Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/3e77dc-4868-41d4-90c4-2ac8bcd83550/1/9wehV55L7c0ZvOGlKeTivEmFjT8.roa
File:                     9wehV55L7c0ZvOGlKeTivEmFjT8.roa (raw, json)
Hash identifier:          PNJU1QpE9RBzykPK8KKyaysZVBzslCbdx2rkpfvujT8=
Subject key identifier:   F7:07:A1:57:9E:4B:ED:CD:19:BC:E1:A5:29:E4:E2:BC:49:85:8D:3F
Certificate issuer:       /CN=32967a7747365c819de6076f7f5aa0ba3c9e598a
Certificate serial:       018CC424D007052F7638F66BD5FDDE9947F1
Authority key identifier: 32:96:7A:77:47:36:5C:81:9D:E6:07:6F:7F:5A:A0:BA:3C:9E:59:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MpZ6d0c2XIGd5gdvf1qgujyeWYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/3e77dc-4868-41d4-90c4-2ac8bcd83550/1/9wehV55L7c0ZvOGlKeTivEmFjT8.roa
Signing time:             Mon 01 Jan 2024 08:29:56 +0000
ROA not before:           Mon 01 Jan 2024 08:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41709
IP address blocks:        2001:67c:26f8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/3e77dc-4868-41d4-90c4-2ac8bcd83550/1/MpZ6d0c2XIGd5gdvf1qgujyeWYo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/3e77dc-4868-41d4-90c4-2ac8bcd83550/1/MpZ6d0c2XIGd5gdvf1qgujyeWYo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MpZ6d0c2XIGd5gdvf1qgujyeWYo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:d0:07:05:2f:76:38:f6:6b:d5:fd:de:99:47:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32967a7747365c819de6076f7f5aa0ba3c9e598a
        Validity
            Not Before: Jan  1 08:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f707a1579e4bedcd19bce1a529e4e2bc49858d3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:6a:d6:5f:5b:22:c6:62:0c:e0:96:7e:23:1d:
                    4c:79:80:40:0d:bf:78:2b:55:cd:d1:1e:97:e8:6d:
                    ce:93:93:03:8c:64:a7:9b:e5:d5:3c:00:74:c1:d9:
                    7a:94:ee:c7:33:40:cb:72:d5:3c:b6:e4:7d:ed:fb:
                    ab:d3:49:b3:af:38:ee:9a:01:00:21:fd:c2:e9:0e:
                    1d:90:76:04:f9:dd:db:b3:79:7a:a2:f4:87:d1:1e:
                    8a:ae:33:3c:96:f6:5d:03:51:f5:5e:b0:fe:b2:57:
                    ca:9d:e6:f2:24:48:97:63:4d:d5:e5:4d:5c:1c:c1:
                    89:74:d9:13:d6:19:13:89:14:d7:21:70:29:61:bf:
                    e3:91:53:9f:e8:a4:56:52:0a:57:f2:f0:81:78:17:
                    39:56:6d:17:bb:df:7b:5f:8b:09:be:66:db:53:4f:
                    2c:0f:34:e3:99:9e:ae:ca:e1:ad:81:63:17:51:19:
                    d1:1c:d6:65:11:e0:9f:eb:cc:c4:b3:d5:2b:ce:c6:
                    cf:fc:66:f2:c9:aa:57:b7:de:92:04:f4:8b:a2:2c:
                    b4:21:d6:9b:19:b2:de:ec:27:89:1f:3b:d6:7e:64:
                    89:2d:47:11:52:84:eb:b9:7f:0b:55:15:7c:df:9f:
                    7b:f5:f3:81:79:0c:cd:66:eb:c2:69:a6:6c:a7:c4:
                    a1:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:07:A1:57:9E:4B:ED:CD:19:BC:E1:A5:29:E4:E2:BC:49:85:8D:3F
            X509v3 Authority Key Identifier:
                keyid:32:96:7A:77:47:36:5C:81:9D:E6:07:6F:7F:5A:A0:BA:3C:9E:59:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MpZ6d0c2XIGd5gdvf1qgujyeWYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/3e77dc-4868-41d4-90c4-2ac8bcd83550/1/9wehV55L7c0ZvOGlKeTivEmFjT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/3e77dc-4868-41d4-90c4-2ac8bcd83550/1/MpZ6d0c2XIGd5gdvf1qgujyeWYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:26f8::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:90:a1:14:be:f6:72:9c:2c:3c:d1:52:7f:08:d2:ed:da:9f:
         e4:eb:9f:2a:b7:83:54:38:fc:a9:0d:83:bc:f7:fc:ac:10:bc:
         5a:be:af:8a:42:01:c4:62:88:b5:7d:62:f6:9f:8f:c4:44:24:
         19:fe:4f:10:c0:85:2d:ac:39:7c:84:57:d7:46:2d:08:22:8f:
         0b:8e:90:23:c2:12:19:ee:52:bd:50:f7:1c:2a:5d:cd:48:50:
         41:a1:f2:e4:b2:06:e4:bc:b3:d1:f4:01:0f:4e:d6:93:97:81:
         f1:ba:02:d7:53:b4:75:72:60:9a:b7:ac:4e:36:43:c8:9e:9b:
         9d:41:63:8b:04:96:c6:9e:5e:e4:1c:78:0d:83:49:85:65:03:
         44:48:3b:fd:66:3a:e6:3c:5f:20:ed:2b:82:71:59:a7:db:c8:
         6a:45:f6:16:b7:61:60:7e:87:0c:ed:e2:33:37:a0:3d:d3:fe:
         fe:13:59:fa:d9:81:48:e8:ac:9c:80:29:47:af:45:36:20:47:
         67:68:92:23:fe:5f:a0:2e:16:49:45:3d:f4:1e:b4:c9:e1:55:
         9b:7a:65:25:2d:0e:70:6b:75:37:0e:fa:92:28:f5:7c:e5:c0:
         5e:03:b7:2b:3b:10:0c:e3:1e:06:d2:22:51:5f:4c:90:4b:b9:
         4e:9b:60:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJNAHBS92OPZr1f3emUfxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyOTY3YTc3NDczNjVjODE5ZGU2MDc2ZjdmNWFhMGJhM2M5
ZTU5OGEwHhcNMjQwMTAxMDgyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzA3YTE1NzllNGJlZGNkMTliY2UxYTUyOWU0ZTJiYzQ5ODU4ZDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgGrWX1sixmIM4JZ+Ix1MeYBADb94
K1XN0R6X6G3Ok5MDjGSnm+XVPAB0wdl6lO7HM0DLctU8tuR97fur00mzrzjumgEA
If3C6Q4dkHYE+d3bs3l6ovSH0R6KrjM8lvZdA1H1XrD+slfKnebyJEiXY03V5U1c
HMGJdNkT1hkTiRTXIXApYb/jkVOf6KRWUgpX8vCBeBc5Vm0Xu997X4sJvmbbU08s
DzTjmZ6uyuGtgWMXURnRHNZlEeCf68zEs9UrzsbP/GbyyapXt96SBPSLoiy0Idab
GbLe7CeJHzvWfmSJLUcRUoTruX8LVRV835979fOBeQzNZuvCaaZsp8ShhQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPcHoVeeS+3NGbzhpSnk4rxJhY0/MB8GA1UdIwQY
MBaAFDKWendHNlyBneYHb39aoLo8nlmKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXBaNmQwYzJYSUdkNWdkdmYxcWd1anllV1lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8zZTc3ZGMtNDg2OC00MWQ0LTkwYzQt
MmFjOGJjZDgzNTUwLzEvOXdlaFY1NUw3YzBadk9HbEtlVGl2RW1GalQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8zZTc3ZGMtNDg2OC00MWQ0LTkwYzQtMmFjOGJjZDgzNTUw
LzEvTXBaNmQwYzJYSUdkNWdkdmYxcWd1anllV1lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCb4
MA0GCSqGSIb3DQEBCwUAA4IBAQAqkKEUvvZynCw80VJ/CNLt2p/k658qt4NUOPyp
DYO89/ysELxavq+KQgHEYoi1fWL2n4/ERCQZ/k8QwIUtrDl8hFfXRi0IIo8LjpAj
whIZ7lK9UPccKl3NSFBBofLksgbkvLPR9AEPTtaTl4HxugLXU7R1cmCat6xONkPI
npudQWOLBJbGnl7kHHgNg0mFZQNESDv9ZjrmPF8g7SuCcVmn28hqRfYWt2FgfocM
7eIzN6A90/7+E1n62YFI6KycgClHr0U2IEdnaJIj/l+gLhZJRT30HrTJ4VWbemUl
LQ5wa3U3DvqSKPV85cBeA7crOxAM4x4G0iJRX0yQS7lOm2CK
-----END CERTIFICATE-----