Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/f2fc0e-bbb9-4924-a89c-7620db279962/1/PjXKe2FdG9-RFDCI3YachS_tX1k.roa
File:                     PjXKe2FdG9-RFDCI3YachS_tX1k.roa (raw, json)
Hash identifier:          bMsUnyeu+xluIH9n7cJ+K5NOm1MHwtBa5yL3FSQ+JKg=
Subject key identifier:   3E:35:CA:7B:61:5D:1B:DF:91:14:30:88:DD:86:9C:85:2F:ED:5F:59
Certificate issuer:       /CN=aa85e9da2227345c18abd7e75272f81c29b30d1b
Certificate serial:       018CC64ABBF77B07E31F9E99813E34637D78
Authority key identifier: AA:85:E9:DA:22:27:34:5C:18:AB:D7:E7:52:72:F8:1C:29:B3:0D:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qoXp2iInNFwYq9fnUnL4HCmzDRs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/f2fc0e-bbb9-4924-a89c-7620db279962/1/PjXKe2FdG9-RFDCI3YachS_tX1k.roa
Signing time:             Mon 01 Jan 2024 18:30:35 +0000
ROA not before:           Mon 01 Jan 2024 18:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12552
IP address blocks:        2001:67c:198::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/f2fc0e-bbb9-4924-a89c-7620db279962/1/qoXp2iInNFwYq9fnUnL4HCmzDRs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/f2fc0e-bbb9-4924-a89c-7620db279962/1/qoXp2iInNFwYq9fnUnL4HCmzDRs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qoXp2iInNFwYq9fnUnL4HCmzDRs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:bb:f7:7b:07:e3:1f:9e:99:81:3e:34:63:7d:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa85e9da2227345c18abd7e75272f81c29b30d1b
        Validity
            Not Before: Jan  1 18:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e35ca7b615d1bdf91143088dd869c852fed5f59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:db:b7:a0:7d:43:10:0d:ea:e0:bc:6e:c9:9b:
                    26:86:37:79:b3:09:15:7e:bb:ff:fb:58:a8:2b:7b:
                    a5:fd:32:1a:57:02:8f:7e:f3:7a:2d:df:52:10:bb:
                    2c:bc:19:61:fe:08:10:43:6d:3a:df:1c:13:68:00:
                    7a:63:3c:92:79:a3:70:08:9a:d2:5f:99:25:1e:e6:
                    b1:d0:96:c4:48:df:d9:b1:bc:d6:bc:62:e8:ab:36:
                    59:1e:a0:04:76:b0:aa:36:cf:4a:3a:63:3c:9a:dc:
                    77:cf:33:26:2d:de:2c:fd:c8:02:9c:ee:93:40:0c:
                    f7:2a:66:cf:e3:81:6d:6b:16:ea:ce:7b:3b:19:62:
                    97:fb:94:a5:f3:0f:95:0c:81:e3:6b:53:e9:76:7c:
                    73:84:b0:f8:27:49:6c:1b:3d:91:9c:39:4a:ee:94:
                    ca:d2:dc:a2:74:ae:bb:1d:14:ae:a0:0b:c6:aa:d4:
                    e0:1e:00:99:48:35:eb:18:09:13:03:0b:d8:8f:85:
                    0d:05:a5:30:6d:c4:33:b8:5e:5b:b5:42:e5:a2:0a:
                    68:8e:38:d0:f5:b3:e4:fd:00:b6:9a:30:5a:f6:dc:
                    c2:a0:63:9f:45:9a:d5:42:e9:e6:f6:00:7d:c7:67:
                    80:7f:44:d1:76:96:89:90:68:20:ea:63:44:cc:fe:
                    34:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:35:CA:7B:61:5D:1B:DF:91:14:30:88:DD:86:9C:85:2F:ED:5F:59
            X509v3 Authority Key Identifier:
                keyid:AA:85:E9:DA:22:27:34:5C:18:AB:D7:E7:52:72:F8:1C:29:B3:0D:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qoXp2iInNFwYq9fnUnL4HCmzDRs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/f2fc0e-bbb9-4924-a89c-7620db279962/1/PjXKe2FdG9-RFDCI3YachS_tX1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/f2fc0e-bbb9-4924-a89c-7620db279962/1/qoXp2iInNFwYq9fnUnL4HCmzDRs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:198::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:a8:35:71:43:36:50:44:74:ca:e8:2e:08:d2:ff:69:b9:54:
         35:98:4f:fc:95:f8:b1:9f:02:13:ed:73:09:ad:b3:d4:4c:18:
         b1:7f:ce:bf:55:3f:fa:13:2d:31:19:f5:50:23:45:c4:d8:72:
         e3:4b:47:24:91:e9:f8:97:b4:9a:e3:cc:4b:47:4c:83:37:3a:
         26:15:56:80:e4:22:70:b4:33:b7:08:6a:40:72:88:d5:5c:85:
         7d:b6:62:cc:74:c6:a2:7e:9d:bd:06:48:af:29:fc:cc:ff:82:
         18:d2:08:7c:46:f6:85:4b:db:0c:b6:14:3f:8c:98:f0:28:91:
         0e:29:a5:55:92:ab:0f:d6:11:78:5a:e9:49:cf:f8:9e:41:e2:
         3a:85:7d:20:4f:8a:d4:dc:5c:85:3f:a9:a3:d7:c2:39:00:32:
         10:d7:f7:96:fe:2c:e1:fa:59:69:76:5c:3f:8c:99:6e:e7:98:
         f3:88:ee:4e:07:14:71:32:42:53:23:35:96:5d:13:ea:d9:9a:
         f3:69:00:a2:8e:0a:1c:93:96:19:92:40:b2:86:7c:1c:21:46:
         ad:91:00:ad:6f:b5:d0:e0:40:4b:d6:d2:23:55:29:f4:86:94:
         c9:d6:b7:4a:7e:85:ff:32:34:43:43:69:87:31:e8:7b:5b:b9:
         cf:52:c9:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSrv3ewfjH56ZgT40Y314MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhODVlOWRhMjIyNzM0NWMxOGFiZDdlNzUyNzJmODFjMjli
MzBkMWIwHhcNMjQwMTAxMTgzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTM1Y2E3YjYxNWQxYmRmOTExNDMwODhkZDg2OWM4NTJmZWQ1ZjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2du3oH1DEA3q4LxuyZsmhjd5swkV
frv/+1ioK3ul/TIaVwKPfvN6Ld9SELssvBlh/ggQQ2063xwTaAB6YzySeaNwCJrS
X5klHuax0JbESN/ZsbzWvGLoqzZZHqAEdrCqNs9KOmM8mtx3zzMmLd4s/cgCnO6T
QAz3KmbP44Ftaxbqzns7GWKX+5Sl8w+VDIHja1PpdnxzhLD4J0lsGz2RnDlK7pTK
0tyidK67HRSuoAvGqtTgHgCZSDXrGAkTAwvYj4UNBaUwbcQzuF5btULlogpojjjQ
9bPk/QC2mjBa9tzCoGOfRZrVQunm9gB9x2eAf0TRdpaJkGgg6mNEzP40VwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD41ynthXRvfkRQwiN2GnIUv7V9ZMB8GA1UdIwQY
MBaAFKqF6doiJzRcGKvX51Jy+Bwpsw0bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW9YcDJpSW5ORndZcTlmblVuTDRIQ216RFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mMmZjMGUtYmJiOS00OTI0LWE4OWMt
NzYyMGRiMjc5OTYyLzEvUGpYS2UyRmRHOS1SRkRDSTNZYWNoU190WDFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mMmZjMGUtYmJiOS00OTI0LWE4OWMtNzYyMGRiMjc5OTYy
LzEvcW9YcDJpSW5ORndZcTlmblVuTDRIQ216RFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAGY
MA0GCSqGSIb3DQEBCwUAA4IBAQAdqDVxQzZQRHTK6C4I0v9puVQ1mE/8lfixnwIT
7XMJrbPUTBixf86/VT/6Ey0xGfVQI0XE2HLjS0ckken4l7Sa48xLR0yDNzomFVaA
5CJwtDO3CGpAcojVXIV9tmLMdMaifp29BkivKfzM/4IY0gh8RvaFS9sMthQ/jJjw
KJEOKaVVkqsP1hF4WulJz/ieQeI6hX0gT4rU3FyFP6mj18I5ADIQ1/eW/izh+llp
dlw/jJlu55jziO5OBxRxMkJTIzWWXRPq2ZrzaQCijgock5YZkkCyhnwcIUatkQCt
b7XQ4EBL1tIjVSn0hpTJ1rdKfoX/MjRDQ2mHMeh7W7nPUsmM
-----END CERTIFICATE-----