Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/8a7da4-ba19-4b29-87e0-9155132a179a/1/c8bPGByrI0io92LDNwW2qNXjMl8.roa
File:                     c8bPGByrI0io92LDNwW2qNXjMl8.roa (raw, json)
Hash identifier:          1n2wF0OT2GvO7HDs+DeGwGEQjdCjWMY08/ZeKgviGZ4=
Subject key identifier:   73:C6:CF:18:1C:AB:23:48:A8:F7:62:C3:37:05:B6:A8:D5:E3:32:5F
Certificate issuer:       /CN=3b97de17512cfa8bebc3df80b27b47624ef41691
Certificate serial:       018CC9BB96CE2A7AFF485890C4E8448A450C
Authority key identifier: 3B:97:DE:17:51:2C:FA:8B:EB:C3:DF:80:B2:7B:47:62:4E:F4:16:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O5feF1Es-ovrw9-AsntHYk70FpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/8a7da4-ba19-4b29-87e0-9155132a179a/1/c8bPGByrI0io92LDNwW2qNXjMl8.roa
Signing time:             Tue 02 Jan 2024 10:32:43 +0000
ROA not before:           Tue 02 Jan 2024 10:32:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201257
IP address blocks:        2001:67c:b14::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/8a7da4-ba19-4b29-87e0-9155132a179a/1/O5feF1Es-ovrw9-AsntHYk70FpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/8a7da4-ba19-4b29-87e0-9155132a179a/1/O5feF1Es-ovrw9-AsntHYk70FpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O5feF1Es-ovrw9-AsntHYk70FpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 13:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:96:ce:2a:7a:ff:48:58:90:c4:e8:44:8a:45:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b97de17512cfa8bebc3df80b27b47624ef41691
        Validity
            Not Before: Jan  2 10:32:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73c6cf181cab2348a8f762c33705b6a8d5e3325f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:09:c2:69:7f:9c:01:03:eb:07:c6:d9:8f:d4:
                    a9:58:20:50:a7:67:0b:b3:cb:31:43:2a:80:44:46:
                    0c:d1:c8:46:b0:bb:54:59:15:7f:c1:5c:f2:47:c3:
                    4b:7c:ad:5d:17:5a:f5:1b:2f:67:a4:cd:6f:c9:e5:
                    77:0c:27:b2:12:fc:83:56:67:b6:e6:f4:f3:62:ba:
                    13:14:d2:2b:27:1e:aa:60:30:bd:1d:28:bf:8f:70:
                    aa:f1:75:39:22:fc:26:8b:6e:c8:bc:81:4d:74:13:
                    15:14:5b:81:0d:16:4d:70:07:dc:d7:7c:53:f0:11:
                    cb:9f:fe:41:53:45:ec:91:2d:0b:85:4f:8c:ac:cd:
                    2d:3c:1f:26:68:d4:3a:ae:6b:8a:86:e5:a3:29:6e:
                    fe:05:29:ca:f0:d9:c8:29:ae:dc:13:ea:ce:d9:1b:
                    af:35:be:76:25:ad:7d:9d:d7:49:55:d6:20:b1:78:
                    be:03:0e:86:eb:4f:f3:e7:9f:b4:d3:1f:23:61:f2:
                    91:ea:11:e5:11:82:3c:dc:aa:ef:6b:80:54:4d:ec:
                    cb:e2:96:5a:ca:34:46:24:f9:d1:70:b6:b1:2c:29:
                    16:29:d6:7f:67:c4:63:ff:5e:b4:92:b2:c0:9e:84:
                    2b:2e:8b:ff:24:69:85:0f:90:0d:5f:10:b0:68:6f:
                    84:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:C6:CF:18:1C:AB:23:48:A8:F7:62:C3:37:05:B6:A8:D5:E3:32:5F
            X509v3 Authority Key Identifier:
                keyid:3B:97:DE:17:51:2C:FA:8B:EB:C3:DF:80:B2:7B:47:62:4E:F4:16:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O5feF1Es-ovrw9-AsntHYk70FpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/8a7da4-ba19-4b29-87e0-9155132a179a/1/c8bPGByrI0io92LDNwW2qNXjMl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/8a7da4-ba19-4b29-87e0-9155132a179a/1/O5feF1Es-ovrw9-AsntHYk70FpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b14::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:97:b0:7e:33:aa:08:29:88:90:dc:26:0d:8d:da:96:de:33:
         d5:6e:e9:ce:a9:ab:40:0b:d6:06:dd:3f:fb:a9:e0:34:4c:84:
         e7:c0:b3:9a:c6:79:24:ab:7f:d0:80:24:7d:6b:07:db:88:0b:
         21:33:77:eb:ac:27:51:1b:a8:41:cb:40:a4:c4:86:8e:95:3f:
         ae:b5:2d:a5:86:a5:32:0a:ff:20:cf:fe:26:7c:be:7d:b0:68:
         37:af:01:c7:7b:1d:50:14:72:23:52:85:89:80:71:5b:ee:2f:
         8b:80:f3:67:47:de:a8:0a:84:5a:81:8e:41:17:37:14:df:2a:
         e5:d1:1f:51:68:7c:81:0c:03:6c:cc:30:57:0d:c1:8c:ee:29:
         62:be:39:24:9b:85:77:55:27:dd:c5:3f:56:cf:ed:e8:b6:26:
         42:c3:0c:20:23:10:f3:09:22:d6:e7:4c:3e:c1:84:c7:76:9d:
         a6:94:37:e8:54:f4:c0:1b:e9:52:02:67:f1:6b:a3:71:7f:b7:
         94:2e:70:48:22:79:b2:39:ef:a0:02:45:38:7d:df:d0:d9:ce:
         6e:a6:4e:d6:9a:19:30:c9:88:b6:00:50:c2:95:2f:9c:34:d8:
         a8:54:c7:fc:ed:36:fc:82:c7:5f:01:44:ec:01:43:70:75:cd:
         b9:c6:54:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJu5bOKnr/SFiQxOhEikUMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiOTdkZTE3NTEyY2ZhOGJlYmMzZGY4MGIyN2I0NzYyNGVm
NDE2OTEwHhcNMjQwMTAyMTAzMjQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2M2Y2YxODFjYWIyMzQ4YThmNzYyYzMzNzA1YjZhOGQ1ZTMzMjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2AnCaX+cAQPrB8bZj9SpWCBQp2cL
s8sxQyqAREYM0chGsLtUWRV/wVzyR8NLfK1dF1r1Gy9npM1vyeV3DCeyEvyDVme2
5vTzYroTFNIrJx6qYDC9HSi/j3Cq8XU5Ivwmi27IvIFNdBMVFFuBDRZNcAfc13xT
8BHLn/5BU0XskS0LhU+MrM0tPB8maNQ6rmuKhuWjKW7+BSnK8NnIKa7cE+rO2Ruv
Nb52Ja19nddJVdYgsXi+Aw6G60/z55+00x8jYfKR6hHlEYI83Krva4BUTezL4pZa
yjRGJPnRcLaxLCkWKdZ/Z8Rj/160krLAnoQrLov/JGmFD5ANXxCwaG+EGwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHPGzxgcqyNIqPdiwzcFtqjV4zJfMB8GA1UdIwQY
MBaAFDuX3hdRLPqL68PfgLJ7R2JO9BaRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzVmZUYxRXMtb3ZydzktQXNudEhZazcwRnBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy84YTdkYTQtYmExOS00YjI5LTg3ZTAt
OTE1NTEzMmExNzlhLzEvYzhiUEdCeXJJMGlvOTJMRE53VzJxTlhqTWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy84YTdkYTQtYmExOS00YjI5LTg3ZTAtOTE1NTEzMmExNzlh
LzEvTzVmZUYxRXMtb3ZydzktQXNudEhZazcwRnBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAsU
MA0GCSqGSIb3DQEBCwUAA4IBAQAtl7B+M6oIKYiQ3CYNjdqW3jPVbunOqatAC9YG
3T/7qeA0TITnwLOaxnkkq3/QgCR9awfbiAshM3frrCdRG6hBy0CkxIaOlT+utS2l
hqUyCv8gz/4mfL59sGg3rwHHex1QFHIjUoWJgHFb7i+LgPNnR96oCoRagY5BFzcU
3yrl0R9RaHyBDANszDBXDcGM7ilivjkkm4V3VSfdxT9Wz+3otiZCwwwgIxDzCSLW
50w+wYTHdp2mlDfoVPTAG+lSAmfxa6Nxf7eULnBIInmyOe+gAkU4fd/Q2c5upk7W
mhkwyYi2AFDClS+cNNioVMf87Tb8gsdfAUTsAUNwdc25xlTv
-----END CERTIFICATE-----