Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/65f882-ca21-4b73-b8e9-f09209b478cf/1/KvIrK-yiTycFjhVnWB5WI3zYDpw.roa
File:                     KvIrK-yiTycFjhVnWB5WI3zYDpw.roa (raw, json)
Hash identifier:          KwBIc1BMzxQ+cAE4JsfD//IbMPActQH0uPth6ibpw4w=
Subject key identifier:   2A:F2:2B:2B:EC:A2:4F:27:05:8E:15:67:58:1E:56:23:7C:D8:0E:9C
Certificate issuer:       /CN=6f6b8950484b9ef43fbf98d39fe9f8ac5e837b78
Certificate serial:       018CC72774195D05930226F12633DD255EE5
Authority key identifier: 6F:6B:89:50:48:4B:9E:F4:3F:BF:98:D3:9F:E9:F8:AC:5E:83:7B:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b2uJUEhLnvQ_v5jTn-n4rF6De3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/65f882-ca21-4b73-b8e9-f09209b478cf/1/KvIrK-yiTycFjhVnWB5WI3zYDpw.roa
Signing time:             Mon 01 Jan 2024 22:31:40 +0000
ROA not before:           Mon 01 Jan 2024 22:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208812
IP address blocks:        2001:67c:2bbc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/65f882-ca21-4b73-b8e9-f09209b478cf/1/b2uJUEhLnvQ_v5jTn-n4rF6De3g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/65f882-ca21-4b73-b8e9-f09209b478cf/1/b2uJUEhLnvQ_v5jTn-n4rF6De3g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b2uJUEhLnvQ_v5jTn-n4rF6De3g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:74:19:5d:05:93:02:26:f1:26:33:dd:25:5e:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f6b8950484b9ef43fbf98d39fe9f8ac5e837b78
        Validity
            Not Before: Jan  1 22:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2af22b2beca24f27058e1567581e56237cd80e9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:95:ff:d6:4c:e4:a1:64:d4:b6:e3:98:a2:d5:
                    53:91:8a:a2:f2:7f:63:b2:24:6b:ce:18:96:79:fc:
                    37:42:d8:86:c9:34:70:96:62:89:fe:f0:34:ca:9b:
                    07:4d:58:5a:4f:39:1d:d4:bf:e6:dd:de:58:7b:f8:
                    fb:6f:5a:ea:c7:8d:cf:5b:fa:79:bc:48:9b:f9:ae:
                    58:06:d0:d4:ea:08:51:c8:62:38:91:9d:81:b4:3f:
                    c7:ae:bb:96:da:8b:07:0c:aa:60:58:ff:ff:d3:1c:
                    4c:37:73:bd:ad:a5:0b:e3:0b:b4:96:02:a9:a7:bc:
                    67:f1:24:58:4e:a8:2c:f4:c5:6c:5c:4a:ad:b5:32:
                    36:48:a0:61:31:a8:10:05:6e:c2:be:c9:a9:60:03:
                    2d:13:46:27:ba:70:cd:62:f9:e3:2f:8c:ed:dd:ad:
                    30:a2:f3:31:d7:34:63:bd:9f:d7:2b:01:a5:56:85:
                    c6:7d:ce:59:bf:25:b9:25:7d:60:25:82:db:6d:ad:
                    54:07:8e:28:50:80:96:71:cd:ca:f3:b1:63:1c:0b:
                    2d:58:0b:c5:71:dc:8d:fb:d6:c6:55:00:3f:94:d4:
                    4d:fd:a1:60:fc:5a:b4:7e:24:2c:cf:60:ba:33:f3:
                    ca:c8:76:85:a9:13:fd:29:4b:90:91:4d:47:cc:20:
                    da:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:F2:2B:2B:EC:A2:4F:27:05:8E:15:67:58:1E:56:23:7C:D8:0E:9C
            X509v3 Authority Key Identifier:
                keyid:6F:6B:89:50:48:4B:9E:F4:3F:BF:98:D3:9F:E9:F8:AC:5E:83:7B:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2uJUEhLnvQ_v5jTn-n4rF6De3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/65f882-ca21-4b73-b8e9-f09209b478cf/1/KvIrK-yiTycFjhVnWB5WI3zYDpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/65f882-ca21-4b73-b8e9-f09209b478cf/1/b2uJUEhLnvQ_v5jTn-n4rF6De3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2bbc::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:25:8d:63:10:0a:bd:2b:d0:1d:f2:18:9b:0c:94:02:32:e7:
         78:4e:81:d3:2c:2f:87:19:79:0f:4d:d1:ca:82:d3:3e:19:11:
         ef:b2:bd:b6:68:e0:3a:f2:0e:34:9c:78:b9:74:c0:7f:04:8d:
         a8:35:65:9d:99:67:2b:c7:32:d6:d3:c4:73:14:97:67:b5:af:
         af:b2:53:dc:c2:da:86:8e:d5:33:c2:a4:17:63:5d:61:00:50:
         42:38:d0:c8:43:91:12:ab:78:20:53:f1:df:b6:ff:7f:97:0d:
         25:34:47:a0:48:2d:1b:d4:60:fc:fa:94:4a:99:3a:50:c5:0d:
         b8:4d:fe:a1:4e:85:61:57:cf:5f:6e:bd:b4:10:37:7c:02:bc:
         f2:3c:12:6a:26:1f:d8:a0:1d:b0:36:bc:72:d4:42:24:82:5a:
         e3:0b:00:97:05:1f:23:ff:32:f6:0d:de:33:e1:5d:83:88:29:
         79:f6:48:a2:58:a6:36:c7:92:89:03:dc:81:15:cb:7f:65:3f:
         e5:01:fc:71:25:86:2b:67:78:4d:89:a9:a9:77:61:5e:4d:61:
         76:06:9a:fe:e9:e1:4d:87:fa:12:68:2d:24:15:90:d6:a4:0c:
         e7:15:2b:d5:53:56:e1:9f:6c:5d:2a:66:8e:43:a9:2e:23:75:
         f4:96:3a:37
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJ3QZXQWTAibxJjPdJV7lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNmI4OTUwNDg0YjllZjQzZmJmOThkMzlmZTlmOGFjNWU4
MzdiNzgwHhcNMjQwMTAxMjIzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWYyMmIyYmVjYTI0ZjI3MDU4ZTE1Njc1ODFlNTYyMzdjZDgwZTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZX/1kzkoWTUtuOYotVTkYqi8n9j
siRrzhiWefw3QtiGyTRwlmKJ/vA0ypsHTVhaTzkd1L/m3d5Ye/j7b1rqx43PW/p5
vEib+a5YBtDU6ghRyGI4kZ2BtD/HrruW2osHDKpgWP//0xxMN3O9raUL4wu0lgKp
p7xn8SRYTqgs9MVsXEqttTI2SKBhMagQBW7CvsmpYAMtE0YnunDNYvnjL4zt3a0w
ovMx1zRjvZ/XKwGlVoXGfc5ZvyW5JX1gJYLbba1UB44oUICWcc3K87FjHAstWAvF
cdyN+9bGVQA/lNRN/aFg/Fq0fiQsz2C6M/PKyHaFqRP9KUuQkU1HzCDatwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCryKyvsok8nBY4VZ1geViN82A6cMB8GA1UdIwQY
MBaAFG9riVBIS570P7+Y05/p+Kxeg3t4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjJ1SlVFaExudlFfdjVqVG4tbjRyRjZEZTNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC82NWY4ODItY2EyMS00YjczLWI4ZTkt
ZjA5MjA5YjQ3OGNmLzEvS3ZJcksteWlUeWNGamhWbldCNVdJM3pZRHB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC82NWY4ODItY2EyMS00YjczLWI4ZTktZjA5MjA5YjQ3OGNm
LzEvYjJ1SlVFaExudlFfdjVqVG4tbjRyRjZEZTNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCu8
MA0GCSqGSIb3DQEBCwUAA4IBAQAgJY1jEAq9K9Ad8hibDJQCMud4ToHTLC+HGXkP
TdHKgtM+GRHvsr22aOA68g40nHi5dMB/BI2oNWWdmWcrxzLW08RzFJdnta+vslPc
wtqGjtUzwqQXY11hAFBCONDIQ5ESq3ggU/Hftv9/lw0lNEegSC0b1GD8+pRKmTpQ
xQ24Tf6hToVhV89fbr20EDd8ArzyPBJqJh/YoB2wNrxy1EIkglrjCwCXBR8j/zL2
Dd4z4V2DiCl59kiiWKY2x5KJA9yBFct/ZT/lAfxxJYYrZ3hNiampd2FeTWF2Bpr+
6eFNh/oSaC0kFZDWpAznFSvVU1bhn2xdKmaOQ6kuI3X0ljo3
-----END CERTIFICATE-----