Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/b29205-0777-4eb0-8c13-3bc5dde542c3/1/0-kCwIhypmwQYcnOqFPbLcJdoc0.roa
File:                     0-kCwIhypmwQYcnOqFPbLcJdoc0.roa (raw, json)
Hash identifier:          bjvj8K0KnTh98e+Kh1W6aQlRDM0DdUGlc4lzCKLvYBA=
Subject key identifier:   D3:E9:02:C0:88:72:A6:6C:10:61:C9:CE:A8:53:DB:2D:C2:5D:A1:CD
Certificate issuer:       /CN=2460cb74d019824c34b223aed4c709a857b2c606
Certificate serial:       018FCAE66492FFF3C8A27E1C32002D2265C8
Authority key identifier: 24:60:CB:74:D0:19:82:4C:34:B2:23:AE:D4:C7:09:A8:57:B2:C6:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JGDLdNAZgkw0siOu1McJqFeyxgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/b29205-0777-4eb0-8c13-3bc5dde542c3/1/0-kCwIhypmwQYcnOqFPbLcJdoc0.roa
Signing time:             Thu 30 May 2024 19:07:27 +0000
ROA not before:           Thu 30 May 2024 19:07:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214810
IP address blocks:        2001:67c:27bc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/b29205-0777-4eb0-8c13-3bc5dde542c3/1/JGDLdNAZgkw0siOu1McJqFeyxgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/b29205-0777-4eb0-8c13-3bc5dde542c3/1/JGDLdNAZgkw0siOu1McJqFeyxgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JGDLdNAZgkw0siOu1McJqFeyxgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 10:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ca:e6:64:92:ff:f3:c8:a2:7e:1c:32:00:2d:22:65:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2460cb74d019824c34b223aed4c709a857b2c606
        Validity
            Not Before: May 30 19:07:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3e902c08872a66c1061c9cea853db2dc25da1cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:9b:b6:d7:87:60:ce:88:a9:87:7d:93:ae:d5:
                    58:b2:fc:f9:78:a8:c7:94:33:32:20:38:66:18:8e:
                    55:41:62:7f:ef:b5:3c:49:28:dc:d1:1e:ed:af:a3:
                    ee:69:3f:c1:5e:cf:4c:ee:a9:74:11:a6:3c:e9:d4:
                    46:f9:99:9e:4f:a7:12:cf:d2:6e:dd:16:8b:e5:f1:
                    52:4f:bb:0b:08:06:17:62:35:b1:9b:23:d7:57:2e:
                    00:e0:79:2c:d1:0b:d8:4e:e9:fa:7b:dd:fb:75:d0:
                    1c:e2:08:e7:59:d8:d5:90:82:a8:71:7d:59:39:c1:
                    56:1f:36:52:29:c6:6c:a8:62:36:3a:03:a0:dc:5b:
                    a9:f1:6d:ef:cf:69:e2:31:58:23:e3:d0:01:09:3d:
                    c4:57:05:ee:b9:96:87:a7:fb:8c:9a:f7:2a:a8:86:
                    33:ee:9e:04:2b:84:c2:bb:af:b1:74:0b:f1:86:7a:
                    40:2e:d1:f2:6d:df:3c:59:4e:19:e8:6c:07:1a:77:
                    36:42:a4:09:38:73:db:89:9e:12:70:2d:fa:03:c7:
                    6e:3f:2e:9d:a8:13:53:a4:2d:a6:51:d0:3a:ec:d6:
                    90:2d:93:7e:7d:81:ee:9b:7f:36:bc:82:c3:95:73:
                    23:78:51:0f:f2:ff:3b:08:71:bb:6c:60:42:fc:a0:
                    bd:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:E9:02:C0:88:72:A6:6C:10:61:C9:CE:A8:53:DB:2D:C2:5D:A1:CD
            X509v3 Authority Key Identifier:
                keyid:24:60:CB:74:D0:19:82:4C:34:B2:23:AE:D4:C7:09:A8:57:B2:C6:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JGDLdNAZgkw0siOu1McJqFeyxgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/b29205-0777-4eb0-8c13-3bc5dde542c3/1/0-kCwIhypmwQYcnOqFPbLcJdoc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/b29205-0777-4eb0-8c13-3bc5dde542c3/1/JGDLdNAZgkw0siOu1McJqFeyxgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:27bc::/48

    Signature Algorithm: sha256WithRSAEncryption
         d3:fc:64:81:a4:76:b0:7b:ce:09:1a:a5:d9:d1:87:64:79:be:
         b5:f3:0c:b8:e7:78:dd:3d:c7:8c:16:d7:3c:9d:83:ec:51:e8:
         ab:08:c8:97:98:12:90:11:4b:44:af:ed:92:a5:e5:0e:1a:10:
         a2:ab:ab:e4:5b:84:c2:06:9c:a4:46:ab:59:a9:d9:5c:bc:9b:
         e4:a0:97:e1:a2:51:cc:dc:5c:55:01:cf:88:6a:81:62:aa:cc:
         27:a0:24:80:30:c4:77:d4:e2:52:be:10:1d:4e:48:ad:3f:a5:
         3a:cb:e6:e7:82:a3:e2:05:f8:e6:8b:64:3d:53:3b:2b:38:c6:
         08:a6:6c:2e:b6:50:df:0b:1a:d7:30:ba:05:19:e8:8e:69:d6:
         da:d3:08:d2:63:d0:99:75:65:90:20:8d:b5:41:a9:6f:e1:91:
         e2:df:6d:5d:1b:7a:5e:20:c4:da:07:e3:24:13:8d:c5:b8:30:
         80:06:4c:69:f1:4e:47:4e:10:50:c2:23:10:77:dc:de:90:d6:
         ae:2e:4d:18:c7:7e:23:96:79:c3:d5:d9:c0:f0:92:68:20:97:
         3a:80:c3:34:35:f1:05:0c:76:02:19:e8:39:25:e5:19:3d:03:
         50:30:35:1b:eb:36:91:d1:b9:d5:9b:26:eb:5b:b0:65:f2:92:
         7f:1e:ab:5d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY/K5mSS//PIon4cMgAtImXIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NjBjYjc0ZDAxOTgyNGMzNGIyMjNhZWQ0YzcwOWE4NTdi
MmM2MDYwHhcNMjQwNTMwMTkwNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2U5MDJjMDg4NzJhNjZjMTA2MWM5Y2VhODUzZGIyZGMyNWRhMWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5u214dgzoiph32TrtVYsvz5eKjH
lDMyIDhmGI5VQWJ/77U8SSjc0R7tr6PuaT/BXs9M7ql0EaY86dRG+ZmeT6cSz9Ju
3RaL5fFST7sLCAYXYjWxmyPXVy4A4Hks0QvYTun6e937ddAc4gjnWdjVkIKocX1Z
OcFWHzZSKcZsqGI2OgOg3Fup8W3vz2niMVgj49ABCT3EVwXuuZaHp/uMmvcqqIYz
7p4EK4TCu6+xdAvxhnpALtHybd88WU4Z6GwHGnc2QqQJOHPbiZ4ScC36A8duPy6d
qBNTpC2mUdA67NaQLZN+fYHum382vILDlXMjeFEP8v87CHG7bGBC/KC98QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNPpAsCIcqZsEGHJzqhT2y3CXaHNMB8GA1UdIwQY
MBaAFCRgy3TQGYJMNLIjrtTHCahXssYGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkdETGROQVpna3cwc2lPdTFNY0pxRmV5eGdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9iMjkyMDUtMDc3Ny00ZWIwLThjMTMt
M2JjNWRkZTU0MmMzLzEvMC1rQ3dJaHlwbXdRWWNuT3FGUGJMY0pkb2MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9iMjkyMDUtMDc3Ny00ZWIwLThjMTMtM2JjNWRkZTU0MmMz
LzEvSkdETGROQVpna3cwc2lPdTFNY0pxRmV5eGdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCe8
MA0GCSqGSIb3DQEBCwUAA4IBAQDT/GSBpHawe84JGqXZ0Ydkeb618wy453jdPceM
Ftc8nYPsUeirCMiXmBKQEUtEr+2SpeUOGhCiq6vkW4TCBpykRqtZqdlcvJvkoJfh
olHM3FxVAc+IaoFiqswnoCSAMMR31OJSvhAdTkitP6U6y+bngqPiBfjmi2Q9Uzsr
OMYIpmwutlDfCxrXMLoFGeiOadba0wjSY9CZdWWQII21Qalv4ZHi321dG3peIMTa
B+MkE43FuDCABkxp8U5HThBQwiMQd9zekNauLk0Yx34jlnnD1dnA8JJoIJc6gMM0
NfEFDHYCGeg5JeUZPQNQMDUb6zaR0bnVmybrW7Bl8pJ/Hqtd
-----END CERTIFICATE-----