Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/ggPwk8LfPP6nN88mJrj6tRZAul8.roa
File:                     ggPwk8LfPP6nN88mJrj6tRZAul8.roa (raw, json)
Hash identifier:          AxVmlOce7azlxfdG+/ZZQi9BMCg4g4YvdGpdEeGf9S8=
Subject key identifier:   82:03:F0:93:C2:DF:3C:FE:A7:37:CF:26:26:B8:FA:B5:16:40:BA:5F
Certificate issuer:       /CN=7ce9782325d3054cb6956ad22704530de92a0f05
Certificate serial:       018DE5055533DBE76DD60EE0C23987ECCD04
Authority key identifier: 7C:E9:78:23:25:D3:05:4C:B6:95:6A:D2:27:04:53:0D:E9:2A:0F:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fOl4IyXTBUy2lWrSJwRTDekqDwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/ggPwk8LfPP6nN88mJrj6tRZAul8.roa
Signing time:             Mon 26 Feb 2024 10:45:48 +0000
ROA not before:           Mon 26 Feb 2024 10:45:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2001:67c:e0c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/fOl4IyXTBUy2lWrSJwRTDekqDwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/fOl4IyXTBUy2lWrSJwRTDekqDwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fOl4IyXTBUy2lWrSJwRTDekqDwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 16:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e5:05:55:33:db:e7:6d:d6:0e:e0:c2:39:87:ec:cd:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ce9782325d3054cb6956ad22704530de92a0f05
        Validity
            Not Before: Feb 26 10:45:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8203f093c2df3cfea737cf2626b8fab51640ba5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:7b:b9:e5:a0:03:60:97:e5:20:7c:96:af:34:
                    a3:56:f8:1c:eb:e3:d0:11:98:2e:07:72:61:97:6c:
                    33:df:8d:d3:1d:93:9c:6e:93:42:00:f7:a1:b3:5a:
                    2e:74:46:8f:40:1e:c2:ed:a2:4c:1b:81:0a:9b:70:
                    1f:2c:b4:09:16:35:7e:69:6a:99:16:cb:6d:5a:e6:
                    96:3b:e4:ea:88:80:96:ef:66:7e:21:30:65:3d:a6:
                    db:0f:af:a7:fe:83:c3:58:f8:b3:9b:1d:81:e4:77:
                    3d:37:ed:27:eb:c5:af:86:f0:22:25:e7:20:0d:1e:
                    68:02:a3:7b:1c:94:99:fd:d9:06:10:c2:fa:2d:3a:
                    73:fe:57:02:17:11:ae:f9:c8:6b:d4:a9:b0:c1:8e:
                    9b:19:d5:87:1c:b2:e3:ce:aa:b9:f2:d2:3e:7e:f8:
                    93:fd:67:38:1a:6d:66:88:c1:e1:c1:73:d5:4a:07:
                    dd:9c:05:df:b5:d2:1a:0e:6b:18:0e:ff:2f:0a:6c:
                    89:7a:28:a9:b8:28:c0:7b:36:db:93:14:52:61:7b:
                    54:96:2f:9d:e1:24:11:4d:4d:93:70:a0:30:60:14:
                    8a:ab:f2:7d:de:59:b7:12:09:18:94:8a:e2:0f:e0:
                    37:81:01:64:8b:84:d3:7b:36:0c:4e:28:0c:d4:e7:
                    19:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:03:F0:93:C2:DF:3C:FE:A7:37:CF:26:26:B8:FA:B5:16:40:BA:5F
            X509v3 Authority Key Identifier:
                keyid:7C:E9:78:23:25:D3:05:4C:B6:95:6A:D2:27:04:53:0D:E9:2A:0F:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fOl4IyXTBUy2lWrSJwRTDekqDwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/ggPwk8LfPP6nN88mJrj6tRZAul8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/119402-b9bb-4374-bfea-988e770b015b/1/fOl4IyXTBUy2lWrSJwRTDekqDwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e0c::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:a1:05:41:51:76:81:b6:81:39:f2:bd:05:25:ea:c8:81:bb:
         5c:c9:7a:57:cc:9a:83:2b:7b:49:2a:55:c6:5a:1b:7e:19:9c:
         2d:4f:93:5d:3c:2d:86:3a:4c:16:71:c3:51:d7:9c:c4:9a:cf:
         20:4f:a4:82:11:a3:8b:0a:38:8e:0e:b5:87:ce:29:8c:f5:89:
         95:b2:72:af:96:38:ed:fb:26:05:54:bf:e1:96:7f:15:0a:3f:
         07:5e:98:5e:7c:ab:e5:e8:5a:a0:37:46:af:48:aa:29:a1:ed:
         1a:34:b0:41:37:6f:ea:58:c6:b1:d2:8b:e8:e8:6c:12:01:70:
         94:64:73:1d:0d:3c:fe:bb:d2:f7:bf:a7:e2:07:6b:8f:56:67:
         b7:34:fb:35:92:34:7c:7e:6e:ec:dd:04:e2:86:35:88:e0:98:
         60:1c:84:c6:7a:f0:5e:ad:51:55:86:c3:65:7f:08:94:cb:71:
         8d:97:27:b6:f0:da:dd:09:4d:f1:a4:ba:bc:77:af:9f:34:07:
         3a:48:cb:6e:85:50:e4:6f:d9:50:22:a7:fd:db:21:e1:fe:f5:
         f9:8b:79:7c:dd:04:2b:cf:ce:06:1f:5b:6c:03:f3:8c:4d:c0:
         74:4a:62:11:b8:6b:46:a7:0e:9c:54:38:85:09:ab:0d:ce:33:
         a1:95:12:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3lBVUz2+dt1g7gwjmH7M0EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZTk3ODIzMjVkMzA1NGNiNjk1NmFkMjI3MDQ1MzBkZTky
YTBmMDUwHhcNMjQwMjI2MTA0NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjAzZjA5M2MyZGYzY2ZlYTczN2NmMjYyNmI4ZmFiNTE2NDBiYTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHu55aADYJflIHyWrzSjVvgc6+PQ
EZguB3Jhl2wz343THZOcbpNCAPehs1oudEaPQB7C7aJMG4EKm3AfLLQJFjV+aWqZ
FsttWuaWO+TqiICW72Z+ITBlPabbD6+n/oPDWPizmx2B5Hc9N+0n68WvhvAiJecg
DR5oAqN7HJSZ/dkGEML6LTpz/lcCFxGu+chr1KmwwY6bGdWHHLLjzqq58tI+fviT
/Wc4Gm1miMHhwXPVSgfdnAXftdIaDmsYDv8vCmyJeiipuCjAezbbkxRSYXtUli+d
4SQRTU2TcKAwYBSKq/J93lm3EgkYlIriD+A3gQFki4TTezYMTigM1OcZGwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIID8JPC3zz+pzfPJia4+rUWQLpfMB8GA1UdIwQY
MBaAFHzpeCMl0wVMtpVq0icEUw3pKg8FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk9sNEl5WFRCVXkybFdyU0p3UlREZWtxRHdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8xMTk0MDItYjliYi00Mzc0LWJmZWEt
OTg4ZTc3MGIwMTViLzEvZ2dQd2s4TGZQUDZuTjg4bUpyajZ0UlpBdWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8xMTk0MDItYjliYi00Mzc0LWJmZWEtOTg4ZTc3MGIwMTVi
LzEvZk9sNEl5WFRCVXkybFdyU0p3UlREZWtxRHdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA4M
MA0GCSqGSIb3DQEBCwUAA4IBAQBcoQVBUXaBtoE58r0FJerIgbtcyXpXzJqDK3tJ
KlXGWht+GZwtT5NdPC2GOkwWccNR15zEms8gT6SCEaOLCjiODrWHzimM9YmVsnKv
ljjt+yYFVL/hln8VCj8HXphefKvl6FqgN0avSKopoe0aNLBBN2/qWMax0ovo6GwS
AXCUZHMdDTz+u9L3v6fiB2uPVme3NPs1kjR8fm7s3QTihjWI4JhgHITGevBerVFV
hsNlfwiUy3GNlye28NrdCU3xpLq8d6+fNAc6SMtuhVDkb9lQIqf92yHh/vX5i3l8
3QQrz84GH1tsA/OMTcB0SmIRuGtGpw6cVDiFCasNzjOhlRKH
-----END CERTIFICATE-----