Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/914977-f887-4a00-9f0a-79edfd2a20f6/1/fc52d5jBzhZbzPE3hRuYm4CxQB8.roa
File:                     fc52d5jBzhZbzPE3hRuYm4CxQB8.roa (raw, json)
Hash identifier:          U46HNomDG9Gp4VhPhw4v5lonamsVzSmLstJQ5RBeBz4=
Subject key identifier:   7D:CE:76:77:98:C1:CE:16:5B:CC:F1:37:85:1B:98:9B:80:B1:40:1F
Certificate issuer:       /CN=8c98a66678ee932176a4a9ddd4153cfd4c4b0746
Certificate serial:       018CC64B0781E816C2681030668B425065EE
Authority key identifier: 8C:98:A6:66:78:EE:93:21:76:A4:A9:DD:D4:15:3C:FD:4C:4B:07:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jJimZnjukyF2pKnd1BU8_UxLB0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/914977-f887-4a00-9f0a-79edfd2a20f6/1/fc52d5jBzhZbzPE3hRuYm4CxQB8.roa
Signing time:             Mon 01 Jan 2024 18:30:54 +0000
ROA not before:           Mon 01 Jan 2024 18:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48925
IP address blocks:        2001:67c:be8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/914977-f887-4a00-9f0a-79edfd2a20f6/1/jJimZnjukyF2pKnd1BU8_UxLB0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/914977-f887-4a00-9f0a-79edfd2a20f6/1/jJimZnjukyF2pKnd1BU8_UxLB0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jJimZnjukyF2pKnd1BU8_UxLB0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:07:81:e8:16:c2:68:10:30:66:8b:42:50:65:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c98a66678ee932176a4a9ddd4153cfd4c4b0746
        Validity
            Not Before: Jan  1 18:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7dce767798c1ce165bccf137851b989b80b1401f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:e1:b8:dc:f9:1d:ff:d2:96:3e:33:ce:45:43:
                    7e:47:d2:74:86:c4:2c:76:01:13:85:6f:05:52:54:
                    6f:e7:23:ff:fd:28:a8:bb:92:e9:9c:a7:e7:7d:41:
                    32:27:6c:18:4b:b7:38:5b:77:e2:23:93:87:5c:6a:
                    77:69:08:5f:55:97:5d:9a:8f:5b:be:7f:58:4f:4f:
                    82:f6:00:4b:8e:e9:43:1c:50:9f:c7:13:e5:41:92:
                    fa:27:a7:92:4b:0f:8c:70:f3:22:84:2c:2e:27:b3:
                    e2:29:b8:4a:01:72:b2:df:c5:50:28:e7:58:73:6b:
                    d3:86:79:67:0a:e2:c1:cf:3c:12:0d:42:98:59:4e:
                    bd:a5:d7:dc:50:12:3e:5c:6a:d0:43:95:a3:0e:12:
                    6f:53:ce:54:d4:a7:c5:cc:e0:a4:fd:84:b7:5d:dc:
                    9e:ed:75:87:14:2d:15:9a:78:6b:97:ee:45:f4:53:
                    ee:4b:e3:85:ff:56:bd:0c:af:93:b8:44:f8:63:30:
                    da:15:69:3b:1a:78:6b:d8:f6:a4:4e:81:21:72:35:
                    4c:7e:0a:29:51:7e:4a:17:de:98:b8:a4:ca:50:8a:
                    b0:4b:6e:17:66:e0:f6:c6:d3:cd:a7:ff:ea:9b:79:
                    f3:e1:a8:06:7e:83:de:f8:b4:19:32:fe:3b:07:e9:
                    6f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:CE:76:77:98:C1:CE:16:5B:CC:F1:37:85:1B:98:9B:80:B1:40:1F
            X509v3 Authority Key Identifier:
                keyid:8C:98:A6:66:78:EE:93:21:76:A4:A9:DD:D4:15:3C:FD:4C:4B:07:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jJimZnjukyF2pKnd1BU8_UxLB0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/914977-f887-4a00-9f0a-79edfd2a20f6/1/fc52d5jBzhZbzPE3hRuYm4CxQB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/914977-f887-4a00-9f0a-79edfd2a20f6/1/jJimZnjukyF2pKnd1BU8_UxLB0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:be8::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:e7:c5:bf:b1:ab:2f:46:a5:c8:66:43:2d:5e:23:82:de:f4:
         e9:77:8e:8f:c8:c4:83:a3:b4:d1:18:79:93:aa:e1:e6:3a:b0:
         6a:ea:a0:ed:96:89:e2:43:08:96:a0:fa:ff:8f:d4:e3:e1:ed:
         74:4f:a9:1e:85:19:9f:45:35:02:27:f2:fb:5b:07:18:4a:6c:
         6c:73:d1:74:66:da:6a:50:a9:60:a6:3e:fb:1e:43:88:3f:8c:
         34:ca:83:b1:bb:8f:9f:6a:ad:ce:3a:36:3c:b7:b9:95:5f:5e:
         7f:20:37:a8:77:cc:73:b3:a1:0d:d0:58:c5:8d:50:21:e4:f5:
         ae:f9:43:f9:a2:25:84:76:71:c0:8f:f1:c9:98:33:ba:04:2d:
         14:30:e4:7d:7a:52:38:41:86:e4:bc:11:49:62:90:6c:ae:2a:
         5a:0f:c2:ce:1d:02:cc:6d:02:9b:10:bc:5f:a4:ef:ce:e1:1d:
         72:4d:3a:49:40:41:df:12:4c:62:d8:1e:37:58:90:45:18:a3:
         5d:94:e9:f1:b6:ae:fb:7c:e1:c2:aa:e4:93:43:d9:c0:f1:0b:
         6a:93:91:05:b0:a2:3d:79:cb:59:48:7e:75:4d:1f:b5:1c:e3:
         30:ea:83:66:d3:41:e3:bf:31:21:1b:ed:9e:1a:f0:7c:dc:61:
         3a:2b:14:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSweB6BbCaBAwZotCUGXuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjOThhNjY2NzhlZTkzMjE3NmE0YTlkZGQ0MTUzY2ZkNGM0
YjA3NDYwHhcNMjQwMTAxMTgzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGNlNzY3Nzk4YzFjZTE2NWJjY2YxMzc4NTFiOTg5YjgwYjE0MDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOG43Pkd/9KWPjPORUN+R9J0hsQs
dgEThW8FUlRv5yP//Siou5LpnKfnfUEyJ2wYS7c4W3fiI5OHXGp3aQhfVZddmo9b
vn9YT0+C9gBLjulDHFCfxxPlQZL6J6eSSw+McPMihCwuJ7PiKbhKAXKy38VQKOdY
c2vThnlnCuLBzzwSDUKYWU69pdfcUBI+XGrQQ5WjDhJvU85U1KfFzOCk/YS3Xdye
7XWHFC0Vmnhrl+5F9FPuS+OF/1a9DK+TuET4YzDaFWk7Gnhr2PakToEhcjVMfgop
UX5KF96YuKTKUIqwS24XZuD2xtPNp//qm3nz4agGfoPe+LQZMv47B+lv6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH3OdneYwc4WW8zxN4UbmJuAsUAfMB8GA1UdIwQY
MBaAFIyYpmZ47pMhdqSp3dQVPP1MSwdGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakppbVpuanVreUYycEtuZDFCVThfVXhMQjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85MTQ5NzctZjg4Ny00YTAwLTlmMGEt
NzllZGZkMmEyMGY2LzEvZmM1MmQ1akJ6aFpielBFM2hSdVltNEN4UUI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85MTQ5NzctZjg4Ny00YTAwLTlmMGEtNzllZGZkMmEyMGY2
LzEvakppbVpuanVreUYycEtuZDFCVThfVXhMQjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAvo
MA0GCSqGSIb3DQEBCwUAA4IBAQAN58W/sasvRqXIZkMtXiOC3vTpd46PyMSDo7TR
GHmTquHmOrBq6qDtloniQwiWoPr/j9Tj4e10T6kehRmfRTUCJ/L7WwcYSmxsc9F0
ZtpqUKlgpj77HkOIP4w0yoOxu4+faq3OOjY8t7mVX15/IDeod8xzs6EN0FjFjVAh
5PWu+UP5oiWEdnHAj/HJmDO6BC0UMOR9elI4QYbkvBFJYpBsripaD8LOHQLMbQKb
ELxfpO/O4R1yTTpJQEHfEkxi2B43WJBFGKNdlOnxtq77fOHCquSTQ9nA8Qtqk5EF
sKI9ectZSH51TR+1HOMw6oNm00HjvzEhG+2eGvB83GE6KxRQ
-----END CERTIFICATE-----