Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/7KHVPABIwblxDSXLzI-JiRzjEik.roa
File:                     7KHVPABIwblxDSXLzI-JiRzjEik.roa (raw, json)
Hash identifier:          WSWds6cJkaRR6UbskNv4gRNI1unzXSDmI3DwnJvVNt4=
Subject key identifier:   EC:A1:D5:3C:00:48:C1:B9:71:0D:25:CB:CC:8F:89:89:1C:E3:12:29
Certificate issuer:       /CN=2682c816f72686ff7aede53538618cc2e8861039
Certificate serial:       018CC6B7C6348193D17F8FE4C1227AC95C2B
Authority key identifier: 26:82:C8:16:F7:26:86:FF:7A:ED:E5:35:38:61:8C:C2:E8:86:10:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JoLIFvcmhv967eU1OGGMwuiGEDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/7KHVPABIwblxDSXLzI-JiRzjEik.roa
Signing time:             Mon 01 Jan 2024 20:29:41 +0000
ROA not before:           Mon 01 Jan 2024 20:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42473
IP address blocks:        2001:67c:2850::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/JoLIFvcmhv967eU1OGGMwuiGEDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/JoLIFvcmhv967eU1OGGMwuiGEDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JoLIFvcmhv967eU1OGGMwuiGEDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 22:03:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:c6:34:81:93:d1:7f:8f:e4:c1:22:7a:c9:5c:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2682c816f72686ff7aede53538618cc2e8861039
        Validity
            Not Before: Jan  1 20:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eca1d53c0048c1b9710d25cbcc8f89891ce31229
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:93:a5:90:91:4d:5b:2d:da:1f:02:14:ff:ef:
                    53:d0:b8:91:35:91:7f:43:21:27:ad:e5:39:13:24:
                    f3:24:53:ea:6f:21:d1:cf:a9:ca:28:53:e4:da:ce:
                    88:42:f8:c1:19:ba:67:d0:7e:46:f2:6d:81:83:e5:
                    f1:d4:25:22:cd:42:03:74:b5:a3:fb:3b:5b:33:a6:
                    fa:ab:a5:bb:58:bc:63:40:fd:5c:51:91:80:5b:9f:
                    50:90:79:77:a2:40:ce:c4:74:67:2a:3d:0e:8e:06:
                    e9:9a:83:f3:6a:f9:9f:48:d4:57:fa:a2:9a:a8:27:
                    56:54:3c:8e:bf:b6:2a:ad:98:a3:65:71:a3:70:1b:
                    2a:b2:52:1d:ba:1c:47:71:77:00:de:14:a1:6e:62:
                    d8:5a:9c:4b:29:d7:63:8e:26:4b:9a:24:48:cc:c5:
                    04:fa:5a:3e:3a:40:0b:1e:92:a0:8e:d5:ce:fc:85:
                    17:f2:48:f8:4c:39:27:58:60:55:c7:f9:7f:ab:68:
                    98:20:a7:3b:07:f0:42:f0:03:52:68:d4:58:36:f7:
                    17:87:b9:38:7f:9c:c6:c1:b1:a8:64:a2:ba:b0:56:
                    82:60:61:a4:b4:c2:87:83:63:59:d4:e6:b4:9b:8c:
                    a5:a7:2f:4e:d3:09:2e:c0:e3:c0:38:e6:97:c4:85:
                    a7:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:A1:D5:3C:00:48:C1:B9:71:0D:25:CB:CC:8F:89:89:1C:E3:12:29
            X509v3 Authority Key Identifier:
                keyid:26:82:C8:16:F7:26:86:FF:7A:ED:E5:35:38:61:8C:C2:E8:86:10:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JoLIFvcmhv967eU1OGGMwuiGEDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/7KHVPABIwblxDSXLzI-JiRzjEik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/JoLIFvcmhv967eU1OGGMwuiGEDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2850::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:17:f7:5e:7f:af:1c:ac:7c:2a:46:b6:8b:b8:14:bf:da:f4:
         77:9f:96:fa:30:fd:58:3c:d1:ab:c1:10:41:1c:fe:76:81:17:
         26:2b:d5:5f:6e:55:16:f0:1b:49:27:c9:15:c8:b1:90:cc:5c:
         5d:09:fe:05:ef:ab:4b:ee:b7:7c:76:7a:04:a7:7a:ca:6a:1b:
         6b:62:b8:cc:58:c9:e1:76:d7:ae:f2:46:6c:4a:59:e3:7b:96:
         53:df:97:53:b9:e4:2a:5e:cf:14:e6:06:29:c1:e1:41:f7:d5:
         8d:4f:6d:d6:2d:91:31:64:fd:59:58:f3:51:4c:54:1b:1d:9f:
         52:41:0a:f2:2e:a8:5d:ea:9e:1a:f2:06:e4:20:74:ed:61:5c:
         c2:d0:b3:bd:76:37:bc:90:13:55:c0:b3:da:d8:8e:2b:27:23:
         24:63:3e:e1:5d:68:d7:83:17:0e:c3:92:67:2b:ef:41:c0:56:
         ad:96:3a:06:35:65:f4:51:01:ea:9c:29:d0:b3:39:4d:79:0d:
         85:f3:28:60:45:aa:03:aa:ac:5f:37:21:be:78:5e:f9:ea:ca:
         ae:93:57:aa:83:d2:d6:2b:36:3d:e6:95:63:a2:11:e2:f5:28:
         ce:c4:18:55:30:1b:ce:4f:49:98:18:c0:72:01:72:2c:4f:2e:
         98:f1:38:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGt8Y0gZPRf4/kwSJ6yVwrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2ODJjODE2ZjcyNjg2ZmY3YWVkZTUzNTM4NjE4Y2MyZTg4
NjEwMzkwHhcNMjQwMTAxMjAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2ExZDUzYzAwNDhjMWI5NzEwZDI1Y2JjYzhmODk4OTFjZTMxMjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5OlkJFNWy3aHwIU/+9T0LiRNZF/
QyEnreU5EyTzJFPqbyHRz6nKKFPk2s6IQvjBGbpn0H5G8m2Bg+Xx1CUizUIDdLWj
+ztbM6b6q6W7WLxjQP1cUZGAW59QkHl3okDOxHRnKj0OjgbpmoPzavmfSNRX+qKa
qCdWVDyOv7YqrZijZXGjcBsqslIduhxHcXcA3hShbmLYWpxLKddjjiZLmiRIzMUE
+lo+OkALHpKgjtXO/IUX8kj4TDknWGBVx/l/q2iYIKc7B/BC8ANSaNRYNvcXh7k4
f5zGwbGoZKK6sFaCYGGktMKHg2NZ1Oa0m4ylpy9O0wkuwOPAOOaXxIWnPwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOyh1TwASMG5cQ0ly8yPiYkc4xIpMB8GA1UdIwQY
MBaAFCaCyBb3Job/eu3lNThhjMLohhA5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm9MSUZ2Y21odjk2N2VVMU9HR013dWlHRURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hMDAwOTAtNjY2My00NmExLWE1ZmIt
NjYxZThmZTNjMWU5LzEvN0tIVlBBQkl3Ymx4RFNYTHpJLUppUnpqRWlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hMDAwOTAtNjY2My00NmExLWE1ZmItNjYxZThmZTNjMWU5
LzEvSm9MSUZ2Y21odjk2N2VVMU9HR013dWlHRURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfChQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCPF/def68crHwqRraLuBS/2vR3n5b6MP1YPNGr
wRBBHP52gRcmK9VfblUW8BtJJ8kVyLGQzFxdCf4F76tL7rd8dnoEp3rKahtrYrjM
WMnhdteu8kZsSlnje5ZT35dTueQqXs8U5gYpweFB99WNT23WLZExZP1ZWPNRTFQb
HZ9SQQryLqhd6p4a8gbkIHTtYVzC0LO9dje8kBNVwLPa2I4rJyMkYz7hXWjXgxcO
w5JnK+9BwFatljoGNWX0UQHqnCnQszlNeQ2F8yhgRaoDqqxfNyG+eF756squk1eq
g9LWKzY95pVjohHi9SjOxBhVMBvOT0mYGMByAXIsTy6Y8TiU
-----END CERTIFICATE-----