Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/03b1e7-3113-48d6-9b78-b2884888ad3f/1/3wmHgBjfBXKeXLPKx6Korh0fInc.roa
File:                     3wmHgBjfBXKeXLPKx6Korh0fInc.roa (raw, json)
Hash identifier:          dYu8Burt24BO7MSGwsuQlK6lRlqOxEOdHazQdnXNqo8=
Subject key identifier:   DF:09:87:80:18:DF:05:72:9E:5C:B3:CA:C7:A2:A8:AE:1D:1F:22:77
Certificate issuer:       /CN=eb764111aeffa86bd1ec3ca885b63de7f5650f6e
Certificate serial:       018CC56E639D0AF7064C753627B41EA9D831
Authority key identifier: EB:76:41:11:AE:FF:A8:6B:D1:EC:3C:A8:85:B6:3D:E7:F5:65:0F:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/63ZBEa7_qGvR7DyohbY95_VlD24.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/03b1e7-3113-48d6-9b78-b2884888ad3f/1/3wmHgBjfBXKeXLPKx6Korh0fInc.roa
Signing time:             Mon 01 Jan 2024 14:29:55 +0000
ROA not before:           Mon 01 Jan 2024 14:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211207
IP address blocks:        2001:67c:b08::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/03b1e7-3113-48d6-9b78-b2884888ad3f/1/63ZBEa7_qGvR7DyohbY95_VlD24.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/03b1e7-3113-48d6-9b78-b2884888ad3f/1/63ZBEa7_qGvR7DyohbY95_VlD24.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/63ZBEa7_qGvR7DyohbY95_VlD24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 17:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:63:9d:0a:f7:06:4c:75:36:27:b4:1e:a9:d8:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb764111aeffa86bd1ec3ca885b63de7f5650f6e
        Validity
            Not Before: Jan  1 14:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df09878018df05729e5cb3cac7a2a8ae1d1f2277
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:2c:cd:65:c1:8b:38:c5:1b:05:d3:21:67:5f:
                    25:7e:b9:6f:a0:82:35:f7:59:1d:3b:c5:2b:bd:38:
                    06:03:c6:1a:ce:d8:bc:55:43:90:31:b4:e4:ba:40:
                    28:55:fc:6b:2d:7c:69:42:ad:33:cb:74:fe:05:aa:
                    36:08:67:cb:08:a6:e2:03:97:a2:8c:ee:66:e9:f0:
                    1a:3a:1f:ba:d6:5f:cd:cb:98:0e:62:13:f0:e1:bb:
                    1d:65:52:f0:a2:b8:f2:b0:bc:c8:18:06:bc:4b:c0:
                    1b:8e:7b:95:76:1f:ef:ef:eb:e4:95:32:23:01:c3:
                    8d:61:db:25:c5:92:f5:5a:95:62:1c:f7:0c:ad:7c:
                    c2:45:66:54:32:64:8e:ea:24:da:28:5f:7b:ea:74:
                    51:d2:13:69:6e:76:a5:12:21:04:9f:98:1c:30:8e:
                    88:98:9a:76:30:35:06:39:a8:3c:d4:a5:13:7b:1d:
                    02:5d:18:5c:9e:0e:ff:9d:93:54:54:f1:aa:76:27:
                    64:6c:0e:4d:f0:57:eb:5b:31:7a:f8:1a:3b:e3:b2:
                    e6:d3:c6:01:37:9c:c6:36:3b:ed:ad:9d:57:ca:35:
                    9a:b7:73:87:85:25:f5:ec:84:3b:06:f9:ca:db:7e:
                    9f:14:de:d1:e9:ae:5b:b9:03:a1:80:68:8e:d3:68:
                    a6:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:09:87:80:18:DF:05:72:9E:5C:B3:CA:C7:A2:A8:AE:1D:1F:22:77
            X509v3 Authority Key Identifier:
                keyid:EB:76:41:11:AE:FF:A8:6B:D1:EC:3C:A8:85:B6:3D:E7:F5:65:0F:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/63ZBEa7_qGvR7DyohbY95_VlD24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/03b1e7-3113-48d6-9b78-b2884888ad3f/1/3wmHgBjfBXKeXLPKx6Korh0fInc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/03b1e7-3113-48d6-9b78-b2884888ad3f/1/63ZBEa7_qGvR7DyohbY95_VlD24.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b08::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:89:23:dd:ad:8b:1f:f6:bc:c3:44:89:66:93:bb:61:d0:d3:
         15:9c:32:3e:50:96:39:ea:01:f4:0c:c3:98:f1:5b:d6:5e:3b:
         34:68:ff:0f:78:dc:01:4b:7d:ed:1b:2f:f8:4b:2d:af:1a:a8:
         3e:52:9e:f5:06:e4:ca:85:f9:a3:4d:ed:fd:ba:63:c6:11:09:
         5d:84:ad:a2:f8:23:6f:2c:42:d3:c9:c1:3b:6a:62:47:b4:68:
         7a:6c:99:32:12:2d:b8:72:32:8e:cd:33:5d:2c:ec:c5:a6:cc:
         51:00:c9:4d:85:e8:21:6d:b2:c5:d6:7d:6d:0c:20:93:e8:2f:
         65:44:76:1a:65:8b:65:ed:2e:d2:57:9e:5d:a4:be:e0:ce:76:
         f6:da:5b:1f:9d:18:f8:ae:f5:6a:d0:61:70:ec:6d:6f:7c:54:
         51:6d:61:a3:82:71:23:65:5d:c2:ba:c0:c5:25:0a:8c:d7:0f:
         b6:e6:aa:40:22:7b:7a:9a:54:b6:cf:23:b2:a0:91:0d:da:86:
         f3:b7:0e:7b:06:f2:ee:b1:f7:f9:af:0a:2f:94:69:6f:d5:b8:
         3a:53:5f:70:16:fa:13:9e:60:6c:fa:dd:66:5a:03:9a:70:27:
         d7:d3:40:cf:57:cb:59:c0:e2:0d:cf:c8:c2:56:01:92:d1:15:
         cc:4b:86:ec
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbmOdCvcGTHU2J7QeqdgxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViNzY0MTExYWVmZmE4NmJkMWVjM2NhODg1YjYzZGU3ZjU2
NTBmNmUwHhcNMjQwMTAxMTQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjA5ODc4MDE4ZGYwNTcyOWU1Y2IzY2FjN2EyYThhZTFkMWYyMjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkizNZcGLOMUbBdMhZ18lfrlvoII1
91kdO8UrvTgGA8Yazti8VUOQMbTkukAoVfxrLXxpQq0zy3T+Bao2CGfLCKbiA5ei
jO5m6fAaOh+61l/Ny5gOYhPw4bsdZVLworjysLzIGAa8S8AbjnuVdh/v7+vklTIj
AcONYdslxZL1WpViHPcMrXzCRWZUMmSO6iTaKF976nRR0hNpbnalEiEEn5gcMI6I
mJp2MDUGOag81KUTex0CXRhcng7/nZNUVPGqdidkbA5N8FfrWzF6+Bo747Lm08YB
N5zGNjvtrZ1XyjWat3OHhSX17IQ7BvnK236fFN7R6a5buQOhgGiO02imvwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN8Jh4AY3wVynlyzyseiqK4dHyJ3MB8GA1UdIwQY
MBaAFOt2QRGu/6hr0ew8qIW2Pef1ZQ9uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjNaQkVhN19xR3ZSN0R5b2hiWTk1X1ZsRDI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi8wM2IxZTctMzExMy00OGQ2LTliNzgt
YjI4ODQ4ODhhZDNmLzEvM3dtSGdCamZCWEtlWExQS3g2S29yaDBmSW5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi8wM2IxZTctMzExMy00OGQ2LTliNzgtYjI4ODQ4ODhhZDNm
LzEvNjNaQkVhN19xR3ZSN0R5b2hiWTk1X1ZsRDI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAsI
MA0GCSqGSIb3DQEBCwUAA4IBAQAwiSPdrYsf9rzDRIlmk7th0NMVnDI+UJY56gH0
DMOY8VvWXjs0aP8PeNwBS33tGy/4Sy2vGqg+Up71BuTKhfmjTe39umPGEQldhK2i
+CNvLELTycE7amJHtGh6bJkyEi24cjKOzTNdLOzFpsxRAMlNheghbbLF1n1tDCCT
6C9lRHYaZYtl7S7SV55dpL7gznb22lsfnRj4rvVq0GFw7G1vfFRRbWGjgnEjZV3C
usDFJQqM1w+25qpAInt6mlS2zyOyoJEN2obztw57BvLusff5rwovlGlv1bg6U19w
FvoTnmBs+t1mWgOacCfX00DPV8tZwOINz8jCVgGS0RXMS4bs
-----END CERTIFICATE-----