Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/1d3c15-3416-44ad-9a89-6547bb1b80c2/1/cXArmWJx85DwgTOCKg8vaPMl7Zw.roa
File:                     cXArmWJx85DwgTOCKg8vaPMl7Zw.roa (raw, json)
Hash identifier:          BopIMIHneoXp8TkKAtWBGEfByhv+bRrd31SKv4RB1ZY=
Subject key identifier:   71:70:2B:99:62:71:F3:90:F0:81:33:82:2A:0F:2F:68:F3:25:ED:9C
Certificate issuer:       /CN=43fd9362e83b852f3fd3311b09096f6289a6a0f8
Certificate serial:       018CC5014AC3B8FA7FA62C8E42C233E75B51
Authority key identifier: 43:FD:93:62:E8:3B:85:2F:3F:D3:31:1B:09:09:6F:62:89:A6:A0:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q_2TYug7hS8_0zEbCQlvYommoPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/1d3c15-3416-44ad-9a89-6547bb1b80c2/1/cXArmWJx85DwgTOCKg8vaPMl7Zw.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207576
IP address blocks:        2001:67c:2d38::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/1d3c15-3416-44ad-9a89-6547bb1b80c2/1/Q_2TYug7hS8_0zEbCQlvYommoPg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/1d3c15-3416-44ad-9a89-6547bb1b80c2/1/Q_2TYug7hS8_0zEbCQlvYommoPg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q_2TYug7hS8_0zEbCQlvYommoPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4a:c3:b8:fa:7f:a6:2c:8e:42:c2:33:e7:5b:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43fd9362e83b852f3fd3311b09096f6289a6a0f8
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71702b996271f390f08133822a0f2f68f325ed9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a4:9b:77:ff:1b:d6:20:4f:0f:55:8b:b8:a2:
                    17:c1:a5:27:9b:04:d2:a8:4a:56:de:ca:28:d8:e7:
                    97:b6:5d:27:44:0d:4c:b8:2c:62:b7:38:ac:2d:e9:
                    72:2b:a1:85:2a:6d:0f:2c:6f:15:31:76:d3:78:9e:
                    3a:88:4e:0b:07:99:22:c6:61:8c:2b:e3:40:26:9f:
                    6e:66:2e:78:2c:33:c4:84:b7:6a:84:af:85:10:08:
                    c4:95:d1:17:ef:c3:69:93:3d:e0:63:c4:47:12:f3:
                    fa:0f:38:21:74:68:9c:8a:d2:19:28:84:54:07:42:
                    6e:a4:29:f4:d8:ab:dc:9c:ea:33:21:9b:38:f8:9a:
                    2b:ad:f7:da:ea:5d:78:f8:fd:24:41:7d:d4:3f:03:
                    91:dc:07:b3:cd:fa:1a:3c:0a:2c:a1:ec:ac:4a:fd:
                    96:33:88:6c:d7:d4:e7:f9:2b:c6:91:b5:6f:c5:a7:
                    61:54:6e:9c:1a:b7:d2:40:22:52:2d:d0:16:df:80:
                    51:d3:3b:de:e2:82:c2:9b:e8:aa:c7:78:79:63:80:
                    15:3e:4e:a8:7b:4b:55:02:7c:65:e8:68:f3:37:11:
                    b5:a7:69:8d:93:c5:dd:a9:e6:ee:fd:56:9b:2a:f8:
                    10:69:39:a9:15:c6:57:ff:bf:75:4c:3c:c0:a2:cd:
                    31:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:70:2B:99:62:71:F3:90:F0:81:33:82:2A:0F:2F:68:F3:25:ED:9C
            X509v3 Authority Key Identifier:
                keyid:43:FD:93:62:E8:3B:85:2F:3F:D3:31:1B:09:09:6F:62:89:A6:A0:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q_2TYug7hS8_0zEbCQlvYommoPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/1d3c15-3416-44ad-9a89-6547bb1b80c2/1/cXArmWJx85DwgTOCKg8vaPMl7Zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/1d3c15-3416-44ad-9a89-6547bb1b80c2/1/Q_2TYug7hS8_0zEbCQlvYommoPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2d38::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:47:04:90:b7:b8:ba:38:b2:91:2f:5d:62:0e:67:b3:a1:8b:
         30:9e:4c:ab:1d:48:e3:58:42:11:76:bc:71:9c:73:94:1f:e3:
         8a:c1:21:72:ad:52:72:09:6c:fd:d9:27:cd:05:1b:e7:e5:5f:
         08:d1:67:ee:f1:5d:33:d7:08:f2:c2:3e:a7:89:9f:f2:cc:a6:
         74:98:6c:c5:e6:e7:1f:b2:e7:6b:c4:b6:8b:2f:10:e4:7e:e4:
         23:46:70:2c:fa:fd:83:9d:ed:f8:c6:d9:a3:a6:6b:ee:d0:7d:
         7a:e9:89:80:cc:09:a7:9b:0b:2a:31:00:d9:85:eb:2d:77:0b:
         a2:3a:38:ff:db:f1:7f:40:27:8a:b0:78:f0:24:05:46:07:5f:
         aa:b7:e6:e4:41:8b:f5:95:13:9d:fa:49:3f:24:4e:f0:7e:d4:
         c8:f8:8b:da:06:85:13:3a:1a:f2:67:0c:36:b6:98:18:db:ac:
         6c:31:a5:44:52:5b:b0:0d:98:35:80:a1:ce:9b:17:e6:71:bc:
         ef:2b:60:29:eb:ea:28:79:2f:97:52:e2:1d:0c:cf:ed:e1:84:
         76:b1:7b:50:04:1e:f1:cb:3e:1a:57:cc:6e:b8:0e:b4:8a:7c:
         17:2d:54:78:43:5d:87:da:09:05:5b:97:b7:36:db:44:8c:97:
         56:24:12:70
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAUrDuPp/piyOQsIz51tRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZmQ5MzYyZTgzYjg1MmYzZmQzMzExYjA5MDk2ZjYyODlh
NmEwZjgwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTcwMmI5OTYyNzFmMzkwZjA4MTMzODIyYTBmMmY2OGYzMjVlZDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKSbd/8b1iBPD1WLuKIXwaUnmwTS
qEpW3soo2OeXtl0nRA1MuCxitzisLelyK6GFKm0PLG8VMXbTeJ46iE4LB5kixmGM
K+NAJp9uZi54LDPEhLdqhK+FEAjEldEX78Npkz3gY8RHEvP6DzghdGicitIZKIRU
B0JupCn02KvcnOozIZs4+Jorrffa6l14+P0kQX3UPwOR3AezzfoaPAosoeysSv2W
M4hs19Tn+SvGkbVvxadhVG6cGrfSQCJSLdAW34BR0zve4oLCm+iqx3h5Y4AVPk6o
e0tVAnxl6GjzNxG1p2mNk8Xdqebu/VabKvgQaTmpFcZX/791TDzAos0x5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHFwK5licfOQ8IEzgioPL2jzJe2cMB8GA1UdIwQY
MBaAFEP9k2LoO4UvP9MxGwkJb2KJpqD4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUV8yVFl1ZzdoUzhfMHpFYkNRbHZZb21tb1BnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8xZDNjMTUtMzQxNi00NGFkLTlhODkt
NjU0N2JiMWI4MGMyLzEvY1hBcm1XSng4NUR3Z1RPQ0tnOHZhUE1sN1p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8xZDNjMTUtMzQxNi00NGFkLTlhODktNjU0N2JiMWI4MGMy
LzEvUV8yVFl1ZzdoUzhfMHpFYkNRbHZZb21tb1BnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC04
MA0GCSqGSIb3DQEBCwUAA4IBAQBoRwSQt7i6OLKRL11iDmezoYswnkyrHUjjWEIR
drxxnHOUH+OKwSFyrVJyCWz92SfNBRvn5V8I0Wfu8V0z1wjywj6niZ/yzKZ0mGzF
5ucfsudrxLaLLxDkfuQjRnAs+v2Dne34xtmjpmvu0H166YmAzAmnmwsqMQDZhest
dwuiOjj/2/F/QCeKsHjwJAVGB1+qt+bkQYv1lROd+kk/JE7wftTI+IvaBoUTOhry
Zww2tpgY26xsMaVEUluwDZg1gKHOmxfmcbzvK2Ap6+ooeS+XUuIdDM/t4YR2sXtQ
BB7xyz4aV8xuuA60inwXLVR4Q12H2gkFW5e3NttEjJdWJBJw
-----END CERTIFICATE-----