Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a96ac3-3990-45aa-b48e-870cc5f43cd5/1/OGYiaiLlvvoCShuu1gZ4WV50fjA.roa
File:                     OGYiaiLlvvoCShuu1gZ4WV50fjA.roa (raw, json)
Hash identifier:          f2tMm4ljzoNpgDmt2ImgjBynGOP4Ab1bKnEbHn3gqvk=
Subject key identifier:   38:66:22:6A:22:E5:BE:FA:02:4A:1B:AE:D6:06:78:59:5E:74:7E:30
Certificate issuer:       /CN=8032c07faa22feb5969ff1f3b4905d1ea1e4deeb
Certificate serial:       018CC26D8546C3B4353FE3B113DDF69C52BD
Authority key identifier: 80:32:C0:7F:AA:22:FE:B5:96:9F:F1:F3:B4:90:5D:1E:A1:E4:DE:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gDLAf6oi_rWWn_HztJBdHqHk3us.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a96ac3-3990-45aa-b48e-870cc5f43cd5/1/OGYiaiLlvvoCShuu1gZ4WV50fjA.roa
Signing time:             Mon 01 Jan 2024 00:30:06 +0000
ROA not before:           Mon 01 Jan 2024 00:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31317
IP address blocks:        2001:67c:10b0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a96ac3-3990-45aa-b48e-870cc5f43cd5/1/gDLAf6oi_rWWn_HztJBdHqHk3us.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a96ac3-3990-45aa-b48e-870cc5f43cd5/1/gDLAf6oi_rWWn_HztJBdHqHk3us.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gDLAf6oi_rWWn_HztJBdHqHk3us.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:85:46:c3:b4:35:3f:e3:b1:13:dd:f6:9c:52:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8032c07faa22feb5969ff1f3b4905d1ea1e4deeb
        Validity
            Not Before: Jan  1 00:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3866226a22e5befa024a1baed60678595e747e30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d2:1f:ba:3e:7d:62:37:2f:4a:55:21:cd:0f:
                    6e:55:57:d8:d2:6f:21:f1:bd:5d:60:6a:77:7e:da:
                    3a:78:f7:8c:a7:9f:f0:2d:72:b1:a1:60:3e:84:54:
                    50:34:43:1a:a4:06:a9:da:db:52:2a:28:ed:e7:25:
                    6a:17:06:4c:07:8f:d7:21:c6:37:b8:14:66:b0:73:
                    7f:45:3c:e2:fd:18:b6:f3:6c:9e:54:55:ac:a9:cd:
                    d2:29:86:25:f3:93:d0:76:f1:b4:63:88:01:c7:06:
                    bb:0f:3e:fb:bb:2b:5f:ba:b7:2c:4e:23:b7:f6:12:
                    85:4c:18:16:c0:79:d8:a3:46:f3:c3:99:e4:b6:d8:
                    98:a1:bf:c7:45:a2:a7:63:22:b9:20:1a:bd:39:f1:
                    d5:ea:9e:c5:cc:68:18:75:a2:1b:74:20:cf:df:a3:
                    70:cf:4d:85:a0:25:12:6f:69:d9:ac:2e:42:ee:5b:
                    b8:5d:9d:c1:b4:b1:b5:f6:70:e5:a2:16:87:bb:5b:
                    44:3b:40:a7:df:10:0c:5f:69:14:76:ce:01:54:c8:
                    f9:0b:40:2b:bc:cf:ee:af:ac:ae:06:df:6f:e2:21:
                    0f:72:e9:d1:89:8b:ed:bb:6a:56:0d:a2:cd:71:0c:
                    65:62:47:48:a9:41:54:08:44:d7:ac:60:0f:0c:c8:
                    89:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:66:22:6A:22:E5:BE:FA:02:4A:1B:AE:D6:06:78:59:5E:74:7E:30
            X509v3 Authority Key Identifier:
                keyid:80:32:C0:7F:AA:22:FE:B5:96:9F:F1:F3:B4:90:5D:1E:A1:E4:DE:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gDLAf6oi_rWWn_HztJBdHqHk3us.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a96ac3-3990-45aa-b48e-870cc5f43cd5/1/OGYiaiLlvvoCShuu1gZ4WV50fjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a96ac3-3990-45aa-b48e-870cc5f43cd5/1/gDLAf6oi_rWWn_HztJBdHqHk3us.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:10b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:6c:01:d3:de:c6:fb:50:93:44:18:5c:f2:56:e8:9a:47:e5:
         c1:b1:30:f7:bf:a8:77:c6:88:0e:08:e7:50:57:e9:7f:03:f9:
         93:12:fe:1c:30:7c:0c:39:75:a4:65:34:19:e0:18:4a:51:bc:
         22:dd:ba:73:f8:8e:5e:d6:8b:9d:ae:31:e9:d4:25:d2:4e:7f:
         44:14:bb:fe:bf:e3:7c:0c:21:e0:31:ee:9a:fd:5d:c4:00:6a:
         43:e2:fc:6b:d0:11:3f:f7:1d:d3:fe:7a:7d:98:18:04:8d:05:
         40:ee:7b:33:46:cb:df:c1:74:84:31:e1:5b:1a:99:af:b8:0d:
         07:d0:29:f5:79:d0:d3:5e:0d:b3:1d:02:e9:ea:c7:25:90:21:
         0f:dd:35:ef:59:49:df:20:6e:64:62:c2:2d:fc:dd:47:6d:3d:
         66:be:f8:ff:3c:cd:5d:6f:26:4c:5c:6f:be:85:2a:d4:f3:3e:
         7f:a4:3a:6b:55:8e:d1:3e:3f:5f:d3:20:f8:0d:02:3a:b6:44:
         eb:33:95:2c:4a:ea:c4:0f:7d:22:71:54:f5:fd:8b:71:29:26:
         55:93:00:e6:75:51:7d:a1:32:cc:8f:fd:62:49:bb:43:c5:cc:
         d0:a1:13:6a:d9:77:97:0a:d5:32:bb:05:04:9f:e5:86:4b:37:
         1a:a1:3e:12
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbYVGw7Q1P+OxE932nFK9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwMzJjMDdmYWEyMmZlYjU5NjlmZjFmM2I0OTA1ZDFlYTFl
NGRlZWIwHhcNMjQwMTAxMDAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODY2MjI2YTIyZTViZWZhMDI0YTFiYWVkNjA2Nzg1OTVlNzQ3ZTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9Ifuj59YjcvSlUhzQ9uVVfY0m8h
8b1dYGp3fto6ePeMp5/wLXKxoWA+hFRQNEMapAap2ttSKijt5yVqFwZMB4/XIcY3
uBRmsHN/RTzi/Ri282yeVFWsqc3SKYYl85PQdvG0Y4gBxwa7Dz77uytfurcsTiO3
9hKFTBgWwHnYo0bzw5nkttiYob/HRaKnYyK5IBq9OfHV6p7FzGgYdaIbdCDP36Nw
z02FoCUSb2nZrC5C7lu4XZ3BtLG19nDlohaHu1tEO0Cn3xAMX2kUds4BVMj5C0Ar
vM/ur6yuBt9v4iEPcunRiYvtu2pWDaLNcQxlYkdIqUFUCETXrGAPDMiJ0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDhmImoi5b76AkobrtYGeFledH4wMB8GA1UdIwQY
MBaAFIAywH+qIv61lp/x87SQXR6h5N7rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0RMQWY2b2lfcldXbl9IenRKQmRIcUhrM3VzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hOTZhYzMtMzk5MC00NWFhLWI0OGUt
ODcwY2M1ZjQzY2Q1LzEvT0dZaWFpTGx2dm9DU2h1dTFnWjRXVjUwZmpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hOTZhYzMtMzk5MC00NWFhLWI0OGUtODcwY2M1ZjQzY2Q1
LzEvZ0RMQWY2b2lfcldXbl9IenRKQmRIcUhrM3VzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBCw
MA0GCSqGSIb3DQEBCwUAA4IBAQAYbAHT3sb7UJNEGFzyVuiaR+XBsTD3v6h3xogO
COdQV+l/A/mTEv4cMHwMOXWkZTQZ4BhKUbwi3bpz+I5e1oudrjHp1CXSTn9EFLv+
v+N8DCHgMe6a/V3EAGpD4vxr0BE/9x3T/np9mBgEjQVA7nszRsvfwXSEMeFbGpmv
uA0H0Cn1edDTXg2zHQLp6sclkCEP3TXvWUnfIG5kYsIt/N1HbT1mvvj/PM1dbyZM
XG++hSrU8z5/pDprVY7RPj9f0yD4DQI6tkTrM5UsSurED30icVT1/YtxKSZVkwDm
dVF9oTLMj/1iSbtDxczQoRNq2XeXCtUyuwUEn+WGSzcaoT4S
-----END CERTIFICATE-----