Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/a7c8d0-c92d-45d0-91a3-28c22abf08d0/1/ubjggnBskmCG8_lyaNJnNjCvVqA.roa
File:                     ubjggnBskmCG8_lyaNJnNjCvVqA.roa (raw, json)
Hash identifier:          uEArYmxv/q/bdOl0jR8AYChURWPHuKdnKtPJYyP7/cM=
Subject key identifier:   B9:B8:E0:82:70:6C:92:60:86:F3:F9:72:68:D2:67:36:30:AF:56:A0
Certificate issuer:       /CN=955246b1b65c95046259c2248c1d306ff135b984
Certificate serial:       018CC2DAD96A24F22C92EEBA4CFF32A0C921
Authority key identifier: 95:52:46:B1:B6:5C:95:04:62:59:C2:24:8C:1D:30:6F:F1:35:B9:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lVJGsbZclQRiWcIkjB0wb_E1uYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/a7c8d0-c92d-45d0-91a3-28c22abf08d0/1/ubjggnBskmCG8_lyaNJnNjCvVqA.roa
Signing time:             Mon 01 Jan 2024 02:29:31 +0000
ROA not before:           Mon 01 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211501
IP address blocks:        2001:67c:10d8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/a7c8d0-c92d-45d0-91a3-28c22abf08d0/1/lVJGsbZclQRiWcIkjB0wb_E1uYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/a7c8d0-c92d-45d0-91a3-28c22abf08d0/1/lVJGsbZclQRiWcIkjB0wb_E1uYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lVJGsbZclQRiWcIkjB0wb_E1uYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d9:6a:24:f2:2c:92:ee:ba:4c:ff:32:a0:c9:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=955246b1b65c95046259c2248c1d306ff135b984
        Validity
            Not Before: Jan  1 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9b8e082706c926086f3f97268d2673630af56a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:2e:22:c5:99:2b:d7:d5:8e:c4:09:c5:44:94:
                    93:1a:41:c0:a6:c9:7d:32:fa:7a:bc:b1:e4:5f:fb:
                    a8:57:3c:64:1d:d9:bf:99:ef:85:93:c4:21:eb:d0:
                    f3:f7:c2:6f:15:db:b0:cc:81:3e:19:0b:f7:ac:04:
                    57:76:19:9e:bb:be:53:3b:4c:ec:6f:f8:b7:2a:1b:
                    09:e2:ce:01:b3:2b:f8:db:14:9f:20:a6:99:d1:44:
                    94:96:66:3d:d5:4a:72:1a:02:07:18:20:a7:7b:aa:
                    00:d7:03:da:45:61:ec:42:0c:fd:14:19:94:d0:b5:
                    21:f7:dc:c9:ef:f5:5e:af:59:74:da:ef:5d:85:06:
                    3c:cd:cc:26:18:91:79:0b:23:e3:b8:2a:7f:cc:9f:
                    24:3d:b8:c0:ff:25:29:44:45:45:57:0d:81:05:ae:
                    c5:25:cc:a3:9e:45:7c:fc:5b:e8:17:36:bc:7f:62:
                    89:d8:76:98:13:c9:f0:4f:15:9c:67:a8:5d:3d:b5:
                    73:c9:dc:08:d1:19:7b:c6:b9:a7:4d:a2:63:33:03:
                    c4:1d:76:db:68:8d:dc:ce:71:40:02:1c:8c:a6:27:
                    b1:00:95:63:5e:9e:e6:a6:f7:b7:38:93:88:70:dc:
                    08:d2:2a:75:c3:01:79:8b:46:4e:d8:90:3b:b0:8a:
                    50:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:B8:E0:82:70:6C:92:60:86:F3:F9:72:68:D2:67:36:30:AF:56:A0
            X509v3 Authority Key Identifier:
                keyid:95:52:46:B1:B6:5C:95:04:62:59:C2:24:8C:1D:30:6F:F1:35:B9:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lVJGsbZclQRiWcIkjB0wb_E1uYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/a7c8d0-c92d-45d0-91a3-28c22abf08d0/1/ubjggnBskmCG8_lyaNJnNjCvVqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/a7c8d0-c92d-45d0-91a3-28c22abf08d0/1/lVJGsbZclQRiWcIkjB0wb_E1uYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:10d8::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:65:1c:f7:27:63:50:9b:62:d3:cb:64:7d:1e:3e:1b:55:58:
         38:87:69:50:ce:fc:a5:8d:18:89:68:a5:a2:4c:89:b4:54:4f:
         c3:21:a8:e1:26:65:6d:ea:d3:9c:6f:97:57:0f:cf:17:0b:da:
         ac:7f:ab:7f:8f:60:48:12:55:8a:78:ca:2e:91:db:21:f5:d8:
         46:05:00:8a:7e:41:90:26:dd:56:a2:f9:2d:f7:8c:6f:a7:71:
         ce:38:37:a0:3b:79:79:85:2c:67:3c:35:a5:31:2d:b4:6a:e6:
         fc:57:a0:dd:39:15:47:19:ca:f6:2a:0f:bc:8e:af:a7:4e:87:
         05:72:19:08:86:c8:09:ed:e2:0b:9a:a1:39:d2:33:ef:24:92:
         41:d6:f1:83:51:0c:cf:43:6c:e9:45:10:8d:02:d3:40:b4:d8:
         81:07:33:07:ff:11:f6:00:d7:7a:93:51:b9:90:e0:ed:a7:01:
         75:52:9f:a3:b7:5d:1f:d7:fe:dd:1f:ca:53:b5:90:44:5e:9f:
         5c:4f:96:cf:db:ce:a2:fd:41:f1:fc:f1:45:b5:7d:d2:14:ef:
         22:e5:d0:e3:39:70:b1:45:e8:f0:1a:68:0d:bc:bf:1a:e4:31:
         43:e9:72:95:ce:3f:20:30:3d:6d:d6:16:ae:fe:71:e9:fa:7e:
         95:51:21:74
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2tlqJPIsku66TP8yoMkhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NTI0NmIxYjY1Yzk1MDQ2MjU5YzIyNDhjMWQzMDZmZjEz
NWI5ODQwHhcNMjQwMTAxMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWI4ZTA4MjcwNmM5MjYwODZmM2Y5NzI2OGQyNjczNjMwYWY1NmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAky4ixZkr19WOxAnFRJSTGkHApsl9
Mvp6vLHkX/uoVzxkHdm/me+Fk8Qh69Dz98JvFduwzIE+GQv3rARXdhmeu75TO0zs
b/i3KhsJ4s4Bsyv42xSfIKaZ0USUlmY91UpyGgIHGCCne6oA1wPaRWHsQgz9FBmU
0LUh99zJ7/Ver1l02u9dhQY8zcwmGJF5CyPjuCp/zJ8kPbjA/yUpREVFVw2BBa7F
JcyjnkV8/FvoFza8f2KJ2HaYE8nwTxWcZ6hdPbVzydwI0Rl7xrmnTaJjMwPEHXbb
aI3cznFAAhyMpiexAJVjXp7mpve3OJOIcNwI0ip1wwF5i0ZO2JA7sIpQuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLm44IJwbJJghvP5cmjSZzYwr1agMB8GA1UdIwQY
MBaAFJVSRrG2XJUEYlnCJIwdMG/xNbmEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFZKR3NiWmNsUVJpV2NJa2pCMHdiX0UxdVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9hN2M4ZDAtYzkyZC00NWQwLTkxYTMt
MjhjMjJhYmYwOGQwLzEvdWJqZ2duQnNrbUNHOF9seWFOSm5OakN2VnFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9hN2M4ZDAtYzkyZC00NWQwLTkxYTMtMjhjMjJhYmYwOGQw
LzEvbFZKR3NiWmNsUVJpV2NJa2pCMHdiX0UxdVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBDY
MA0GCSqGSIb3DQEBCwUAA4IBAQC/ZRz3J2NQm2LTy2R9Hj4bVVg4h2lQzvyljRiJ
aKWiTIm0VE/DIajhJmVt6tOcb5dXD88XC9qsf6t/j2BIElWKeMoukdsh9dhGBQCK
fkGQJt1Wovkt94xvp3HOODegO3l5hSxnPDWlMS20aub8V6DdORVHGcr2Kg+8jq+n
TocFchkIhsgJ7eILmqE50jPvJJJB1vGDUQzPQ2zpRRCNAtNAtNiBBzMH/xH2ANd6
k1G5kODtpwF1Up+jt10f1/7dH8pTtZBEXp9cT5bP286i/UHx/PFFtX3SFO8i5dDj
OXCxRejwGmgNvL8a5DFD6XKVzj8gMD1t1hau/nHp+n6VUSF0
-----END CERTIFICATE-----