Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/ca3649-c29f-4e90-8822-bc65ef6b27b6/1/Cv1tiIvhFosWtpFq2lUCJ4YJEr0.roa
File:                     Cv1tiIvhFosWtpFq2lUCJ4YJEr0.roa (raw, json)
Hash identifier:          zXklaTbL0Q4bvHV+E8orYejWCBCtVSmmaNF5CCnBIQA=
Subject key identifier:   0A:FD:6D:88:8B:E1:16:8B:16:B6:91:6A:DA:55:02:27:86:09:12:BD
Certificate issuer:       /CN=3ea18c91b2be28a074b9a3874a90b446013ce1be
Certificate serial:       019161E3291BF64C71D297F7A3A65479F9D1
Authority key identifier: 3E:A1:8C:91:B2:BE:28:A0:74:B9:A3:87:4A:90:B4:46:01:3C:E1:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PqGMkbK-KKB0uaOHSpC0RgE84b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/ca3649-c29f-4e90-8822-bc65ef6b27b6/1/Cv1tiIvhFosWtpFq2lUCJ4YJEr0.roa
Signing time:             Sat 17 Aug 2024 19:49:22 +0000
ROA not before:           Sat 17 Aug 2024 19:49:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214400
IP address blocks:        2001:67c:4b0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/ca3649-c29f-4e90-8822-bc65ef6b27b6/1/PqGMkbK-KKB0uaOHSpC0RgE84b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/ca3649-c29f-4e90-8822-bc65ef6b27b6/1/PqGMkbK-KKB0uaOHSpC0RgE84b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PqGMkbK-KKB0uaOHSpC0RgE84b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:61:e3:29:1b:f6:4c:71:d2:97:f7:a3:a6:54:79:f9:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ea18c91b2be28a074b9a3874a90b446013ce1be
        Validity
            Not Before: Aug 17 19:49:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0afd6d888be1168b16b6916ada550227860912bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4b:15:b3:a3:70:d6:1c:af:c3:95:02:fd:ab:
                    f6:23:dd:e5:38:94:fa:22:d9:9d:3a:37:36:8f:ed:
                    f9:f8:51:fe:49:79:30:42:fd:2e:cc:01:c9:11:97:
                    ee:5b:39:75:b5:1d:34:98:1a:bf:c5:c1:f4:27:a8:
                    47:95:20:e6:b3:b8:40:94:59:70:8c:77:c5:04:02:
                    b9:1e:e8:e8:1b:88:5d:bb:a0:60:67:98:ec:62:49:
                    2e:eb:c2:a7:b3:d1:ff:78:7c:52:2f:73:0a:35:98:
                    e6:7b:5d:2f:7b:93:50:40:36:ce:3b:91:1a:75:ad:
                    21:cc:d9:5b:be:a0:bc:89:37:72:53:a8:e4:c6:25:
                    4e:be:3d:c9:ae:e5:c4:16:99:0f:85:23:8a:9a:d3:
                    b0:35:9d:a7:12:a2:00:c6:64:ca:9e:d1:2e:48:87:
                    ac:dd:78:0b:27:5d:1b:86:1f:1a:0d:f9:9d:65:cc:
                    20:14:16:9b:d3:e2:b6:f1:12:bc:d6:ee:c1:8e:67:
                    62:a2:c3:40:10:4d:9c:97:f2:3d:a8:a2:e6:13:fb:
                    3c:60:a1:a5:37:8b:7f:52:95:9a:5b:f6:45:be:16:
                    10:36:69:4c:cb:fd:88:fd:b5:bc:3e:15:f1:34:cf:
                    29:45:db:e8:96:38:bf:e7:c4:8b:61:92:ac:4e:2b:
                    8c:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:FD:6D:88:8B:E1:16:8B:16:B6:91:6A:DA:55:02:27:86:09:12:BD
            X509v3 Authority Key Identifier:
                keyid:3E:A1:8C:91:B2:BE:28:A0:74:B9:A3:87:4A:90:B4:46:01:3C:E1:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PqGMkbK-KKB0uaOHSpC0RgE84b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/ca3649-c29f-4e90-8822-bc65ef6b27b6/1/Cv1tiIvhFosWtpFq2lUCJ4YJEr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/ca3649-c29f-4e90-8822-bc65ef6b27b6/1/PqGMkbK-KKB0uaOHSpC0RgE84b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:4b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:14:ed:93:98:1c:59:25:29:14:85:b2:9b:90:a9:2a:c3:37:
         f0:a4:b4:cb:43:11:76:c6:c7:8c:b5:7f:5e:58:5c:d9:8b:e3:
         f4:fc:d2:46:bd:99:8f:21:91:00:9c:33:57:c7:30:3c:6d:4d:
         1d:ab:63:15:36:cb:ff:2f:b6:f7:41:52:17:9a:4d:5f:d6:6b:
         3a:f7:d1:94:a8:c6:64:d3:b3:92:d6:7e:73:85:87:09:96:6d:
         df:cf:41:74:4c:99:54:8a:b7:d6:53:67:4b:c0:47:77:de:c8:
         a2:87:c8:b5:a7:e6:51:0b:8b:2b:53:bd:42:bd:c9:33:f4:a2:
         6f:94:2b:a2:ad:99:8a:2a:b2:67:82:7a:1d:c9:e3:86:a7:c6:
         ad:98:01:b5:4d:02:7c:b0:71:22:c7:45:1f:77:ff:80:ba:97:
         81:fb:0a:36:66:b5:29:62:4f:12:1a:39:d6:e7:28:21:de:1a:
         88:ad:cd:d4:e5:0c:88:5f:05:54:b2:0c:ba:03:2c:92:7a:01:
         65:7d:4d:54:b5:ba:b4:8b:00:c3:ed:3e:49:1f:40:60:e7:b9:
         71:02:08:61:c9:2c:4f:51:ce:85:c9:71:46:10:7c:a3:b1:34:
         20:00:b5:5f:0d:88:38:96:8d:50:92:24:7a:d3:a9:97:75:96:
         87:0b:4a:d3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZFh4ykb9kxx0pf3o6ZUefnRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYTE4YzkxYjJiZTI4YTA3NGI5YTM4NzRhOTBiNDQ2MDEz
Y2UxYmUwHhcNMjQwODE3MTk0OTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWZkNmQ4ODhiZTExNjhiMTZiNjkxNmFkYTU1MDIyNzg2MDkxMmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlksVs6Nw1hyvw5UC/av2I93lOJT6
ItmdOjc2j+35+FH+SXkwQv0uzAHJEZfuWzl1tR00mBq/xcH0J6hHlSDms7hAlFlw
jHfFBAK5HujoG4hdu6BgZ5jsYkku68Kns9H/eHxSL3MKNZjme10ve5NQQDbOO5Ea
da0hzNlbvqC8iTdyU6jkxiVOvj3JruXEFpkPhSOKmtOwNZ2nEqIAxmTKntEuSIes
3XgLJ10bhh8aDfmdZcwgFBab0+K28RK81u7BjmdiosNAEE2cl/I9qKLmE/s8YKGl
N4t/UpWaW/ZFvhYQNmlMy/2I/bW8PhXxNM8pRdvolji/58SLYZKsTiuMYQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAr9bYiL4RaLFraRatpVAieGCRK9MB8GA1UdIwQY
MBaAFD6hjJGyviigdLmjh0qQtEYBPOG+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHFHTWtiSy1LS0IwdWFPSFNwQzBSZ0U4NGI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9jYTM2NDktYzI5Zi00ZTkwLTg4MjIt
YmM2NWVmNmIyN2I2LzEvQ3YxdGlJdmhGb3NXdHBGcTJsVUNKNFlKRXIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9jYTM2NDktYzI5Zi00ZTkwLTg4MjItYmM2NWVmNmIyN2I2
LzEvUHFHTWtiSy1LS0IwdWFPSFNwQzBSZ0U4NGI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfASw
MA0GCSqGSIb3DQEBCwUAA4IBAQBNFO2TmBxZJSkUhbKbkKkqwzfwpLTLQxF2xseM
tX9eWFzZi+P0/NJGvZmPIZEAnDNXxzA8bU0dq2MVNsv/L7b3QVIXmk1f1ms699GU
qMZk07OS1n5zhYcJlm3fz0F0TJlUirfWU2dLwEd33siih8i1p+ZRC4srU71Cvckz
9KJvlCuirZmKKrJngnodyeOGp8atmAG1TQJ8sHEix0Ufd/+AupeB+wo2ZrUpYk8S
GjnW5ygh3hqIrc3U5QyIXwVUsgy6AyySegFlfU1Utbq0iwDD7T5JH0Bg57lxAghh
ySxPUc6FyXFGEHyjsTQgALVfDYg4lo1QkiR606mXdZaHC0rT
-----END CERTIFICATE-----