Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/793283-e304-4270-b300-1b15b25879f2/1/86WoPP0PSdbGuiGDlqRC4dPcfi0.roa
File:                     86WoPP0PSdbGuiGDlqRC4dPcfi0.roa (raw, json)
Hash identifier:          Bu86xSMexzjx7q+hiH9DuI3qlHmw00tnoBoOpmeKksA=
Subject key identifier:   F3:A5:A8:3C:FD:0F:49:D6:C6:BA:21:83:96:A4:42:E1:D3:DC:7E:2D
Certificate issuer:       /CN=53c8c4f951206f1abd86a73d1cbbb39907e86e1f
Certificate serial:       018CC424D43B0A072E3F3F5EF1A5CA5794CD
Authority key identifier: 53:C8:C4:F9:51:20:6F:1A:BD:86:A7:3D:1C:BB:B3:99:07:E8:6E:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U8jE-VEgbxq9hqc9HLuzmQfobh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/793283-e304-4270-b300-1b15b25879f2/1/86WoPP0PSdbGuiGDlqRC4dPcfi0.roa
Signing time:             Mon 01 Jan 2024 08:29:57 +0000
ROA not before:           Mon 01 Jan 2024 08:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16375
IP address blocks:        2001:67c:2568::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/793283-e304-4270-b300-1b15b25879f2/1/U8jE-VEgbxq9hqc9HLuzmQfobh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/793283-e304-4270-b300-1b15b25879f2/1/U8jE-VEgbxq9hqc9HLuzmQfobh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U8jE-VEgbxq9hqc9HLuzmQfobh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:d4:3b:0a:07:2e:3f:3f:5e:f1:a5:ca:57:94:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53c8c4f951206f1abd86a73d1cbbb39907e86e1f
        Validity
            Not Before: Jan  1 08:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3a5a83cfd0f49d6c6ba218396a442e1d3dc7e2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:60:9c:37:b9:24:c3:87:02:b5:d0:5b:18:ed:
                    9e:fe:b1:60:bf:b3:46:d2:bd:9f:57:a1:3d:f7:a8:
                    41:3b:95:5c:bf:c3:48:1d:02:02:4a:4c:f6:73:cc:
                    43:c5:d6:bb:0f:ad:89:01:14:82:c3:21:e5:de:e2:
                    95:ce:e4:09:e2:8c:a4:88:b2:a7:cd:ac:1d:a2:46:
                    27:4c:bf:79:70:14:17:fe:c1:04:c8:fe:e1:23:e2:
                    57:cc:fd:bc:7c:e1:b0:0a:58:13:f1:00:4c:c9:fa:
                    46:c5:14:9d:c8:63:7a:8a:da:54:20:f5:0e:93:57:
                    19:6e:d1:f7:af:a6:05:7e:c8:2b:56:cf:2d:98:14:
                    c4:d7:40:ae:78:47:bb:d7:27:c0:6d:58:57:b9:a2:
                    04:c7:88:12:dc:84:8f:6c:f9:8b:50:95:cb:6d:28:
                    04:f2:69:ea:ac:a5:50:dd:4d:8b:0b:fc:87:11:54:
                    7f:50:64:03:b3:de:90:10:f6:bb:71:52:b9:2c:54:
                    24:43:35:55:d0:1a:e4:c0:34:dc:d1:cc:a4:7d:c3:
                    2d:53:6b:c4:4b:d4:0b:d1:ed:a9:66:fc:a2:84:62:
                    15:95:f4:36:f1:82:9c:4e:f6:9b:94:b6:43:84:3c:
                    0c:99:e0:1a:ee:37:49:ad:86:bc:82:37:a1:ac:8f:
                    22:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:A5:A8:3C:FD:0F:49:D6:C6:BA:21:83:96:A4:42:E1:D3:DC:7E:2D
            X509v3 Authority Key Identifier:
                keyid:53:C8:C4:F9:51:20:6F:1A:BD:86:A7:3D:1C:BB:B3:99:07:E8:6E:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U8jE-VEgbxq9hqc9HLuzmQfobh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/793283-e304-4270-b300-1b15b25879f2/1/86WoPP0PSdbGuiGDlqRC4dPcfi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/793283-e304-4270-b300-1b15b25879f2/1/U8jE-VEgbxq9hqc9HLuzmQfobh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2568::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:e8:9f:02:0d:7f:de:09:c0:a5:dd:8a:f9:2f:d1:d6:0f:73:
         d8:e5:b6:95:c8:c4:05:75:0a:ca:e4:b7:30:44:00:4c:7e:45:
         af:27:10:54:07:d4:5a:d9:fc:3d:21:3c:72:84:56:ba:5d:a2:
         26:08:08:d9:8a:d7:9e:63:67:f5:01:3b:d2:b6:84:aa:d8:4c:
         9e:ee:26:66:d0:3e:d5:32:d9:61:76:10:a1:9d:56:1b:56:d3:
         da:a7:3a:dd:02:2c:fa:e1:8b:12:6b:31:db:8f:7c:c9:28:cc:
         3f:8e:d1:58:e7:d2:89:2d:2e:3c:0f:a5:06:30:4c:bc:fc:dd:
         79:a0:37:2c:3a:ed:84:dd:4d:4c:9d:cc:ef:64:e8:9a:ff:07:
         5e:a5:31:a9:1d:e0:12:ea:86:05:5b:94:28:34:62:1f:28:d8:
         34:a7:e3:cf:74:7c:bf:8b:e0:b7:09:2a:b8:d8:9d:e8:42:04:
         56:0d:32:65:50:d6:85:b2:08:3a:f7:fe:2b:6d:3c:d1:5d:7d:
         93:e9:48:f3:56:f4:83:18:19:f4:c7:b6:b3:95:a1:29:78:13:
         c3:11:46:29:4f:b8:da:22:65:04:b8:9d:e0:2c:3f:70:7f:7e:
         4e:16:03:d9:66:85:9b:17:9f:d1:45:67:8c:74:57:e0:10:a2:
         3c:ec:23:29
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJNQ7CgcuPz9e8aXKV5TNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYzhjNGY5NTEyMDZmMWFiZDg2YTczZDFjYmJiMzk5MDdl
ODZlMWYwHhcNMjQwMTAxMDgyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2E1YTgzY2ZkMGY0OWQ2YzZiYTIxODM5NmE0NDJlMWQzZGM3ZTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2CcN7kkw4cCtdBbGO2e/rFgv7NG
0r2fV6E996hBO5Vcv8NIHQICSkz2c8xDxda7D62JARSCwyHl3uKVzuQJ4oykiLKn
zawdokYnTL95cBQX/sEEyP7hI+JXzP28fOGwClgT8QBMyfpGxRSdyGN6itpUIPUO
k1cZbtH3r6YFfsgrVs8tmBTE10CueEe71yfAbVhXuaIEx4gS3ISPbPmLUJXLbSgE
8mnqrKVQ3U2LC/yHEVR/UGQDs96QEPa7cVK5LFQkQzVV0BrkwDTc0cykfcMtU2vE
S9QL0e2pZvyihGIVlfQ28YKcTvablLZDhDwMmeAa7jdJrYa8gjehrI8iLwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPOlqDz9D0nWxrohg5akQuHT3H4tMB8GA1UdIwQY
MBaAFFPIxPlRIG8avYanPRy7s5kH6G4fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVThqRS1WRWdieHE5aHFjOUhMdXptUWZvYmg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi83OTMyODMtZTMwNC00MjcwLWIzMDAt
MWIxNWIyNTg3OWYyLzEvODZXb1BQMFBTZGJHdWlHRGxxUkM0ZFBjZmkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi83OTMyODMtZTMwNC00MjcwLWIzMDAtMWIxNWIyNTg3OWYy
LzEvVThqRS1WRWdieHE5aHFjOUhMdXptUWZvYmg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCVo
MA0GCSqGSIb3DQEBCwUAA4IBAQAT6J8CDX/eCcCl3Yr5L9HWD3PY5baVyMQFdQrK
5LcwRABMfkWvJxBUB9Ra2fw9ITxyhFa6XaImCAjZiteeY2f1ATvStoSq2Eye7iZm
0D7VMtlhdhChnVYbVtPapzrdAiz64YsSazHbj3zJKMw/jtFY59KJLS48D6UGMEy8
/N15oDcsOu2E3U1MnczvZOia/wdepTGpHeAS6oYFW5QoNGIfKNg0p+PPdHy/i+C3
CSq42J3oQgRWDTJlUNaFsgg69/4rbTzRXX2T6UjzVvSDGBn0x7azlaEpeBPDEUYp
T7jaImUEuJ3gLD9wf35OFgPZZoWbF5/RRWeMdFfgEKI87CMp
-----END CERTIFICATE-----