Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/K68G3dzuNkbWyzH-ZFsGQEEDbnQ.roa
File:                     K68G3dzuNkbWyzH-ZFsGQEEDbnQ.roa (raw, json)
Hash identifier:          ypC9UNvcdbqSuXYuGIw4OB2Xjnp2Ol8KsW7qZsQdwEo=
Subject key identifier:   2B:AF:06:DD:DC:EE:36:46:D6:CB:31:FE:64:5B:06:40:41:03:6E:74
Certificate issuer:       /CN=fd21cb4baa15862d1b5773bf2be60ca5f4fc24d4
Certificate serial:       018CD9919DA2FB0D57170D0B77D813649E46
Authority key identifier: FD:21:CB:4B:AA:15:86:2D:1B:57:73:BF:2B:E6:0C:A5:F4:FC:24:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/K68G3dzuNkbWyzH-ZFsGQEEDbnQ.roa
Signing time:             Fri 05 Jan 2024 12:20:48 +0000
ROA not before:           Fri 05 Jan 2024 12:20:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208753
IP address blocks:        2a10:ba87:feef::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 04:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d9:91:9d:a2:fb:0d:57:17:0d:0b:77:d8:13:64:9e:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd21cb4baa15862d1b5773bf2be60ca5f4fc24d4
        Validity
            Not Before: Jan  5 12:20:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2baf06dddcee3646d6cb31fe645b064041036e74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:8d:26:e5:80:a9:b5:b6:e1:73:e2:67:5d:0b:
                    f5:17:a4:72:d3:2c:a6:94:c3:72:c5:20:af:4b:f3:
                    a5:ca:fe:41:12:55:f2:4f:b6:ea:59:a4:7a:d2:6d:
                    79:dd:fa:2e:4d:d5:3f:2a:10:7f:ec:3a:6b:45:02:
                    16:5c:d4:0c:88:71:f7:20:e4:b1:27:63:bd:00:47:
                    49:cf:eb:cf:5f:94:74:2c:ee:66:2c:3e:62:24:2b:
                    d0:fc:7b:6f:76:d8:9b:73:5f:0f:f0:43:80:62:b4:
                    d2:57:38:a2:a1:73:cc:22:ac:80:bd:bf:21:78:ec:
                    28:f7:19:90:d5:d7:7d:68:64:60:07:f3:fe:f9:af:
                    0c:01:d0:2f:12:68:6a:e6:75:3c:56:ea:46:c8:98:
                    10:f5:1c:b0:3b:44:af:7e:9a:e2:ef:65:17:94:33:
                    79:1b:ae:c9:05:b0:96:59:15:15:0a:23:4b:6f:a5:
                    7c:99:f0:05:e4:b9:06:d3:a5:e8:48:d4:46:ce:8f:
                    10:80:29:ae:ed:9e:dd:1a:1b:ae:5a:da:08:2a:33:
                    24:56:10:1d:99:7d:d0:3e:71:72:f0:c7:22:cd:3e:
                    9e:3b:8d:4b:c9:82:41:e7:d2:ff:0f:eb:c9:57:0e:
                    ef:b8:79:66:dc:8e:d3:f3:42:e1:9d:e5:8a:58:1a:
                    cb:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:AF:06:DD:DC:EE:36:46:D6:CB:31:FE:64:5B:06:40:41:03:6E:74
            X509v3 Authority Key Identifier:
                keyid:FD:21:CB:4B:AA:15:86:2D:1B:57:73:BF:2B:E6:0C:A5:F4:FC:24:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/K68G3dzuNkbWyzH-ZFsGQEEDbnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ba87:feef::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:f4:be:ba:4e:ae:44:e2:f2:d9:66:f9:50:5d:0c:18:e5:7b:
         c6:c0:76:b6:4d:0b:e6:3f:31:97:a7:da:3c:2c:8a:b0:98:5b:
         8c:04:da:01:77:5e:ab:4a:88:40:9b:10:97:a1:bf:d5:50:ed:
         91:ef:b0:5a:cc:44:5d:7a:51:01:5a:c3:dc:44:16:51:ee:73:
         a1:de:da:f0:f3:87:1a:27:e5:d0:04:d3:b1:e2:ea:83:0d:d4:
         70:dc:2a:f9:db:db:20:cd:8e:ff:9b:60:5d:d4:10:ba:ff:de:
         56:5d:a1:61:d7:d2:1e:55:90:b6:8f:31:dd:96:68:3e:91:bb:
         f9:96:23:fb:b9:1b:8c:9b:2a:ca:a8:ff:39:03:19:ed:1a:0a:
         99:e9:98:96:2f:01:f7:8c:9a:58:b8:f2:51:84:eb:2a:b9:6a:
         66:08:16:0b:d5:f3:26:46:36:a3:51:6a:98:e7:39:62:25:0a:
         1a:9f:a2:6c:2e:c2:1d:fb:e2:da:d7:86:e1:6d:a1:3f:c1:9b:
         9a:76:f9:60:94:7f:af:21:90:13:57:a4:d3:e8:fc:da:68:2c:
         6b:93:17:6a:f3:a0:cf:72:2a:be:bb:c6:09:cb:b2:fe:ba:4e:
         9c:e7:c9:94:7c:83:e5:e5:84:5a:e7:4c:0c:b0:dc:e4:dd:d8:
         8c:8b:61:40
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzZkZ2i+w1XFw0Ld9gTZJ5GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMjFjYjRiYWExNTg2MmQxYjU3NzNiZjJiZTYwY2E1ZjRm
YzI0ZDQwHhcNMjQwMTA1MTIyMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmFmMDZkZGRjZWUzNjQ2ZDZjYjMxZmU2NDViMDY0MDQxMDM2ZTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAko0m5YCptbbhc+JnXQv1F6Ry0yym
lMNyxSCvS/Olyv5BElXyT7bqWaR60m153fouTdU/KhB/7DprRQIWXNQMiHH3IOSx
J2O9AEdJz+vPX5R0LO5mLD5iJCvQ/Htvdtibc18P8EOAYrTSVziioXPMIqyAvb8h
eOwo9xmQ1dd9aGRgB/P++a8MAdAvEmhq5nU8VupGyJgQ9RywO0Svfpri72UXlDN5
G67JBbCWWRUVCiNLb6V8mfAF5LkG06XoSNRGzo8QgCmu7Z7dGhuuWtoIKjMkVhAd
mX3QPnFy8McizT6eO41LyYJB59L/D+vJVw7vuHlm3I7T80LhneWKWBrLDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCuvBt3c7jZG1ssx/mRbBkBBA250MB8GA1UdIwQY
MBaAFP0hy0uqFYYtG1dzvyvmDKX0/CTUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1NITFM2b1ZoaTBiVjNPX0stWU1wZlQ4Sk5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8zMjY2MDYtMTRiYS00NDM2LTk5ODUt
YmU1NTIwYTVjODIxLzEvSzY4RzNkenVOa2JXeXpILVpGc0dRRUVEYm5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8zMjY2MDYtMTRiYS00NDM2LTk5ODUtYmU1NTIwYTVjODIx
LzEvX1NITFM2b1ZoaTBiVjNPX0stWU1wZlQ4Sk5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhC6h/7v
MA0GCSqGSIb3DQEBCwUAA4IBAQCV9L66Tq5E4vLZZvlQXQwY5XvGwHa2TQvmPzGX
p9o8LIqwmFuMBNoBd16rSohAmxCXob/VUO2R77BazERdelEBWsPcRBZR7nOh3trw
84caJ+XQBNOx4uqDDdRw3Cr529sgzY7/m2Bd1BC6/95WXaFh19IeVZC2jzHdlmg+
kbv5liP7uRuMmyrKqP85AxntGgqZ6ZiWLwH3jJpYuPJRhOsquWpmCBYL1fMmRjaj
UWqY5zliJQoan6JsLsId++La14bhbaE/wZuadvlglH+vIZATV6TT6PzaaCxrkxdq
86DPciq+u8YJy7L+uk6c58mUfIPl5YRa50wMsNzk3diMi2FA
-----END CERTIFICATE-----