Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/in-O6tdZxKdwx-X37sBzZrMfuik.roa
File:                     in-O6tdZxKdwx-X37sBzZrMfuik.roa (raw, json)
Hash identifier:          UH0Y8rWigd4EZwtSyTshcQ9jGf5LQJB4740PmadXrHc=
Subject key identifier:   8A:7F:8E:EA:D7:59:C4:A7:70:C7:E5:F7:EE:C0:73:66:B3:1F:BA:29
Certificate issuer:       /CN=9b86bd882e476e4698318f370712f71c2bf50dfc
Certificate serial:       018CC6B7C1363640A3153E342CDCD007C1F7
Authority key identifier: 9B:86:BD:88:2E:47:6E:46:98:31:8F:37:07:12:F7:1C:2B:F5:0D:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m4a9iC5HbkaYMY83BxL3HCv1Dfw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/in-O6tdZxKdwx-X37sBzZrMfuik.roa
Signing time:             Mon 01 Jan 2024 20:29:40 +0000
ROA not before:           Mon 01 Jan 2024 20:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1921
IP address blocks:        2001:67c:10e0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/m4a9iC5HbkaYMY83BxL3HCv1Dfw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/m4a9iC5HbkaYMY83BxL3HCv1Dfw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m4a9iC5HbkaYMY83BxL3HCv1Dfw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:c1:36:36:40:a3:15:3e:34:2c:dc:d0:07:c1:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b86bd882e476e4698318f370712f71c2bf50dfc
        Validity
            Not Before: Jan  1 20:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a7f8eead759c4a770c7e5f7eec07366b31fba29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:eb:83:5e:2a:bb:c1:1f:08:bf:2d:6f:ca:bb:
                    4a:20:39:bf:7d:a7:36:ad:f4:0b:b4:57:dd:d8:e1:
                    2d:64:c9:f8:eb:58:76:be:1d:3f:ca:09:d0:6e:2c:
                    fa:16:41:59:fc:7a:be:44:ba:02:be:a8:36:af:22:
                    4d:3a:99:3e:d4:73:81:41:ac:b2:23:7e:31:4f:10:
                    15:8d:fc:b7:a0:f0:c4:4b:fe:85:1f:a6:8b:8f:95:
                    6d:69:2e:b2:98:e7:de:25:2d:a4:a0:5b:7c:d5:31:
                    76:97:1b:f4:9b:67:c2:20:8f:2d:bf:8c:5d:e9:42:
                    9e:df:77:27:ba:7f:66:3f:f4:0f:ff:74:d8:b8:5e:
                    12:5c:e9:42:28:ab:76:15:38:bb:71:8b:b5:c9:0e:
                    20:0a:18:0a:65:6c:68:15:25:84:b0:fd:da:62:41:
                    e4:49:15:91:bf:4a:95:d5:d7:a1:76:1d:eb:b4:1f:
                    1b:9e:a0:e2:7a:bd:41:3d:06:ff:43:51:74:e5:a7:
                    d7:05:f6:2e:19:2c:c3:17:c1:77:14:6b:2c:c2:37:
                    7e:89:35:d7:e3:4b:fd:19:7c:41:b3:fb:85:3a:d0:
                    28:7f:c9:e1:e2:e3:b8:9f:36:71:8c:d1:92:44:57:
                    7b:96:23:af:d8:63:64:36:da:a3:81:27:c2:16:ba:
                    d0:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:7F:8E:EA:D7:59:C4:A7:70:C7:E5:F7:EE:C0:73:66:B3:1F:BA:29
            X509v3 Authority Key Identifier:
                keyid:9B:86:BD:88:2E:47:6E:46:98:31:8F:37:07:12:F7:1C:2B:F5:0D:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m4a9iC5HbkaYMY83BxL3HCv1Dfw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/in-O6tdZxKdwx-X37sBzZrMfuik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/7290d5-1ed5-4ca1-96fd-bfc73dd0bbb6/1/m4a9iC5HbkaYMY83BxL3HCv1Dfw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:10e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:c6:84:91:40:e5:0d:18:b3:d1:5a:a9:2b:4b:46:ee:14:1e:
         ca:82:d6:8c:f5:3f:50:99:c3:89:43:ac:1d:00:d5:68:a8:b7:
         6a:4a:ec:46:a8:8c:82:9d:11:7c:03:77:62:90:ec:d3:bc:17:
         ee:08:a9:4e:74:b3:7e:e1:70:f9:7f:04:fe:27:f5:1b:8f:fc:
         34:c3:ac:bc:69:e6:cd:e7:07:84:72:c0:31:1e:50:4d:db:2c:
         38:e8:60:34:f3:6d:ef:9c:c8:8b:b7:9b:19:03:17:0f:a4:93:
         8e:02:c6:f9:05:79:45:f8:dc:95:7a:16:c8:61:c3:7e:0b:5b:
         ca:78:dc:19:56:41:f6:c8:98:cc:4a:2d:02:6b:63:19:73:51:
         ce:47:d1:65:0e:19:ea:8e:e5:ae:00:e7:18:39:af:ab:38:6c:
         72:7a:21:be:a4:0b:c9:09:59:6d:74:6e:50:12:a0:e2:01:0b:
         80:83:47:05:5a:0b:ae:e2:59:d2:fc:08:bc:91:c9:51:f1:d9:
         e5:06:d0:ff:b4:d2:d2:88:b5:46:95:61:01:e9:76:13:fb:82:
         80:3d:75:5e:43:d5:80:ae:81:eb:4a:30:a5:e2:07:55:28:8c:
         9d:68:3c:33:87:39:c7:d3:92:a2:4c:00:8f:9d:2f:db:09:fe:
         10:5b:43:26
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGt8E2NkCjFT40LNzQB8H3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliODZiZDg4MmU0NzZlNDY5ODMxOGYzNzA3MTJmNzFjMmJm
NTBkZmMwHhcNMjQwMTAxMjAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTdmOGVlYWQ3NTljNGE3NzBjN2U1ZjdlZWMwNzM2NmIzMWZiYTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuuDXiq7wR8Ivy1vyrtKIDm/fac2
rfQLtFfd2OEtZMn461h2vh0/ygnQbiz6FkFZ/Hq+RLoCvqg2ryJNOpk+1HOBQayy
I34xTxAVjfy3oPDES/6FH6aLj5VtaS6ymOfeJS2koFt81TF2lxv0m2fCII8tv4xd
6UKe33cnun9mP/QP/3TYuF4SXOlCKKt2FTi7cYu1yQ4gChgKZWxoFSWEsP3aYkHk
SRWRv0qV1dehdh3rtB8bnqDier1BPQb/Q1F05afXBfYuGSzDF8F3FGsswjd+iTXX
40v9GXxBs/uFOtAof8nh4uO4nzZxjNGSRFd7liOv2GNkNtqjgSfCFrrQNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIp/jurXWcSncMfl9+7Ac2azH7opMB8GA1UdIwQY
MBaAFJuGvYguR25GmDGPNwcS9xwr9Q38MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTRhOWlDNUhia2FZTVk4M0J4TDNIQ3YxRGZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni83MjkwZDUtMWVkNS00Y2ExLTk2ZmQt
YmZjNzNkZDBiYmI2LzEvaW4tTzZ0ZFp4S2R3eC1YMzdzQnpack1mdWlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni83MjkwZDUtMWVkNS00Y2ExLTk2ZmQtYmZjNzNkZDBiYmI2
LzEvbTRhOWlDNUhia2FZTVk4M0J4TDNIQ3YxRGZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBDg
MA0GCSqGSIb3DQEBCwUAA4IBAQANxoSRQOUNGLPRWqkrS0buFB7KgtaM9T9QmcOJ
Q6wdANVoqLdqSuxGqIyCnRF8A3dikOzTvBfuCKlOdLN+4XD5fwT+J/Ubj/w0w6y8
aebN5weEcsAxHlBN2yw46GA0823vnMiLt5sZAxcPpJOOAsb5BXlF+NyVehbIYcN+
C1vKeNwZVkH2yJjMSi0Ca2MZc1HOR9FlDhnqjuWuAOcYOa+rOGxyeiG+pAvJCVlt
dG5QEqDiAQuAg0cFWguu4lnS/Ai8kclR8dnlBtD/tNLSiLVGlWEB6XYT+4KAPXVe
Q9WAroHrSjCl4gdVKIydaDwzhznH05KiTACPnS/bCf4QW0Mm
-----END CERTIFICATE-----