Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bc216d-db94-4bb1-9147-010e4219aeda/1/Na8sW_DHiQT24Q3-aonz8hz8WqI.roa
File:                     Na8sW_DHiQT24Q3-aonz8hz8WqI.roa (raw, json)
Hash identifier:          eMw6Sd57TTrnc0QtEgRwXg+wTilafrlCiLtMotv7cEA=
Subject key identifier:   35:AF:2C:5B:F0:C7:89:04:F6:E1:0D:FE:6A:89:F3:F2:1C:FC:5A:A2
Certificate issuer:       /CN=9cbdb5b73a8330d225f3410c81b638d283c40d1f
Certificate serial:       018CCA2A213C1181F3C4ABE031EC01B61A64
Authority key identifier: 9C:BD:B5:B7:3A:83:30:D2:25:F3:41:0C:81:B6:38:D2:83:C4:0D:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nL21tzqDMNIl80EMgbY40oPEDR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bc216d-db94-4bb1-9147-010e4219aeda/1/Na8sW_DHiQT24Q3-aonz8hz8WqI.roa
Signing time:             Tue 02 Jan 2024 12:33:27 +0000
ROA not before:           Tue 02 Jan 2024 12:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211927
IP address blocks:        2001:67c:2920::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/bc216d-db94-4bb1-9147-010e4219aeda/1/nL21tzqDMNIl80EMgbY40oPEDR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/bc216d-db94-4bb1-9147-010e4219aeda/1/nL21tzqDMNIl80EMgbY40oPEDR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nL21tzqDMNIl80EMgbY40oPEDR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:21:3c:11:81:f3:c4:ab:e0:31:ec:01:b6:1a:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cbdb5b73a8330d225f3410c81b638d283c40d1f
        Validity
            Not Before: Jan  2 12:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35af2c5bf0c78904f6e10dfe6a89f3f21cfc5aa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:01:b3:23:69:5f:34:f1:f0:22:7a:7d:d5:02:
                    31:ed:8e:bd:83:01:a1:74:5b:4c:93:02:5c:3d:da:
                    24:16:e0:40:4d:f4:09:22:02:02:87:4d:6f:2f:f8:
                    82:6a:59:8f:f1:44:39:9a:79:6a:69:c0:22:fd:11:
                    bd:45:80:e0:73:09:1a:34:99:31:eb:b6:da:d4:82:
                    96:e5:8d:c0:6c:b1:07:cc:ad:1a:63:02:34:2a:b1:
                    fc:b0:70:c9:80:09:23:8c:27:eb:e2:a7:ea:64:41:
                    8b:04:ec:fe:f6:8a:8c:9f:db:87:19:f1:c7:4d:23:
                    9e:32:2b:53:38:71:c6:9d:41:c9:7b:83:58:7c:a2:
                    d8:eb:81:34:a1:d7:18:56:a7:13:ab:7b:98:c1:c2:
                    75:03:ad:b9:fe:aa:ce:bf:c4:44:57:47:3e:9b:cc:
                    70:6e:e9:5f:99:1f:55:e9:9c:10:2c:d0:70:c0:51:
                    13:a6:c6:ab:9d:7f:53:dc:17:88:37:fd:c3:7e:50:
                    9c:a4:c3:d8:96:a2:2e:01:a3:51:35:fc:aa:96:3f:
                    95:08:a5:c2:e7:ac:c2:e4:6e:63:c9:f2:e7:45:3d:
                    5a:9f:f9:4b:82:32:86:22:0d:f1:0a:83:2b:52:04:
                    b4:4e:2e:1e:11:53:f5:8b:59:6f:c8:49:2f:b4:8a:
                    a0:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:AF:2C:5B:F0:C7:89:04:F6:E1:0D:FE:6A:89:F3:F2:1C:FC:5A:A2
            X509v3 Authority Key Identifier:
                keyid:9C:BD:B5:B7:3A:83:30:D2:25:F3:41:0C:81:B6:38:D2:83:C4:0D:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nL21tzqDMNIl80EMgbY40oPEDR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bc216d-db94-4bb1-9147-010e4219aeda/1/Na8sW_DHiQT24Q3-aonz8hz8WqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bc216d-db94-4bb1-9147-010e4219aeda/1/nL21tzqDMNIl80EMgbY40oPEDR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2920::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:ea:0b:56:49:c4:7a:bf:5d:f5:31:57:8a:84:24:32:72:7d:
         d1:1b:82:be:ef:92:53:ae:27:b9:bc:c2:06:a3:d5:ca:c5:e5:
         30:71:87:8c:25:1f:c0:40:aa:41:a2:ee:93:e5:e5:04:17:53:
         f3:2c:d6:79:a5:c2:04:3d:a0:0b:56:5d:44:90:30:62:0a:d9:
         ec:a8:47:44:6d:ce:62:f4:d9:8e:11:52:1b:25:3c:92:d9:32:
         4b:96:5c:94:b5:6b:55:33:5f:69:b3:df:7f:89:57:23:c7:ee:
         23:d8:5e:65:fa:a0:7e:c9:1a:71:51:0e:d1:ec:72:96:6a:49:
         cc:3c:a8:1c:85:de:34:63:01:2b:78:26:94:61:f1:f3:da:ae:
         af:bf:1c:d5:79:db:b0:9b:27:d3:f6:c8:73:f7:f7:51:89:ae:
         25:6e:35:00:53:e2:c9:fa:7d:9e:c3:6a:60:bc:fe:7b:1c:1c:
         59:11:4a:7a:81:7c:36:23:f2:7e:74:10:ee:e2:ba:80:de:5d:
         0e:13:e0:16:c9:ed:88:57:54:2f:f0:7f:64:0f:df:2e:da:c5:
         1e:bf:e6:8a:99:3b:90:4f:03:26:7e:55:bc:36:4d:ce:85:ca:
         16:ac:88:69:31:91:e2:3e:09:a9:51:2c:62:5a:fc:eb:72:4f:
         d8:94:3a:56
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKiE8EYHzxKvgMewBthpkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYmRiNWI3M2E4MzMwZDIyNWYzNDEwYzgxYjYzOGQyODNj
NDBkMWYwHhcNMjQwMTAyMTIzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWFmMmM1YmYwYzc4OTA0ZjZlMTBkZmU2YTg5ZjNmMjFjZmM1YWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQGzI2lfNPHwInp91QIx7Y69gwGh
dFtMkwJcPdokFuBATfQJIgICh01vL/iCalmP8UQ5mnlqacAi/RG9RYDgcwkaNJkx
67ba1IKW5Y3AbLEHzK0aYwI0KrH8sHDJgAkjjCfr4qfqZEGLBOz+9oqMn9uHGfHH
TSOeMitTOHHGnUHJe4NYfKLY64E0odcYVqcTq3uYwcJ1A625/qrOv8REV0c+m8xw
bulfmR9V6ZwQLNBwwFETpsarnX9T3BeIN/3DflCcpMPYlqIuAaNRNfyqlj+VCKXC
56zC5G5jyfLnRT1an/lLgjKGIg3xCoMrUgS0Ti4eEVP1i1lvyEkvtIqgfQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDWvLFvwx4kE9uEN/mqJ8/Ic/FqiMB8GA1UdIwQY
MBaAFJy9tbc6gzDSJfNBDIG2ONKDxA0fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkwyMXR6cURNTklsODBFTWdiWTQwb1BFRFI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iYzIxNmQtZGI5NC00YmIxLTkxNDct
MDEwZTQyMTlhZWRhLzEvTmE4c1dfREhpUVQyNFEzLWFvbno4aHo4V3FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iYzIxNmQtZGI5NC00YmIxLTkxNDctMDEwZTQyMTlhZWRh
LzEvbkwyMXR6cURNTklsODBFTWdiWTQwb1BFRFI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCkg
MA0GCSqGSIb3DQEBCwUAA4IBAQBu6gtWScR6v131MVeKhCQycn3RG4K+75JTrie5
vMIGo9XKxeUwcYeMJR/AQKpBou6T5eUEF1PzLNZ5pcIEPaALVl1EkDBiCtnsqEdE
bc5i9NmOEVIbJTyS2TJLllyUtWtVM19ps99/iVcjx+4j2F5l+qB+yRpxUQ7R7HKW
aknMPKgchd40YwEreCaUYfHz2q6vvxzVeduwmyfT9shz9/dRia4lbjUAU+LJ+n2e
w2pgvP57HBxZEUp6gXw2I/J+dBDu4rqA3l0OE+AWye2IV1Qv8H9kD98u2sUev+aK
mTuQTwMmflW8Nk3OhcoWrIhpMZHiPgmpUSxiWvzrck/YlDpW
-----END CERTIFICATE-----