Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/49969e-546c-43e5-8dbd-f92915a968bc/1/Ors2sJGvz_V2X7bu3UW0GnTXpd4.roa
File:                     Ors2sJGvz_V2X7bu3UW0GnTXpd4.roa (raw, json)
Hash identifier:          w/KCEvBy40MRhBdMfw//+Z+TOGuQxFmbSILDBS8c3R0=
Subject key identifier:   3A:BB:36:B0:91:AF:CF:F5:76:5F:B6:EE:DD:45:B4:1A:74:D7:A5:DE
Certificate issuer:       /CN=f0d9cbbefde612e61e0cd0ff0b871961cbf797e3
Certificate serial:       018CC493707C8BD4E7048AD55F9FC70C5664
Authority key identifier: F0:D9:CB:BE:FD:E6:12:E6:1E:0C:D0:FF:0B:87:19:61:CB:F7:97:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8NnLvv3mEuYeDND_C4cZYcv3l-M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/49969e-546c-43e5-8dbd-f92915a968bc/1/Ors2sJGvz_V2X7bu3UW0GnTXpd4.roa
Signing time:             Mon 01 Jan 2024 10:30:46 +0000
ROA not before:           Mon 01 Jan 2024 10:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3223
IP address blocks:        2001:67c:b30::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/49969e-546c-43e5-8dbd-f92915a968bc/1/8NnLvv3mEuYeDND_C4cZYcv3l-M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/49969e-546c-43e5-8dbd-f92915a968bc/1/8NnLvv3mEuYeDND_C4cZYcv3l-M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8NnLvv3mEuYeDND_C4cZYcv3l-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:70:7c:8b:d4:e7:04:8a:d5:5f:9f:c7:0c:56:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0d9cbbefde612e61e0cd0ff0b871961cbf797e3
        Validity
            Not Before: Jan  1 10:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3abb36b091afcff5765fb6eedd45b41a74d7a5de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ce:60:33:fa:e7:20:c5:64:75:75:77:9c:34:
                    79:4e:f9:8f:cd:ee:4c:ed:36:f7:ed:cd:ff:30:8d:
                    53:8e:1c:c1:9c:48:b3:b4:78:a3:ec:f1:bb:f5:ee:
                    6d:2a:53:e8:03:2c:af:05:49:b7:8b:af:01:1e:8d:
                    a8:4d:52:cf:77:59:c6:04:61:96:d3:31:f1:3e:90:
                    85:7a:d9:3f:29:49:17:41:ce:1f:98:61:4e:ae:a5:
                    a2:44:cb:75:0e:df:a2:2e:78:a8:a4:48:bd:eb:09:
                    ff:ff:90:bd:5b:27:13:dd:04:24:a9:41:c8:6c:19:
                    49:c6:f1:57:e5:be:b3:8e:5a:b2:f6:93:f6:38:90:
                    f8:55:12:28:ca:e6:6f:fb:53:fd:64:e5:14:6b:f6:
                    43:89:50:64:05:f5:fe:3b:9c:99:b8:bb:8c:c5:57:
                    4b:65:d4:24:8a:75:7a:92:ef:6c:db:17:eb:fd:16:
                    24:0c:ee:c9:2a:00:21:2f:68:26:36:ec:d4:db:ed:
                    c9:10:ce:53:5b:f5:b4:0b:86:35:c4:6e:ed:bb:bc:
                    59:5d:1c:d9:95:f3:06:2e:92:3c:6f:22:12:e6:bd:
                    6f:d5:08:52:6e:f1:d6:2f:16:ec:84:ef:e1:49:80:
                    6b:5e:e5:5f:65:ec:a6:7e:3b:51:5e:fb:4e:c6:9b:
                    a6:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:BB:36:B0:91:AF:CF:F5:76:5F:B6:EE:DD:45:B4:1A:74:D7:A5:DE
            X509v3 Authority Key Identifier:
                keyid:F0:D9:CB:BE:FD:E6:12:E6:1E:0C:D0:FF:0B:87:19:61:CB:F7:97:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8NnLvv3mEuYeDND_C4cZYcv3l-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/49969e-546c-43e5-8dbd-f92915a968bc/1/Ors2sJGvz_V2X7bu3UW0GnTXpd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/49969e-546c-43e5-8dbd-f92915a968bc/1/8NnLvv3mEuYeDND_C4cZYcv3l-M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b30::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:e9:79:c3:e4:29:c8:dc:df:79:04:18:dc:93:b5:6e:23:73:
         4d:df:65:76:3f:da:3c:1e:95:23:11:8c:ec:8d:54:23:c8:8f:
         3f:92:59:bd:ce:80:c3:28:44:4e:3d:b4:89:26:c8:33:4f:70:
         83:cc:e1:87:af:4c:26:1f:5d:0a:50:27:13:e0:7c:98:49:01:
         67:1e:f5:fa:e5:ad:e8:53:62:79:fa:59:4d:40:66:16:da:49:
         99:9f:1d:38:f9:80:51:6a:29:4d:e8:20:5d:7a:d6:3a:0d:71:
         2b:5c:95:98:cb:93:fb:c6:3d:50:e6:1c:56:a2:b2:c7:6f:f4:
         41:00:08:3a:d2:ab:d0:0e:53:da:6d:0c:2a:11:0c:ae:63:e1:
         fc:76:8d:c6:99:df:64:bd:07:9d:19:2e:1a:2e:a4:f4:4b:8c:
         e0:e2:e6:e0:a8:03:72:53:75:79:11:89:50:c0:21:a7:d6:bf:
         bd:7a:95:8d:14:9c:05:b6:30:5d:39:88:e5:78:d4:82:0a:4f:
         f8:a0:41:ac:82:cd:30:b1:46:e4:21:20:c0:7e:e8:af:0f:be:
         96:74:54:23:9d:b4:69:9c:96:ca:54:23:6f:68:5b:ca:16:00:
         f5:51:bd:d4:ab:1e:82:44:18:cd:1e:a6:56:b3:9a:2e:a4:15:
         7f:56:26:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk3B8i9TnBIrVX5/HDFZkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZDljYmJlZmRlNjEyZTYxZTBjZDBmZjBiODcxOTYxY2Jm
Nzk3ZTMwHhcNMjQwMTAxMTAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWJiMzZiMDkxYWZjZmY1NzY1ZmI2ZWVkZDQ1YjQxYTc0ZDdhNWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoM5gM/rnIMVkdXV3nDR5TvmPze5M
7Tb37c3/MI1TjhzBnEiztHij7PG79e5tKlPoAyyvBUm3i68BHo2oTVLPd1nGBGGW
0zHxPpCFetk/KUkXQc4fmGFOrqWiRMt1Dt+iLniopEi96wn//5C9WycT3QQkqUHI
bBlJxvFX5b6zjlqy9pP2OJD4VRIoyuZv+1P9ZOUUa/ZDiVBkBfX+O5yZuLuMxVdL
ZdQkinV6ku9s2xfr/RYkDO7JKgAhL2gmNuzU2+3JEM5TW/W0C4Y1xG7tu7xZXRzZ
lfMGLpI8byIS5r1v1QhSbvHWLxbshO/hSYBrXuVfZeymfjtRXvtOxpumDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDq7NrCRr8/1dl+27t1FtBp016XeMB8GA1UdIwQY
MBaAFPDZy7795hLmHgzQ/wuHGWHL95fjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE5uTHZ2M21FdVllRE5EX0M0Y1pZY3YzbC1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC80OTk2OWUtNTQ2Yy00M2U1LThkYmQt
ZjkyOTE1YTk2OGJjLzEvT3JzMnNKR3Z6X1YyWDdidTNVVzBHblRYcGQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC80OTk2OWUtNTQ2Yy00M2U1LThkYmQtZjkyOTE1YTk2OGJj
LzEvOE5uTHZ2M21FdVllRE5EX0M0Y1pZY3YzbC1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAsw
MA0GCSqGSIb3DQEBCwUAA4IBAQCI6XnD5CnI3N95BBjck7VuI3NN32V2P9o8HpUj
EYzsjVQjyI8/klm9zoDDKEROPbSJJsgzT3CDzOGHr0wmH10KUCcT4HyYSQFnHvX6
5a3oU2J5+llNQGYW2kmZnx04+YBRailN6CBdetY6DXErXJWYy5P7xj1Q5hxWorLH
b/RBAAg60qvQDlPabQwqEQyuY+H8do3Gmd9kvQedGS4aLqT0S4zg4ubgqANyU3V5
EYlQwCGn1r+9epWNFJwFtjBdOYjleNSCCk/4oEGsgs0wsUbkISDAfuivD76WdFQj
nbRpnJbKVCNvaFvKFgD1Ub3Uqx6CRBjNHqZWs5oupBV/Vibi
-----END CERTIFICATE-----