Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/845aee-daac-4641-9f31-9e7f0f941049/1/o8dl_b0cZ8hnqam36onJaqnH89w.roa
File:                     o8dl_b0cZ8hnqam36onJaqnH89w.roa (raw, json)
Hash identifier:          e8aEpVre23vAhQOJaP8wysq/oOtWkVRHB1YfdSAegl4=
Subject key identifier:   A3:C7:65:FD:BD:1C:67:C8:67:A9:A9:B7:EA:89:C9:6A:A9:C7:F3:DC
Certificate issuer:       /CN=3cfaa40f6263e00d1291698576a617a5b5d68a9c
Certificate serial:       018CC72653AC994BA69AFF4879AF2B873AFE
Authority key identifier: 3C:FA:A4:0F:62:63:E0:0D:12:91:69:85:76:A6:17:A5:B5:D6:8A:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PPqkD2Jj4A0SkWmFdqYXpbXWipw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/845aee-daac-4641-9f31-9e7f0f941049/1/o8dl_b0cZ8hnqam36onJaqnH89w.roa
Signing time:             Mon 01 Jan 2024 22:30:26 +0000
ROA not before:           Mon 01 Jan 2024 22:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212377
IP address blocks:        2001:67c:98c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/845aee-daac-4641-9f31-9e7f0f941049/1/PPqkD2Jj4A0SkWmFdqYXpbXWipw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/845aee-daac-4641-9f31-9e7f0f941049/1/PPqkD2Jj4A0SkWmFdqYXpbXWipw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PPqkD2Jj4A0SkWmFdqYXpbXWipw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:53:ac:99:4b:a6:9a:ff:48:79:af:2b:87:3a:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cfaa40f6263e00d1291698576a617a5b5d68a9c
        Validity
            Not Before: Jan  1 22:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3c765fdbd1c67c867a9a9b7ea89c96aa9c7f3dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:0a:90:fd:4f:ce:70:8e:bd:ee:05:db:9f:00:
                    d8:aa:fe:21:47:d6:e5:da:b3:8a:65:e1:03:3e:a5:
                    04:b9:b0:50:c1:2a:c3:cc:89:80:c9:f3:81:87:10:
                    2b:4d:58:3b:b6:96:22:62:44:86:2a:17:a7:ca:f3:
                    74:1e:e1:3f:16:39:fa:dc:83:f4:b5:8a:42:4e:96:
                    fd:16:6e:d4:f8:5f:18:0d:fc:f9:ab:f1:64:0d:73:
                    51:44:89:21:88:0e:b5:b4:45:73:14:3c:c5:cb:40:
                    60:fd:a8:c7:2f:a9:dc:e1:a1:64:84:04:fe:a8:ce:
                    0b:13:a3:4c:b7:9a:df:26:96:97:2a:36:cb:44:f9:
                    0e:9f:fd:ea:2c:22:6c:d2:6a:4d:e5:18:6d:ac:ad:
                    03:f4:38:a9:9d:6d:3f:cc:f1:7c:06:cb:6c:1e:e7:
                    16:b1:bf:4b:bc:f6:82:4b:dc:9d:7a:27:bd:43:56:
                    e4:b1:c9:c6:bd:05:23:51:fb:a9:09:5c:8e:20:44:
                    d2:03:87:69:26:7e:af:ff:d1:f8:b0:98:ef:f5:a6:
                    7e:bf:81:62:e9:30:34:17:fb:d3:bb:58:64:2a:a7:
                    cf:f2:be:ac:a0:f8:99:70:3e:1c:86:8b:3b:c1:a2:
                    8e:a7:df:d1:16:2f:0a:50:4b:52:ea:f4:94:25:82:
                    4f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:C7:65:FD:BD:1C:67:C8:67:A9:A9:B7:EA:89:C9:6A:A9:C7:F3:DC
            X509v3 Authority Key Identifier:
                keyid:3C:FA:A4:0F:62:63:E0:0D:12:91:69:85:76:A6:17:A5:B5:D6:8A:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PPqkD2Jj4A0SkWmFdqYXpbXWipw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/845aee-daac-4641-9f31-9e7f0f941049/1/o8dl_b0cZ8hnqam36onJaqnH89w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/845aee-daac-4641-9f31-9e7f0f941049/1/PPqkD2Jj4A0SkWmFdqYXpbXWipw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:98c::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:ed:9c:15:36:e9:03:43:41:83:ce:ca:91:2e:5a:2b:5a:2c:
         9a:b6:b1:a0:93:35:37:dd:cf:0d:02:a3:e1:63:9a:91:82:93:
         bd:a4:e3:84:e9:63:03:17:70:06:cf:53:d7:bf:bb:f4:55:44:
         ed:32:f2:b0:fa:0a:0a:6b:14:8f:0f:0f:bf:71:f4:d4:c9:13:
         19:08:e5:a5:4b:97:77:71:41:8c:75:d9:55:3d:a8:a5:f4:87:
         a0:c2:03:1b:38:36:11:08:97:a6:74:39:30:2e:9b:16:d5:a1:
         37:91:83:16:77:14:28:33:f2:9c:f4:39:4c:7d:9c:1c:ea:48:
         fd:80:f4:f2:e1:3c:ef:07:5e:cc:4d:bb:fd:32:e4:ec:89:92:
         73:62:b2:0b:97:3f:a2:25:25:6c:43:f8:6f:85:7f:d6:85:c2:
         6e:77:c4:e4:b5:3a:4f:94:7a:f8:3f:4c:63:c4:77:68:5a:73:
         f4:4b:a9:61:92:ec:d2:17:d4:1c:0a:31:56:6d:ba:92:3b:46:
         55:e6:a8:92:c1:46:44:f9:1e:01:31:24:0f:60:36:74:90:43:
         3f:55:36:35:f9:8e:12:9e:fe:8f:95:ef:ee:6d:42:b5:c3:95:
         35:81:fb:26:f5:06:80:78:0e:e3:50:eb:94:d5:49:38:60:53:
         56:0a:d0:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJlOsmUummv9Iea8rhzr+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZmFhNDBmNjI2M2UwMGQxMjkxNjk4NTc2YTYxN2E1YjVk
NjhhOWMwHhcNMjQwMTAxMjIzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2M3NjVmZGJkMWM2N2M4NjdhOWE5YjdlYTg5Yzk2YWE5YzdmM2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2AqQ/U/OcI697gXbnwDYqv4hR9bl
2rOKZeEDPqUEubBQwSrDzImAyfOBhxArTVg7tpYiYkSGKhenyvN0HuE/Fjn63IP0
tYpCTpb9Fm7U+F8YDfz5q/FkDXNRRIkhiA61tEVzFDzFy0Bg/ajHL6nc4aFkhAT+
qM4LE6NMt5rfJpaXKjbLRPkOn/3qLCJs0mpN5RhtrK0D9DipnW0/zPF8BstsHucW
sb9LvPaCS9ydeie9Q1bkscnGvQUjUfupCVyOIETSA4dpJn6v/9H4sJjv9aZ+v4Fi
6TA0F/vTu1hkKqfP8r6soPiZcD4chos7waKOp9/RFi8KUEtS6vSUJYJPuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKPHZf29HGfIZ6mpt+qJyWqpx/PcMB8GA1UdIwQY
MBaAFDz6pA9iY+ANEpFphXamF6W11oqcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFBxa0QySmo0QTBTa1dtRmRxWVhwYlhXaXB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC84NDVhZWUtZGFhYy00NjQxLTlmMzEt
OWU3ZjBmOTQxMDQ5LzEvbzhkbF9iMGNaOGhucWFtMzZvbkphcW5IODl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC84NDVhZWUtZGFhYy00NjQxLTlmMzEtOWU3ZjBmOTQxMDQ5
LzEvUFBxa0QySmo0QTBTa1dtRmRxWVhwYlhXaXB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAmM
MA0GCSqGSIb3DQEBCwUAA4IBAQA17ZwVNukDQ0GDzsqRLlorWiyatrGgkzU33c8N
AqPhY5qRgpO9pOOE6WMDF3AGz1PXv7v0VUTtMvKw+goKaxSPDw+/cfTUyRMZCOWl
S5d3cUGMddlVPail9IegwgMbODYRCJemdDkwLpsW1aE3kYMWdxQoM/Kc9DlMfZwc
6kj9gPTy4TzvB17MTbv9MuTsiZJzYrILlz+iJSVsQ/hvhX/WhcJud8TktTpPlHr4
P0xjxHdoWnP0S6lhkuzSF9QcCjFWbbqSO0ZV5qiSwUZE+R4BMSQPYDZ0kEM/VTY1
+Y4Snv6Ple/ubUK1w5U1gfsm9QaAeA7jUOuU1Uk4YFNWCtAz
-----END CERTIFICATE-----