Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/78a861-b918-4ea7-88a8-603cb083714b/1/2xfKppgWle2n7kYCuYbhhQAKhtc.roa
File:                     2xfKppgWle2n7kYCuYbhhQAKhtc.roa (raw, json)
Hash identifier:          XdrnQ84azWgproX67aRx62T19XPV0DaeFAKNgPfQjXM=
Subject key identifier:   DB:17:CA:A6:98:16:95:ED:A7:EE:46:02:B9:86:E1:85:00:0A:86:D7
Certificate issuer:       /CN=0ba56abdcb4f6f0c86b832ecc13f5e249721d6f8
Certificate serial:       018CC8010DA534CAB7707EE0A168BEA2D08F
Authority key identifier: 0B:A5:6A:BD:CB:4F:6F:0C:86:B8:32:EC:C1:3F:5E:24:97:21:D6:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C6VqvctPbwyGuDLswT9eJJch1vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/78a861-b918-4ea7-88a8-603cb083714b/1/2xfKppgWle2n7kYCuYbhhQAKhtc.roa
Signing time:             Tue 02 Jan 2024 02:29:21 +0000
ROA not before:           Tue 02 Jan 2024 02:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201909
IP address blocks:        2001:67c:624::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/78a861-b918-4ea7-88a8-603cb083714b/1/C6VqvctPbwyGuDLswT9eJJch1vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/78a861-b918-4ea7-88a8-603cb083714b/1/C6VqvctPbwyGuDLswT9eJJch1vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C6VqvctPbwyGuDLswT9eJJch1vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:0d:a5:34:ca:b7:70:7e:e0:a1:68:be:a2:d0:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ba56abdcb4f6f0c86b832ecc13f5e249721d6f8
        Validity
            Not Before: Jan  2 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db17caa6981695eda7ee4602b986e185000a86d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:37:7e:92:99:fe:d0:d1:58:d6:79:ee:85:79:
                    c8:52:85:53:84:7e:64:8e:ab:50:46:d7:63:22:13:
                    81:e8:33:81:e2:40:5b:7d:b2:04:35:a3:06:39:4b:
                    21:1c:34:d0:ff:92:c7:35:8b:d5:85:af:9c:ff:41:
                    b6:a4:12:25:86:5a:5b:7f:e4:a1:d0:92:15:da:1b:
                    ec:1a:88:9a:d0:75:bd:77:94:4a:4e:e3:63:20:d0:
                    43:06:8a:09:f0:e7:9f:dd:cd:9b:6f:cc:4b:91:df:
                    fb:06:6c:3f:8c:56:67:78:2c:c0:7d:ed:c3:30:d5:
                    71:ef:91:f8:f0:d0:96:31:1f:0b:d5:ec:80:50:1b:
                    d7:d3:a8:a1:37:bd:4b:35:42:82:4b:09:94:59:af:
                    48:55:b9:99:d8:e2:45:8e:b0:42:d3:af:44:4a:b8:
                    a7:10:ed:54:e0:63:22:c0:7b:21:f5:70:83:e3:a2:
                    5c:7d:d5:40:47:08:89:59:4b:a2:e1:72:70:ff:3c:
                    36:fd:fe:1d:f9:a1:08:08:77:c8:46:3c:1f:68:ba:
                    56:60:1d:1e:2a:c7:24:6b:b1:7a:33:43:e9:e2:0c:
                    6d:75:d1:89:51:88:6c:48:a0:e2:6e:92:8d:bc:be:
                    b3:a4:8f:aa:24:88:b8:f5:87:5c:e0:88:f0:49:63:
                    14:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:17:CA:A6:98:16:95:ED:A7:EE:46:02:B9:86:E1:85:00:0A:86:D7
            X509v3 Authority Key Identifier:
                keyid:0B:A5:6A:BD:CB:4F:6F:0C:86:B8:32:EC:C1:3F:5E:24:97:21:D6:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C6VqvctPbwyGuDLswT9eJJch1vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/78a861-b918-4ea7-88a8-603cb083714b/1/2xfKppgWle2n7kYCuYbhhQAKhtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/78a861-b918-4ea7-88a8-603cb083714b/1/C6VqvctPbwyGuDLswT9eJJch1vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:624::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:93:1d:0b:92:e2:3f:12:8e:37:3d:12:0f:9c:6f:9d:47:25:
         c0:88:c4:c3:a8:e8:84:f5:48:e2:19:03:89:bb:f7:ce:7e:ad:
         1f:ca:b4:d3:29:d4:6d:fd:65:2a:53:1d:ff:d5:dd:05:72:ff:
         d6:04:12:85:36:c1:79:eb:35:46:54:9b:89:39:39:68:b7:59:
         dd:67:86:f3:8d:cc:69:30:87:6a:59:9b:1c:5b:da:36:fb:de:
         4f:36:8c:a9:21:b3:3e:5f:3f:af:fa:4f:97:b0:c8:b0:72:49:
         b0:a0:dc:33:7d:6f:b7:4c:a0:7a:f3:07:25:2f:66:51:96:bb:
         8b:68:94:9e:f5:c7:90:1d:43:99:98:5e:c2:3c:6e:4d:65:e9:
         aa:91:0f:25:e7:ff:75:9a:b0:d4:5a:ef:3f:eb:8e:82:f4:5c:
         31:e7:8e:34:ab:bf:6e:87:31:71:a5:d8:77:16:33:ae:57:5b:
         c6:17:82:3a:77:46:ee:97:70:5a:7b:3b:00:76:c3:bb:81:6f:
         50:69:13:c9:ba:10:a6:e6:d8:ee:c1:1c:96:fd:d7:ee:c9:d8:
         6c:f5:d0:57:a6:c4:1b:24:3b:e8:3d:09:cc:bf:89:e9:66:9d:
         59:54:de:ef:a5:3c:9b:eb:e6:58:a5:d0:7a:ff:6b:9b:e8:3a:
         ef:6b:3e:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAQ2lNMq3cH7goWi+otCPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYTU2YWJkY2I0ZjZmMGM4NmI4MzJlY2MxM2Y1ZTI0OTcy
MWQ2ZjgwHhcNMjQwMTAyMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjE3Y2FhNjk4MTY5NWVkYTdlZTQ2MDJiOTg2ZTE4NTAwMGE4NmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDd+kpn+0NFY1nnuhXnIUoVThH5k
jqtQRtdjIhOB6DOB4kBbfbIENaMGOUshHDTQ/5LHNYvVha+c/0G2pBIlhlpbf+Sh
0JIV2hvsGoia0HW9d5RKTuNjINBDBooJ8Oef3c2bb8xLkd/7Bmw/jFZneCzAfe3D
MNVx75H48NCWMR8L1eyAUBvX06ihN71LNUKCSwmUWa9IVbmZ2OJFjrBC069ESrin
EO1U4GMiwHsh9XCD46JcfdVARwiJWUui4XJw/zw2/f4d+aEICHfIRjwfaLpWYB0e
Kscka7F6M0Pp4gxtddGJUYhsSKDibpKNvL6zpI+qJIi49Ydc4IjwSWMUUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNsXyqaYFpXtp+5GArmG4YUACobXMB8GA1UdIwQY
MBaAFAular3LT28Mhrgy7ME/XiSXIdb4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzZWcXZjdFBid3lHdURMc3dUOWVKSmNoMXZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC83OGE4NjEtYjkxOC00ZWE3LTg4YTgt
NjAzY2IwODM3MTRiLzEvMnhmS3BwZ1dsZTJuN2tZQ3VZYmhoUUFLaHRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC83OGE4NjEtYjkxOC00ZWE3LTg4YTgtNjAzY2IwODM3MTRi
LzEvQzZWcXZjdFBid3lHdURMc3dUOWVKSmNoMXZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAYk
MA0GCSqGSIb3DQEBCwUAA4IBAQB8kx0LkuI/Eo43PRIPnG+dRyXAiMTDqOiE9Uji
GQOJu/fOfq0fyrTTKdRt/WUqUx3/1d0Fcv/WBBKFNsF56zVGVJuJOTlot1ndZ4bz
jcxpMIdqWZscW9o2+95PNoypIbM+Xz+v+k+XsMiwckmwoNwzfW+3TKB68wclL2ZR
lruLaJSe9ceQHUOZmF7CPG5NZemqkQ8l5/91mrDUWu8/646C9Fwx5440q79uhzFx
pdh3FjOuV1vGF4I6d0bul3BaezsAdsO7gW9QaRPJuhCm5tjuwRyW/dfuydhs9dBX
psQbJDvoPQnMv4npZp1ZVN7vpTyb6+ZYpdB6/2ub6Drvaz4F
-----END CERTIFICATE-----