Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/8fad8b-a033-4484-885e-e02872d1db01/1/gL-7rn1RO2uM9QJG1ZvBaCMY2zk.roa
File:                     gL-7rn1RO2uM9QJG1ZvBaCMY2zk.roa (raw, json)
Hash identifier:          aNgD7MKsCj5iWLIrEIsIhfErWBK/bxjAXyJpfoptN8Q=
Subject key identifier:   80:BF:BB:AE:7D:51:3B:6B:8C:F5:02:46:D5:9B:C1:68:23:18:DB:39
Certificate issuer:       /CN=2e41457da1ea6c79b1b6bea52c64a7a1b5f29648
Certificate serial:       018CC8011D2B62157C02D81BAE642BA010E4
Authority key identifier: 2E:41:45:7D:A1:EA:6C:79:B1:B6:BE:A5:2C:64:A7:A1:B5:F2:96:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LkFFfaHqbHmxtr6lLGSnobXylkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/8fad8b-a033-4484-885e-e02872d1db01/1/gL-7rn1RO2uM9QJG1ZvBaCMY2zk.roa
Signing time:             Tue 02 Jan 2024 02:29:25 +0000
ROA not before:           Tue 02 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202060
IP address blocks:        2001:67c:558::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/8fad8b-a033-4484-885e-e02872d1db01/1/LkFFfaHqbHmxtr6lLGSnobXylkg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/8fad8b-a033-4484-885e-e02872d1db01/1/LkFFfaHqbHmxtr6lLGSnobXylkg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LkFFfaHqbHmxtr6lLGSnobXylkg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:1d:2b:62:15:7c:02:d8:1b:ae:64:2b:a0:10:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e41457da1ea6c79b1b6bea52c64a7a1b5f29648
        Validity
            Not Before: Jan  2 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80bfbbae7d513b6b8cf50246d59bc1682318db39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f5:a6:0f:0b:28:94:0d:cf:97:fd:58:48:db:
                    db:3c:f7:a8:fe:bb:11:8e:f5:ea:a4:62:42:35:b8:
                    eb:50:81:9a:ae:32:12:f4:c8:64:76:5a:bc:9a:5d:
                    02:56:3c:ff:9c:0e:b2:5b:8c:1a:7e:2a:94:77:a6:
                    fa:ca:ac:58:10:0c:4f:cc:26:f9:37:eb:dd:ab:4a:
                    60:47:4d:5b:32:43:77:fd:2f:40:2d:12:df:69:da:
                    b0:ea:79:cb:01:99:cd:5e:18:f4:25:45:5b:45:40:
                    fa:3d:ef:88:20:92:63:d8:ff:92:fe:fa:ed:b5:02:
                    b6:4c:74:89:49:39:5e:e6:12:f3:bd:55:08:44:e1:
                    3f:61:a0:2e:64:ee:3f:7a:48:29:2f:52:d1:b2:15:
                    1d:5c:f9:e2:86:d6:97:58:56:5a:5f:f3:c7:80:d6:
                    d5:a7:ef:01:f0:ae:71:e2:53:01:8d:1d:e3:cf:77:
                    d7:0d:a7:35:c6:45:52:89:70:c8:ea:02:e0:29:c3:
                    89:6f:9f:b3:33:13:f8:06:e1:f7:c4:a4:d5:35:c8:
                    60:e6:fb:f1:61:6f:c0:a4:03:b8:15:52:dd:9b:09:
                    78:9f:bf:3c:16:93:e2:08:2d:ce:30:5b:b4:dd:c0:
                    3c:e7:81:a7:11:0a:b8:44:6f:98:fd:f9:bb:c2:51:
                    cc:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:BF:BB:AE:7D:51:3B:6B:8C:F5:02:46:D5:9B:C1:68:23:18:DB:39
            X509v3 Authority Key Identifier:
                keyid:2E:41:45:7D:A1:EA:6C:79:B1:B6:BE:A5:2C:64:A7:A1:B5:F2:96:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LkFFfaHqbHmxtr6lLGSnobXylkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/8fad8b-a033-4484-885e-e02872d1db01/1/gL-7rn1RO2uM9QJG1ZvBaCMY2zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/8fad8b-a033-4484-885e-e02872d1db01/1/LkFFfaHqbHmxtr6lLGSnobXylkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:558::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:1e:64:4f:0b:41:46:c6:42:7d:19:86:e1:03:2a:6b:38:f0:
         33:62:3c:16:3a:7d:a8:38:1e:d5:f2:48:bc:40:8e:33:6a:96:
         86:b3:b2:b1:da:89:9f:eb:95:8a:ca:ec:b2:62:c3:db:07:25:
         c6:82:4f:bf:a9:4f:9a:f9:c9:c4:31:63:47:ba:57:0e:34:5c:
         0d:70:45:e0:55:34:72:b7:e3:48:7f:b8:76:36:c1:5a:cd:18:
         96:00:54:69:ba:6b:b9:c4:06:b9:a2:a8:94:18:2a:07:3e:dd:
         0d:fd:59:f3:ca:fa:53:b0:d6:a2:be:0d:2c:e9:ec:3f:93:35:
         b9:d3:78:ee:48:c3:f1:54:3a:4b:fa:0c:8e:3b:6f:bb:d5:ec:
         a0:07:03:8c:b3:33:29:9d:1f:ce:0e:22:cf:14:a6:7b:47:6e:
         c8:c8:26:9e:38:af:df:cd:2a:e0:4b:b8:cb:11:dd:17:e3:e0:
         ce:9e:e4:b9:c8:9e:6d:2b:4e:de:54:10:8d:ab:35:a5:6c:8a:
         e0:84:4b:4a:72:54:f0:61:41:14:eb:55:2b:6a:3c:0d:f9:94:
         d5:68:5b:44:c4:3f:a0:d5:a8:e1:ac:f6:45:ec:21:9d:f1:76:
         06:01:a3:0b:fa:fb:f6:9f:47:b8:2f:e0:cd:49:ea:9a:c4:e8:
         a0:7f:db:59
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAR0rYhV8AtgbrmQroBDkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNDE0NTdkYTFlYTZjNzliMWI2YmVhNTJjNjRhN2ExYjVm
Mjk2NDgwHhcNMjQwMTAyMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGJmYmJhZTdkNTEzYjZiOGNmNTAyNDZkNTliYzE2ODIzMThkYjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvWmDwsolA3Pl/1YSNvbPPeo/rsR
jvXqpGJCNbjrUIGarjIS9Mhkdlq8ml0CVjz/nA6yW4wafiqUd6b6yqxYEAxPzCb5
N+vdq0pgR01bMkN3/S9ALRLfadqw6nnLAZnNXhj0JUVbRUD6Pe+IIJJj2P+S/vrt
tQK2THSJSTle5hLzvVUIROE/YaAuZO4/ekgpL1LRshUdXPnihtaXWFZaX/PHgNbV
p+8B8K5x4lMBjR3jz3fXDac1xkVSiXDI6gLgKcOJb5+zMxP4BuH3xKTVNchg5vvx
YW/ApAO4FVLdmwl4n788FpPiCC3OMFu03cA854GnEQq4RG+Y/fm7wlHMjQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIC/u659UTtrjPUCRtWbwWgjGNs5MB8GA1UdIwQY
MBaAFC5BRX2h6mx5sba+pSxkp6G18pZIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGtGRmZhSHFiSG14dHI2bExHU25vYlh5bGtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC84ZmFkOGItYTAzMy00NDg0LTg4NWUt
ZTAyODcyZDFkYjAxLzEvZ0wtN3JuMVJPMnVNOVFKRzFadkJhQ01ZMnprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC84ZmFkOGItYTAzMy00NDg0LTg4NWUtZTAyODcyZDFkYjAx
LzEvTGtGRmZhSHFiSG14dHI2bExHU25vYlh5bGtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAVY
MA0GCSqGSIb3DQEBCwUAA4IBAQAGHmRPC0FGxkJ9GYbhAyprOPAzYjwWOn2oOB7V
8ki8QI4zapaGs7Kx2omf65WKyuyyYsPbByXGgk+/qU+a+cnEMWNHulcONFwNcEXg
VTRyt+NIf7h2NsFazRiWAFRpumu5xAa5oqiUGCoHPt0N/VnzyvpTsNaivg0s6ew/
kzW503juSMPxVDpL+gyOO2+71eygBwOMszMpnR/ODiLPFKZ7R27IyCaeOK/fzSrg
S7jLEd0X4+DOnuS5yJ5tK07eVBCNqzWlbIrghEtKclTwYUEU61UrajwN+ZTVaFtE
xD+g1ajhrPZF7CGd8XYGAaML+vv2n0e4L+DNSeqaxOigf9tZ
-----END CERTIFICATE-----