Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/1968d0-faf1-4e37-ac88-d404b480c567/1/uvAID9R39i1wRizeDQrywnPI9tM.roa
File:                     uvAID9R39i1wRizeDQrywnPI9tM.roa (raw, json)
Hash identifier:          dXWWFsozrFUCla9hGKHR+QeGhCEpW3J7kzoWnOfn7Nw=
Subject key identifier:   BA:F0:08:0F:D4:77:F6:2D:70:46:2C:DE:0D:0A:F2:C2:73:C8:F6:D3
Certificate issuer:       /CN=fa30f2f672fb54ba4977c6e1a6ba27131c231ff2
Certificate serial:       019007DAF5572CBBDC975E7D9326E193D1DB
Authority key identifier: FA:30:F2:F6:72:FB:54:BA:49:77:C6:E1:A6:BA:27:13:1C:23:1F:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-jDy9nL7VLpJd8bhpronExwjH_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/1968d0-faf1-4e37-ac88-d404b480c567/1/uvAID9R39i1wRizeDQrywnPI9tM.roa
Signing time:             Tue 11 Jun 2024 15:11:48 +0000
ROA not before:           Tue 11 Jun 2024 15:11:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214759
IP address blocks:        2001:67c:2c1c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/1968d0-faf1-4e37-ac88-d404b480c567/1/1-jDy9nL7VLpJd8bhpronExwjH_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/1968d0-faf1-4e37-ac88-d404b480c567/1/1-jDy9nL7VLpJd8bhpronExwjH_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-jDy9nL7VLpJd8bhpronExwjH_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:07:da:f5:57:2c:bb:dc:97:5e:7d:93:26:e1:93:d1:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa30f2f672fb54ba4977c6e1a6ba27131c231ff2
        Validity
            Not Before: Jun 11 15:11:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=baf0080fd477f62d70462cde0d0af2c273c8f6d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ce:a8:9f:b9:85:0d:75:28:3d:8a:4b:eb:c9:
                    17:86:b8:bd:39:b5:6b:83:94:2b:fd:5d:40:25:9e:
                    fc:35:e8:1c:3a:c4:95:a2:d8:47:da:fa:63:64:25:
                    6c:16:12:0c:d8:c6:5a:25:5c:c1:b3:42:ef:7a:21:
                    1c:60:f9:39:64:82:96:9e:cd:74:bd:75:0e:b7:78:
                    0c:aa:59:c7:57:96:e5:0a:df:b7:fc:ac:30:fe:94:
                    dd:35:c0:88:f5:6d:44:5f:b7:6a:30:77:42:40:6d:
                    11:20:f4:9b:30:87:4c:8f:28:fe:ba:a6:ea:ce:d0:
                    ff:c6:5f:5e:f6:69:b7:b8:31:7a:7b:42:2e:bc:13:
                    0a:86:e0:b6:d7:e1:e2:7c:61:1e:04:6a:ee:be:fc:
                    23:0b:00:73:8a:00:7d:c5:d1:6b:e4:3a:ff:17:8b:
                    6e:9c:a1:7d:96:58:0f:69:b0:af:58:7d:3f:09:d1:
                    54:ee:df:27:8c:97:51:b6:34:ae:f8:2a:e1:67:6a:
                    3e:df:bb:57:87:df:d5:94:2c:9e:9f:12:d4:0a:55:
                    98:f3:db:96:7f:72:96:d1:1e:cb:5b:c1:b9:85:93:
                    6b:46:ba:12:d8:8e:3b:2c:75:53:26:bd:7d:35:ba:
                    e9:4d:18:d0:4d:16:a1:95:74:1f:da:e3:c0:80:73:
                    d3:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:F0:08:0F:D4:77:F6:2D:70:46:2C:DE:0D:0A:F2:C2:73:C8:F6:D3
            X509v3 Authority Key Identifier:
                keyid:FA:30:F2:F6:72:FB:54:BA:49:77:C6:E1:A6:BA:27:13:1C:23:1F:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-jDy9nL7VLpJd8bhpronExwjH_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/1968d0-faf1-4e37-ac88-d404b480c567/1/uvAID9R39i1wRizeDQrywnPI9tM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/1968d0-faf1-4e37-ac88-d404b480c567/1/1-jDy9nL7VLpJd8bhpronExwjH_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2c1c::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:4a:36:99:c8:15:9f:09:d0:f1:41:4c:4a:78:41:6e:07:67:
         58:96:1a:b7:46:0f:5f:4c:8e:79:67:ba:6a:4c:6e:70:6e:a8:
         97:a0:f8:b7:ef:f0:fb:8b:08:bc:54:e4:99:f9:ee:df:38:97:
         1e:01:1c:2a:fb:f6:2f:6e:31:8f:8e:dd:a7:9c:43:60:58:9f:
         80:da:f7:af:8c:49:84:82:74:84:1d:78:cc:9f:43:2d:43:8a:
         1d:85:6b:1d:94:03:fc:3e:a9:df:3c:5f:f5:bd:a9:b0:73:ff:
         c4:42:7c:3d:ed:6b:d6:75:46:6b:ce:38:cc:01:bf:72:ee:0d:
         84:02:6c:52:f2:6d:9b:00:95:72:13:19:f7:12:fe:ca:d7:af:
         ab:e8:cf:83:1a:83:87:67:18:ac:96:92:ab:28:69:4b:05:f7:
         8b:c7:cf:d6:f5:a8:2e:b6:72:a8:8a:b0:d3:69:4e:76:e0:0d:
         d3:05:a9:a4:9f:a3:eb:f8:26:17:5b:b5:00:03:7e:d9:7f:95:
         99:dd:bc:8e:df:f3:f5:c1:fe:ca:e2:2f:c7:27:18:f2:86:00:
         85:75:c7:4e:c5:5a:03:3b:bd:dd:b6:f8:42:d2:66:be:02:69:
         56:fc:ce:4d:7b:8c:07:fd:eb:c7:55:e7:5f:57:60:8d:03:bc:
         fe:da:c1:17
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZAH2vVXLLvcl159kybhk9HbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMzBmMmY2NzJmYjU0YmE0OTc3YzZlMWE2YmEyNzEzMWMy
MzFmZjIwHhcNMjQwNjExMTUxMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWYwMDgwZmQ0NzdmNjJkNzA0NjJjZGUwZDBhZjJjMjczYzhmNmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlM6on7mFDXUoPYpL68kXhri9ObVr
g5Qr/V1AJZ78NegcOsSVothH2vpjZCVsFhIM2MZaJVzBs0LveiEcYPk5ZIKWns10
vXUOt3gMqlnHV5blCt+3/Kww/pTdNcCI9W1EX7dqMHdCQG0RIPSbMIdMjyj+uqbq
ztD/xl9e9mm3uDF6e0IuvBMKhuC21+HifGEeBGruvvwjCwBzigB9xdFr5Dr/F4tu
nKF9llgPabCvWH0/CdFU7t8njJdRtjSu+CrhZ2o+37tXh9/VlCyenxLUClWY89uW
f3KW0R7LW8G5hZNrRroS2I47LHVTJr19NbrpTRjQTRahlXQf2uPAgHPTWQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFLrwCA/Ud/YtcEYs3g0K8sJzyPbTMB8GA1UdIwQY
MBaAFPow8vZy+1S6SXfG4aa6JxMcIx/yMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1qRHk5bkw3VkxwSmQ4Ymhwcm9uRXh3akhfSS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjEvMTk2OGQwLWZhZjEtNGUzNy1hYzg4
LWQ0MDRiNDgwYzU2Ny8xL3V2QUlEOVIzOWkxd1JpemVEUXJ5d25QSTl0TS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjEvMTk2OGQwLWZhZjEtNGUzNy1hYzg4LWQ0MDRiNDgwYzU2
Ny8xLzEtakR5OW5MN1ZMcEpkOGJocHJvbkV4d2pIX0kuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQZ8
LBwwDQYJKoZIhvcNAQELBQADggEBAAZKNpnIFZ8J0PFBTEp4QW4HZ1iWGrdGD19M
jnlnumpMbnBuqJeg+Lfv8PuLCLxU5Jn57t84lx4BHCr79i9uMY+O3aecQ2BYn4Da
96+MSYSCdIQdeMyfQy1Dih2Fax2UA/w+qd88X/W9qbBz/8RCfD3ta9Z1RmvOOMwB
v3LuDYQCbFLybZsAlXITGfcS/srXr6voz4Mag4dnGKyWkqsoaUsF94vHz9b1qC62
cqiKsNNpTnbgDdMFqaSfo+v4JhdbtQADftl/lZndvI7f8/XB/sriL8cnGPKGAIV1
x07FWgM7vd22+ELSZr4CaVb8zk17jAf968dV519XYI0DvP7awRc=
-----END CERTIFICATE-----