Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/86c002-758b-495a-b9cd-7b0dc00a8c20/1/a18AdYP1af2hCZbjYBxkR73mTNc.roa
File:                     a18AdYP1af2hCZbjYBxkR73mTNc.roa (raw, json)
Hash identifier:          1kmErrbQt4GQ3t8DihZr4FafH7eDfv5Bw/yGJ8IlMuc=
Subject key identifier:   6B:5F:00:75:83:F5:69:FD:A1:09:96:E3:60:1C:64:47:BD:E6:4C:D7
Certificate issuer:       /CN=8e0f683867ef769a0a22ade17118ed06fa57b81f
Certificate serial:       018E0E386660755BE3E65C37F81BACCD2F0A
Authority key identifier: 8E:0F:68:38:67:EF:76:9A:0A:22:AD:E1:71:18:ED:06:FA:57:B8:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jg9oOGfvdpoKIq3hcRjtBvpXuB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/86c002-758b-495a-b9cd-7b0dc00a8c20/1/a18AdYP1af2hCZbjYBxkR73mTNc.roa
Signing time:             Tue 05 Mar 2024 10:46:00 +0000
ROA not before:           Tue 05 Mar 2024 10:46:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215387
IP address blocks:        2001:67c:e24::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/86c002-758b-495a-b9cd-7b0dc00a8c20/1/jg9oOGfvdpoKIq3hcRjtBvpXuB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/86c002-758b-495a-b9cd-7b0dc00a8c20/1/jg9oOGfvdpoKIq3hcRjtBvpXuB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jg9oOGfvdpoKIq3hcRjtBvpXuB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 22:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0e:38:66:60:75:5b:e3:e6:5c:37:f8:1b:ac:cd:2f:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e0f683867ef769a0a22ade17118ed06fa57b81f
        Validity
            Not Before: Mar  5 10:46:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b5f007583f569fda10996e3601c6447bde64cd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:85:ff:6e:d9:18:5f:ea:24:cd:bb:82:98:13:
                    fa:64:c7:78:cf:da:cb:9f:e3:2a:cf:92:e0:ce:44:
                    64:1f:81:67:c8:96:93:b9:10:f5:e4:5f:bd:2f:50:
                    70:6b:68:0f:2a:20:36:56:89:5f:54:9b:f2:a0:b3:
                    b3:db:c9:d1:27:12:c6:c9:c1:6d:96:fe:37:c5:f0:
                    84:21:b5:9b:10:08:dd:40:26:5a:cf:dd:92:db:a3:
                    18:48:f5:bf:6b:21:fc:65:0b:77:78:c0:a1:1d:9c:
                    94:36:55:8d:af:9e:4c:8d:7c:04:6d:9d:3f:8e:03:
                    d5:cb:d3:1e:32:bb:39:64:37:bd:42:8c:c7:0f:13:
                    18:cc:66:02:73:1d:4f:c0:c6:92:08:86:23:98:23:
                    2a:0e:30:c2:8b:87:d6:ea:ca:da:e7:d1:28:ac:90:
                    71:0b:71:c2:c5:08:a9:65:cf:c3:78:f5:ce:1e:44:
                    73:9e:f7:a3:bc:09:f4:1d:2c:b7:56:30:2e:2b:17:
                    b3:74:d5:eb:2f:f2:d4:e2:86:3c:bc:0a:c7:71:77:
                    4a:df:54:32:94:a5:c8:9d:6d:41:16:68:ca:7f:2e:
                    a5:6a:3c:5c:63:97:03:48:1e:78:9f:c7:0b:e3:1b:
                    2a:36:20:f9:17:21:6d:4b:21:40:bf:d7:4f:88:a8:
                    ee:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:5F:00:75:83:F5:69:FD:A1:09:96:E3:60:1C:64:47:BD:E6:4C:D7
            X509v3 Authority Key Identifier:
                keyid:8E:0F:68:38:67:EF:76:9A:0A:22:AD:E1:71:18:ED:06:FA:57:B8:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jg9oOGfvdpoKIq3hcRjtBvpXuB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/86c002-758b-495a-b9cd-7b0dc00a8c20/1/a18AdYP1af2hCZbjYBxkR73mTNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/86c002-758b-495a-b9cd-7b0dc00a8c20/1/jg9oOGfvdpoKIq3hcRjtBvpXuB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e24::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:18:e2:76:19:32:44:06:8f:d6:06:92:ed:da:b8:5e:db:ab:
         3b:f2:73:a4:5a:d3:91:bc:ee:bc:80:07:60:97:e9:f6:61:9b:
         30:cc:36:67:37:eb:96:fb:4e:ab:7e:83:fb:e7:67:83:b4:0d:
         93:ea:a2:a0:b3:0b:46:8b:dc:f0:a8:e5:21:ba:99:7d:76:84:
         70:c4:18:cc:34:51:cd:65:6f:9b:03:b5:6e:9e:fa:d0:98:eb:
         ca:2b:05:a6:ad:d3:cd:5c:f0:7d:11:16:35:f8:6b:a5:60:7e:
         01:61:c3:58:a7:95:08:51:ee:bf:a6:9e:a0:19:0e:f6:33:70:
         c0:f0:19:cd:36:5c:30:21:5d:ab:eb:08:ba:a7:32:12:dd:20:
         95:c7:4d:13:a3:d5:85:65:bd:30:41:91:c0:71:80:42:41:dd:
         53:27:b0:12:76:64:ca:b1:de:e9:a0:43:b5:2d:08:97:89:98:
         64:04:13:4f:88:47:1c:f8:5c:35:76:13:b2:e8:21:75:37:53:
         85:8f:7d:5d:aa:1e:29:b5:48:54:35:7b:97:3c:8b:7d:16:b1:
         14:f2:e2:29:8b:24:ff:84:48:1b:c6:de:19:5e:85:f0:f0:4a:
         6f:a7:8d:a0:da:57:ec:6f:69:f5:08:9f:a7:fe:33:78:c4:cb:
         d1:30:39:0a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4OOGZgdVvj5lw3+BuszS8KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMGY2ODM4NjdlZjc2OWEwYTIyYWRlMTcxMThlZDA2ZmE1
N2I4MWYwHhcNMjQwMzA1MTA0NjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjVmMDA3NTgzZjU2OWZkYTEwOTk2ZTM2MDFjNjQ0N2JkZTY0Y2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxoX/btkYX+okzbuCmBP6ZMd4z9rL
n+Mqz5LgzkRkH4FnyJaTuRD15F+9L1Bwa2gPKiA2VolfVJvyoLOz28nRJxLGycFt
lv43xfCEIbWbEAjdQCZaz92S26MYSPW/ayH8ZQt3eMChHZyUNlWNr55MjXwEbZ0/
jgPVy9MeMrs5ZDe9QozHDxMYzGYCcx1PwMaSCIYjmCMqDjDCi4fW6sra59EorJBx
C3HCxQipZc/DePXOHkRznvejvAn0HSy3VjAuKxezdNXrL/LU4oY8vArHcXdK31Qy
lKXInW1BFmjKfy6lajxcY5cDSB54n8cL4xsqNiD5FyFtSyFAv9dPiKju/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGtfAHWD9Wn9oQmW42AcZEe95kzXMB8GA1UdIwQY
MBaAFI4PaDhn73aaCiKt4XEY7Qb6V7gfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamc5b09HZnZkcG9LSXEzaGNSanRCdnBYdUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC84NmMwMDItNzU4Yi00OTVhLWI5Y2Qt
N2IwZGMwMGE4YzIwLzEvYTE4QWRZUDFhZjJoQ1piallCeGtSNzNtVE5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC84NmMwMDItNzU4Yi00OTVhLWI5Y2QtN2IwZGMwMGE4YzIw
LzEvamc5b09HZnZkcG9LSXEzaGNSanRCdnBYdUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA4k
MA0GCSqGSIb3DQEBCwUAA4IBAQA8GOJ2GTJEBo/WBpLt2rhe26s78nOkWtORvO68
gAdgl+n2YZswzDZnN+uW+06rfoP752eDtA2T6qKgswtGi9zwqOUhupl9doRwxBjM
NFHNZW+bA7VunvrQmOvKKwWmrdPNXPB9ERY1+GulYH4BYcNYp5UIUe6/pp6gGQ72
M3DA8BnNNlwwIV2r6wi6pzIS3SCVx00To9WFZb0wQZHAcYBCQd1TJ7ASdmTKsd7p
oEO1LQiXiZhkBBNPiEcc+Fw1dhOy6CF1N1OFj31dqh4ptUhUNXuXPIt9FrEU8uIp
iyT/hEgbxt4ZXoXw8Epvp42g2lfsb2n1CJ+n/jN4xMvRMDkK
-----END CERTIFICATE-----