Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/OX_G3WyeZWwDDZJnwVZpY0uZido.roa
File:                     OX_G3WyeZWwDDZJnwVZpY0uZido.roa (raw, json)
Hash identifier:          KTwW6CkvOOE+KHbfV74pJu+g+UMTKesrxiNMa8wRLy0=
Subject key identifier:   39:7F:C6:DD:6C:9E:65:6C:03:0D:92:67:C1:56:69:63:4B:99:89:DA
Certificate issuer:       /CN=7657211f8a66561b5770ff19b471aef511e83778
Certificate serial:       0191D0003EB95135A07B472FC00E0235F57C
Authority key identifier: 76:57:21:1F:8A:66:56:1B:57:70:FF:19:B4:71:AE:F5:11:E8:37:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dlchH4pmVhtXcP8ZtHGu9RHoN3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/OX_G3WyeZWwDDZJnwVZpY0uZido.roa
Signing time:             Sun 08 Sep 2024 04:59:22 +0000
ROA not before:           Sun 08 Sep 2024 04:59:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214998
IP address blocks:        2001:67c:e8c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/dlchH4pmVhtXcP8ZtHGu9RHoN3g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/dlchH4pmVhtXcP8ZtHGu9RHoN3g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dlchH4pmVhtXcP8ZtHGu9RHoN3g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d0:00:3e:b9:51:35:a0:7b:47:2f:c0:0e:02:35:f5:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7657211f8a66561b5770ff19b471aef511e83778
        Validity
            Not Before: Sep  8 04:59:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=397fc6dd6c9e656c030d9267c15669634b9989da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b6:1b:e9:a0:33:2c:70:db:14:d8:9f:05:b1:
                    9b:70:95:4c:49:44:3a:26:5f:55:2d:05:64:54:b0:
                    b3:8b:f7:b1:75:38:b4:a1:4f:7c:10:0e:bc:cd:51:
                    c8:36:e6:fa:01:f7:3e:f9:c2:97:47:e4:2d:03:bd:
                    a8:c2:dc:71:16:b8:ed:0a:c8:f9:d5:5e:e4:c1:2a:
                    4a:73:52:3d:d7:a6:b2:79:21:e5:e3:04:7c:aa:5a:
                    1d:f1:c7:9d:fa:f9:e1:e1:7f:b4:07:a8:b9:a3:43:
                    a4:13:d6:a6:0d:b9:6c:6d:0d:54:f0:08:3e:f5:d8:
                    01:46:84:8f:a4:3b:11:e2:ee:62:87:83:c1:f0:1f:
                    89:99:1f:ea:40:63:61:78:59:14:f9:ed:ce:34:1d:
                    e7:a9:19:b3:18:70:5f:07:79:a4:d8:1e:98:fd:c3:
                    ae:a1:16:fd:45:42:ac:19:cf:68:cb:ed:54:c3:aa:
                    0a:5b:37:f6:66:e9:5a:01:88:b1:7c:e7:42:d3:11:
                    14:6c:2d:7b:43:fb:05:58:43:cd:68:d2:06:b1:e7:
                    38:8a:4f:49:54:cf:2c:9f:37:e0:98:5b:df:ed:44:
                    f7:fb:25:a9:2e:19:1b:ed:0e:f9:e2:5b:97:f9:ee:
                    8a:bd:9b:d1:92:2b:bf:57:ff:3d:48:bd:76:93:1e:
                    d9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:7F:C6:DD:6C:9E:65:6C:03:0D:92:67:C1:56:69:63:4B:99:89:DA
            X509v3 Authority Key Identifier:
                keyid:76:57:21:1F:8A:66:56:1B:57:70:FF:19:B4:71:AE:F5:11:E8:37:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dlchH4pmVhtXcP8ZtHGu9RHoN3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/OX_G3WyeZWwDDZJnwVZpY0uZido.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1e06be-4511-45fc-8949-7431d689a8e8/1/dlchH4pmVhtXcP8ZtHGu9RHoN3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e8c::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:b0:d7:f6:aa:5b:8b:21:0c:a7:64:a6:d1:5c:5b:bd:71:91:
         cb:96:6a:db:e9:d6:30:bf:ea:a1:6e:5a:8c:84:e4:53:17:2e:
         7d:1f:da:07:59:8d:87:dd:bf:ac:70:75:9b:b3:96:1b:50:3b:
         06:14:d2:c2:58:49:06:40:7b:6f:6c:af:9c:d3:c3:08:2e:a9:
         3d:c1:a2:40:5b:13:29:4c:97:31:ec:5f:4e:c0:08:29:9d:b6:
         60:08:22:dc:42:0e:e4:9e:c7:5b:79:72:5a:27:90:cb:a6:d7:
         4e:59:0c:77:c1:ea:81:0e:01:1f:a2:b1:93:4b:29:60:a8:18:
         c5:b1:be:aa:b2:6a:72:71:a6:c9:ee:94:d1:d6:2c:ab:1f:02:
         19:00:c8:44:dd:4a:91:b4:35:11:3f:ac:af:e1:90:20:ca:1b:
         13:54:32:17:30:18:5f:3d:a3:7b:cb:cc:c5:71:da:73:4c:0a:
         90:18:de:d6:46:31:bc:97:90:93:c5:24:c2:4a:8a:63:37:2f:
         4c:78:20:3c:9e:9a:8c:72:f4:e6:c3:5d:43:88:cd:3c:48:d9:
         49:a2:a2:f3:4a:97:9d:cc:15:84:6a:80:74:7e:e1:68:15:59:
         f8:c4:5c:76:27:69:97:09:56:d2:19:99:f9:f1:f6:48:62:28:
         7e:42:c2:03
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZHQAD65UTWge0cvwA4CNfV8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NTcyMTFmOGE2NjU2MWI1NzcwZmYxOWI0NzFhZWY1MTFl
ODM3NzgwHhcNMjQwOTA4MDQ1OTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTdmYzZkZDZjOWU2NTZjMDMwZDkyNjdjMTU2Njk2MzRiOTk4OWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubYb6aAzLHDbFNifBbGbcJVMSUQ6
Jl9VLQVkVLCzi/exdTi0oU98EA68zVHINub6Afc++cKXR+QtA72owtxxFrjtCsj5
1V7kwSpKc1I916ayeSHl4wR8qlod8ced+vnh4X+0B6i5o0OkE9amDblsbQ1U8Ag+
9dgBRoSPpDsR4u5ih4PB8B+JmR/qQGNheFkU+e3ONB3nqRmzGHBfB3mk2B6Y/cOu
oRb9RUKsGc9oy+1Uw6oKWzf2ZulaAYixfOdC0xEUbC17Q/sFWEPNaNIGsec4ik9J
VM8snzfgmFvf7UT3+yWpLhkb7Q754luX+e6KvZvRkiu/V/89SL12kx7ZNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDl/xt1snmVsAw2SZ8FWaWNLmYnaMB8GA1UdIwQY
MBaAFHZXIR+KZlYbV3D/GbRxrvUR6Dd4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGxjaEg0cG1WaHRYY1A4WnRIR3U5UkhvTjNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8xZTA2YmUtNDUxMS00NWZjLTg5NDkt
NzQzMWQ2ODlhOGU4LzEvT1hfRzNXeWVaV3dERFpKbndWWnBZMHVaaWRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8xZTA2YmUtNDUxMS00NWZjLTg5NDktNzQzMWQ2ODlhOGU4
LzEvZGxjaEg0cG1WaHRYY1A4WnRIR3U5UkhvTjNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA6M
MA0GCSqGSIb3DQEBCwUAA4IBAQAlsNf2qluLIQynZKbRXFu9cZHLlmrb6dYwv+qh
blqMhORTFy59H9oHWY2H3b+scHWbs5YbUDsGFNLCWEkGQHtvbK+c08MILqk9waJA
WxMpTJcx7F9OwAgpnbZgCCLcQg7knsdbeXJaJ5DLptdOWQx3weqBDgEforGTSylg
qBjFsb6qsmpycabJ7pTR1iyrHwIZAMhE3UqRtDURP6yv4ZAgyhsTVDIXMBhfPaN7
y8zFcdpzTAqQGN7WRjG8l5CTxSTCSopjNy9MeCA8npqMcvTmw11DiM08SNlJoqLz
SpedzBWEaoB0fuFoFVn4xFx2J2mXCVbSGZn58fZIYih+QsID
-----END CERTIFICATE-----