Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/f64053-b938-4c51-8ec5-5d25244e4aad/1/C361pkf2kMH7LVb5jk56viIKncs.roa
File:                     C361pkf2kMH7LVb5jk56viIKncs.roa (raw, json)
Hash identifier:          Q50b/CcXDqbyEtSCq248vPerGFmxPXHY43PklPPHnI8=
Subject key identifier:   0B:7E:B5:A6:47:F6:90:C1:FB:2D:56:F9:8E:4E:7A:BE:22:0A:9D:CB
Certificate issuer:       /CN=f74444a0867fcca9a3569c1fd092133546a37f4b
Certificate serial:       018CC4932BDA98EC6B59E4296CD88DE5EBF0
Authority key identifier: F7:44:44:A0:86:7F:CC:A9:A3:56:9C:1F:D0:92:13:35:46:A3:7F:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/90REoIZ_zKmjVpwf0JITNUajf0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/f64053-b938-4c51-8ec5-5d25244e4aad/1/C361pkf2kMH7LVb5jk56viIKncs.roa
Signing time:             Mon 01 Jan 2024 10:30:28 +0000
ROA not before:           Mon 01 Jan 2024 10:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197422
IP address blocks:        2001:67c:2608::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/f64053-b938-4c51-8ec5-5d25244e4aad/1/90REoIZ_zKmjVpwf0JITNUajf0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/f64053-b938-4c51-8ec5-5d25244e4aad/1/90REoIZ_zKmjVpwf0JITNUajf0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/90REoIZ_zKmjVpwf0JITNUajf0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 23:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:2b:da:98:ec:6b:59:e4:29:6c:d8:8d:e5:eb:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f74444a0867fcca9a3569c1fd092133546a37f4b
        Validity
            Not Before: Jan  1 10:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b7eb5a647f690c1fb2d56f98e4e7abe220a9dcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:60:a4:af:38:39:70:04:8c:12:46:e4:22:e9:
                    83:f0:d5:12:80:f4:9f:59:e1:40:3a:e0:77:39:1a:
                    5c:f5:1d:7a:a5:4f:fa:5a:9f:fc:d4:b2:fb:28:cb:
                    36:73:e3:d6:93:01:f9:19:9a:d5:44:be:fa:1c:75:
                    16:0b:d9:58:d1:d9:cf:91:95:2f:a9:cc:86:09:7b:
                    aa:aa:77:21:83:f2:de:34:57:c3:7d:8c:eb:39:b0:
                    90:0c:b1:52:7d:00:33:c6:49:38:89:65:55:b3:57:
                    e1:58:97:6d:a9:d1:79:c1:bb:3d:0d:29:99:f6:a5:
                    ec:71:8d:ac:6f:cd:d3:dc:8a:47:9b:c7:a3:54:d7:
                    c9:bd:e0:91:b1:66:cf:a0:bc:e2:5d:d5:4f:4c:79:
                    58:5e:b1:80:58:ba:54:a6:dc:cc:27:01:7b:c7:56:
                    fb:a4:70:9c:87:3e:9f:41:83:fd:07:24:9c:10:da:
                    fe:7d:78:e6:35:e0:6e:a9:35:1b:08:ca:77:76:da:
                    1e:2a:3e:7c:06:b7:fb:dc:c4:46:d3:a3:6b:03:39:
                    c4:b2:de:91:b2:ac:54:c4:a9:10:dc:bf:4c:c1:06:
                    09:61:bd:c0:c7:1d:e0:29:35:6e:8e:d2:21:19:0f:
                    23:75:59:0e:e2:ed:2d:8e:58:40:4f:c0:9b:30:53:
                    45:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:7E:B5:A6:47:F6:90:C1:FB:2D:56:F9:8E:4E:7A:BE:22:0A:9D:CB
            X509v3 Authority Key Identifier:
                keyid:F7:44:44:A0:86:7F:CC:A9:A3:56:9C:1F:D0:92:13:35:46:A3:7F:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/90REoIZ_zKmjVpwf0JITNUajf0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/f64053-b938-4c51-8ec5-5d25244e4aad/1/C361pkf2kMH7LVb5jk56viIKncs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/f64053-b938-4c51-8ec5-5d25244e4aad/1/90REoIZ_zKmjVpwf0JITNUajf0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2608::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:3a:22:93:2f:a7:b2:7b:59:b6:11:69:f2:37:37:a5:39:8a:
         c3:5d:88:3c:b7:22:18:22:cf:cf:b7:b1:a6:0b:ce:25:25:9d:
         70:d7:c0:33:0d:41:80:d1:ba:c1:60:2b:f8:64:00:13:d0:79:
         95:94:72:81:7f:2b:0e:e5:59:13:3c:a6:68:cb:df:ca:5b:97:
         44:0f:ec:4c:eb:06:ea:98:c3:38:af:cd:aa:89:6f:02:7c:05:
         55:23:06:5b:21:ef:1e:16:15:85:49:bf:fa:9e:9f:e1:3e:bb:
         d4:82:54:9e:3d:18:2b:e5:a7:f7:1f:11:5e:5d:c7:04:87:a9:
         e8:83:02:cb:42:74:40:a4:6f:5c:91:ff:e6:fe:48:bf:c5:e7:
         82:d0:e0:5d:4b:a2:ef:03:df:38:04:84:bb:3d:30:29:b0:48:
         e9:bb:e5:a6:ec:75:9b:98:72:f9:d5:57:0f:bc:5c:cb:8c:51:
         c9:4f:1a:29:b9:62:00:d6:46:b4:cc:8a:9c:6a:61:5f:bf:53:
         a3:3c:18:fd:79:39:0b:3b:8a:43:f6:4a:12:87:aa:61:92:f2:
         2f:94:84:ee:d8:b2:d4:1a:2f:29:46:62:f8:6a:66:c1:65:29:
         c5:54:c7:8c:43:70:83:49:ed:e6:77:be:b9:b8:b4:27:c9:40:
         1c:4d:12:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkyvamOxrWeQpbNiN5evwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NDQ0NGEwODY3ZmNjYTlhMzU2OWMxZmQwOTIxMzM1NDZh
MzdmNGIwHhcNMjQwMTAxMTAzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjdlYjVhNjQ3ZjY5MGMxZmIyZDU2Zjk4ZTRlN2FiZTIyMGE5ZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2Ckrzg5cASMEkbkIumD8NUSgPSf
WeFAOuB3ORpc9R16pU/6Wp/81LL7KMs2c+PWkwH5GZrVRL76HHUWC9lY0dnPkZUv
qcyGCXuqqnchg/LeNFfDfYzrObCQDLFSfQAzxkk4iWVVs1fhWJdtqdF5wbs9DSmZ
9qXscY2sb83T3IpHm8ejVNfJveCRsWbPoLziXdVPTHlYXrGAWLpUptzMJwF7x1b7
pHCchz6fQYP9ByScENr+fXjmNeBuqTUbCMp3dtoeKj58Brf73MRG06NrAznEst6R
sqxUxKkQ3L9MwQYJYb3Axx3gKTVujtIhGQ8jdVkO4u0tjlhAT8CbMFNFMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAt+taZH9pDB+y1W+Y5Oer4iCp3LMB8GA1UdIwQY
MBaAFPdERKCGf8ypo1acH9CSEzVGo39LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTBSRW9JWl96S21qVnB3ZjBKSVROVWFqZjBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9mNjQwNTMtYjkzOC00YzUxLThlYzUt
NWQyNTI0NGU0YWFkLzEvQzM2MXBrZjJrTUg3TFZiNWprNTZ2aUlLbmNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9mNjQwNTMtYjkzOC00YzUxLThlYzUtNWQyNTI0NGU0YWFk
LzEvOTBSRW9JWl96S21qVnB3ZjBKSVROVWFqZjBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCYI
MA0GCSqGSIb3DQEBCwUAA4IBAQCIOiKTL6eye1m2EWnyNzelOYrDXYg8tyIYIs/P
t7GmC84lJZ1w18AzDUGA0brBYCv4ZAAT0HmVlHKBfysO5VkTPKZoy9/KW5dED+xM
6wbqmMM4r82qiW8CfAVVIwZbIe8eFhWFSb/6np/hPrvUglSePRgr5af3HxFeXccE
h6nogwLLQnRApG9ckf/m/ki/xeeC0OBdS6LvA984BIS7PTApsEjpu+Wm7HWbmHL5
1VcPvFzLjFHJTxopuWIA1ka0zIqcamFfv1OjPBj9eTkLO4pD9koSh6phkvIvlITu
2LLUGi8pRmL4ambBZSnFVMeMQ3CDSe3md765uLQnyUAcTRKG
-----END CERTIFICATE-----