Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/f3fdf0-a1a5-45a1-8252-8528e5532c0e/1/Re9d_3e2ML2VYlW1Nk22qcnwWqM.roa
File:                     Re9d_3e2ML2VYlW1Nk22qcnwWqM.roa (raw, json)
Hash identifier:          G/nM+Q9myEvCqCj4lrQFQEME9TokJtDU2Sma7suqPi8=
Subject key identifier:   45:EF:5D:FF:77:B6:30:BD:95:62:55:B5:36:4D:B6:A9:C9:F0:5A:A3
Certificate issuer:       /CN=26427a260d6d96cc1115ccce8a914affb0e1d16b
Certificate serial:       019247FE6B7EC510DA2A5B9CDD8EA99498AC
Authority key identifier: 26:42:7A:26:0D:6D:96:CC:11:15:CC:CE:8A:91:4A:FF:B0:E1:D1:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JkJ6Jg1tlswRFczOipFK_7Dh0Ws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/f3fdf0-a1a5-45a1-8252-8528e5532c0e/1/Re9d_3e2ML2VYlW1Nk22qcnwWqM.roa
Signing time:             Tue 01 Oct 2024 12:11:48 +0000
ROA not before:           Tue 01 Oct 2024 12:11:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214134
IP address blocks:        2001:67c:f2c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/f3fdf0-a1a5-45a1-8252-8528e5532c0e/1/JkJ6Jg1tlswRFczOipFK_7Dh0Ws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/f3fdf0-a1a5-45a1-8252-8528e5532c0e/1/JkJ6Jg1tlswRFczOipFK_7Dh0Ws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JkJ6Jg1tlswRFczOipFK_7Dh0Ws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:47:fe:6b:7e:c5:10:da:2a:5b:9c:dd:8e:a9:94:98:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26427a260d6d96cc1115ccce8a914affb0e1d16b
        Validity
            Not Before: Oct  1 12:11:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45ef5dff77b630bd956255b5364db6a9c9f05aa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d7:de:f8:68:3e:9f:d5:68:a0:65:0c:24:96:
                    32:ee:71:e0:a1:18:9c:c0:36:16:95:04:fd:9f:9d:
                    d7:f1:b0:11:20:e0:88:91:34:28:d8:5d:38:63:de:
                    13:c8:86:4b:f1:11:31:d5:cb:37:5e:6a:eb:87:af:
                    58:21:6d:48:ea:c6:53:ca:65:e6:f6:86:ed:c5:9d:
                    45:7b:1f:b6:6d:50:5e:e5:ef:05:0b:be:2a:c0:b2:
                    88:57:e7:23:4e:4d:51:a9:34:48:9c:39:66:01:0d:
                    21:b2:29:b7:6e:59:92:5c:21:7b:3c:23:99:ed:e8:
                    a3:73:47:74:18:e2:f9:2f:f4:f8:56:bf:39:d1:12:
                    80:a0:5d:f0:19:f8:01:af:f6:bd:bf:d2:c1:d6:92:
                    7c:9b:f8:b6:61:52:19:ac:df:8c:b7:fb:6e:4c:a7:
                    24:80:df:c7:25:80:eb:fe:ad:d5:97:8f:cf:89:2c:
                    12:d0:fb:c8:13:cd:9c:67:ee:f1:58:a5:3c:59:82:
                    a9:4c:8c:57:e4:32:d8:5e:4d:ff:aa:28:cc:67:a9:
                    03:85:e9:f6:11:c5:5d:08:4f:cc:50:23:8a:55:e3:
                    58:25:fe:4b:35:ab:32:08:cf:82:06:ba:d8:be:a8:
                    b3:0a:c7:d9:c7:dc:af:64:40:ae:75:70:14:99:b0:
                    1e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:EF:5D:FF:77:B6:30:BD:95:62:55:B5:36:4D:B6:A9:C9:F0:5A:A3
            X509v3 Authority Key Identifier:
                keyid:26:42:7A:26:0D:6D:96:CC:11:15:CC:CE:8A:91:4A:FF:B0:E1:D1:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JkJ6Jg1tlswRFczOipFK_7Dh0Ws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f3fdf0-a1a5-45a1-8252-8528e5532c0e/1/Re9d_3e2ML2VYlW1Nk22qcnwWqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f3fdf0-a1a5-45a1-8252-8528e5532c0e/1/JkJ6Jg1tlswRFczOipFK_7Dh0Ws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:f2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:96:23:76:60:33:04:d2:4e:04:b2:91:71:60:06:e7:36:a9:
         31:d8:9e:07:8b:da:e2:5b:09:c8:34:83:07:b2:1f:03:8c:20:
         42:fa:e3:0a:d1:9e:03:a8:34:7a:71:c8:39:9b:a4:e9:1c:89:
         d9:d5:61:93:9c:10:be:f6:8c:ca:2b:c2:04:5f:10:d0:ed:e1:
         7e:4a:f4:f7:75:a3:f2:55:f4:ea:0c:20:26:77:5d:35:34:82:
         93:cd:67:a7:70:e0:4e:ff:9c:45:dd:ac:e8:97:3f:fc:0f:be:
         16:70:43:05:68:f3:9a:e8:67:17:95:a6:0f:11:6b:a5:84:d2:
         c8:df:c5:4d:fc:04:a9:88:36:5f:6f:ed:e1:a0:5d:ca:65:20:
         17:61:4f:bd:51:85:b1:4b:93:18:4b:26:70:01:00:41:c4:b8:
         83:a9:e5:c5:25:f9:b6:3f:b4:c4:34:49:1c:d5:cd:78:cc:7c:
         78:49:57:23:72:61:5d:72:5d:7a:85:4a:c5:2a:70:64:93:f2:
         22:15:59:50:55:dc:51:0b:d8:48:82:26:90:5e:5d:ed:8a:c4:
         ff:4a:c1:19:de:e4:cf:e7:6d:c3:6b:43:bf:5f:27:21:77:bb:
         60:ce:53:2a:45:c8:1c:41:e6:65:87:2e:bd:88:a3:4e:da:e7:
         e0:28:1c:21
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZJH/mt+xRDaKluc3Y6plJisMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NDI3YTI2MGQ2ZDk2Y2MxMTE1Y2NjZThhOTE0YWZmYjBl
MWQxNmIwHhcNMjQxMDAxMTIxMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWVmNWRmZjc3YjYzMGJkOTU2MjU1YjUzNjRkYjZhOWM5ZjA1YWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztfe+Gg+n9VooGUMJJYy7nHgoRic
wDYWlQT9n53X8bARIOCIkTQo2F04Y94TyIZL8REx1cs3Xmrrh69YIW1I6sZTymXm
9obtxZ1Fex+2bVBe5e8FC74qwLKIV+cjTk1RqTRInDlmAQ0hsim3blmSXCF7PCOZ
7eijc0d0GOL5L/T4Vr850RKAoF3wGfgBr/a9v9LB1pJ8m/i2YVIZrN+Mt/tuTKck
gN/HJYDr/q3Vl4/PiSwS0PvIE82cZ+7xWKU8WYKpTIxX5DLYXk3/qijMZ6kDhen2
EcVdCE/MUCOKVeNYJf5LNasyCM+CBrrYvqizCsfZx9yvZECudXAUmbAeaQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEXvXf93tjC9lWJVtTZNtqnJ8FqjMB8GA1UdIwQY
MBaAFCZCeiYNbZbMERXMzoqRSv+w4dFrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmtKNkpnMXRsc3dSRmN6T2lwRktfN0RoMFdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9mM2ZkZjAtYTFhNS00NWExLTgyNTIt
ODUyOGU1NTMyYzBlLzEvUmU5ZF8zZTJNTDJWWWxXMU5rMjJxY253V3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9mM2ZkZjAtYTFhNS00NWExLTgyNTItODUyOGU1NTMyYzBl
LzEvSmtKNkpnMXRsc3dSRmN6T2lwRktfN0RoMFdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA8s
MA0GCSqGSIb3DQEBCwUAA4IBAQAWliN2YDME0k4EspFxYAbnNqkx2J4Hi9riWwnI
NIMHsh8DjCBC+uMK0Z4DqDR6ccg5m6TpHInZ1WGTnBC+9ozKK8IEXxDQ7eF+SvT3
daPyVfTqDCAmd101NIKTzWencOBO/5xF3azolz/8D74WcEMFaPOa6GcXlaYPEWul
hNLI38VN/ASpiDZfb+3hoF3KZSAXYU+9UYWxS5MYSyZwAQBBxLiDqeXFJfm2P7TE
NEkc1c14zHx4SVcjcmFdcl16hUrFKnBkk/IiFVlQVdxRC9hIgiaQXl3tisT/SsEZ
3uTP523Da0O/Xychd7tgzlMqRcgcQeZlhy69iKNO2ufgKBwh
-----END CERTIFICATE-----