Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/e8e053-ea10-4285-adaa-b495eccb09c4/1/fn8eM38zEfQKFtywutr_UMtkheg.roa
File:                     fn8eM38zEfQKFtywutr_UMtkheg.roa (raw, json)
Hash identifier:          Yso4cs+3Wxy4J3JzCZCR67rnIESeDuxo5q6r0lDbow4=
Subject key identifier:   7E:7F:1E:33:7F:33:11:F4:0A:16:DC:B0:BA:DA:FF:50:CB:64:85:E8
Certificate issuer:       /CN=eef8e980ce1eeb32748d94b1d0cd42489f91f6e9
Certificate serial:       018CC2DB257B7EB204F18CCE2E96BFFC2082
Authority key identifier: EE:F8:E9:80:CE:1E:EB:32:74:8D:94:B1:D0:CD:42:48:9F:91:F6:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7vjpgM4e6zJ0jZSx0M1CSJ-R9uk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/e8e053-ea10-4285-adaa-b495eccb09c4/1/fn8eM38zEfQKFtywutr_UMtkheg.roa
Signing time:             Mon 01 Jan 2024 02:29:51 +0000
ROA not before:           Mon 01 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210564
IP address blocks:        2001:67c:20fc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/e8e053-ea10-4285-adaa-b495eccb09c4/1/7vjpgM4e6zJ0jZSx0M1CSJ-R9uk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/e8e053-ea10-4285-adaa-b495eccb09c4/1/7vjpgM4e6zJ0jZSx0M1CSJ-R9uk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7vjpgM4e6zJ0jZSx0M1CSJ-R9uk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:25:7b:7e:b2:04:f1:8c:ce:2e:96:bf:fc:20:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eef8e980ce1eeb32748d94b1d0cd42489f91f6e9
        Validity
            Not Before: Jan  1 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e7f1e337f3311f40a16dcb0badaff50cb6485e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1e:6e:f1:26:00:8b:84:dd:f0:b2:33:e1:d9:
                    36:81:79:7f:e5:bb:4e:1c:31:04:61:a8:93:0f:56:
                    63:a9:8a:2d:df:d1:4e:eb:88:54:96:72:f5:2b:96:
                    66:5d:85:7e:2f:60:ed:78:0e:79:a5:d8:be:43:47:
                    a5:42:5c:64:20:55:c6:90:f7:63:0c:30:32:e4:48:
                    da:58:d1:91:50:0c:0f:c5:eb:a0:cf:72:31:11:dd:
                    12:37:30:52:1b:f0:d9:56:7e:b0:4d:ba:01:54:c4:
                    24:c9:bf:af:19:6f:ae:10:82:2c:57:2e:4f:12:4f:
                    01:7f:f0:4f:eb:ae:6f:ef:1e:b7:07:88:2c:44:4e:
                    f7:82:04:6e:47:13:24:b0:b7:1c:c2:9e:41:00:58:
                    11:31:e8:f6:99:89:e5:1d:43:83:67:95:50:a9:ba:
                    92:30:1d:76:8a:6a:2d:f3:d7:e8:89:ad:23:df:b3:
                    28:a7:7c:bc:ea:07:f0:05:fd:de:84:dd:5b:38:3b:
                    8d:ef:b3:90:30:88:e3:6c:61:56:31:8e:5b:7f:ab:
                    55:93:74:c0:e2:ef:c0:c5:8a:f9:71:31:e8:99:9e:
                    69:78:10:fe:4e:47:c0:a8:e4:2b:46:bf:82:45:bf:
                    d8:01:f9:86:37:cb:b3:a0:6f:aa:ec:f1:e6:19:36:
                    72:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:7F:1E:33:7F:33:11:F4:0A:16:DC:B0:BA:DA:FF:50:CB:64:85:E8
            X509v3 Authority Key Identifier:
                keyid:EE:F8:E9:80:CE:1E:EB:32:74:8D:94:B1:D0:CD:42:48:9F:91:F6:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7vjpgM4e6zJ0jZSx0M1CSJ-R9uk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/e8e053-ea10-4285-adaa-b495eccb09c4/1/fn8eM38zEfQKFtywutr_UMtkheg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/e8e053-ea10-4285-adaa-b495eccb09c4/1/7vjpgM4e6zJ0jZSx0M1CSJ-R9uk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:20fc::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:78:ba:06:f1:c4:be:54:b9:78:f2:66:f5:f9:ad:b2:05:ea:
         e9:01:86:9b:7e:71:bc:d7:ee:49:3c:3d:d3:68:c1:95:47:cc:
         24:aa:02:e8:c1:8f:2e:76:e9:9f:c9:bc:c7:c1:d5:ee:be:ac:
         fb:25:f4:73:8e:d5:9b:79:e2:bf:03:00:7b:27:09:87:e1:0b:
         d7:b0:63:dc:6f:02:5b:5f:59:66:ff:f3:40:39:85:05:91:94:
         78:99:59:b6:60:35:cf:06:c7:64:3f:6e:85:0f:6b:12:fd:78:
         d3:a9:d4:a3:b3:65:d7:f9:bd:23:5f:ca:fe:ef:d7:a7:18:db:
         8c:aa:4d:d1:af:3f:d9:49:b8:6f:5e:d8:8a:65:ed:14:7f:b2:
         aa:c4:b0:98:5a:23:f7:c2:03:34:ea:fb:2a:fc:6a:00:35:10:
         83:a0:5f:66:13:f4:e6:a4:06:91:c6:38:35:07:c0:46:45:49:
         70:d8:bd:b4:3b:cc:65:d5:67:e2:45:a5:dc:f2:ad:bf:a2:bd:
         ef:56:08:af:4f:f8:8e:1a:5b:b4:25:e4:0d:d3:d0:af:92:f4:
         a3:72:17:aa:65:cb:ca:45:98:d5:52:7b:30:31:a2:67:9b:c1:
         fa:fb:01:ed:1d:d5:8d:29:fe:3f:d5:2c:65:5b:88:f1:13:46:
         1c:08:a6:16
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2yV7frIE8YzOLpa//CCCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZjhlOTgwY2UxZWViMzI3NDhkOTRiMWQwY2Q0MjQ4OWY5
MWY2ZTkwHhcNMjQwMTAxMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTdmMWUzMzdmMzMxMWY0MGExNmRjYjBiYWRhZmY1MGNiNjQ4NWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxR5u8SYAi4Td8LIz4dk2gXl/5btO
HDEEYaiTD1ZjqYot39FO64hUlnL1K5ZmXYV+L2DteA55pdi+Q0elQlxkIFXGkPdj
DDAy5EjaWNGRUAwPxeugz3IxEd0SNzBSG/DZVn6wTboBVMQkyb+vGW+uEIIsVy5P
Ek8Bf/BP665v7x63B4gsRE73ggRuRxMksLccwp5BAFgRMej2mYnlHUODZ5VQqbqS
MB12imot89foia0j37Mop3y86gfwBf3ehN1bODuN77OQMIjjbGFWMY5bf6tVk3TA
4u/AxYr5cTHomZ5peBD+TkfAqOQrRr+CRb/YAfmGN8uzoG+q7PHmGTZyxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH5/HjN/MxH0ChbcsLra/1DLZIXoMB8GA1UdIwQY
MBaAFO746YDOHusydI2UsdDNQkifkfbpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3ZqcGdNNGU2ekowalpTeDBNMUNTSi1SOXVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9lOGUwNTMtZWExMC00Mjg1LWFkYWEt
YjQ5NWVjY2IwOWM0LzEvZm44ZU0zOHpFZlFLRnR5d3V0cl9VTXRraGVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9lOGUwNTMtZWExMC00Mjg1LWFkYWEtYjQ5NWVjY2IwOWM0
LzEvN3ZqcGdNNGU2ekowalpTeDBNMUNTSi1SOXVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCD8
MA0GCSqGSIb3DQEBCwUAA4IBAQBFeLoG8cS+VLl48mb1+a2yBerpAYabfnG81+5J
PD3TaMGVR8wkqgLowY8udumfybzHwdXuvqz7JfRzjtWbeeK/AwB7JwmH4QvXsGPc
bwJbX1lm//NAOYUFkZR4mVm2YDXPBsdkP26FD2sS/XjTqdSjs2XX+b0jX8r+79en
GNuMqk3Rrz/ZSbhvXtiKZe0Uf7KqxLCYWiP3wgM06vsq/GoANRCDoF9mE/TmpAaR
xjg1B8BGRUlw2L20O8xl1WfiRaXc8q2/or3vVgivT/iOGlu0JeQN09CvkvSjcheq
ZcvKRZjVUnswMaJnm8H6+wHtHdWNKf4/1SxlW4jxE0YcCKYW
-----END CERTIFICATE-----