Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/107788-8502-4541-9480-8f48a3702f90/1/r-YLq4pYkpRLSApReMbUyyW7mqY.roa
File:                     r-YLq4pYkpRLSApReMbUyyW7mqY.roa (raw, json)
Hash identifier:          uOgPCqaDF88ZXO2nuRDweqsttHk1qJGY3VA0fI4Dd3U=
Subject key identifier:   AF:E6:0B:AB:8A:58:92:94:4B:48:0A:51:78:C6:D4:CB:25:BB:9A:A6
Certificate issuer:       /CN=b8c68cda65f66962ccb9683f1550d14e56107a0a
Certificate serial:       018CC8711DDD0C0F050FC5CFD46B0784E857
Authority key identifier: B8:C6:8C:DA:65:F6:69:62:CC:B9:68:3F:15:50:D1:4E:56:10:7A:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uMaM2mX2aWLMuWg_FVDRTlYQego.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/107788-8502-4541-9480-8f48a3702f90/1/r-YLq4pYkpRLSApReMbUyyW7mqY.roa
Signing time:             Tue 02 Jan 2024 04:31:45 +0000
ROA not before:           Tue 02 Jan 2024 04:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        2001:67c:d1c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/107788-8502-4541-9480-8f48a3702f90/1/uMaM2mX2aWLMuWg_FVDRTlYQego.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/107788-8502-4541-9480-8f48a3702f90/1/uMaM2mX2aWLMuWg_FVDRTlYQego.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uMaM2mX2aWLMuWg_FVDRTlYQego.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:1d:dd:0c:0f:05:0f:c5:cf:d4:6b:07:84:e8:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8c68cda65f66962ccb9683f1550d14e56107a0a
        Validity
            Not Before: Jan  2 04:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afe60bab8a5892944b480a5178c6d4cb25bb9aa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:bb:68:7f:9c:10:9e:b5:35:01:4b:98:0b:83:
                    71:60:d1:16:49:43:5d:54:58:88:b1:54:5b:8b:97:
                    97:f6:77:17:26:b8:9a:42:3d:51:e7:25:34:81:4d:
                    d3:44:d6:77:76:86:2d:d6:04:cb:4f:0d:f0:80:60:
                    44:9f:2a:90:51:01:c0:09:0c:d1:ff:b2:e9:48:4e:
                    19:bd:cb:eb:26:c8:6d:a5:28:9d:f9:a2:b0:c2:2d:
                    df:22:bb:fd:ad:99:7f:f4:d2:54:ee:c4:93:53:9f:
                    ca:72:62:fb:a0:20:a5:85:91:69:e7:bb:c1:90:96:
                    81:2a:78:50:a7:2e:77:a2:3a:be:19:93:40:03:73:
                    f5:06:bf:01:b7:3a:c2:1b:79:38:11:eb:a7:ed:65:
                    2a:9e:c0:92:1a:21:2a:af:9c:36:7f:f0:6e:97:b1:
                    57:58:a1:2d:a5:0c:36:75:ca:48:f7:99:38:9e:18:
                    75:10:aa:af:7f:2d:cd:54:bc:38:ea:a7:9c:b6:8e:
                    eb:05:ce:ba:0b:8c:59:a2:f8:ca:14:89:f6:c2:b9:
                    55:5c:e9:02:db:71:9f:43:95:c9:95:de:03:1e:7c:
                    86:f2:c3:75:f9:5a:80:94:56:6f:9e:14:5d:fa:5c:
                    d5:2f:21:71:be:2a:ea:60:bb:4e:5b:2e:d8:48:e8:
                    16:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:E6:0B:AB:8A:58:92:94:4B:48:0A:51:78:C6:D4:CB:25:BB:9A:A6
            X509v3 Authority Key Identifier:
                keyid:B8:C6:8C:DA:65:F6:69:62:CC:B9:68:3F:15:50:D1:4E:56:10:7A:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uMaM2mX2aWLMuWg_FVDRTlYQego.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/107788-8502-4541-9480-8f48a3702f90/1/r-YLq4pYkpRLSApReMbUyyW7mqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/107788-8502-4541-9480-8f48a3702f90/1/uMaM2mX2aWLMuWg_FVDRTlYQego.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d1c::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:c6:c6:92:47:d9:d1:9b:7e:a4:a8:f5:9d:c8:54:93:94:4f:
         6d:1b:b4:c4:d8:70:a3:73:c5:c5:b1:3a:af:8d:46:23:e5:ef:
         a9:bc:87:09:93:55:b9:e3:3d:4e:95:ee:bd:2c:07:93:e8:b0:
         62:8a:8d:07:64:c7:4d:1a:e1:e1:a9:20:70:d2:cd:1a:ca:8d:
         3c:f5:fe:b9:d5:b0:94:85:8b:99:46:ab:13:0c:1a:38:47:88:
         d5:ce:1c:e1:94:0c:5e:23:f9:58:47:8d:28:b3:03:90:68:5e:
         e6:37:95:5c:93:6c:e8:d9:c1:b4:ae:3a:56:63:64:31:cc:78:
         67:fc:08:77:98:e0:60:58:ef:ea:b7:5b:aa:49:f0:fc:cd:11:
         5b:42:d1:27:36:4a:42:c4:be:94:3b:16:17:9f:33:d0:90:73:
         ab:42:37:fe:3f:11:3d:65:bf:84:16:46:4c:78:1e:73:71:e8:
         d3:42:78:b9:47:2c:50:20:d9:f5:77:f8:c3:4d:de:3a:ad:4f:
         8e:7e:a7:06:54:3e:c2:29:a7:36:46:af:dc:15:a1:35:06:1f:
         ae:a3:64:9d:f7:02:34:39:76:a0:9d:cf:5f:a4:64:cc:dc:10:
         52:9e:09:0b:6f:9b:bb:32:f9:e8:36:48:bb:e9:55:77:5b:85:
         63:f5:e8:b1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIcR3dDA8FD8XP1GsHhOhXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4YzY4Y2RhNjVmNjY5NjJjY2I5NjgzZjE1NTBkMTRlNTYx
MDdhMGEwHhcNMjQwMTAyMDQzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmU2MGJhYjhhNTg5Mjk0NGI0ODBhNTE3OGM2ZDRjYjI1YmI5YWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLtof5wQnrU1AUuYC4NxYNEWSUNd
VFiIsVRbi5eX9ncXJriaQj1R5yU0gU3TRNZ3doYt1gTLTw3wgGBEnyqQUQHACQzR
/7LpSE4ZvcvrJshtpSid+aKwwi3fIrv9rZl/9NJU7sSTU5/KcmL7oCClhZFp57vB
kJaBKnhQpy53ojq+GZNAA3P1Br8BtzrCG3k4Eeun7WUqnsCSGiEqr5w2f/Bul7FX
WKEtpQw2dcpI95k4nhh1EKqvfy3NVLw46qecto7rBc66C4xZovjKFIn2wrlVXOkC
23GfQ5XJld4DHnyG8sN1+VqAlFZvnhRd+lzVLyFxvirqYLtOWy7YSOgWLwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK/mC6uKWJKUS0gKUXjG1Mslu5qmMB8GA1UdIwQY
MBaAFLjGjNpl9mlizLloPxVQ0U5WEHoKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU1hTTJtWDJhV0xNdVdnX0ZWRFJUbFlRZWdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xMDc3ODgtODUwMi00NTQxLTk0ODAt
OGY0OGEzNzAyZjkwLzEvci1ZTHE0cFlrcFJMU0FwUmVNYlV5eVc3bXFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xMDc3ODgtODUwMi00NTQxLTk0ODAtOGY0OGEzNzAyZjkw
LzEvdU1hTTJtWDJhV0xNdVdnX0ZWRFJUbFlRZWdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA0c
MA0GCSqGSIb3DQEBCwUAA4IBAQCWxsaSR9nRm36kqPWdyFSTlE9tG7TE2HCjc8XF
sTqvjUYj5e+pvIcJk1W54z1Ole69LAeT6LBiio0HZMdNGuHhqSBw0s0ayo089f65
1bCUhYuZRqsTDBo4R4jVzhzhlAxeI/lYR40oswOQaF7mN5Vck2zo2cG0rjpWY2Qx
zHhn/Ah3mOBgWO/qt1uqSfD8zRFbQtEnNkpCxL6UOxYXnzPQkHOrQjf+PxE9Zb+E
FkZMeB5zcejTQni5RyxQINn1d/jDTd46rU+OfqcGVD7CKac2Rq/cFaE1Bh+uo2Sd
9wI0OXagnc9fpGTM3BBSngkLb5u7MvnoNki76VV3W4Vj9eix
-----END CERTIFICATE-----