Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/IQXaogSvRuB1X3RRqB2M_ZhcJAw.roa
File:                     IQXaogSvRuB1X3RRqB2M_ZhcJAw.roa (raw, json)
Hash identifier:          HbjfL0LrOVoNL82kCby9X9GwiRgEEauuhGoJW1UkPZI=
Subject key identifier:   21:05:DA:A2:04:AF:46:E0:75:5F:74:51:A8:1D:8C:FD:98:5C:24:0C
Certificate issuer:       /CN=2682c816f72686ff7aede53538618cc2e8861039
Certificate serial:       018CC6B7C6960E0597DF31873DF848B14458
Authority key identifier: 26:82:C8:16:F7:26:86:FF:7A:ED:E5:35:38:61:8C:C2:E8:86:10:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JoLIFvcmhv967eU1OGGMwuiGEDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/IQXaogSvRuB1X3RRqB2M_ZhcJAw.roa
Signing time:             Mon 01 Jan 2024 20:29:41 +0000
ROA not before:           Mon 01 Jan 2024 20:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47147
IP address blocks:        2001:67c:2850::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/JoLIFvcmhv967eU1OGGMwuiGEDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/JoLIFvcmhv967eU1OGGMwuiGEDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JoLIFvcmhv967eU1OGGMwuiGEDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:c6:96:0e:05:97:df:31:87:3d:f8:48:b1:44:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2682c816f72686ff7aede53538618cc2e8861039
        Validity
            Not Before: Jan  1 20:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2105daa204af46e0755f7451a81d8cfd985c240c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:5d:13:98:a6:9f:4d:fb:cd:21:09:b0:4c:c5:
                    8a:e8:60:ba:de:c6:d0:43:9a:a7:4c:20:e2:00:64:
                    6d:a3:46:c6:79:42:c9:12:d0:60:d6:d2:be:ee:b1:
                    c4:16:8b:cc:72:58:15:57:3e:fb:cf:14:f6:27:a3:
                    5b:da:5e:bf:93:fb:46:8e:dc:35:c6:9e:03:53:10:
                    ee:92:a0:dc:77:3a:19:15:d7:2a:d2:2a:e2:03:5c:
                    e7:d7:d3:db:24:76:ac:af:e0:e6:a8:e1:71:e5:69:
                    1a:94:06:0e:af:f0:c7:b2:c1:0f:cf:eb:0a:95:97:
                    f0:5c:42:71:52:73:c2:c7:c5:e7:0e:b5:c6:ac:92:
                    06:bb:2d:2d:86:ee:89:10:54:1b:26:c5:83:91:36:
                    fe:50:61:7b:e3:71:f8:d9:47:a8:76:62:24:c8:20:
                    f9:14:89:74:a7:02:bf:b1:f4:00:e9:43:b4:54:bd:
                    52:e1:b1:52:a2:3a:47:c4:fd:50:79:59:3b:53:ab:
                    ca:1d:c9:33:b7:9a:ea:18:77:bd:c9:cd:4f:aa:f1:
                    97:5b:92:79:aa:71:96:f2:45:3b:66:44:c1:a3:e7:
                    f5:92:05:3c:e6:2a:a0:ed:e0:61:e6:7b:bb:2e:08:
                    03:bc:c3:54:05:93:f9:fc:10:59:8c:c6:20:35:ef:
                    7d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:05:DA:A2:04:AF:46:E0:75:5F:74:51:A8:1D:8C:FD:98:5C:24:0C
            X509v3 Authority Key Identifier:
                keyid:26:82:C8:16:F7:26:86:FF:7A:ED:E5:35:38:61:8C:C2:E8:86:10:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JoLIFvcmhv967eU1OGGMwuiGEDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/IQXaogSvRuB1X3RRqB2M_ZhcJAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a00090-6663-46a1-a5fb-661e8fe3c1e9/1/JoLIFvcmhv967eU1OGGMwuiGEDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2850::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:9c:68:dd:07:fe:2e:51:82:71:78:1b:12:b8:7c:d5:0a:26:
         5f:3d:5f:8f:44:b4:1e:60:47:d6:90:61:55:0f:ce:7b:06:76:
         7f:b8:87:12:94:9a:f7:c5:7b:91:d9:97:4d:49:82:0f:c8:31:
         ff:97:fc:2a:2a:7f:5f:6c:cf:7c:c1:e1:9c:86:c2:61:88:cb:
         aa:8b:2b:dc:a4:0f:41:66:4b:98:a6:42:b8:a1:dc:47:15:9e:
         40:1f:c4:08:30:85:ba:ad:af:31:88:e7:ed:0b:7e:21:19:5c:
         b9:b1:ff:dc:83:e9:d7:3d:95:ec:19:0a:48:26:8e:52:0a:84:
         bd:42:47:76:15:57:e2:80:f7:8c:46:e5:77:d8:5c:8e:b7:a3:
         03:88:f5:3e:3e:e8:31:12:43:91:ba:a1:e6:b2:8d:ad:ff:82:
         76:5d:d3:7d:84:c7:07:e0:49:5c:2f:b5:01:fa:64:4f:f6:d7:
         96:68:7b:22:4b:e9:c3:a5:1c:ac:25:e7:ea:b9:63:33:f4:6f:
         d8:11:48:2f:e1:20:c9:e8:b5:6d:eb:ef:cc:ae:ff:04:a0:16:
         49:5b:26:51:6c:06:19:2a:36:8e:3b:c9:a8:06:e9:52:04:84:
         42:d5:10:9d:e5:0d:52:b1:c5:db:0b:55:aa:fd:f1:b6:63:43:
         44:a5:ab:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGt8aWDgWX3zGHPfhIsURYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2ODJjODE2ZjcyNjg2ZmY3YWVkZTUzNTM4NjE4Y2MyZTg4
NjEwMzkwHhcNMjQwMTAxMjAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTA1ZGFhMjA0YWY0NmUwNzU1Zjc0NTFhODFkOGNmZDk4NWMyNDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAil0TmKafTfvNIQmwTMWK6GC63sbQ
Q5qnTCDiAGRto0bGeULJEtBg1tK+7rHEFovMclgVVz77zxT2J6Nb2l6/k/tGjtw1
xp4DUxDukqDcdzoZFdcq0iriA1zn19PbJHasr+DmqOFx5WkalAYOr/DHssEPz+sK
lZfwXEJxUnPCx8XnDrXGrJIGuy0thu6JEFQbJsWDkTb+UGF743H42UeodmIkyCD5
FIl0pwK/sfQA6UO0VL1S4bFSojpHxP1QeVk7U6vKHckzt5rqGHe9yc1PqvGXW5J5
qnGW8kU7ZkTBo+f1kgU85iqg7eBh5nu7LggDvMNUBZP5/BBZjMYgNe99zwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCEF2qIEr0bgdV90UagdjP2YXCQMMB8GA1UdIwQY
MBaAFCaCyBb3Job/eu3lNThhjMLohhA5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm9MSUZ2Y21odjk2N2VVMU9HR013dWlHRURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hMDAwOTAtNjY2My00NmExLWE1ZmIt
NjYxZThmZTNjMWU5LzEvSVFYYW9nU3ZSdUIxWDNSUnFCMk1fWmhjSkF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hMDAwOTAtNjY2My00NmExLWE1ZmItNjYxZThmZTNjMWU5
LzEvSm9MSUZ2Y21odjk2N2VVMU9HR013dWlHRURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfChQ
MA0GCSqGSIb3DQEBCwUAA4IBAQATnGjdB/4uUYJxeBsSuHzVCiZfPV+PRLQeYEfW
kGFVD857BnZ/uIcSlJr3xXuR2ZdNSYIPyDH/l/wqKn9fbM98weGchsJhiMuqiyvc
pA9BZkuYpkK4odxHFZ5AH8QIMIW6ra8xiOftC34hGVy5sf/cg+nXPZXsGQpIJo5S
CoS9Qkd2FVfigPeMRuV32FyOt6MDiPU+PugxEkORuqHmso2t/4J2XdN9hMcH4Elc
L7UB+mRP9teWaHsiS+nDpRysJefquWMz9G/YEUgv4SDJ6LVt6+/Mrv8EoBZJWyZR
bAYZKjaOO8moBulSBIRC1RCd5Q1SscXbC1Wq/fG2Y0NEpasF
-----END CERTIFICATE-----