Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/KsHClfB4p9brLOP61FiIenTmz-c.roa
File:                     KsHClfB4p9brLOP61FiIenTmz-c.roa (raw, json)
Hash identifier:          OrjQ1M53L2SNU0USnaRcCQkDU59lLt36gFErYqsn8uk=
Subject key identifier:   2A:C1:C2:95:F0:78:A7:D6:EB:2C:E3:FA:D4:58:88:7A:74:E6:CF:E7
Certificate issuer:       /CN=1d54be79c892b5356bf1b7bcd131397f2c23adc0
Certificate serial:       018CC64AEB8E1F73CCCA55CFB46B12E221E7
Authority key identifier: 1D:54:BE:79:C8:92:B5:35:6B:F1:B7:BC:D1:31:39:7F:2C:23:AD:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HVS-eciStTVr8be80TE5fywjrcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/KsHClfB4p9brLOP61FiIenTmz-c.roa
Signing time:             Mon 01 Jan 2024 18:30:47 +0000
ROA not before:           Mon 01 Jan 2024 18:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        2a0d:ed80:101::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/HVS-eciStTVr8be80TE5fywjrcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/HVS-eciStTVr8be80TE5fywjrcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HVS-eciStTVr8be80TE5fywjrcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:eb:8e:1f:73:cc:ca:55:cf:b4:6b:12:e2:21:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d54be79c892b5356bf1b7bcd131397f2c23adc0
        Validity
            Not Before: Jan  1 18:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ac1c295f078a7d6eb2ce3fad458887a74e6cfe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:96:27:65:67:57:77:88:e6:ff:57:9d:59:40:
                    1b:dd:32:26:24:61:14:18:f2:27:20:d9:4c:b2:8d:
                    ee:31:89:05:21:a3:87:f2:ac:fa:5c:a9:50:40:11:
                    57:f1:85:12:79:ed:d2:53:e5:6c:19:99:a1:51:5f:
                    4e:22:00:89:b4:b5:ac:94:3a:6e:4f:66:0b:12:0d:
                    60:9f:36:2b:d4:c5:75:11:ec:ad:57:d2:1b:96:78:
                    8b:ef:67:3f:5b:f1:5d:a5:24:eb:2e:f7:6b:f7:8b:
                    05:bd:91:86:9a:22:55:0e:f1:ef:cd:21:54:4b:fb:
                    75:a2:e8:e3:fc:0c:83:2c:5d:57:8f:6f:7b:41:ff:
                    b3:d0:67:f9:77:b7:a7:ec:e5:08:79:4d:eb:a2:0f:
                    7d:da:af:10:87:16:39:83:32:00:e7:7d:bd:35:77:
                    d4:55:b3:2a:c3:6c:11:3f:42:eb:a0:78:cc:cf:16:
                    64:ec:d9:e1:34:8e:f6:7e:93:b2:e8:7c:c8:5f:18:
                    d8:4d:ee:f8:1f:0c:0e:cb:89:13:81:f0:61:4b:c2:
                    98:08:54:54:5a:90:27:0c:7f:19:02:a3:4f:36:fa:
                    29:67:f3:8f:1b:41:e3:18:6f:95:d1:9a:f5:01:21:
                    4c:e9:9b:01:20:1d:27:2d:61:19:84:81:ca:d6:07:
                    2a:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:C1:C2:95:F0:78:A7:D6:EB:2C:E3:FA:D4:58:88:7A:74:E6:CF:E7
            X509v3 Authority Key Identifier:
                keyid:1D:54:BE:79:C8:92:B5:35:6B:F1:B7:BC:D1:31:39:7F:2C:23:AD:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HVS-eciStTVr8be80TE5fywjrcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/KsHClfB4p9brLOP61FiIenTmz-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/HVS-eciStTVr8be80TE5fywjrcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:ed80:101::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:c4:e6:90:06:0d:51:16:5d:8b:a1:85:92:c3:7b:fe:89:c6:
         7c:63:4c:77:a4:d7:7c:24:e0:42:16:20:e6:10:f0:c6:9f:d7:
         d7:2d:11:42:99:03:cc:10:83:86:b3:c1:df:15:be:79:f7:66:
         ef:70:03:0c:74:c3:9f:3c:3b:26:31:28:66:1f:cb:80:3f:63:
         24:f1:b5:9f:98:67:23:a7:0f:6b:66:14:8d:16:d7:5e:64:61:
         27:7c:e9:6c:f8:2f:62:d3:a9:b9:54:ec:a1:cd:4e:97:52:62:
         27:ab:f5:a8:12:3a:46:9a:ff:61:cd:2f:6b:cc:6f:81:3f:80:
         74:52:96:46:3b:df:bf:e2:6c:31:d4:a2:02:7e:3b:11:0b:5b:
         5e:7e:56:c5:43:79:d9:22:54:9d:fc:05:06:67:d9:34:2d:51:
         b3:f8:a6:03:12:e0:d7:80:ff:ca:ef:5f:4c:63:d7:8c:d9:47:
         e9:ee:35:29:46:5a:58:07:0f:ef:96:5d:8a:50:d8:34:08:8d:
         87:e9:99:7a:91:31:63:c4:f5:44:cc:9d:bc:f6:85:0d:81:62:
         89:c7:05:41:ea:d3:b4:98:2f:be:fd:04:f2:2b:6f:ff:12:e8:
         da:03:ca:2f:d9:9a:6d:6e:05:9b:d0:6d:9b:15:39:23:83:16:
         0f:c5:6e:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSuuOH3PMylXPtGsS4iHnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNTRiZTc5Yzg5MmI1MzU2YmYxYjdiY2QxMzEzOTdmMmMy
M2FkYzAwHhcNMjQwMTAxMTgzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWMxYzI5NWYwNzhhN2Q2ZWIyY2UzZmFkNDU4ODg3YTc0ZTZjZmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJYnZWdXd4jm/1edWUAb3TImJGEU
GPInINlMso3uMYkFIaOH8qz6XKlQQBFX8YUSee3SU+VsGZmhUV9OIgCJtLWslDpu
T2YLEg1gnzYr1MV1EeytV9IblniL72c/W/FdpSTrLvdr94sFvZGGmiJVDvHvzSFU
S/t1oujj/AyDLF1Xj297Qf+z0Gf5d7en7OUIeU3rog992q8QhxY5gzIA5329NXfU
VbMqw2wRP0LroHjMzxZk7NnhNI72fpOy6HzIXxjYTe74HwwOy4kTgfBhS8KYCFRU
WpAnDH8ZAqNPNvopZ/OPG0HjGG+V0Zr1ASFM6ZsBIB0nLWEZhIHK1gcqUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCrBwpXweKfW6yzj+tRYiHp05s/nMB8GA1UdIwQY
MBaAFB1UvnnIkrU1a/G3vNExOX8sI63AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFZTLWVjaVN0VFZyOGJlODBURTVmeXdqcmNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82Nzc2OWItODVhNS00YTBhLTg4OWIt
ODAyYjYzNzZmNzQzLzEvS3NIQ2xmQjRwOWJyTE9QNjFGaUllblRtei1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82Nzc2OWItODVhNS00YTBhLTg4OWItODAyYjYzNzZmNzQz
LzEvSFZTLWVjaVN0VFZyOGJlODBURTVmeXdqcmNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg3tgAEB
MA0GCSqGSIb3DQEBCwUAA4IBAQCdxOaQBg1RFl2LoYWSw3v+icZ8Y0x3pNd8JOBC
FiDmEPDGn9fXLRFCmQPMEIOGs8HfFb5592bvcAMMdMOfPDsmMShmH8uAP2Mk8bWf
mGcjpw9rZhSNFtdeZGEnfOls+C9i06m5VOyhzU6XUmInq/WoEjpGmv9hzS9rzG+B
P4B0UpZGO9+/4mwx1KICfjsRC1teflbFQ3nZIlSd/AUGZ9k0LVGz+KYDEuDXgP/K
719MY9eM2Ufp7jUpRlpYBw/vll2KUNg0CI2H6Zl6kTFjxPVEzJ289oUNgWKJxwVB
6tO0mC++/QTyK2//EujaA8ov2ZptbgWb0G2bFTkjgxYPxW4E
-----END CERTIFICATE-----