Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/8f90a5-c878-4dd4-b2db-4e5861187c4f/1/NTKDgPRNdTrWCrIDK8tCwP4gPkw.roa
File:                     NTKDgPRNdTrWCrIDK8tCwP4gPkw.roa (raw, json)
Hash identifier:          HOwVFviUquVqBFv7SxcB3OvqlWJ1xXPRgZpzKMOAvcg=
Subject key identifier:   35:32:83:80:F4:4D:75:3A:D6:0A:B2:03:2B:CB:42:C0:FE:20:3E:4C
Certificate issuer:       /CN=e1ff625f4a18d04d590a5b9d73b2551a435b7172
Certificate serial:       018CCA99123A5594C4D448B68C27EA8D4758
Authority key identifier: E1:FF:62:5F:4A:18:D0:4D:59:0A:5B:9D:73:B2:55:1A:43:5B:71:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4f9iX0oY0E1ZCludc7JVGkNbcXI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/8f90a5-c878-4dd4-b2db-4e5861187c4f/1/NTKDgPRNdTrWCrIDK8tCwP4gPkw.roa
Signing time:             Tue 02 Jan 2024 14:34:38 +0000
ROA not before:           Tue 02 Jan 2024 14:34:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210887
IP address blocks:        2001:67c:864::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/8f90a5-c878-4dd4-b2db-4e5861187c4f/1/4f9iX0oY0E1ZCludc7JVGkNbcXI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/8f90a5-c878-4dd4-b2db-4e5861187c4f/1/4f9iX0oY0E1ZCludc7JVGkNbcXI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4f9iX0oY0E1ZCludc7JVGkNbcXI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:12:3a:55:94:c4:d4:48:b6:8c:27:ea:8d:47:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ff625f4a18d04d590a5b9d73b2551a435b7172
        Validity
            Not Before: Jan  2 14:34:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35328380f44d753ad60ab2032bcb42c0fe203e4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:4d:b9:6f:f5:b7:b0:4d:d1:ae:9c:f4:71:41:
                    a4:7e:53:d2:99:c8:66:02:80:a2:8d:31:04:a3:1c:
                    51:5b:45:ac:b5:27:1a:9c:35:f1:ad:48:1a:e8:3f:
                    d6:96:d2:a7:ea:2c:74:6b:94:cb:ec:a8:53:d9:e8:
                    a4:a9:42:a1:40:18:a2:84:1d:bf:26:af:b3:6d:74:
                    fc:24:0d:90:01:e1:0b:ed:bf:c1:b7:33:48:19:2e:
                    6f:dc:ea:56:cf:37:23:d1:2f:5e:1a:d4:41:3d:2f:
                    2e:f7:d5:02:81:1b:07:3d:d2:c7:29:61:72:c3:f6:
                    d0:a4:fd:82:02:4d:13:e3:17:74:19:9d:cd:1a:50:
                    11:c9:1e:74:4f:8b:df:f5:1c:1b:c1:16:9e:83:f9:
                    68:c9:6e:08:7b:fb:cd:0d:cd:cb:fc:fb:33:18:e1:
                    1d:3e:19:17:ae:69:7b:3e:31:40:6d:86:50:07:a6:
                    a7:c2:48:38:d9:67:b9:3b:fe:92:12:a9:90:f5:40:
                    fa:c4:4e:17:bd:66:21:74:4b:9c:9f:f8:a2:83:5b:
                    8c:db:08:76:84:2c:64:31:f2:6f:fa:f1:a9:48:79:
                    ab:50:42:e6:06:ef:54:29:16:c3:20:82:63:c6:bc:
                    46:de:53:c4:c1:23:5a:03:ce:9f:93:f0:ab:2a:4c:
                    e0:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:32:83:80:F4:4D:75:3A:D6:0A:B2:03:2B:CB:42:C0:FE:20:3E:4C
            X509v3 Authority Key Identifier:
                keyid:E1:FF:62:5F:4A:18:D0:4D:59:0A:5B:9D:73:B2:55:1A:43:5B:71:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f9iX0oY0E1ZCludc7JVGkNbcXI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/8f90a5-c878-4dd4-b2db-4e5861187c4f/1/NTKDgPRNdTrWCrIDK8tCwP4gPkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/8f90a5-c878-4dd4-b2db-4e5861187c4f/1/4f9iX0oY0E1ZCludc7JVGkNbcXI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:864::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:ee:1a:56:dd:88:b8:58:85:42:e4:9f:f6:e9:3b:ce:30:2f:
         76:15:51:22:ca:e4:66:eb:7d:4d:40:ed:3d:c4:d7:0d:01:c8:
         1d:a8:69:9e:8e:a3:ec:f4:60:00:1d:5f:1c:28:94:5b:66:aa:
         c9:64:13:9c:d8:cd:e9:0b:e5:f3:64:94:6d:b2:43:d9:d6:b9:
         f4:19:39:70:08:83:92:df:d9:e7:0b:16:23:40:77:2e:89:fb:
         d1:45:0b:51:be:45:c7:9e:cb:15:0b:4e:c5:7f:14:82:c1:b1:
         ab:57:62:f9:15:23:1d:42:ea:90:89:48:98:46:57:71:19:7e:
         02:13:66:3e:68:03:d1:57:3e:4e:0a:fc:52:c2:60:9c:16:25:
         90:3c:dd:2f:1a:76:50:07:cf:6f:ed:78:b4:42:68:80:03:3a:
         bb:74:4a:da:7f:39:69:a8:fe:b6:e7:d8:cf:7d:2c:ab:1f:2b:
         09:3c:c7:c2:bb:a0:65:8d:2c:37:6c:01:e9:f8:77:62:c4:3c:
         f6:6d:27:4c:05:06:53:03:25:e2:14:98:e7:9f:77:59:7d:59:
         89:23:58:ac:2a:39:fc:59:4a:a6:dd:30:3d:da:f9:0e:84:f8:
         e5:f8:d8:c3:5c:eb:d6:9c:c1:18:5e:b9:04:14:72:36:77:79:
         bc:2c:ca:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKmRI6VZTE1Ei2jCfqjUdYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZmY2MjVmNGExOGQwNGQ1OTBhNWI5ZDczYjI1NTFhNDM1
YjcxNzIwHhcNMjQwMTAyMTQzNDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTMyODM4MGY0NGQ3NTNhZDYwYWIyMDMyYmNiNDJjMGZlMjAzZTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm025b/W3sE3Rrpz0cUGkflPSmchm
AoCijTEEoxxRW0WstScanDXxrUga6D/WltKn6ix0a5TL7KhT2eikqUKhQBiihB2/
Jq+zbXT8JA2QAeEL7b/BtzNIGS5v3OpWzzcj0S9eGtRBPS8u99UCgRsHPdLHKWFy
w/bQpP2CAk0T4xd0GZ3NGlARyR50T4vf9RwbwRaeg/loyW4Ie/vNDc3L/PszGOEd
PhkXrml7PjFAbYZQB6anwkg42We5O/6SEqmQ9UD6xE4XvWYhdEucn/iig1uM2wh2
hCxkMfJv+vGpSHmrUELmBu9UKRbDIIJjxrxG3lPEwSNaA86fk/CrKkzgAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDUyg4D0TXU61gqyAyvLQsD+ID5MMB8GA1UdIwQY
MBaAFOH/Yl9KGNBNWQpbnXOyVRpDW3FyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGY5aVgwb1kwRTFaQ2x1ZGM3SlZHa05iY1hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC84ZjkwYTUtYzg3OC00ZGQ0LWIyZGIt
NGU1ODYxMTg3YzRmLzEvTlRLRGdQUk5kVHJXQ3JJREs4dEN3UDRnUGt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC84ZjkwYTUtYzg3OC00ZGQ0LWIyZGItNGU1ODYxMTg3YzRm
LzEvNGY5aVgwb1kwRTFaQ2x1ZGM3SlZHa05iY1hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAhk
MA0GCSqGSIb3DQEBCwUAA4IBAQAL7hpW3Yi4WIVC5J/26TvOMC92FVEiyuRm631N
QO09xNcNAcgdqGmejqPs9GAAHV8cKJRbZqrJZBOc2M3pC+XzZJRtskPZ1rn0GTlw
CIOS39nnCxYjQHcuifvRRQtRvkXHnssVC07FfxSCwbGrV2L5FSMdQuqQiUiYRldx
GX4CE2Y+aAPRVz5OCvxSwmCcFiWQPN0vGnZQB89v7Xi0QmiAAzq7dErafzlpqP62
59jPfSyrHysJPMfCu6BljSw3bAHp+HdixDz2bSdMBQZTAyXiFJjnn3dZfVmJI1is
Kjn8WUqm3TA92vkOhPjl+NjDXOvWnMEYXrkEFHI2d3m8LMqK
-----END CERTIFICATE-----