Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/056563-e61c-4b8a-8d6e-766c82758065/1/Ng6LYfwgNSndDLdHvp9yFZyNgWo.roa
File:                     Ng6LYfwgNSndDLdHvp9yFZyNgWo.roa (raw, json)
Hash identifier:          tF3+vpKFFZWGGDgO1LWLRcOD9m2vB0PusHXuXriG83Y=
Subject key identifier:   36:0E:8B:61:FC:20:35:29:DD:0C:B7:47:BE:9F:72:15:9C:8D:81:6A
Certificate issuer:       /CN=26b1524ec01dcf405f44171829ed67a2992aa42d
Certificate serial:       0193503F0EA41D8AB63B2753329535082747
Authority key identifier: 26:B1:52:4E:C0:1D:CF:40:5F:44:17:18:29:ED:67:A2:99:2A:A4:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JrFSTsAdz0BfRBcYKe1nopkqpC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/056563-e61c-4b8a-8d6e-766c82758065/1/Ng6LYfwgNSndDLdHvp9yFZyNgWo.roa
Signing time:             Thu 21 Nov 2024 19:42:09 +0000
ROA not before:           Thu 21 Nov 2024 19:42:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214147
IP address blocks:        2001:67c:f9c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/056563-e61c-4b8a-8d6e-766c82758065/1/JrFSTsAdz0BfRBcYKe1nopkqpC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/056563-e61c-4b8a-8d6e-766c82758065/1/JrFSTsAdz0BfRBcYKe1nopkqpC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JrFSTsAdz0BfRBcYKe1nopkqpC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:50:3f:0e:a4:1d:8a:b6:3b:27:53:32:95:35:08:27:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26b1524ec01dcf405f44171829ed67a2992aa42d
        Validity
            Not Before: Nov 21 19:42:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=360e8b61fc203529dd0cb747be9f72159c8d816a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:f1:de:27:6c:73:56:87:1b:2b:66:c4:29:74:
                    98:73:83:16:61:c1:03:3b:92:95:35:58:50:11:1e:
                    5d:2e:42:22:e5:33:95:d2:a9:36:c7:3b:3b:24:ee:
                    28:94:5c:17:52:44:93:3c:fd:0e:b2:c0:99:50:8a:
                    ce:40:fb:b5:89:ca:41:a7:55:9f:4c:78:b0:9f:da:
                    ed:24:91:e5:4c:55:a6:e0:24:20:c5:5a:93:ff:2d:
                    da:9a:a1:27:c8:5f:74:d0:54:8f:8e:7b:60:7c:bc:
                    93:1b:82:58:37:d5:30:60:08:93:82:08:34:54:34:
                    27:c7:26:87:fb:e1:05:bb:17:6b:74:77:14:aa:a6:
                    74:96:43:5c:02:8c:5f:4a:e4:7c:52:5e:d4:86:19:
                    c0:93:83:6f:6e:ec:93:28:ae:85:e8:c5:32:f5:fe:
                    cd:5f:21:a2:f5:a5:61:25:50:29:ab:32:0c:c2:17:
                    3c:56:d8:e2:9e:eb:64:8a:69:1a:34:42:4e:53:46:
                    16:37:58:de:dd:59:c8:8a:71:de:5c:1e:97:70:8a:
                    3b:38:e9:d4:1e:a3:31:95:4d:cc:4f:ce:81:fc:49:
                    01:7e:cf:3c:6d:a6:6f:29:31:27:1b:2c:b3:ea:59:
                    d4:70:09:8a:69:f0:13:31:ae:66:b0:5f:b3:8b:3d:
                    bb:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:0E:8B:61:FC:20:35:29:DD:0C:B7:47:BE:9F:72:15:9C:8D:81:6A
            X509v3 Authority Key Identifier:
                keyid:26:B1:52:4E:C0:1D:CF:40:5F:44:17:18:29:ED:67:A2:99:2A:A4:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JrFSTsAdz0BfRBcYKe1nopkqpC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/056563-e61c-4b8a-8d6e-766c82758065/1/Ng6LYfwgNSndDLdHvp9yFZyNgWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/056563-e61c-4b8a-8d6e-766c82758065/1/JrFSTsAdz0BfRBcYKe1nopkqpC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:f9c::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:0d:dd:1a:2a:91:88:c2:5d:12:38:64:ae:a6:f7:e2:3c:f6:
         e8:ed:08:c2:e9:ee:0b:bb:ba:16:8e:5b:f5:3c:ec:fa:f4:ca:
         3a:d7:83:cc:3a:3e:44:22:d5:df:92:c1:a9:13:96:3e:f5:a9:
         23:44:1b:a5:58:7d:b5:b4:c0:4b:be:80:0c:a4:1a:ea:b5:50:
         89:99:7b:f6:67:8c:c0:ba:f3:81:b0:0d:3f:04:bb:4c:fb:eb:
         7f:f3:e6:72:57:00:a6:04:2a:86:3c:82:df:12:64:4f:1f:8c:
         2c:60:84:e1:8c:78:e7:11:e8:b2:f1:2a:5a:cf:7f:fd:fc:6d:
         98:d0:bd:e3:ab:70:0b:58:79:d6:34:4b:d4:80:ad:b9:5f:43:
         65:96:8f:ec:75:85:4f:dc:f3:7a:0f:bc:45:4c:ca:3b:f8:e1:
         ef:e7:55:3f:3f:89:bc:91:94:a8:e8:db:d9:93:90:1a:7a:a5:
         5d:9c:8e:42:dc:75:18:d4:50:c0:89:38:35:56:05:f4:de:5c:
         30:d3:45:f7:d0:09:31:93:01:97:e3:cb:80:fe:c3:6d:6b:cf:
         1a:9d:8b:74:c6:c3:c8:9d:b0:ec:af:c8:e7:3b:f7:66:b7:cb:
         6c:7d:49:e2:ec:b8:b5:e9:f4:62:75:ec:28:78:18:e0:57:4b:
         c7:4e:49:3b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZNQPw6kHYq2OydTMpU1CCdHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YjE1MjRlYzAxZGNmNDA1ZjQ0MTcxODI5ZWQ2N2EyOTky
YWE0MmQwHhcNMjQxMTIxMTk0MjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjBlOGI2MWZjMjAzNTI5ZGQwY2I3NDdiZTlmNzIxNTljOGQ4MTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfHeJ2xzVocbK2bEKXSYc4MWYcED
O5KVNVhQER5dLkIi5TOV0qk2xzs7JO4olFwXUkSTPP0OssCZUIrOQPu1icpBp1Wf
THiwn9rtJJHlTFWm4CQgxVqT/y3amqEnyF900FSPjntgfLyTG4JYN9UwYAiTggg0
VDQnxyaH++EFuxdrdHcUqqZ0lkNcAoxfSuR8Ul7UhhnAk4NvbuyTKK6F6MUy9f7N
XyGi9aVhJVApqzIMwhc8VtjinutkimkaNEJOU0YWN1je3VnIinHeXB6XcIo7OOnU
HqMxlU3MT86B/EkBfs88baZvKTEnGyyz6lnUcAmKafATMa5msF+ziz27iQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDYOi2H8IDUp3Qy3R76fchWcjYFqMB8GA1UdIwQY
MBaAFCaxUk7AHc9AX0QXGCntZ6KZKqQtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnJGU1RzQWR6MEJmUkJjWUtlMW5vcGtxcEMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8wNTY1NjMtZTYxYy00YjhhLThkNmUt
NzY2YzgyNzU4MDY1LzEvTmc2TFlmd2dOU25kRExkSHZwOXlGWnlOZ1dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8wNTY1NjMtZTYxYy00YjhhLThkNmUtNzY2YzgyNzU4MDY1
LzEvSnJGU1RzQWR6MEJmUkJjWUtlMW5vcGtxcEMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA+c
MA0GCSqGSIb3DQEBCwUAA4IBAQCxDd0aKpGIwl0SOGSupvfiPPbo7QjC6e4Lu7oW
jlv1POz69Mo614PMOj5EItXfksGpE5Y+9akjRBulWH21tMBLvoAMpBrqtVCJmXv2
Z4zAuvOBsA0/BLtM++t/8+ZyVwCmBCqGPILfEmRPH4wsYIThjHjnEeiy8Spaz3/9
/G2Y0L3jq3ALWHnWNEvUgK25X0Nllo/sdYVP3PN6D7xFTMo7+OHv51U/P4m8kZSo
6NvZk5AaeqVdnI5C3HUY1FDAiTg1VgX03lww00X30AkxkwGX48uA/sNta88anYt0
xsPInbDsr8jnO/dmt8tsfUni7Li16fRidewoeBjgV0vHTkk7
-----END CERTIFICATE-----