Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/b81460-e06c-4352-ab1b-bb380bcabd28/1/jOVsgC8VK1dhdsVgsgRFudogFgo.roa
File:                     jOVsgC8VK1dhdsVgsgRFudogFgo.roa (raw, json)
Hash identifier:          hW5t0ux6/i561qQQg2OcFUevKAcNCYad/Ww/v8jbiYM=
Subject key identifier:   8C:E5:6C:80:2F:15:2B:57:61:76:C5:60:B2:04:45:B9:DA:20:16:0A
Certificate issuer:       /CN=e071b9ef41a5382858cd9eef98a7fb9d126aa4ae
Certificate serial:       0192324EA8EFA1DA2EC189165AC2B6243204
Authority key identifier: E0:71:B9:EF:41:A5:38:28:58:CD:9E:EF:98:A7:FB:9D:12:6A:A4:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4HG570GlOChYzZ7vmKf7nRJqpK4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/b81460-e06c-4352-ab1b-bb380bcabd28/1/jOVsgC8VK1dhdsVgsgRFudogFgo.roa
Signing time:             Fri 27 Sep 2024 07:07:48 +0000
ROA not before:           Fri 27 Sep 2024 07:07:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214251
IP address blocks:        2001:67c:271c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/b81460-e06c-4352-ab1b-bb380bcabd28/1/4HG570GlOChYzZ7vmKf7nRJqpK4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/b81460-e06c-4352-ab1b-bb380bcabd28/1/4HG570GlOChYzZ7vmKf7nRJqpK4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4HG570GlOChYzZ7vmKf7nRJqpK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:32:4e:a8:ef:a1:da:2e:c1:89:16:5a:c2:b6:24:32:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e071b9ef41a5382858cd9eef98a7fb9d126aa4ae
        Validity
            Not Before: Sep 27 07:07:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ce56c802f152b576176c560b20445b9da20160a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:9c:91:7e:58:8a:25:7a:ec:36:d4:9d:49:a2:
                    7e:ef:05:33:57:fb:27:49:3d:7e:6c:84:e9:58:c9:
                    c8:ff:74:b6:41:e8:69:db:c3:5e:5e:e0:b2:80:f3:
                    6b:bb:32:28:d5:23:9a:3b:ab:e1:22:2d:52:1d:5d:
                    ef:13:05:ba:2c:ae:43:ff:ce:78:10:60:17:c3:a6:
                    a8:57:ff:7b:13:06:33:78:94:48:07:ce:3a:68:3d:
                    b3:d9:47:eb:bb:c1:79:97:f4:ee:e2:fd:be:a5:2d:
                    ea:20:6a:9a:62:a8:ef:09:54:90:4f:a3:a5:35:b1:
                    0d:72:4d:84:5e:fa:2e:d2:30:3f:a3:e7:1e:b6:85:
                    84:76:ec:30:96:15:6f:35:56:08:8d:1c:c4:e7:ca:
                    30:54:71:21:7b:62:a5:5f:00:9d:43:75:41:e5:cb:
                    6c:e6:d6:d9:76:75:d8:0a:74:93:4e:08:9e:1b:c8:
                    f0:1d:c1:85:cd:98:f6:f3:dd:7e:9b:79:36:77:0d:
                    0f:fc:d8:20:f0:17:19:a0:66:7d:be:3a:8e:48:c0:
                    2c:42:99:5a:07:25:bc:ac:6c:fd:4e:64:fd:a2:90:
                    0f:69:20:9d:79:bf:34:ee:44:89:eb:29:34:ae:f8:
                    2b:ba:12:82:1d:3f:e6:35:e4:90:5c:0e:ba:03:96:
                    ca:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:E5:6C:80:2F:15:2B:57:61:76:C5:60:B2:04:45:B9:DA:20:16:0A
            X509v3 Authority Key Identifier:
                keyid:E0:71:B9:EF:41:A5:38:28:58:CD:9E:EF:98:A7:FB:9D:12:6A:A4:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4HG570GlOChYzZ7vmKf7nRJqpK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/b81460-e06c-4352-ab1b-bb380bcabd28/1/jOVsgC8VK1dhdsVgsgRFudogFgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/b81460-e06c-4352-ab1b-bb380bcabd28/1/4HG570GlOChYzZ7vmKf7nRJqpK4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:271c::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:c5:90:8e:a8:83:9e:be:93:a0:55:ac:33:42:6b:dc:3a:e4:
         df:9a:dc:df:74:7a:27:a8:50:d9:53:95:3f:06:7b:7d:e1:c4:
         bb:8d:bb:57:0d:89:5f:f9:ca:aa:72:fd:b4:b4:14:f3:a0:74:
         04:ef:7e:0c:ae:02:38:eb:1c:e0:64:97:e8:44:95:04:18:a3:
         d1:82:0d:82:7e:7e:8d:8d:b5:fc:24:f5:a3:b2:da:b0:f7:12:
         e7:1a:51:8f:d5:c9:4c:2c:cf:7a:6e:72:24:0b:35:e3:b5:9e:
         cc:b7:bf:35:a4:7d:d7:d9:4c:cc:c1:5a:e6:af:9e:7e:b5:7f:
         e4:90:56:2a:e4:e1:6b:77:8a:96:00:e1:e2:54:e2:5a:ff:c8:
         c6:61:03:9c:e1:44:c8:57:58:dd:35:d3:13:71:5a:a4:00:e5:
         85:c8:9b:09:38:4a:41:22:39:dd:b6:f4:96:c6:20:34:89:38:
         e8:be:00:04:44:e5:9a:6a:51:06:c2:0c:f8:cb:dd:66:e2:cf:
         08:74:6f:b1:9e:49:57:89:ac:09:bd:a7:ba:91:a3:3e:6d:10:
         e0:6b:da:46:5e:50:16:a1:62:2a:26:e0:16:e0:d1:5b:23:9d:
         ae:f4:bf:68:e4:90:2c:63:24:49:a9:4b:74:f5:38:9a:63:dc:
         34:ab:7f:c8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZIyTqjvodouwYkWWsK2JDIEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNzFiOWVmNDFhNTM4Mjg1OGNkOWVlZjk4YTdmYjlkMTI2
YWE0YWUwHhcNMjQwOTI3MDcwNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2U1NmM4MDJmMTUyYjU3NjE3NmM1NjBiMjA0NDViOWRhMjAxNjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pyRfliKJXrsNtSdSaJ+7wUzV/sn
ST1+bITpWMnI/3S2Qehp28NeXuCygPNruzIo1SOaO6vhIi1SHV3vEwW6LK5D/854
EGAXw6aoV/97EwYzeJRIB846aD2z2Ufru8F5l/Tu4v2+pS3qIGqaYqjvCVSQT6Ol
NbENck2EXvou0jA/o+cetoWEduwwlhVvNVYIjRzE58owVHEhe2KlXwCdQ3VB5cts
5tbZdnXYCnSTTgieG8jwHcGFzZj2891+m3k2dw0P/Ngg8BcZoGZ9vjqOSMAsQpla
ByW8rGz9TmT9opAPaSCdeb807kSJ6yk0rvgruhKCHT/mNeSQXA66A5bKvQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIzlbIAvFStXYXbFYLIERbnaIBYKMB8GA1UdIwQY
MBaAFOBxue9BpTgoWM2e75in+50SaqSuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEhHNTcwR2xPQ2hZelo3dm1LZjduUkpxcEs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9iODE0NjAtZTA2Yy00MzUyLWFiMWIt
YmIzODBiY2FiZDI4LzEvak9Wc2dDOFZLMWRoZHNWZ3NnUkZ1ZG9nRmdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9iODE0NjAtZTA2Yy00MzUyLWFiMWItYmIzODBiY2FiZDI4
LzEvNEhHNTcwR2xPQ2hZelo3dm1LZjduUkpxcEs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCcc
MA0GCSqGSIb3DQEBCwUAA4IBAQBDxZCOqIOevpOgVawzQmvcOuTfmtzfdHonqFDZ
U5U/Bnt94cS7jbtXDYlf+cqqcv20tBTzoHQE734MrgI46xzgZJfoRJUEGKPRgg2C
fn6NjbX8JPWjstqw9xLnGlGP1clMLM96bnIkCzXjtZ7Mt781pH3X2UzMwVrmr55+
tX/kkFYq5OFrd4qWAOHiVOJa/8jGYQOc4UTIV1jdNdMTcVqkAOWFyJsJOEpBIjnd
tvSWxiA0iTjovgAEROWaalEGwgz4y91m4s8IdG+xnklXiawJvae6kaM+bRDga9pG
XlAWoWIqJuAW4NFbI52u9L9o5JAsYyRJqUt09TiaY9w0q3/I
-----END CERTIFICATE-----