Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/634890-8b48-49ae-b042-999cce4d4ad2/1/3Oe23J5XEbSORNxVhcIVHe9-afU.roa
File:                     3Oe23J5XEbSORNxVhcIVHe9-afU.roa (raw, json)
Hash identifier:          98DXag6o3ByqrW8I+WSexLaKTGhk7jo7LPb1S443zhg=
Subject key identifier:   DC:E7:B6:DC:9E:57:11:B4:8E:44:DC:55:85:C2:15:1D:EF:7E:69:F5
Certificate issuer:       /CN=8fdf87ca53065798447645255f829b53bc1da215
Certificate serial:       018E1525042BEDD3DB541F01F93662F1E0B6
Authority key identifier: 8F:DF:87:CA:53:06:57:98:44:76:45:25:5F:82:9B:53:BC:1D:A2:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j9-HylMGV5hEdkUlX4KbU7wdohU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/634890-8b48-49ae-b042-999cce4d4ad2/1/3Oe23J5XEbSORNxVhcIVHe9-afU.roa
Signing time:             Wed 06 Mar 2024 19:02:11 +0000
ROA not before:           Wed 06 Mar 2024 19:02:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215359
IP address blocks:        2001:67c:1858::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/634890-8b48-49ae-b042-999cce4d4ad2/1/j9-HylMGV5hEdkUlX4KbU7wdohU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/634890-8b48-49ae-b042-999cce4d4ad2/1/j9-HylMGV5hEdkUlX4KbU7wdohU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j9-HylMGV5hEdkUlX4KbU7wdohU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:15:25:04:2b:ed:d3:db:54:1f:01:f9:36:62:f1:e0:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fdf87ca53065798447645255f829b53bc1da215
        Validity
            Not Before: Mar  6 19:02:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dce7b6dc9e5711b48e44dc5585c2151def7e69f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:49:4b:81:9b:4f:42:a9:08:6f:b9:08:35:5f:
                    c2:55:91:29:d0:64:05:3f:6b:eb:0e:63:05:cb:1e:
                    aa:fb:4a:00:59:85:0e:e0:c3:fd:6d:4b:34:52:23:
                    f5:95:c8:78:05:61:e9:cc:55:4e:a1:7a:ba:da:22:
                    b3:6e:93:12:c3:43:98:05:3b:60:06:63:a0:48:15:
                    33:af:24:5f:40:f4:5a:02:47:c2:2d:a4:b7:36:eb:
                    68:7b:9e:1f:d7:16:eb:03:51:b8:82:67:5e:61:13:
                    b6:a8:92:07:2a:7b:64:d0:aa:16:fd:0b:ec:99:0c:
                    8b:18:63:6f:94:d8:64:18:a7:c7:1f:99:71:99:de:
                    d0:2d:37:de:92:32:10:1d:d0:cd:d1:ef:22:08:f7:
                    3e:dd:8b:d2:f0:9b:49:6b:17:bb:6c:81:7e:a0:ad:
                    f3:ce:35:b9:7b:2d:5b:8c:c4:c8:9f:8b:42:f5:7b:
                    99:a0:dc:b3:34:2a:30:5e:58:ba:b1:f3:92:cd:c4:
                    1f:15:eb:8c:35:1b:51:28:15:bd:54:fd:ce:64:a5:
                    ce:01:f8:e6:09:05:08:15:ef:23:8f:96:6a:80:3c:
                    cd:74:4a:50:28:22:5d:5e:b5:02:8b:eb:f8:e5:f3:
                    41:c1:82:02:5a:29:a2:ed:af:e9:51:38:74:d7:c0:
                    cb:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:E7:B6:DC:9E:57:11:B4:8E:44:DC:55:85:C2:15:1D:EF:7E:69:F5
            X509v3 Authority Key Identifier:
                keyid:8F:DF:87:CA:53:06:57:98:44:76:45:25:5F:82:9B:53:BC:1D:A2:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j9-HylMGV5hEdkUlX4KbU7wdohU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/634890-8b48-49ae-b042-999cce4d4ad2/1/3Oe23J5XEbSORNxVhcIVHe9-afU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/634890-8b48-49ae-b042-999cce4d4ad2/1/j9-HylMGV5hEdkUlX4KbU7wdohU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1858::/48

    Signature Algorithm: sha256WithRSAEncryption
         b3:55:ee:26:17:5e:0b:d3:0a:75:28:97:20:62:48:64:6b:b4:
         0d:22:5c:4e:24:32:57:f4:3b:c2:5c:0a:dc:d3:1a:1f:51:41:
         44:22:09:45:cb:db:19:95:85:22:c5:ae:82:cc:49:dc:96:1c:
         4f:0b:ca:76:1d:8e:46:f0:f1:2c:a1:22:a0:1f:46:92:6c:4e:
         a4:32:92:ef:99:51:35:90:3d:30:87:3e:9e:d9:14:ab:b4:50:
         ab:fe:00:08:15:6c:56:e5:a2:8b:1e:6b:ba:3f:f6:ba:2c:41:
         f0:3e:bd:ed:bd:0c:32:cb:64:f5:64:cd:50:28:55:bc:6d:c8:
         0e:c6:34:88:f7:6c:e2:35:02:3b:09:0e:da:1a:58:07:b9:28:
         b5:f0:5d:31:1e:b3:c3:40:77:dc:f3:74:33:01:aa:aa:16:d3:
         c1:cb:dd:83:d3:fa:bf:9e:77:2b:bd:77:83:00:04:b7:63:86:
         69:35:76:49:14:28:36:29:c9:7d:dc:13:b6:06:83:8f:85:2a:
         5c:59:7a:b9:cc:dc:46:30:a1:6e:9e:9c:58:c6:db:dc:a7:85:
         78:78:54:fd:3f:e8:8d:8e:39:2c:79:b5:8b:45:8b:d3:3b:a5:
         3f:6d:7b:95:df:9f:0a:67:f1:8d:a3:16:cb:bf:b5:80:db:41:
         55:fc:2f:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4VJQQr7dPbVB8B+TZi8eC2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmZGY4N2NhNTMwNjU3OTg0NDc2NDUyNTVmODI5YjUzYmMx
ZGEyMTUwHhcNMjQwMzA2MTkwMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2U3YjZkYzllNTcxMWI0OGU0NGRjNTU4NWMyMTUxZGVmN2U2OWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3UlLgZtPQqkIb7kINV/CVZEp0GQF
P2vrDmMFyx6q+0oAWYUO4MP9bUs0UiP1lch4BWHpzFVOoXq62iKzbpMSw0OYBTtg
BmOgSBUzryRfQPRaAkfCLaS3Nutoe54f1xbrA1G4gmdeYRO2qJIHKntk0KoW/Qvs
mQyLGGNvlNhkGKfHH5lxmd7QLTfekjIQHdDN0e8iCPc+3YvS8JtJaxe7bIF+oK3z
zjW5ey1bjMTIn4tC9XuZoNyzNCowXli6sfOSzcQfFeuMNRtRKBW9VP3OZKXOAfjm
CQUIFe8jj5ZqgDzNdEpQKCJdXrUCi+v45fNBwYICWimi7a/pUTh018DLVwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNznttyeVxG0jkTcVYXCFR3vfmn1MB8GA1UdIwQY
MBaAFI/fh8pTBleYRHZFJV+Cm1O8HaIVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajktSHlsTUdWNWhFZGtVbFg0S2JVN3dkb2hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82MzQ4OTAtOGI0OC00OWFlLWIwNDIt
OTk5Y2NlNGQ0YWQyLzEvM09lMjNKNVhFYlNPUk54VmhjSVZIZTktYWZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82MzQ4OTAtOGI0OC00OWFlLWIwNDItOTk5Y2NlNGQ0YWQy
LzEvajktSHlsTUdWNWhFZGtVbFg0S2JVN3dkb2hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBhY
MA0GCSqGSIb3DQEBCwUAA4IBAQCzVe4mF14L0wp1KJcgYkhka7QNIlxOJDJX9DvC
XArc0xofUUFEIglFy9sZlYUixa6CzEnclhxPC8p2HY5G8PEsoSKgH0aSbE6kMpLv
mVE1kD0whz6e2RSrtFCr/gAIFWxW5aKLHmu6P/a6LEHwPr3tvQwyy2T1ZM1QKFW8
bcgOxjSI92ziNQI7CQ7aGlgHuSi18F0xHrPDQHfc83QzAaqqFtPBy92D0/q/nncr
vXeDAAS3Y4ZpNXZJFCg2Kcl93BO2BoOPhSpcWXq5zNxGMKFunpxYxtvcp4V4eFT9
P+iNjjksebWLRYvTO6U/bXuV358KZ/GNoxbLv7WA20FV/C/4
-----END CERTIFICATE-----