Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/35f9c4-7b96-4fcb-bca2-9dd3d21907a3/1/GHM4IUIjOj_tsoeCNgYofw6DtuU.roa
File:                     GHM4IUIjOj_tsoeCNgYofw6DtuU.roa (raw, json)
Hash identifier:          qRnm/8l0P4Te8/vsK3teyoRCXWisU+fKINgdlIqkNRY=
Subject key identifier:   18:73:38:21:42:23:3A:3F:ED:B2:87:82:36:06:28:7F:0E:83:B6:E5
Certificate issuer:       /CN=176eb71bd55576f45763badeb676ed59990d396a
Certificate serial:       018CC94CA8F7BD4DBDC3973623C13BE078CC
Authority key identifier: 17:6E:B7:1B:D5:55:76:F4:57:63:BA:DE:B6:76:ED:59:99:0D:39:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F263G9VVdvRXY7retnbtWZkNOWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/35f9c4-7b96-4fcb-bca2-9dd3d21907a3/1/GHM4IUIjOj_tsoeCNgYofw6DtuU.roa
Signing time:             Tue 02 Jan 2024 08:31:33 +0000
ROA not before:           Tue 02 Jan 2024 08:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206020
IP address blocks:        2001:67c:9b4::/48 maxlen: 48
                          2001:67c:9b8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/35f9c4-7b96-4fcb-bca2-9dd3d21907a3/1/F263G9VVdvRXY7retnbtWZkNOWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/35f9c4-7b96-4fcb-bca2-9dd3d21907a3/1/F263G9VVdvRXY7retnbtWZkNOWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F263G9VVdvRXY7retnbtWZkNOWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:a8:f7:bd:4d:bd:c3:97:36:23:c1:3b:e0:78:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=176eb71bd55576f45763badeb676ed59990d396a
        Validity
            Not Before: Jan  2 08:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1873382142233a3fedb287823606287f0e83b6e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:b1:e5:67:ba:5b:10:c1:5f:37:b7:f6:be:d8:
                    dd:85:39:06:a0:3c:33:5a:64:1e:e5:6e:f9:6a:8e:
                    65:95:5b:fe:b2:4f:2a:e3:96:52:c2:4a:e5:f4:2c:
                    99:eb:63:27:9f:e8:0b:9a:5a:66:4b:83:ab:8b:c6:
                    9d:d2:fd:19:c8:12:02:d9:aa:89:9c:fc:3d:00:fd:
                    97:11:7a:2e:fa:56:ba:bc:54:d7:d0:88:82:5a:94:
                    22:20:f6:36:77:c4:b7:01:a6:77:71:43:13:ab:38:
                    03:09:ea:0b:79:3a:6b:3f:e2:d8:59:e8:3f:29:46:
                    2e:23:55:95:12:24:5f:ef:6e:cf:98:db:8d:d8:c2:
                    dc:7f:0f:5a:4a:e2:c6:3e:d3:a6:f6:32:5e:a3:07:
                    63:77:53:74:d5:b8:2f:56:33:d2:74:78:b1:50:bd:
                    dd:5f:e1:fa:2a:4d:0c:05:e6:17:88:75:3c:e8:12:
                    3e:0f:6c:3f:32:bb:b5:fb:fd:a6:c7:f4:5a:d6:e3:
                    93:a3:a7:7a:8f:df:48:e6:76:9e:2e:e7:5f:02:bf:
                    45:be:bf:92:a0:7c:e0:ac:8a:c3:38:9e:59:70:09:
                    59:2d:1b:6c:05:dc:66:b3:1c:a9:91:6d:38:c0:b1:
                    b0:c9:04:86:bd:df:24:30:d1:4f:ec:87:0e:fa:c0:
                    ce:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:73:38:21:42:23:3A:3F:ED:B2:87:82:36:06:28:7F:0E:83:B6:E5
            X509v3 Authority Key Identifier:
                keyid:17:6E:B7:1B:D5:55:76:F4:57:63:BA:DE:B6:76:ED:59:99:0D:39:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F263G9VVdvRXY7retnbtWZkNOWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/35f9c4-7b96-4fcb-bca2-9dd3d21907a3/1/GHM4IUIjOj_tsoeCNgYofw6DtuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/35f9c4-7b96-4fcb-bca2-9dd3d21907a3/1/F263G9VVdvRXY7retnbtWZkNOWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:9b4::/48
                  2001:67c:9b8::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:b5:20:61:c7:6e:d3:3f:02:94:ad:50:38:3e:44:0e:76:73:
         53:c8:6d:4e:9d:3b:63:a0:0d:05:a3:64:7d:77:6f:81:22:6b:
         b5:a5:a9:d3:f6:3b:1f:7a:80:e1:96:d8:0e:d7:f5:2f:bc:d4:
         ee:3e:1f:14:9a:28:21:1e:7c:a6:7d:24:ed:5c:07:56:75:f3:
         dc:2d:3a:e8:56:ae:d1:c0:89:b7:65:dc:b9:0f:3c:59:5d:67:
         9d:26:c9:c7:ca:c5:91:e7:76:20:0c:70:77:1d:2c:35:eb:2e:
         91:f3:bd:13:df:7b:93:9e:1a:28:56:c2:96:8f:fc:3a:9e:c3:
         2c:fb:08:29:b7:f5:d0:a6:1a:de:02:02:28:e1:7a:d0:30:a0:
         08:8e:2d:bb:29:04:7d:13:8f:4d:b7:db:73:04:20:20:19:63:
         96:5f:77:d9:76:31:e7:aa:f6:72:89:8a:93:8e:f1:1c:71:01:
         46:25:06:be:2d:87:54:6f:8a:0d:18:0f:72:ea:af:40:c9:35:
         04:6b:77:7c:7d:53:07:11:25:ba:37:81:72:31:06:9f:1b:3f:
         a0:4a:92:c3:90:22:78:6c:a5:0e:2c:cb:05:00:ed:12:03:eb:
         36:68:de:f0:30:12:af:2f:9e:e7:ee:d2:11:97:84:49:d5:30:
         5a:6c:97:db
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTKj3vU29w5c2I8E74HjMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NmViNzFiZDU1NTc2ZjQ1NzYzYmFkZWI2NzZlZDU5OTkw
ZDM5NmEwHhcNMjQwMTAyMDgzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODczMzgyMTQyMjMzYTNmZWRiMjg3ODIzNjA2Mjg3ZjBlODNiNmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLHlZ7pbEMFfN7f2vtjdhTkGoDwz
WmQe5W75ao5llVv+sk8q45ZSwkrl9CyZ62Mnn+gLmlpmS4Ori8ad0v0ZyBIC2aqJ
nPw9AP2XEXou+la6vFTX0IiCWpQiIPY2d8S3AaZ3cUMTqzgDCeoLeTprP+LYWeg/
KUYuI1WVEiRf727PmNuN2MLcfw9aSuLGPtOm9jJeowdjd1N01bgvVjPSdHixUL3d
X+H6Kk0MBeYXiHU86BI+D2w/Mru1+/2mx/Ra1uOTo6d6j99I5naeLudfAr9Fvr+S
oHzgrIrDOJ5ZcAlZLRtsBdxmsxypkW04wLGwyQSGvd8kMNFP7IcO+sDORQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBhzOCFCIzo/7bKHgjYGKH8Og7blMB8GA1UdIwQY
MBaAFBdutxvVVXb0V2O63rZ27VmZDTlqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjI2M0c5VlZkdlJYWTdyZXRuYnRXWmtOT1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi8zNWY5YzQtN2I5Ni00ZmNiLWJjYTIt
OWRkM2QyMTkwN2EzLzEvR0hNNElVSWpPal90c29lQ05nWW9mdzZEdHVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi8zNWY5YzQtN2I5Ni00ZmNiLWJjYTItOWRkM2QyMTkwN2Ez
LzEvRjI2M0c5VlZkdlJYWTdyZXRuYnRXWmtOT1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGfAm0
AwcAIAEGfAm4MA0GCSqGSIb3DQEBCwUAA4IBAQCrtSBhx27TPwKUrVA4PkQOdnNT
yG1OnTtjoA0Fo2R9d2+BImu1panT9jsfeoDhltgO1/UvvNTuPh8UmighHnymfSTt
XAdWdfPcLTroVq7RwIm3Zdy5DzxZXWedJsnHysWR53YgDHB3HSw16y6R870T33uT
nhooVsKWj/w6nsMs+wgpt/XQphreAgIo4XrQMKAIji27KQR9E49Nt9tzBCAgGWOW
X3fZdjHnqvZyiYqTjvEccQFGJQa+LYdUb4oNGA9y6q9AyTUEa3d8fVMHESW6N4Fy
MQafGz+gSpLDkCJ4bKUOLMsFAO0SA+s2aN7wMBKvL57n7tIRl4RJ1TBabJfb
-----END CERTIFICATE-----