Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/4af7c1-50cb-479d-a377-007b447d4b39/1/uwPmYuxpZGrCkZLA-E_q7Wd8hdo.roa
File:                     uwPmYuxpZGrCkZLA-E_q7Wd8hdo.roa (raw, json)
Hash identifier:          klumXsTbX7TzbrkQJYz0yawpDrEvYg72QqCsEdWUc60=
Subject key identifier:   BB:03:E6:62:EC:69:64:6A:C2:91:92:C0:F8:4F:EA:ED:67:7C:85:DA
Certificate issuer:       /CN=c18de4f2af8c7050e6e70e08a152573edd42e678
Certificate serial:       018CC7954A168FFC5D3DF10C3F80CE7AFB8B
Authority key identifier: C1:8D:E4:F2:AF:8C:70:50:E6:E7:0E:08:A1:52:57:3E:DD:42:E6:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wY3k8q-McFDm5w4IoVJXPt1C5ng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/4af7c1-50cb-479d-a377-007b447d4b39/1/uwPmYuxpZGrCkZLA-E_q7Wd8hdo.roa
Signing time:             Tue 02 Jan 2024 00:31:38 +0000
ROA not before:           Tue 02 Jan 2024 00:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205740
IP address blocks:        2001:67c:c18::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/4af7c1-50cb-479d-a377-007b447d4b39/1/wY3k8q-McFDm5w4IoVJXPt1C5ng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/4af7c1-50cb-479d-a377-007b447d4b39/1/wY3k8q-McFDm5w4IoVJXPt1C5ng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wY3k8q-McFDm5w4IoVJXPt1C5ng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:4a:16:8f:fc:5d:3d:f1:0c:3f:80:ce:7a:fb:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c18de4f2af8c7050e6e70e08a152573edd42e678
        Validity
            Not Before: Jan  2 00:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb03e662ec69646ac29192c0f84feaed677c85da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ad:f9:6f:02:81:e1:57:a9:67:f0:40:f8:0f:
                    ef:41:d5:3a:e4:80:b4:ed:56:48:01:62:dc:97:a1:
                    3e:6c:09:94:75:52:2e:7d:71:b4:76:39:9d:29:1e:
                    1a:57:92:56:b8:c9:dd:91:27:5f:fb:5a:ed:74:b9:
                    0c:1f:20:47:cd:84:d3:e2:a3:9f:2d:66:ca:62:b2:
                    df:4a:cb:cc:1d:da:93:ed:1b:67:4f:b2:1d:fb:19:
                    10:b7:37:81:63:75:9b:c4:ce:9c:6d:53:dc:f2:56:
                    76:49:34:80:bf:1d:09:c5:67:56:be:9f:7d:81:56:
                    a2:ed:4c:9a:4c:df:61:9b:e2:e0:57:a1:e1:01:fa:
                    ec:9c:69:8f:9c:d6:e0:74:45:4f:b1:66:82:e0:db:
                    3b:ca:1b:8b:bd:a6:80:7b:a6:0f:0a:4f:ca:c6:c0:
                    ba:94:01:b4:3e:19:f4:1d:ea:85:c5:ea:4f:c0:f2:
                    7d:35:7c:9e:16:47:1a:a7:0e:bd:6a:00:81:93:a7:
                    8a:b4:7d:58:49:a5:00:f0:14:6e:c7:62:5c:07:30:
                    53:aa:80:1e:16:6c:df:b9:89:2f:1f:92:88:3c:b1:
                    e6:98:3a:ab:fe:fb:dc:0f:c7:c7:2d:28:50:16:f3:
                    db:02:d8:81:cf:7d:9e:c3:3e:a7:34:b4:4b:f8:4c:
                    86:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:03:E6:62:EC:69:64:6A:C2:91:92:C0:F8:4F:EA:ED:67:7C:85:DA
            X509v3 Authority Key Identifier:
                keyid:C1:8D:E4:F2:AF:8C:70:50:E6:E7:0E:08:A1:52:57:3E:DD:42:E6:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wY3k8q-McFDm5w4IoVJXPt1C5ng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/4af7c1-50cb-479d-a377-007b447d4b39/1/uwPmYuxpZGrCkZLA-E_q7Wd8hdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/4af7c1-50cb-479d-a377-007b447d4b39/1/wY3k8q-McFDm5w4IoVJXPt1C5ng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c18::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:57:56:4c:6c:8a:07:a2:39:8f:68:4f:f6:26:ec:5b:0a:8e:
         6b:7a:ed:de:7e:8b:50:a9:9b:f1:75:6b:c3:b9:4a:18:fe:dc:
         7e:f1:4e:7d:8c:02:0d:b3:b4:63:47:9d:59:19:7b:78:f3:1a:
         23:0d:56:53:41:df:8c:e7:15:83:0e:ab:03:49:e2:dc:2c:e7:
         b0:86:ae:d2:ea:f2:dd:6c:8e:f8:97:6d:11:c9:cc:2d:48:93:
         38:05:1f:50:94:67:c2:47:ad:c0:c5:62:d6:6c:83:17:66:08:
         06:0c:4c:a8:61:1b:ee:25:68:5c:7c:08:da:32:d7:19:ba:8b:
         dd:f9:6c:36:e9:a5:48:27:7d:0d:ec:52:8e:b1:75:34:d5:c8:
         f1:c7:59:65:86:42:4e:0d:1f:32:b5:3f:00:bc:08:94:79:bd:
         c7:78:92:2f:a4:16:8f:52:ca:ad:64:79:75:04:02:c5:ac:86:
         12:79:fe:fc:2e:0b:90:d5:65:04:18:d3:50:d0:bc:52:55:cf:
         02:f0:b0:44:aa:80:12:41:ef:b0:b3:18:ed:51:69:c0:44:dc:
         5f:47:f3:96:65:ea:e1:17:8e:d7:9d:76:a5:5c:1b:5c:40:b9:
         fb:40:d8:ef:09:84:de:d2:e2:73:ac:d2:b3:79:de:e1:d5:a9:
         53:a2:5f:3a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlUoWj/xdPfEMP4DOevuLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxOGRlNGYyYWY4YzcwNTBlNmU3MGUwOGExNTI1NzNlZGQ0
MmU2NzgwHhcNMjQwMTAyMDAzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjAzZTY2MmVjNjk2NDZhYzI5MTkyYzBmODRmZWFlZDY3N2M4NWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoK35bwKB4VepZ/BA+A/vQdU65IC0
7VZIAWLcl6E+bAmUdVIufXG0djmdKR4aV5JWuMndkSdf+1rtdLkMHyBHzYTT4qOf
LWbKYrLfSsvMHdqT7RtnT7Id+xkQtzeBY3WbxM6cbVPc8lZ2STSAvx0JxWdWvp99
gVai7UyaTN9hm+LgV6HhAfrsnGmPnNbgdEVPsWaC4Ns7yhuLvaaAe6YPCk/KxsC6
lAG0Phn0HeqFxepPwPJ9NXyeFkcapw69agCBk6eKtH1YSaUA8BRux2JcBzBTqoAe
FmzfuYkvH5KIPLHmmDqr/vvcD8fHLShQFvPbAtiBz32ewz6nNLRL+EyGqQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLsD5mLsaWRqwpGSwPhP6u1nfIXaMB8GA1UdIwQY
MBaAFMGN5PKvjHBQ5ucOCKFSVz7dQuZ4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1kzazhxLU1jRkRtNXc0SW9WSlhQdDFDNW5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni80YWY3YzEtNTBjYi00NzlkLWEzNzct
MDA3YjQ0N2Q0YjM5LzEvdXdQbVl1eHBaR3JDa1pMQS1FX3E3V2Q4aGRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni80YWY3YzEtNTBjYi00NzlkLWEzNzctMDA3YjQ0N2Q0YjM5
LzEvd1kzazhxLU1jRkRtNXc0SW9WSlhQdDFDNW5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAwY
MA0GCSqGSIb3DQEBCwUAA4IBAQAQV1ZMbIoHojmPaE/2JuxbCo5reu3efotQqZvx
dWvDuUoY/tx+8U59jAINs7RjR51ZGXt48xojDVZTQd+M5xWDDqsDSeLcLOewhq7S
6vLdbI74l20RycwtSJM4BR9QlGfCR63AxWLWbIMXZggGDEyoYRvuJWhcfAjaMtcZ
uovd+Ww26aVIJ30N7FKOsXU01cjxx1llhkJODR8ytT8AvAiUeb3HeJIvpBaPUsqt
ZHl1BALFrIYSef78LguQ1WUEGNNQ0LxSVc8C8LBEqoASQe+wsxjtUWnARNxfR/OW
ZerhF47XnXalXBtcQLn7QNjvCYTe0uJzrNKzed7h1alTol86
-----END CERTIFICATE-----