Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/f83620-99ac-4a41-ad0c-be01d69c033b/1/ioqTCvuZjxQ3yw7gemXP-H1xxx8.roa
File:                     ioqTCvuZjxQ3yw7gemXP-H1xxx8.roa (raw, json)
Hash identifier:          qe6tymTitbFFCcDO0QGToxM83FtF9n6BAhjosa1/41M=
Subject key identifier:   8A:8A:93:0A:FB:99:8F:14:37:CB:0E:E0:7A:65:CF:F8:7D:71:C7:1F
Certificate issuer:       /CN=247bf0b9d7298a16b986fd6954f0a445f2e2103c
Certificate serial:       018CC2DAB8357585927A3F5F40CE45813F43
Authority key identifier: 24:7B:F0:B9:D7:29:8A:16:B9:86:FD:69:54:F0:A4:45:F2:E2:10:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JHvwudcpiha5hv1pVPCkRfLiEDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/f83620-99ac-4a41-ad0c-be01d69c033b/1/ioqTCvuZjxQ3yw7gemXP-H1xxx8.roa
Signing time:             Mon 01 Jan 2024 02:29:23 +0000
ROA not before:           Mon 01 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207748
IP address blocks:        2001:67c:2f68::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/f83620-99ac-4a41-ad0c-be01d69c033b/1/JHvwudcpiha5hv1pVPCkRfLiEDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/f83620-99ac-4a41-ad0c-be01d69c033b/1/JHvwudcpiha5hv1pVPCkRfLiEDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JHvwudcpiha5hv1pVPCkRfLiEDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b8:35:75:85:92:7a:3f:5f:40:ce:45:81:3f:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=247bf0b9d7298a16b986fd6954f0a445f2e2103c
        Validity
            Not Before: Jan  1 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a8a930afb998f1437cb0ee07a65cff87d71c71f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:d3:01:2d:00:8e:a6:3c:3e:3e:6a:f5:1d:4f:
                    aa:7b:f2:81:03:c3:44:59:28:76:92:d0:8a:cb:ea:
                    4e:3c:ba:63:29:01:32:2d:5d:83:b2:09:e2:da:46:
                    37:02:fa:2b:d7:08:97:28:61:3c:36:34:75:76:4a:
                    e4:c1:3b:44:91:6d:f9:cf:de:a3:d8:4b:51:3b:c6:
                    a4:31:16:0b:5f:44:cf:24:81:8e:02:4c:48:74:6d:
                    50:8c:c1:1b:2e:65:0c:bb:02:2b:38:bf:2b:6d:0c:
                    3c:8e:33:0b:69:8d:7e:6f:36:f4:64:65:90:aa:69:
                    35:ae:46:9d:a2:b1:45:a0:30:4c:10:07:af:fb:2b:
                    08:6a:38:f1:54:59:bd:01:52:d1:a6:f8:77:89:51:
                    75:0e:e7:4a:77:f5:82:4e:35:53:69:d3:c3:66:be:
                    78:ad:a6:0b:d9:36:27:58:b5:f7:79:b2:59:29:47:
                    e0:6f:e4:42:59:f0:58:1f:93:3b:c0:9b:fb:78:4a:
                    ba:44:04:96:02:e6:45:c3:7e:67:2a:bd:13:c5:43:
                    f4:c1:72:b4:f0:e3:cf:cc:10:14:85:e6:26:0e:91:
                    a0:35:ef:8f:cf:e1:78:94:41:20:c8:67:0f:22:f3:
                    10:b9:3b:41:53:0f:d3:d0:fe:7e:6f:d1:d5:be:42:
                    63:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:8A:93:0A:FB:99:8F:14:37:CB:0E:E0:7A:65:CF:F8:7D:71:C7:1F
            X509v3 Authority Key Identifier:
                keyid:24:7B:F0:B9:D7:29:8A:16:B9:86:FD:69:54:F0:A4:45:F2:E2:10:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JHvwudcpiha5hv1pVPCkRfLiEDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/f83620-99ac-4a41-ad0c-be01d69c033b/1/ioqTCvuZjxQ3yw7gemXP-H1xxx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/f83620-99ac-4a41-ad0c-be01d69c033b/1/JHvwudcpiha5hv1pVPCkRfLiEDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2f68::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:fa:e5:95:22:7a:5d:02:e3:50:e6:82:3c:ee:ba:f4:67:d8:
         a7:52:fd:2e:e9:87:d1:e5:5b:c0:03:5e:7f:1d:b5:55:bf:91:
         81:5a:27:0f:b6:2d:f7:ec:8f:cc:4f:53:cb:50:d0:dc:d7:0a:
         41:ca:b3:b3:ec:7e:ee:97:fe:b3:df:3d:59:ce:20:95:bc:92:
         d7:b0:68:8e:92:d3:69:ef:d0:17:a7:6a:a3:3e:6d:84:c7:1f:
         4b:0b:ce:e1:50:d2:46:6b:d2:be:08:b4:bf:b4:8b:03:6a:b7:
         92:62:c3:0e:15:58:e6:6e:b9:d2:2c:dc:e6:79:53:55:6b:12:
         dc:27:df:98:34:ea:63:f6:26:39:0c:65:30:3d:23:b7:d2:1e:
         70:b9:69:c0:f8:72:79:fe:07:09:85:86:dc:c7:86:15:ad:70:
         d7:8f:16:b9:db:c9:f2:bb:44:98:63:48:8d:8e:23:e3:62:a6:
         3a:90:18:c9:5f:70:16:43:b1:17:b1:30:fd:77:6b:49:84:db:
         87:8c:8e:de:f5:49:ba:06:fc:cc:bb:c6:89:db:36:7d:4b:df:
         64:4b:40:dd:c5:b3:c4:73:09:1d:a1:c0:2e:97:56:00:65:ab:
         1a:6d:64:92:d9:51:5e:23:a9:73:ba:9c:a3:99:6b:f4:58:69:
         22:c4:d2:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2rg1dYWSej9fQM5FgT9DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0N2JmMGI5ZDcyOThhMTZiOTg2ZmQ2OTU0ZjBhNDQ1ZjJl
MjEwM2MwHhcNMjQwMTAxMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YThhOTMwYWZiOTk4ZjE0MzdjYjBlZTA3YTY1Y2ZmODdkNzFjNzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNMBLQCOpjw+Pmr1HU+qe/KBA8NE
WSh2ktCKy+pOPLpjKQEyLV2Dsgni2kY3Avor1wiXKGE8NjR1dkrkwTtEkW35z96j
2EtRO8akMRYLX0TPJIGOAkxIdG1QjMEbLmUMuwIrOL8rbQw8jjMLaY1+bzb0ZGWQ
qmk1rkadorFFoDBMEAev+ysIajjxVFm9AVLRpvh3iVF1DudKd/WCTjVTadPDZr54
raYL2TYnWLX3ebJZKUfgb+RCWfBYH5M7wJv7eEq6RASWAuZFw35nKr0TxUP0wXK0
8OPPzBAUheYmDpGgNe+Pz+F4lEEgyGcPIvMQuTtBUw/T0P5+b9HVvkJjWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIqKkwr7mY8UN8sO4Hplz/h9cccfMB8GA1UdIwQY
MBaAFCR78LnXKYoWuYb9aVTwpEXy4hA8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkh2d3VkY3BpaGE1aHYxcFZQQ2tSZkxpRUR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9mODM2MjAtOTlhYy00YTQxLWFkMGMt
YmUwMWQ2OWMwMzNiLzEvaW9xVEN2dVpqeFEzeXc3Z2VtWFAtSDF4eHg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9mODM2MjAtOTlhYy00YTQxLWFkMGMtYmUwMWQ2OWMwMzNi
LzEvSkh2d3VkY3BpaGE1aHYxcFZQQ2tSZkxpRUR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC9o
MA0GCSqGSIb3DQEBCwUAA4IBAQBz+uWVInpdAuNQ5oI87rr0Z9inUv0u6YfR5VvA
A15/HbVVv5GBWicPti337I/MT1PLUNDc1wpByrOz7H7ul/6z3z1ZziCVvJLXsGiO
ktNp79AXp2qjPm2Exx9LC87hUNJGa9K+CLS/tIsDareSYsMOFVjmbrnSLNzmeVNV
axLcJ9+YNOpj9iY5DGUwPSO30h5wuWnA+HJ5/gcJhYbcx4YVrXDXjxa528nyu0SY
Y0iNjiPjYqY6kBjJX3AWQ7EXsTD9d2tJhNuHjI7e9Um6BvzMu8aJ2zZ9S99kS0Dd
xbPEcwkdocAul1YAZasabWSS2VFeI6lzupyjmWv0WGkixNLC
-----END CERTIFICATE-----