Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/748ede-de37-4308-8872-39570d6f009e/1/9h2Nah5GhqPVCbDY6gEYErVB_ho.roa
File:                     9h2Nah5GhqPVCbDY6gEYErVB_ho.roa (raw, json)
Hash identifier:          XHp2c/CVkYTTfViqkfRLumriFuB3x7Lmf0xpUpAFCUg=
Subject key identifier:   F6:1D:8D:6A:1E:46:86:A3:D5:09:B0:D8:EA:01:18:12:B5:41:FE:1A
Certificate issuer:       /CN=f4674b6ab3d5c6743d004ec0920a0371ce019758
Certificate serial:       018CC3B6C0E4D0D4730FD52F1C65913D4DA4
Authority key identifier: F4:67:4B:6A:B3:D5:C6:74:3D:00:4E:C0:92:0A:03:71:CE:01:97:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9GdLarPVxnQ9AE7AkgoDcc4Bl1g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/748ede-de37-4308-8872-39570d6f009e/1/9h2Nah5GhqPVCbDY6gEYErVB_ho.roa
Signing time:             Mon 01 Jan 2024 06:29:43 +0000
ROA not before:           Mon 01 Jan 2024 06:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212828
IP address blocks:        2001:67c:a58::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/748ede-de37-4308-8872-39570d6f009e/1/9GdLarPVxnQ9AE7AkgoDcc4Bl1g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/748ede-de37-4308-8872-39570d6f009e/1/9GdLarPVxnQ9AE7AkgoDcc4Bl1g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9GdLarPVxnQ9AE7AkgoDcc4Bl1g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c0:e4:d0:d4:73:0f:d5:2f:1c:65:91:3d:4d:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4674b6ab3d5c6743d004ec0920a0371ce019758
        Validity
            Not Before: Jan  1 06:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f61d8d6a1e4686a3d509b0d8ea011812b541fe1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ae:77:b2:87:72:9a:16:85:d0:1a:59:96:f7:
                    d1:fd:df:58:76:1d:75:23:78:f9:8b:88:a6:8b:33:
                    77:89:47:58:a1:55:7c:2f:de:c7:4c:64:40:a0:0c:
                    42:c7:f1:7d:f6:13:1e:72:cc:4b:46:41:da:12:46:
                    12:9d:d3:a2:74:24:d1:e9:7d:7d:86:24:a4:07:57:
                    81:1d:b0:cc:3e:42:aa:1c:e5:3a:02:ad:3f:10:9c:
                    69:66:44:f1:de:7a:5f:30:6a:db:cb:4b:fe:f4:4d:
                    17:49:ec:73:dd:e3:ae:df:31:f3:46:2c:31:13:5e:
                    42:5b:76:2d:e9:86:26:8a:86:cf:c4:56:ae:be:39:
                    65:64:f1:44:6f:8f:db:89:9a:83:35:a9:90:c4:1a:
                    f2:25:ae:be:18:09:6f:44:7f:8f:ff:98:7b:d6:7d:
                    26:79:9c:2f:22:28:d7:80:9a:09:12:63:4b:e4:ed:
                    96:ba:04:5a:7b:11:e8:d2:c3:c2:6b:a5:03:41:92:
                    3a:93:dc:60:ce:d6:53:51:75:e2:bf:4a:69:4d:2a:
                    7e:b1:9a:43:da:20:82:db:ae:29:6b:79:b4:0c:38:
                    d3:0a:3b:d6:37:42:3d:d8:27:51:94:35:aa:71:14:
                    22:70:e5:20:44:fe:40:89:d8:f1:fc:16:8d:5d:87:
                    39:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:1D:8D:6A:1E:46:86:A3:D5:09:B0:D8:EA:01:18:12:B5:41:FE:1A
            X509v3 Authority Key Identifier:
                keyid:F4:67:4B:6A:B3:D5:C6:74:3D:00:4E:C0:92:0A:03:71:CE:01:97:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9GdLarPVxnQ9AE7AkgoDcc4Bl1g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/748ede-de37-4308-8872-39570d6f009e/1/9h2Nah5GhqPVCbDY6gEYErVB_ho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/748ede-de37-4308-8872-39570d6f009e/1/9GdLarPVxnQ9AE7AkgoDcc4Bl1g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a58::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:8e:df:14:60:74:81:0a:96:79:0c:bb:97:a2:ba:aa:c3:8b:
         cf:fd:8e:ce:d7:da:69:9b:5a:5a:c9:c3:bb:1f:45:6e:b3:2c:
         77:ad:6f:b8:7a:d4:7a:b9:24:82:ed:3c:3d:8a:a1:76:63:f5:
         58:a8:e5:b0:4e:69:a1:67:9e:7f:18:00:a2:30:09:f2:87:74:
         1f:42:cf:0f:43:cf:c5:05:77:74:c6:97:07:09:87:ff:97:f1:
         b0:73:08:89:a3:99:c0:6e:b0:e5:70:ec:50:09:04:bb:13:7f:
         4f:e3:22:99:e9:20:83:58:b1:8e:c6:23:6a:28:35:29:5a:7c:
         87:bc:ed:9f:18:27:5c:ad:d3:cd:39:bf:24:91:3d:c7:57:1e:
         bb:f3:ea:80:74:cb:82:56:b9:c6:a4:81:10:60:56:3d:9e:78:
         85:a1:15:b0:67:29:d5:e0:a1:58:ad:04:11:a4:69:b5:58:2f:
         c0:96:90:62:a5:01:ce:8d:d8:49:d2:22:c4:9b:4a:79:09:78:
         1a:bf:34:e7:4e:f4:e3:70:9e:05:72:7f:9c:6e:3f:d2:bc:a7:
         63:55:37:6e:1c:23:5e:0f:28:8c:17:4a:5a:df:b6:14:73:a7:
         2f:08:c5:33:ef:5f:af:b2:28:0c:60:4e:cb:be:64:ee:db:55:
         3d:ec:8a:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtsDk0NRzD9UvHGWRPU2kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Njc0YjZhYjNkNWM2NzQzZDAwNGVjMDkyMGEwMzcxY2Uw
MTk3NTgwHhcNMjQwMTAxMDYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjFkOGQ2YTFlNDY4NmEzZDUwOWIwZDhlYTAxMTgxMmI1NDFmZTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo653sodymhaF0BpZlvfR/d9Ydh11
I3j5i4imizN3iUdYoVV8L97HTGRAoAxCx/F99hMecsxLRkHaEkYSndOidCTR6X19
hiSkB1eBHbDMPkKqHOU6Aq0/EJxpZkTx3npfMGrby0v+9E0XSexz3eOu3zHzRiwx
E15CW3Yt6YYmiobPxFauvjllZPFEb4/biZqDNamQxBryJa6+GAlvRH+P/5h71n0m
eZwvIijXgJoJEmNL5O2WugRaexHo0sPCa6UDQZI6k9xgztZTUXXiv0ppTSp+sZpD
2iCC264pa3m0DDjTCjvWN0I92CdRlDWqcRQicOUgRP5Aidjx/BaNXYc5dQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPYdjWoeRoaj1Qmw2OoBGBK1Qf4aMB8GA1UdIwQY
MBaAFPRnS2qz1cZ0PQBOwJIKA3HOAZdYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUdkTGFyUFZ4blE5QUU3QWtnb0RjYzRCbDFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS83NDhlZGUtZGUzNy00MzA4LTg4NzIt
Mzk1NzBkNmYwMDllLzEvOWgyTmFoNUdocVBWQ2JEWTZnRVlFclZCX2hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS83NDhlZGUtZGUzNy00MzA4LTg4NzItMzk1NzBkNmYwMDll
LzEvOUdkTGFyUFZ4blE5QUU3QWtnb0RjYzRCbDFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfApY
MA0GCSqGSIb3DQEBCwUAA4IBAQBIjt8UYHSBCpZ5DLuXorqqw4vP/Y7O19ppm1pa
ycO7H0Vusyx3rW+4etR6uSSC7Tw9iqF2Y/VYqOWwTmmhZ55/GACiMAnyh3QfQs8P
Q8/FBXd0xpcHCYf/l/GwcwiJo5nAbrDlcOxQCQS7E39P4yKZ6SCDWLGOxiNqKDUp
WnyHvO2fGCdcrdPNOb8kkT3HVx678+qAdMuCVrnGpIEQYFY9nniFoRWwZynV4KFY
rQQRpGm1WC/AlpBipQHOjdhJ0iLEm0p5CXgavzTnTvTjcJ4Fcn+cbj/SvKdjVTdu
HCNeDyiMF0pa37YUc6cvCMUz71+vsigMYE7LvmTu21U97IpU
-----END CERTIFICATE-----