Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/c66bc8-f206-43d0-94be-18aadd659566/1/f3ZeD7EhogwgemNEee2zKsOUNo0.roa
File:                     f3ZeD7EhogwgemNEee2zKsOUNo0.roa (raw, json)
Hash identifier:          oGGLrJx1vlTbHjPX9OXV9yW2nMf1cwcVWE5q5STK/Ek=
Subject key identifier:   7F:76:5E:0F:B1:21:A2:0C:20:7A:63:44:79:ED:B3:2A:C3:94:36:8D
Certificate issuer:       /CN=320e7c0ceb4ba2a6f4b96fc4bae1abb853035aba
Certificate serial:       018CC2DB1A2E8820B22E07CC9171B1282689
Authority key identifier: 32:0E:7C:0C:EB:4B:A2:A6:F4:B9:6F:C4:BA:E1:AB:B8:53:03:5A:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mg58DOtLoqb0uW_EuuGruFMDWro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/c66bc8-f206-43d0-94be-18aadd659566/1/f3ZeD7EhogwgemNEee2zKsOUNo0.roa
Signing time:             Mon 01 Jan 2024 02:29:48 +0000
ROA not before:           Mon 01 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51942
IP address blocks:        2001:67c:648::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/c66bc8-f206-43d0-94be-18aadd659566/1/Mg58DOtLoqb0uW_EuuGruFMDWro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/c66bc8-f206-43d0-94be-18aadd659566/1/Mg58DOtLoqb0uW_EuuGruFMDWro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mg58DOtLoqb0uW_EuuGruFMDWro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1a:2e:88:20:b2:2e:07:cc:91:71:b1:28:26:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=320e7c0ceb4ba2a6f4b96fc4bae1abb853035aba
        Validity
            Not Before: Jan  1 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f765e0fb121a20c207a634479edb32ac394368d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:15:3f:34:c0:29:e7:cc:28:52:22:7f:c2:14:
                    99:1f:b6:30:f1:2d:46:76:c7:e0:a7:0d:4f:b4:a8:
                    eb:7e:f3:26:14:f4:50:ad:c7:0b:c6:de:bf:fd:58:
                    f7:d3:ac:1e:b7:b5:bc:ab:40:63:7c:1c:b1:a9:01:
                    0b:5b:33:f7:ce:52:4c:46:d7:0c:9e:eb:89:46:fc:
                    b6:03:9d:ac:05:1b:cb:18:ec:24:49:85:94:c8:aa:
                    61:8d:d5:77:8b:3c:0e:90:72:1e:8e:9a:50:25:13:
                    7b:ce:4f:2d:e7:9c:41:f4:92:3c:dc:7c:6d:10:20:
                    7e:5f:77:8a:43:a2:c6:e3:7b:4c:d4:6b:1c:a2:72:
                    a7:ee:89:a2:40:8a:49:a4:b7:ab:f4:b8:24:71:73:
                    f7:5a:cf:60:e8:5f:9e:a6:95:02:d2:8e:75:78:9b:
                    5e:02:da:7e:60:0f:5c:4f:52:69:d1:08:4a:7c:c9:
                    20:fd:fe:9d:68:1e:5e:8f:e4:9e:7c:7e:48:fe:fb:
                    19:26:ab:08:7f:8f:db:0c:f4:30:68:93:8e:75:37:
                    dd:8a:0c:57:b0:22:61:44:77:91:e6:ef:3f:0f:50:
                    3b:a8:6f:6e:e7:fd:cf:2d:ba:b6:8a:fe:f7:63:99:
                    d1:f4:29:94:ad:49:c4:fa:cd:dd:96:53:b2:4a:bc:
                    93:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:76:5E:0F:B1:21:A2:0C:20:7A:63:44:79:ED:B3:2A:C3:94:36:8D
            X509v3 Authority Key Identifier:
                keyid:32:0E:7C:0C:EB:4B:A2:A6:F4:B9:6F:C4:BA:E1:AB:B8:53:03:5A:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mg58DOtLoqb0uW_EuuGruFMDWro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/c66bc8-f206-43d0-94be-18aadd659566/1/f3ZeD7EhogwgemNEee2zKsOUNo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/c66bc8-f206-43d0-94be-18aadd659566/1/Mg58DOtLoqb0uW_EuuGruFMDWro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:648::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:e7:a7:d9:35:c0:61:5e:25:06:d9:26:b1:3c:7b:c0:13:b3:
         c4:df:9d:d4:eb:9c:d9:ac:e4:a5:ba:a8:8a:ea:9c:93:1f:62:
         64:09:73:1f:e1:55:d0:87:a3:78:70:65:70:2c:0f:7d:3c:89:
         5b:b0:b2:92:63:5b:0c:3f:80:b3:59:63:c8:9f:d7:a7:05:71:
         a7:67:65:ac:dc:de:74:4c:a8:51:66:c9:53:5e:78:e3:ab:f7:
         73:8a:94:08:47:8b:20:f8:6d:38:8b:47:bb:c0:a4:1d:43:5c:
         b5:92:f8:2b:d0:9c:ca:71:d3:6c:73:ed:bf:70:c6:02:c3:de:
         10:f2:61:b0:fe:54:b0:cc:04:c6:a5:9b:70:6c:5f:86:6b:cc:
         a7:18:5f:e7:d5:98:46:e6:8d:9e:91:50:e7:d3:6e:01:f8:b6:
         22:0b:58:c2:b3:d9:5c:22:ff:30:2c:4d:d9:35:98:14:a6:4a:
         58:e8:7e:e5:b7:6f:ae:ee:37:09:07:86:9d:4d:80:97:cf:8c:
         37:97:66:f0:cc:c1:6e:46:3d:02:24:75:cd:70:25:66:11:80:
         0b:cf:ab:b0:af:b7:a3:5b:56:62:56:70:c9:25:dd:c1:f8:1e:
         84:e0:34:8f:88:06:35:54:63:8e:5d:c7:e2:50:b1:fe:ca:b2:
         fc:24:41:2b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2xouiCCyLgfMkXGxKCaJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMGU3YzBjZWI0YmEyYTZmNGI5NmZjNGJhZTFhYmI4NTMw
MzVhYmEwHhcNMjQwMTAxMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Zjc2NWUwZmIxMjFhMjBjMjA3YTYzNDQ3OWVkYjMyYWMzOTQzNjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixU/NMAp58woUiJ/whSZH7Yw8S1G
dsfgpw1PtKjrfvMmFPRQrccLxt6//Vj306wet7W8q0BjfByxqQELWzP3zlJMRtcM
nuuJRvy2A52sBRvLGOwkSYWUyKphjdV3izwOkHIejppQJRN7zk8t55xB9JI83Hxt
ECB+X3eKQ6LG43tM1GsconKn7omiQIpJpLer9LgkcXP3Ws9g6F+eppUC0o51eJte
Atp+YA9cT1Jp0QhKfMkg/f6daB5ej+SefH5I/vsZJqsIf4/bDPQwaJOOdTfdigxX
sCJhRHeR5u8/D1A7qG9u5/3PLbq2iv73Y5nR9CmUrUnE+s3dllOySryTJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH92Xg+xIaIMIHpjRHntsyrDlDaNMB8GA1UdIwQY
MBaAFDIOfAzrS6Km9LlvxLrhq7hTA1q6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWc1OERPdExvcWIwdVdfRXV1R3J1Rk1EV3JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9jNjZiYzgtZjIwNi00M2QwLTk0YmUt
MThhYWRkNjU5NTY2LzEvZjNaZUQ3RWhvZ3dnZW1ORWVlMnpLc09VTm8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9jNjZiYzgtZjIwNi00M2QwLTk0YmUtMThhYWRkNjU5NTY2
LzEvTWc1OERPdExvcWIwdVdfRXV1R3J1Rk1EV3JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAZI
MA0GCSqGSIb3DQEBCwUAA4IBAQCv56fZNcBhXiUG2SaxPHvAE7PE353U65zZrOSl
uqiK6pyTH2JkCXMf4VXQh6N4cGVwLA99PIlbsLKSY1sMP4CzWWPIn9enBXGnZ2Ws
3N50TKhRZslTXnjjq/dzipQIR4sg+G04i0e7wKQdQ1y1kvgr0JzKcdNsc+2/cMYC
w94Q8mGw/lSwzATGpZtwbF+Ga8ynGF/n1ZhG5o2ekVDn024B+LYiC1jCs9lcIv8w
LE3ZNZgUpkpY6H7lt2+u7jcJB4adTYCXz4w3l2bwzMFuRj0CJHXNcCVmEYALz6uw
r7ejW1ZiVnDJJd3B+B6E4DSPiAY1VGOOXcfiULH+yrL8JEEr
-----END CERTIFICATE-----