Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/HQoBO9RjdKLwoeqksuokxbJaWSk.roa
File:                     HQoBO9RjdKLwoeqksuokxbJaWSk.roa (raw, json)
Hash identifier:          8W9rkB3Ok/L8J6IbT/biCZe+0F9+oEYB21b5LmVm4uc=
Subject key identifier:   1D:0A:01:3B:D4:63:74:A2:F0:A1:EA:A4:B2:EA:24:C5:B2:5A:59:29
Certificate issuer:       /CN=7ce9782325d3054cb6956ad22704530de92a0f05
Certificate serial:       018DE50556167209C1D22381B3FCB1244426
Authority key identifier: 7C:E9:78:23:25:D3:05:4C:B6:95:6A:D2:27:04:53:0D:E9:2A:0F:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fOl4IyXTBUy2lWrSJwRTDekqDwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/HQoBO9RjdKLwoeqksuokxbJaWSk.roa
Signing time:             Mon 26 Feb 2024 10:45:48 +0000
ROA not before:           Mon 26 Feb 2024 10:45:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2001:67c:e0c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/fOl4IyXTBUy2lWrSJwRTDekqDwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/fOl4IyXTBUy2lWrSJwRTDekqDwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fOl4IyXTBUy2lWrSJwRTDekqDwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e5:05:56:16:72:09:c1:d2:23:81:b3:fc:b1:24:44:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ce9782325d3054cb6956ad22704530de92a0f05
        Validity
            Not Before: Feb 26 10:45:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d0a013bd46374a2f0a1eaa4b2ea24c5b25a5929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c3:5c:2c:0a:29:fb:38:68:b7:37:5c:da:f1:
                    5e:60:a3:91:9d:98:8d:c6:23:2d:ca:5b:8c:6e:07:
                    6b:01:68:65:19:fa:8c:5a:11:a7:ad:17:d2:38:50:
                    4b:30:41:08:d3:c6:07:06:4d:f3:bc:b1:f3:83:17:
                    34:74:35:2f:33:50:30:39:46:59:f7:90:a4:ca:35:
                    e9:6d:27:3c:15:b5:d7:b6:41:6f:d8:20:d1:0f:25:
                    ef:ed:1a:eb:00:6c:ae:cb:12:bd:08:76:fb:a2:6e:
                    61:f7:e4:d2:aa:06:d1:f7:d0:31:e9:ce:e0:07:85:
                    8c:8b:ef:94:53:4d:a0:29:ff:d8:7c:01:8e:f8:0b:
                    c3:c7:a6:71:bf:33:89:c3:49:9e:d3:11:0c:e6:bb:
                    3c:f6:f2:e9:f9:dd:6c:0f:35:41:f2:2f:89:44:4c:
                    a3:18:72:8d:d8:80:c9:7c:e8:83:22:23:be:7f:c8:
                    db:16:e9:08:91:32:8f:fb:50:35:eb:f9:4f:a6:a5:
                    e4:e6:58:a3:66:91:5d:50:97:77:0f:6b:5e:0b:96:
                    a0:f1:af:62:e5:e4:45:9c:28:6f:83:a5:92:82:54:
                    e2:83:db:c1:58:f0:ef:3b:94:75:44:e7:77:b1:e0:
                    51:39:f6:09:69:6b:3e:db:d3:a3:3a:22:b6:b6:54:
                    46:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:0A:01:3B:D4:63:74:A2:F0:A1:EA:A4:B2:EA:24:C5:B2:5A:59:29
            X509v3 Authority Key Identifier:
                keyid:7C:E9:78:23:25:D3:05:4C:B6:95:6A:D2:27:04:53:0D:E9:2A:0F:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fOl4IyXTBUy2lWrSJwRTDekqDwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/HQoBO9RjdKLwoeqksuokxbJaWSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/fOl4IyXTBUy2lWrSJwRTDekqDwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e0c::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:b8:3d:6c:bb:4d:d2:77:df:6c:85:4d:24:de:ac:f2:7e:89:
         fc:fd:cd:7b:17:2d:ab:c5:e7:97:e7:78:7f:bb:b2:17:c4:c7:
         1b:13:e7:75:de:f9:da:e9:3e:e2:e7:16:c8:c6:5b:ca:09:36:
         6d:6a:57:18:ce:5f:b9:11:ea:d7:c2:f6:08:ad:fe:6c:e5:b5:
         03:62:61:c3:ee:c9:53:21:70:ad:cb:70:f1:7c:e9:76:5a:ce:
         8e:cf:0a:10:f7:48:93:d3:a1:fb:2c:d7:de:8b:e1:47:f5:7f:
         8a:1f:ff:85:45:7f:04:c1:de:58:a4:73:9a:df:27:51:72:0e:
         9f:f6:b2:ea:1e:71:16:5a:f2:df:27:2c:6d:ce:6a:28:c7:ca:
         1a:a1:bb:0b:d4:82:68:57:64:c6:da:f5:53:34:fd:80:a2:d6:
         7d:0f:04:18:5c:ea:f6:1f:c0:ee:2d:95:30:39:c0:9d:53:a7:
         3a:dc:a2:4a:a2:81:4d:3f:e6:8b:4c:df:e6:fe:08:56:d7:ef:
         df:f4:3f:7f:3d:93:f6:4e:16:5e:bd:70:61:14:fd:96:62:81:
         a4:1f:a5:c8:d5:c1:f4:25:47:b5:7c:49:c5:ac:78:0e:54:e9:
         df:63:68:b0:95:cb:ab:54:81:23:2a:4a:25:01:c1:68:d6:50:
         23:09:11:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3lBVYWcgnB0iOBs/yxJEQmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZTk3ODIzMjVkMzA1NGNiNjk1NmFkMjI3MDQ1MzBkZTky
YTBmMDUwHhcNMjQwMjI2MTA0NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDBhMDEzYmQ0NjM3NGEyZjBhMWVhYTRiMmVhMjRjNWIyNWE1OTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MNcLAop+zhotzdc2vFeYKORnZiN
xiMtyluMbgdrAWhlGfqMWhGnrRfSOFBLMEEI08YHBk3zvLHzgxc0dDUvM1AwOUZZ
95CkyjXpbSc8FbXXtkFv2CDRDyXv7RrrAGyuyxK9CHb7om5h9+TSqgbR99Ax6c7g
B4WMi++UU02gKf/YfAGO+AvDx6ZxvzOJw0me0xEM5rs89vLp+d1sDzVB8i+JREyj
GHKN2IDJfOiDIiO+f8jbFukIkTKP+1A16/lPpqXk5lijZpFdUJd3D2teC5ag8a9i
5eRFnChvg6WSglTig9vBWPDvO5R1ROd3seBROfYJaWs+29OjOiK2tlRGBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB0KATvUY3Si8KHqpLLqJMWyWlkpMB8GA1UdIwQY
MBaAFHzpeCMl0wVMtpVq0icEUw3pKg8FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk9sNEl5WFRCVXkybFdyU0p3UlREZWtxRHdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8xMTk0MDItYjliYi00Mzc0LWJmZWEt
OTg4ZTc3MGIwMTViLzEvSFFvQk85UmpkS0x3b2Vxa3N1b2t4YkphV1NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8xMTk0MDItYjliYi00Mzc0LWJmZWEtOTg4ZTc3MGIwMTVi
LzEvZk9sNEl5WFRCVXkybFdyU0p3UlREZWtxRHdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA4M
MA0GCSqGSIb3DQEBCwUAA4IBAQA5uD1su03Sd99shU0k3qzyfon8/c17Fy2rxeeX
53h/u7IXxMcbE+d13vna6T7i5xbIxlvKCTZtalcYzl+5EerXwvYIrf5s5bUDYmHD
7slTIXCty3DxfOl2Ws6OzwoQ90iT06H7LNfei+FH9X+KH/+FRX8Ewd5YpHOa3ydR
cg6f9rLqHnEWWvLfJyxtzmoox8oaobsL1IJoV2TG2vVTNP2AotZ9DwQYXOr2H8Du
LZUwOcCdU6c63KJKooFNP+aLTN/m/ghW1+/f9D9/PZP2ThZevXBhFP2WYoGkH6XI
1cH0JUe1fEnFrHgOVOnfY2iwlcurVIEjKkolAcFo1lAjCRGl
-----END CERTIFICATE-----