Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/944896-3c41-4710-86d2-005a929ac124/1/htmH08Fktu9wGLD6k-mFvZu_h2M.roa
File:                     htmH08Fktu9wGLD6k-mFvZu_h2M.roa (raw, json)
Hash identifier:          zZg3Pd4ActYtAjZpFXO0iKEsX4A5cWSCxrCIv+uhDMs=
Subject key identifier:   86:D9:87:D3:C1:64:B6:EF:70:18:B0:FA:93:E9:85:BD:9B:BF:87:63
Certificate issuer:       /CN=fc0636823a20e6026342fe8c88ea72a8f8f7a749
Certificate serial:       018CCA2A163021F8FE270331293F122A612D
Authority key identifier: FC:06:36:82:3A:20:E6:02:63:42:FE:8C:88:EA:72:A8:F8:F7:A7:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_AY2gjog5gJjQv6MiOpyqPj3p0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/944896-3c41-4710-86d2-005a929ac124/1/htmH08Fktu9wGLD6k-mFvZu_h2M.roa
Signing time:             Tue 02 Jan 2024 12:33:24 +0000
ROA not before:           Tue 02 Jan 2024 12:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212034
IP address blocks:        2001:67c:2918::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/944896-3c41-4710-86d2-005a929ac124/1/_AY2gjog5gJjQv6MiOpyqPj3p0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/944896-3c41-4710-86d2-005a929ac124/1/_AY2gjog5gJjQv6MiOpyqPj3p0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_AY2gjog5gJjQv6MiOpyqPj3p0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:16:30:21:f8:fe:27:03:31:29:3f:12:2a:61:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc0636823a20e6026342fe8c88ea72a8f8f7a749
        Validity
            Not Before: Jan  2 12:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86d987d3c164b6ef7018b0fa93e985bd9bbf8763
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:96:7a:dc:f1:16:9a:46:98:46:b4:61:00:6a:
                    bc:4b:0c:f6:39:17:59:f7:3f:5e:27:20:a3:40:ed:
                    14:44:e4:18:a2:f6:e8:34:2e:a3:fb:89:17:55:84:
                    75:c6:3e:a7:74:bc:0e:e4:eb:e4:57:32:f8:06:5b:
                    a7:d1:25:b9:2d:5c:d8:3f:46:84:d2:b0:7c:d0:6b:
                    3d:be:99:00:26:d8:e0:bf:fd:1c:40:cd:d4:fa:56:
                    1d:93:87:c0:29:9d:9e:82:70:5e:ae:da:ff:ee:35:
                    f7:62:c1:5b:b7:98:6e:58:03:bb:c4:44:66:cb:cb:
                    41:dc:fd:e8:0e:3a:e4:77:a8:ac:bf:50:2b:be:ef:
                    18:9c:81:65:2c:b3:7f:0c:4c:14:27:c9:9b:5d:ea:
                    c2:4b:30:c0:ed:3e:87:b1:56:65:21:4e:f7:02:58:
                    6c:7e:b2:06:e8:ae:24:30:5e:80:7d:2f:f5:36:59:
                    a8:bd:af:05:c1:5c:9c:97:79:b7:08:d2:7e:da:e4:
                    fa:a8:95:1f:ab:1d:84:74:86:8e:03:3e:53:5b:9d:
                    86:6f:7c:d4:f7:dc:e6:06:9d:b5:c9:fc:69:7d:a8:
                    68:d7:fa:ec:16:48:2d:30:0c:87:4a:37:a5:5b:a1:
                    3c:6b:84:21:60:f3:cd:56:34:23:65:98:ea:f7:71:
                    6a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:D9:87:D3:C1:64:B6:EF:70:18:B0:FA:93:E9:85:BD:9B:BF:87:63
            X509v3 Authority Key Identifier:
                keyid:FC:06:36:82:3A:20:E6:02:63:42:FE:8C:88:EA:72:A8:F8:F7:A7:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_AY2gjog5gJjQv6MiOpyqPj3p0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/944896-3c41-4710-86d2-005a929ac124/1/htmH08Fktu9wGLD6k-mFvZu_h2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/944896-3c41-4710-86d2-005a929ac124/1/_AY2gjog5gJjQv6MiOpyqPj3p0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2918::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:d2:05:55:53:df:98:24:91:8b:94:b0:c3:3d:6f:ab:c7:41:
         79:70:b5:d8:75:5e:a3:d4:0b:e5:e2:dc:60:f8:6a:6d:1e:f5:
         24:ff:36:31:dd:a9:d0:d4:8f:35:f8:0b:6a:e6:1c:81:a7:ae:
         89:a6:f8:47:13:97:55:45:f2:1f:da:5e:65:c1:bb:8c:11:80:
         d0:4e:59:07:c8:5a:fb:f0:a5:f3:3b:e7:ef:72:9e:41:1e:18:
         7e:9e:67:32:65:37:6d:14:cc:b3:9f:ff:ed:68:c9:6a:65:07:
         80:6d:e4:06:c6:95:e9:66:73:64:42:ee:cb:c2:ee:ae:1b:65:
         06:cd:42:d3:fe:d2:9d:7f:ea:6b:f0:6d:9e:14:bb:4e:3e:26:
         6a:41:e4:2f:a0:fe:f1:dc:4f:5d:a9:3f:b2:bf:49:30:9e:e5:
         44:a8:fc:30:c0:e7:c1:b2:e5:d8:29:58:e2:4b:48:bf:d5:81:
         11:c9:0c:04:20:5e:3a:51:7c:ea:32:71:0d:9b:24:04:bd:44:
         13:bc:6d:13:20:47:fc:b4:77:75:43:7d:f9:e1:88:c4:eb:6b:
         79:a7:4c:f9:85:fd:7d:e7:df:2c:28:9e:f9:2a:ca:6c:cc:5c:
         f9:be:c6:b7:29:32:e5:94:dc:f0:1c:33:a4:b0:5d:36:cc:67:
         26:ca:82:1d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKhYwIfj+JwMxKT8SKmEtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMDYzNjgyM2EyMGU2MDI2MzQyZmU4Yzg4ZWE3MmE4Zjhm
N2E3NDkwHhcNMjQwMTAyMTIzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmQ5ODdkM2MxNjRiNmVmNzAxOGIwZmE5M2U5ODViZDliYmY4NzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspZ63PEWmkaYRrRhAGq8Swz2ORdZ
9z9eJyCjQO0UROQYovboNC6j+4kXVYR1xj6ndLwO5OvkVzL4Blun0SW5LVzYP0aE
0rB80Gs9vpkAJtjgv/0cQM3U+lYdk4fAKZ2egnBertr/7jX3YsFbt5huWAO7xERm
y8tB3P3oDjrkd6isv1Arvu8YnIFlLLN/DEwUJ8mbXerCSzDA7T6HsVZlIU73Alhs
frIG6K4kMF6AfS/1Nlmova8FwVycl3m3CNJ+2uT6qJUfqx2EdIaOAz5TW52Gb3zU
99zmBp21yfxpfaho1/rsFkgtMAyHSjelW6E8a4QhYPPNVjQjZZjq93Fq9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIbZh9PBZLbvcBiw+pPphb2bv4djMB8GA1UdIwQY
MBaAFPwGNoI6IOYCY0L+jIjqcqj496dJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0FZMmdqb2c1Z0pqUXY2TWlPcHlxUGozcDBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS85NDQ4OTYtM2M0MS00NzEwLTg2ZDIt
MDA1YTkyOWFjMTI0LzEvaHRtSDA4Rmt0dTl3R0xENmstbUZ2WnVfaDJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS85NDQ4OTYtM2M0MS00NzEwLTg2ZDItMDA1YTkyOWFjMTI0
LzEvX0FZMmdqb2c1Z0pqUXY2TWlPcHlxUGozcDBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCkY
MA0GCSqGSIb3DQEBCwUAA4IBAQAu0gVVU9+YJJGLlLDDPW+rx0F5cLXYdV6j1Avl
4txg+GptHvUk/zYx3anQ1I81+Atq5hyBp66JpvhHE5dVRfIf2l5lwbuMEYDQTlkH
yFr78KXzO+fvcp5BHhh+nmcyZTdtFMyzn//taMlqZQeAbeQGxpXpZnNkQu7Lwu6u
G2UGzULT/tKdf+pr8G2eFLtOPiZqQeQvoP7x3E9dqT+yv0kwnuVEqPwwwOfBsuXY
KVjiS0i/1YERyQwEIF46UXzqMnENmyQEvUQTvG0TIEf8tHd1Q3354YjE62t5p0z5
hf19598sKJ75KspszFz5vsa3KTLllNzwHDOksF02zGcmyoId
-----END CERTIFICATE-----