E2:F5:7B
Certificate issuer:       /CN=9a4daa4f6ac0e6bc102b68840a2ac6bb541b40fc
Certificate serial:       018CC9CC4C329BBE7098E894DA995B913FD8
Authority key identifier: 9A:4D:AA:4F:6A:C0:E6:BC:10:2B:68:84:0A:2A:C6:BB:54:1B:40:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mk2qT2rA5rwQK2iECirGu1QbQPw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/cd4624-620a-4cb2-a416-6be92b1aa8b3/1/w8MfNEl6M2BLG_0KH3WU4s_i9Xs.roa
Signing time:             Tue 02 Jan 2024 10:50:58 +0000
ROA not before:           Tue 02 Jan 2024 10:50:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215805
IP address blocks:        2001:67c:2404::/48 maxlen: 56

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/cd4624-620a-4cb2-a416-6be92b1aa8b3/1/mk2qT2rA5rwQK2iECirGu1QbQPw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/cd4624-620a-4cb2-a416-6be92b1aa8b3/1/mk2qT2rA5rwQK2iECirGu1QbQPw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mk2qT2rA5rwQK2iECirGu1QbQPw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:cc:4c:32:9b:be:70:98:e8:94:da:99:5b:91:3f:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a4daa4f6ac0e6bc102b68840a2ac6bb541b40fc
        Validity
            Not Before: Jan  2 10:50:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3c31f34497a33604b1bfd0a1f7594e2cfe2f57b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e0:4c:36:f7:b2:54:b4:ea:e9:e9:cf:87:d3:
                    cf:05:52:9f:f9:46:16:38:62:37:41:58:ab:e2:bf:
                    09:df:e5:e3:aa:d6:ad:c8:46:60:e5:9a:fe:18:22:
                    88:a6:db:fd:fa:8f:23:02:98:7f:a7:67:42:75:90:
                    80:d9:d0:48:05:fc:21:f1:23:f6:5a:39:9b:73:ab:
                    15:35:27:25:ab:4f:cf:17:36:d4:da:21:56:a8:b0:
                    30:0f:4d:25:6d:eb:bc:b8:7a:e2:33:9c:4b:a5:56:
                    2b:21:aa:70:ca:43:33:94:9f:37:54:62:2d:1b:c1:
                    78:58:96:a4:33:35:a3:77:33:cf:24:d0:58:a9:df:
                    63:86:ae:48:8a:19:20:65:e2:e2:20:52:92:96:d7:
                    bd:51:39:b6:b8:a0:fb:e6:54:68:55:2b:44:55:69:
                    2c:23:1a:29:90:a7:1f:97:51:0f:0d:1a:62:c2:70:
                    06:6c:25:69:72:6d:c6:43:35:08:48:fb:3b:c6:63:
                    1a:71:bc:e6:f0:5e:9d:04:d7:17:60:97:f0:91:72:
                    20:a6:74:ae:25:bf:b4:35:6d:77:83:76:bf:b6:75:
                    2b:8c:c7:e4:ba:b6:2a:a5:41:68:2e:f2:05:dd:1d:
                    bd:e2:ef:3f:39:61:64:8d:fd:d5:af:c2:c5:35:bc:
                    a6:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:C3:1F:34:49:7A:33:60:4B:1B:FD:0A:1F:75:94:E2:CF:E2:F5:7B
            X509v3 Authority Key Identifier:
                keyid:9A:4D:AA:4F:6A:C0:E6:BC:10:2B:68:84:0A:2A:C6:BB:54:1B:40:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mk2qT2rA5rwQK2iECirGu1QbQPw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/cd4624-620a-4cb2-a416-6be92b1aa8b3/1/w8MfNEl6M2BLG_0KH3WU4s_i9Xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/cd4624-620a-4cb2-a416-6be92b1aa8b3/1/mk2qT2rA5rwQK2iECirGu1QbQPw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2404::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:26:b6:e4:b7:78:0d:fc:5d:c1:59:00:01:a8:61:cf:5d:51:
         22:18:21:8e:cd:95:6b:13:25:bf:b6:53:0a:75:a9:a2:af:98:
         7c:ae:9a:30:3d:a4:61:15:18:89:48:72:38:cd:c9:ad:e6:94:
         7f:dd:de:59:c8:6a:92:58:56:a3:80:e4:46:7b:4e:a5:ed:9d:
         d7:28:83:3b:d0:fa:7b:fd:81:0c:78:96:b9:24:2d:77:a3:1d:
         b3:10:a3:e9:7d:6e:5b:a6:cb:39:88:9f:31:77:84:8a:9d:e9:
         bd:71:e3:0c:db:dd:87:ed:79:37:ca:47:e8:4a:62:99:0d:a9:
         2b:2b:55:32:6b:a0:9b:63:81:66:b7:c9:ef:97:b0:4e:2b:ac:
         28:ec:d3:54:34:ec:63:2f:8d:b5:74:62:d9:70:c4:b9:50:9d:
         96:f3:07:0b:dd:4c:84:dc:bc:af:38:b9:16:7e:f0:eb:d4:23:
         f0:d4:c1:ff:6d:f7:fb:d2:60:c0:08:a4:78:c5:01:20:81:39:
         ae:0c:dc:89:94:d3:19:81:2d:c4:90:b0:0d:90:00:3f:cf:f2:
         cf:de:6c:14:2f:4e:c7:41:e9:69:a6:4f:7e:c2:62:79:ad:1f:
         9d:e3:77:0e:26:4a:03:bd:60:ae:9a:df:53:c2:cd:87:81:dc:
         15:53:46:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJzEwym75wmOiU2plbkT/YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNGRhYTRmNmFjMGU2YmMxMDJiNjg4NDBhMmFjNmJiNTQx
YjQwZmMwHhcNMjQwMTAyMTA1MDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2MzMWYzNDQ5N2EzMzYwNGIxYmZkMGExZjc1OTRlMmNmZTJmNTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouBMNveyVLTq6enPh9PPBVKf+UYW
OGI3QVir4r8J3+XjqtatyEZg5Zr+GCKIptv9+o8jAph/p2dCdZCA2dBIBfwh8SP2
Wjmbc6sVNSclq0/PFzbU2iFWqLAwD00lbeu8uHriM5xLpVYrIapwykMzlJ83VGIt
G8F4WJakMzWjdzPPJNBYqd9jhq5IihkgZeLiIFKSlte9UTm2uKD75lRoVStEVWks
IxopkKcfl1EPDRpiwnAGbCVpcm3GQzUISPs7xmMacbzm8F6dBNcXYJfwkXIgpnSu
Jb+0NW13g3a/tnUrjMfkurYqpUFoLvIF3R294u8/OWFkjf3Vr8LFNbymSQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMPDHzRJejNgSxv9Ch91lOLP4vV7MB8GA1UdIwQY
MBaAFJpNqk9qwOa8ECtohAoqxrtUG0D8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWsycVQyckE1cndRSzJpRUNpckd1MVFiUVB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9jZDQ2MjQtNjIwYS00Y2IyLWE0MTYt
NmJlOTJiMWFhOGIzLzEvdzhNZk5FbDZNMkJMR18wS0gzV1U0c19pOVhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9jZDQ2MjQtNjIwYS00Y2IyLWE0MTYtNmJlOTJiMWFhOGIz
LzEvbWsycVQyckE1cndRSzJpRUNpckd1MVFiUVB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCQE
MA0GCSqGSIb3DQEBCwUAA4IBAQA4Jrbkt3gN/F3BWQABqGHPXVEiGCGOzZVrEyW/
tlMKdamir5h8rpowPaRhFRiJSHI4zcmt5pR/3d5ZyGqSWFajgORGe06l7Z3XKIM7
0Pp7/YEMeJa5JC13ox2zEKPpfW5bpss5iJ8xd4SKnem9ceMM292H7Xk3ykfoSmKZ
DakrK1Uya6CbY4Fmt8nvl7BOK6wo7NNUNOxjL421dGLZcMS5UJ2W8wcL3UyE3Lyv
OLkWfvDr1CPw1MH/bff70mDACKR4xQEggTmuDNyJlNMZgS3EkLANkAA/z/LP3mwU
L07HQelppk9+wmJ5rR+d43cOJkoDvWCumt9Tws2HgdwVU0aY
-----END CERTIFICATE-----