Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/405d9b-1073-4cd7-90eb-e8f60cab1866/1/muOjhybwOSczKezpnj1UsvuAjAc.roa
File:                     muOjhybwOSczKezpnj1UsvuAjAc.roa (raw, json)
Hash identifier:          7/LmWxE8MsA6PDg5KfqDNGK+muqPfQ/79D/bPje7I1c=
Subject key identifier:   9A:E3:A3:87:26:F0:39:27:33:29:EC:E9:9E:3D:54:B2:FB:80:8C:07
Certificate issuer:       /CN=fbb0301ef6ff5897b5be2c941ddb51978fd489ff
Certificate serial:       018CCA2AC06F7A4405A2BDA1AFE34DD1F19D
Authority key identifier: FB:B0:30:1E:F6:FF:58:97:B5:BE:2C:94:1D:DB:51:97:8F:D4:89:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-7AwHvb_WJe1viyUHdtRl4_Uif8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/405d9b-1073-4cd7-90eb-e8f60cab1866/1/muOjhybwOSczKezpnj1UsvuAjAc.roa
Signing time:             Tue 02 Jan 2024 12:34:08 +0000
ROA not before:           Tue 02 Jan 2024 12:34:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211479
IP address blocks:        2001:67c:109c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/405d9b-1073-4cd7-90eb-e8f60cab1866/1/1-7AwHvb_WJe1viyUHdtRl4_Uif8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/405d9b-1073-4cd7-90eb-e8f60cab1866/1/1-7AwHvb_WJe1viyUHdtRl4_Uif8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-7AwHvb_WJe1viyUHdtRl4_Uif8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 10:03:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:c0:6f:7a:44:05:a2:bd:a1:af:e3:4d:d1:f1:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbb0301ef6ff5897b5be2c941ddb51978fd489ff
        Validity
            Not Before: Jan  2 12:34:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ae3a38726f039273329ece99e3d54b2fb808c07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c4:cf:41:5f:32:4d:45:e1:16:4f:12:8f:20:
                    39:d3:3c:b1:43:85:07:42:17:fb:2c:94:59:5c:e0:
                    59:ff:82:7c:cf:55:c8:aa:cd:85:1b:42:b5:1d:e8:
                    ce:c4:5d:db:c5:41:2e:5c:8e:0c:d3:1b:0f:32:21:
                    df:e1:bc:71:4d:af:6e:ab:fa:40:eb:a0:9e:4a:8d:
                    07:cd:e3:d9:56:8b:17:db:fd:f5:1e:10:b4:bf:0f:
                    ef:fb:db:26:f8:b8:91:58:eb:b6:12:b6:f4:8c:2f:
                    3e:2a:5e:6f:d9:8c:d2:69:bd:19:d4:c0:90:1b:9a:
                    7d:6e:5c:61:bf:33:52:e0:98:79:fb:38:23:7b:54:
                    85:2d:79:7c:67:6a:b8:f9:6f:0e:8d:6d:f1:00:9e:
                    45:e9:18:fd:eb:2e:d9:44:cf:cd:14:d3:59:bb:64:
                    70:ec:01:80:f4:5e:4a:ca:e6:27:58:6a:e8:4e:47:
                    d7:92:a4:07:45:4b:db:49:7a:d8:67:14:9f:75:ed:
                    76:9f:a6:16:16:db:e0:7a:e9:b4:a3:b6:a2:4a:4f:
                    b4:50:25:7b:75:e8:88:93:e3:a6:1f:73:73:d0:51:
                    38:72:b3:7b:ff:af:a4:cd:7a:0a:43:28:6c:46:51:
                    d9:dc:48:fe:5b:f4:8f:14:8c:a4:ab:8b:85:ad:d1:
                    78:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:E3:A3:87:26:F0:39:27:33:29:EC:E9:9E:3D:54:B2:FB:80:8C:07
            X509v3 Authority Key Identifier:
                keyid:FB:B0:30:1E:F6:FF:58:97:B5:BE:2C:94:1D:DB:51:97:8F:D4:89:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-7AwHvb_WJe1viyUHdtRl4_Uif8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/405d9b-1073-4cd7-90eb-e8f60cab1866/1/muOjhybwOSczKezpnj1UsvuAjAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/405d9b-1073-4cd7-90eb-e8f60cab1866/1/1-7AwHvb_WJe1viyUHdtRl4_Uif8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:109c::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:13:d0:b7:b1:9b:af:93:8c:9e:fe:82:ff:e6:e5:26:d3:98:
         e7:07:4e:b3:d6:6c:3e:cd:3d:9f:4a:28:18:9f:68:be:1a:5b:
         a5:d0:15:1f:5b:21:5b:f3:43:89:1f:f4:86:89:79:be:a2:55:
         e3:97:00:79:ec:5f:be:3b:73:95:ee:29:d0:a6:e9:cf:26:37:
         59:e5:08:45:75:54:7d:8c:a2:3e:b5:d5:60:69:61:e6:fc:ea:
         07:28:df:24:fb:43:27:24:50:4f:d1:fc:98:e4:e4:0c:86:0a:
         0a:e6:43:1f:49:ef:e6:d7:f3:a5:51:51:9b:a1:61:1d:3c:a4:
         c9:a2:a5:89:59:a4:09:5d:9a:74:d6:91:a1:1b:ea:46:71:d8:
         31:d7:36:09:a6:23:0f:e9:85:c2:82:c7:f7:63:4f:43:41:f7:
         33:f1:ae:83:50:b7:98:fe:55:bd:ec:61:a2:9d:60:87:0f:2a:
         fd:18:a4:2b:08:93:32:fa:18:6c:c9:b9:03:a5:d4:4a:b3:ac:
         0f:45:1d:1e:2b:4e:e7:00:1c:1f:a3:ad:a7:8d:59:cb:b4:be:
         53:28:cc:94:1d:c2:25:bf:70:96:9a:52:d5:ae:32:95:6e:97:
         9d:a8:10:e8:a8:95:45:3f:3b:1c:ee:70:b1:67:2e:db:53:74:
         cc:fc:b2:53
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzKKsBvekQFor2hr+NN0fGdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYjAzMDFlZjZmZjU4OTdiNWJlMmM5NDFkZGI1MTk3OGZk
NDg5ZmYwHhcNMjQwMTAyMTIzNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWUzYTM4NzI2ZjAzOTI3MzMyOWVjZTk5ZTNkNTRiMmZiODA4YzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8TPQV8yTUXhFk8SjyA50zyxQ4UH
Qhf7LJRZXOBZ/4J8z1XIqs2FG0K1HejOxF3bxUEuXI4M0xsPMiHf4bxxTa9uq/pA
66CeSo0HzePZVosX2/31HhC0vw/v+9sm+LiRWOu2Erb0jC8+Kl5v2YzSab0Z1MCQ
G5p9blxhvzNS4Jh5+zgje1SFLXl8Z2q4+W8OjW3xAJ5F6Rj96y7ZRM/NFNNZu2Rw
7AGA9F5KyuYnWGroTkfXkqQHRUvbSXrYZxSfde12n6YWFtvgeum0o7aiSk+0UCV7
deiIk+OmH3Nz0FE4crN7/6+kzXoKQyhsRlHZ3Ej+W/SPFIykq4uFrdF41QIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFJrjo4cm8DknMyns6Z49VLL7gIwHMB8GA1UdIwQY
MBaAFPuwMB72/1iXtb4slB3bUZeP1In/MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS03QXdIdmJfV0plMXZpeVVIZHRSbDRfVWlmOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTAvNDA1ZDliLTEwNzMtNGNkNy05MGVi
LWU4ZjYwY2FiMTg2Ni8xL211T2poeWJ3T1NjektlenBuajFVc3Z1QWpBYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTAvNDA1ZDliLTEwNzMtNGNkNy05MGViLWU4ZjYwY2FiMTg2
Ni8xLzEtN0F3SHZiX1dKZTF2aXlVSGR0Umw0X1VpZjguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQZ8
EJwwDQYJKoZIhvcNAQELBQADggEBACwT0Lexm6+TjJ7+gv/m5SbTmOcHTrPWbD7N
PZ9KKBifaL4aW6XQFR9bIVvzQ4kf9IaJeb6iVeOXAHnsX747c5XuKdCm6c8mN1nl
CEV1VH2Moj611WBpYeb86gco3yT7QyckUE/R/Jjk5AyGCgrmQx9J7+bX86VRUZuh
YR08pMmipYlZpAldmnTWkaEb6kZx2DHXNgmmIw/phcKCx/djT0NB9zPxroNQt5j+
Vb3sYaKdYIcPKv0YpCsIkzL6GGzJuQOl1EqzrA9FHR4rTucAHB+jraeNWcu0vlMo
zJQdwiW/cJaaUtWuMpVul52oEOiolUU/OxzucLFnLttTdMz8slM=
-----END CERTIFICATE-----