Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/cbfd1e-1202-40c1-bdf0-c24ee0494541/1/ENnpfMUq2ZLBwnHEUb3kT8Rk6fs.roa
File:                     ENnpfMUq2ZLBwnHEUb3kT8Rk6fs.roa (raw, json)
Hash identifier:          3cMsLgFNiXp3m/E4J92Az1ciJGD1kdigjGn8OwHjAsw=
Subject key identifier:   10:D9:E9:7C:C5:2A:D9:92:C1:C2:71:C4:51:BD:E4:4F:C4:64:E9:FB
Certificate issuer:       /CN=4d946f4df2237491a68dfa407be41fae84bbda66
Certificate serial:       018CCA2A7FD8D07E3A04F3B2A4B681F0DCA0
Authority key identifier: 4D:94:6F:4D:F2:23:74:91:A6:8D:FA:40:7B:E4:1F:AE:84:BB:DA:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TZRvTfIjdJGmjfpAe-QfroS72mY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/cbfd1e-1202-40c1-bdf0-c24ee0494541/1/ENnpfMUq2ZLBwnHEUb3kT8Rk6fs.roa
Signing time:             Tue 02 Jan 2024 12:33:51 +0000
ROA not before:           Tue 02 Jan 2024 12:33:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210729
IP address blocks:        2001:67c:1bc8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/cbfd1e-1202-40c1-bdf0-c24ee0494541/1/TZRvTfIjdJGmjfpAe-QfroS72mY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/cbfd1e-1202-40c1-bdf0-c24ee0494541/1/TZRvTfIjdJGmjfpAe-QfroS72mY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TZRvTfIjdJGmjfpAe-QfroS72mY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:03:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:7f:d8:d0:7e:3a:04:f3:b2:a4:b6:81:f0:dc:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d946f4df2237491a68dfa407be41fae84bbda66
        Validity
            Not Before: Jan  2 12:33:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10d9e97cc52ad992c1c271c451bde44fc464e9fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:1c:7e:a9:77:7d:72:84:02:d8:63:96:4d:ea:
                    53:c6:38:48:61:6a:99:68:23:fa:26:38:fe:4d:84:
                    24:32:e0:81:05:44:f8:f8:28:0a:49:a3:70:7c:66:
                    98:a2:aa:ee:5a:10:7e:e0:b7:a7:dc:cb:b1:3b:fb:
                    87:9c:8d:4c:30:c6:15:39:4a:be:ca:d6:da:92:a4:
                    5a:aa:1b:97:92:2c:4f:27:02:ab:85:88:e9:3f:30:
                    d6:c8:12:60:01:9e:fe:df:4c:2e:3b:7b:67:e4:8b:
                    95:36:df:2a:e2:c9:04:71:43:0e:55:f2:43:82:e7:
                    62:83:9b:99:67:5a:20:13:02:52:3f:6c:c2:61:1e:
                    23:6a:61:f9:e4:a3:ae:07:d5:d2:24:0c:3a:f5:17:
                    44:3a:b8:44:50:77:ab:0a:03:67:f6:76:40:55:c1:
                    f1:47:a3:df:07:09:b1:09:2a:11:11:9f:76:2c:32:
                    be:16:ab:4f:c9:97:0e:47:e3:00:b6:46:a8:3f:0d:
                    b6:41:7a:d8:77:df:7e:ed:02:59:32:0a:34:a7:ea:
                    a3:40:98:92:e5:0c:be:01:b5:e9:7d:93:ce:e6:1b:
                    52:8e:63:90:81:54:2e:28:56:85:ca:bd:bf:41:77:
                    b7:3d:07:62:18:24:dd:b5:4b:26:16:ce:df:b0:1f:
                    52:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:D9:E9:7C:C5:2A:D9:92:C1:C2:71:C4:51:BD:E4:4F:C4:64:E9:FB
            X509v3 Authority Key Identifier:
                keyid:4D:94:6F:4D:F2:23:74:91:A6:8D:FA:40:7B:E4:1F:AE:84:BB:DA:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TZRvTfIjdJGmjfpAe-QfroS72mY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/cbfd1e-1202-40c1-bdf0-c24ee0494541/1/ENnpfMUq2ZLBwnHEUb3kT8Rk6fs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/cbfd1e-1202-40c1-bdf0-c24ee0494541/1/TZRvTfIjdJGmjfpAe-QfroS72mY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1bc8::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:b0:7a:7e:69:6e:de:8d:9d:a4:2d:19:7a:74:bd:fc:33:d0:
         9e:df:9a:30:15:ce:3f:0e:25:50:87:f7:03:54:a2:93:5f:70:
         e9:68:99:a0:25:8a:c0:aa:b0:27:48:fd:66:01:13:2f:68:ee:
         85:df:80:7d:b3:3e:78:c8:d5:40:65:75:3d:10:1b:c9:cc:a1:
         93:4e:7d:b0:93:1c:db:71:f9:e6:b1:5e:e3:df:89:9b:77:8f:
         38:c5:5a:4f:80:73:c5:87:be:b2:bd:89:a0:92:1a:ff:a7:00:
         62:43:bb:85:91:77:32:e9:4b:8e:e4:1a:36:b1:80:84:4c:3f:
         1d:d9:54:5c:29:35:a1:d3:b8:bb:42:98:3b:01:32:49:b5:f2:
         e0:17:87:f9:1d:44:10:c2:3c:92:39:52:cc:fa:a4:57:cc:2e:
         41:e5:0a:f1:cf:5d:37:04:cd:dd:17:13:8e:27:01:c2:dc:b4:
         08:3b:3d:5b:72:8e:71:e2:4c:97:d2:1c:2e:1c:c1:5d:93:af:
         7f:4b:a5:1a:4e:7c:8e:7a:39:06:cf:e2:ce:28:2a:8a:df:c3:
         68:5b:f6:87:05:86:d9:e7:8c:09:3e:7e:d1:3c:41:20:cf:5e:
         a7:9f:bd:06:0e:81:15:51:7d:ba:0b:a7:eb:d7:16:62:df:6c:
         3b:09:d4:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKn/Y0H46BPOypLaB8NygMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkOTQ2ZjRkZjIyMzc0OTFhNjhkZmE0MDdiZTQxZmFlODRi
YmRhNjYwHhcNMjQwMTAyMTIzMzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGQ5ZTk3Y2M1MmFkOTkyYzFjMjcxYzQ1MWJkZTQ0ZmM0NjRlOWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhx+qXd9coQC2GOWTepTxjhIYWqZ
aCP6Jjj+TYQkMuCBBUT4+CgKSaNwfGaYoqruWhB+4Len3MuxO/uHnI1MMMYVOUq+
ytbakqRaqhuXkixPJwKrhYjpPzDWyBJgAZ7+30wuO3tn5IuVNt8q4skEcUMOVfJD
gudig5uZZ1ogEwJSP2zCYR4jamH55KOuB9XSJAw69RdEOrhEUHerCgNn9nZAVcHx
R6PfBwmxCSoREZ92LDK+FqtPyZcOR+MAtkaoPw22QXrYd99+7QJZMgo0p+qjQJiS
5Qy+AbXpfZPO5htSjmOQgVQuKFaFyr2/QXe3PQdiGCTdtUsmFs7fsB9SXQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBDZ6XzFKtmSwcJxxFG95E/EZOn7MB8GA1UdIwQY
MBaAFE2Ub03yI3SRpo36QHvkH66Eu9pmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFpSdlRmSWpkSkdtamZwQWUtUWZyb1M3Mm1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9jYmZkMWUtMTIwMi00MGMxLWJkZjAt
YzI0ZWUwNDk0NTQxLzEvRU5ucGZNVXEyWkxCd25IRVViM2tUOFJrNmZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9jYmZkMWUtMTIwMi00MGMxLWJkZjAtYzI0ZWUwNDk0NTQx
LzEvVFpSdlRmSWpkSkdtamZwQWUtUWZyb1M3Mm1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBvI
MA0GCSqGSIb3DQEBCwUAA4IBAQBxsHp+aW7ejZ2kLRl6dL38M9Ce35owFc4/DiVQ
h/cDVKKTX3DpaJmgJYrAqrAnSP1mARMvaO6F34B9sz54yNVAZXU9EBvJzKGTTn2w
kxzbcfnmsV7j34mbd484xVpPgHPFh76yvYmgkhr/pwBiQ7uFkXcy6UuO5Bo2sYCE
TD8d2VRcKTWh07i7Qpg7ATJJtfLgF4f5HUQQwjySOVLM+qRXzC5B5Qrxz103BM3d
FxOOJwHC3LQIOz1bco5x4kyX0hwuHMFdk69/S6UaTnyOejkGz+LOKCqK38NoW/aH
BYbZ54wJPn7RPEEgz16nn70GDoEVUX26C6fr1xZi32w7CdSJ
-----END CERTIFICATE-----