Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/1c72c5-299a-4f70-812c-25c5f05aeb5f/1/sf9pHtScRDeEtbHskyDqNAzKdug.roa
File:                     sf9pHtScRDeEtbHskyDqNAzKdug.roa (raw, json)
Hash identifier:          7HZHt00s/kOmldyr4fc+ASvSu4m1HMEU62uLUmAQ/18=
Subject key identifier:   B1:FF:69:1E:D4:9C:44:37:84:B5:B1:EC:93:20:EA:34:0C:CA:76:E8
Certificate issuer:       /CN=8550597a6064c882ae2af3fa5759f13f8bd1ddfc
Certificate serial:       018CC4245DD5F227F84DE15E5D41DC84F56A
Authority key identifier: 85:50:59:7A:60:64:C8:82:AE:2A:F3:FA:57:59:F1:3F:8B:D1:DD:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hVBZemBkyIKuKvP6V1nxP4vR3fw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/1c72c5-299a-4f70-812c-25c5f05aeb5f/1/sf9pHtScRDeEtbHskyDqNAzKdug.roa
Signing time:             Mon 01 Jan 2024 08:29:26 +0000
ROA not before:           Mon 01 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200533
IP address blocks:        2001:67c:21bc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/1c72c5-299a-4f70-812c-25c5f05aeb5f/1/hVBZemBkyIKuKvP6V1nxP4vR3fw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/1c72c5-299a-4f70-812c-25c5f05aeb5f/1/hVBZemBkyIKuKvP6V1nxP4vR3fw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hVBZemBkyIKuKvP6V1nxP4vR3fw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5d:d5:f2:27:f8:4d:e1:5e:5d:41:dc:84:f5:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8550597a6064c882ae2af3fa5759f13f8bd1ddfc
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1ff691ed49c443784b5b1ec9320ea340cca76e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:0c:bc:72:c3:9f:a9:1c:01:bf:dd:b9:c9:7a:
                    b5:45:44:86:ff:15:3d:f1:ad:a9:78:8f:c3:65:ad:
                    48:48:32:49:ee:75:b0:6a:18:c9:a4:d5:8a:4b:77:
                    d4:0f:c5:3f:77:5b:3c:ce:c3:f6:bc:ad:e0:99:1d:
                    c8:1d:be:15:5c:7d:83:a6:b2:50:e5:61:1e:33:c1:
                    14:13:f4:0a:c6:e4:c2:b3:40:d3:89:d8:c4:cd:4f:
                    ea:f1:03:27:09:4a:c8:c1:17:39:eb:1a:8c:02:7c:
                    47:1c:18:b3:d2:eb:af:15:34:00:25:60:7c:a7:9b:
                    09:5c:27:3f:a7:fe:02:95:23:68:2d:5f:3a:ad:7f:
                    d0:c0:fa:e4:93:f3:a0:da:85:35:93:66:5b:8e:aa:
                    b9:4c:52:b9:23:6c:eb:53:6e:3b:88:5a:8f:0b:bc:
                    c1:c1:59:1a:b8:24:49:83:b6:f3:aa:a6:e9:9a:5d:
                    42:df:4e:ed:d2:92:5a:c3:b3:66:aa:b6:8b:a3:90:
                    23:67:43:45:49:0e:58:09:98:d0:bb:27:cd:84:d5:
                    9e:78:03:55:c7:04:1b:e6:68:f1:07:e2:d3:ef:f5:
                    01:d7:1b:3b:99:74:95:a3:63:0e:37:c5:96:70:2e:
                    a9:e6:f3:af:3b:ff:cb:c0:d2:d9:b8:44:b3:37:ba:
                    67:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:FF:69:1E:D4:9C:44:37:84:B5:B1:EC:93:20:EA:34:0C:CA:76:E8
            X509v3 Authority Key Identifier:
                keyid:85:50:59:7A:60:64:C8:82:AE:2A:F3:FA:57:59:F1:3F:8B:D1:DD:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hVBZemBkyIKuKvP6V1nxP4vR3fw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/1c72c5-299a-4f70-812c-25c5f05aeb5f/1/sf9pHtScRDeEtbHskyDqNAzKdug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/1c72c5-299a-4f70-812c-25c5f05aeb5f/1/hVBZemBkyIKuKvP6V1nxP4vR3fw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:21bc::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:ce:9a:fa:92:0d:fd:10:6e:81:c1:3d:55:cc:34:da:b5:df:
         ca:77:fb:d3:71:d8:27:18:60:11:b9:b3:e3:2c:1d:94:38:10:
         ba:b4:15:43:6d:8d:f5:ae:45:41:80:a7:a3:a5:04:2c:c7:82:
         a4:a9:b5:24:e0:8c:36:1a:7c:03:03:94:a7:a6:48:03:f3:1f:
         e6:3e:d2:3e:26:fb:7d:bd:11:d1:89:b2:00:d1:48:2e:4a:38:
         25:d6:10:73:40:b2:bc:cf:42:6e:33:d3:38:e1:62:b1:33:94:
         5f:9f:a3:45:ad:2c:9b:6b:10:88:22:e1:b6:69:80:9a:89:48:
         4d:f5:ae:f9:91:85:e8:59:c2:14:f8:28:7b:30:85:cd:4b:15:
         d9:f8:e7:9a:4e:2a:da:31:ec:08:00:38:d0:40:f6:1e:c8:c9:
         64:5e:4e:44:69:c5:bd:33:a9:a0:52:8d:3f:4e:c9:6d:f0:d4:
         8f:f8:ad:bc:85:c5:be:1b:7c:59:bb:9d:f2:d7:e4:74:fa:1f:
         30:f2:44:52:96:56:38:8e:23:d4:ba:cc:95:cd:ef:31:92:d3:
         4f:c3:04:6e:b8:45:3a:be:6f:ed:8c:d1:da:a7:13:5b:26:24:
         3d:80:cc:dc:4a:2d:57:6b:83:1e:5f:d5:60:33:1e:10:04:df:
         53:d4:4d:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJF3V8if4TeFeXUHchPVqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NTA1OTdhNjA2NGM4ODJhZTJhZjNmYTU3NTlmMTNmOGJk
MWRkZmMwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWZmNjkxZWQ0OWM0NDM3ODRiNWIxZWM5MzIwZWEzNDBjY2E3NmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgy8csOfqRwBv925yXq1RUSG/xU9
8a2peI/DZa1ISDJJ7nWwahjJpNWKS3fUD8U/d1s8zsP2vK3gmR3IHb4VXH2DprJQ
5WEeM8EUE/QKxuTCs0DTidjEzU/q8QMnCUrIwRc56xqMAnxHHBiz0uuvFTQAJWB8
p5sJXCc/p/4ClSNoLV86rX/QwPrkk/Og2oU1k2Zbjqq5TFK5I2zrU247iFqPC7zB
wVkauCRJg7bzqqbpml1C307t0pJaw7NmqraLo5AjZ0NFSQ5YCZjQuyfNhNWeeANV
xwQb5mjxB+LT7/UB1xs7mXSVo2MON8WWcC6p5vOvO//LwNLZuESzN7pnAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLH/aR7UnEQ3hLWx7JMg6jQMynboMB8GA1UdIwQY
MBaAFIVQWXpgZMiCrirz+ldZ8T+L0d38MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFZCWmVtQmt5SUt1S3ZQNlYxbnhQNHZSM2Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8xYzcyYzUtMjk5YS00ZjcwLTgxMmMt
MjVjNWYwNWFlYjVmLzEvc2Y5cEh0U2NSRGVFdGJIc2t5RHFOQXpLZHVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8xYzcyYzUtMjk5YS00ZjcwLTgxMmMtMjVjNWYwNWFlYjVm
LzEvaFZCWmVtQmt5SUt1S3ZQNlYxbnhQNHZSM2Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCG8
MA0GCSqGSIb3DQEBCwUAA4IBAQBRzpr6kg39EG6BwT1VzDTatd/Kd/vTcdgnGGAR
ubPjLB2UOBC6tBVDbY31rkVBgKejpQQsx4KkqbUk4Iw2GnwDA5SnpkgD8x/mPtI+
Jvt9vRHRibIA0UguSjgl1hBzQLK8z0JuM9M44WKxM5Rfn6NFrSybaxCIIuG2aYCa
iUhN9a75kYXoWcIU+Ch7MIXNSxXZ+OeaTiraMewIADjQQPYeyMlkXk5EacW9M6mg
Uo0/Tslt8NSP+K28hcW+G3xZu53y1+R0+h8w8kRSllY4jiPUusyVze8xktNPwwRu
uEU6vm/tjNHapxNbJiQ9gMzcSi1Xa4MeX9VgMx4QBN9T1E1a
-----END CERTIFICATE-----