Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/870383-df9a-479c-8ee1-36dc2800fded/1/090iEnpedWdEk_mlgN_ffJmXwls.roa
File:                     090iEnpedWdEk_mlgN_ffJmXwls.roa (raw, json)
Hash identifier:          FsCLdR8Le/hijQeo/8q5V3Rc/iJoMndYhsuRTKhUKTo=
Subject key identifier:   D3:DD:22:12:7A:5E:75:67:44:93:F9:A5:80:DF:DF:7C:99:97:C2:5B
Certificate issuer:       /CN=6b1a157e20adca3b44067ba8d8dcabae698a8bec
Certificate serial:       018CC79513A4F2099A1D13D4354A055E0A03
Authority key identifier: 6B:1A:15:7E:20:AD:CA:3B:44:06:7B:A8:D8:DC:AB:AE:69:8A:8B:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/axoVfiCtyjtEBnuo2NyrrmmKi-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/870383-df9a-479c-8ee1-36dc2800fded/1/090iEnpedWdEk_mlgN_ffJmXwls.roa
Signing time:             Tue 02 Jan 2024 00:31:25 +0000
ROA not before:           Tue 02 Jan 2024 00:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199429
IP address blocks:        2001:67c:11d0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/870383-df9a-479c-8ee1-36dc2800fded/1/axoVfiCtyjtEBnuo2NyrrmmKi-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/870383-df9a-479c-8ee1-36dc2800fded/1/axoVfiCtyjtEBnuo2NyrrmmKi-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/axoVfiCtyjtEBnuo2NyrrmmKi-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:13:a4:f2:09:9a:1d:13:d4:35:4a:05:5e:0a:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b1a157e20adca3b44067ba8d8dcabae698a8bec
        Validity
            Not Before: Jan  2 00:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3dd22127a5e75674493f9a580dfdf7c9997c25b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:0d:fa:3f:dc:6f:d7:12:93:cb:a2:64:fd:57:
                    bb:bd:af:14:07:d4:a5:e8:a2:b6:a1:32:d2:6b:bf:
                    09:94:86:51:11:c2:af:13:3a:ee:da:30:1a:ea:c8:
                    56:bf:76:84:8f:e6:b2:7e:9d:1a:cb:78:de:d6:d3:
                    85:e3:dd:72:bf:78:ec:65:54:5d:c3:1b:d7:a3:ee:
                    b4:80:48:d0:b9:e6:16:39:e4:98:20:ae:5c:7c:84:
                    53:54:13:df:3c:0d:eb:5c:85:25:88:0a:0b:9c:50:
                    42:5e:8e:72:a8:84:6c:d4:86:72:6c:fc:1e:af:e4:
                    bf:11:d2:08:d1:3c:13:51:41:56:1b:4f:4b:8c:36:
                    b1:9a:c0:20:c1:0e:d4:c8:b9:3c:ed:4f:cb:78:c3:
                    c9:02:e8:49:3f:fb:ba:5d:79:a0:51:7d:21:f6:2a:
                    68:5e:08:fc:b1:6c:61:ab:fd:85:0e:f2:6f:92:60:
                    6b:14:92:b8:73:21:dd:1a:a5:e8:93:6e:3f:bc:46:
                    05:b5:2f:94:df:54:1c:84:3c:01:ce:27:b2:11:63:
                    f9:87:ad:62:7f:cc:de:62:72:c8:78:9c:f9:15:fe:
                    32:7d:80:05:08:77:6c:8b:34:24:78:75:df:c0:f4:
                    7b:f9:d2:38:cf:90:4c:68:e1:d8:e7:5d:4d:34:81:
                    0d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:DD:22:12:7A:5E:75:67:44:93:F9:A5:80:DF:DF:7C:99:97:C2:5B
            X509v3 Authority Key Identifier:
                keyid:6B:1A:15:7E:20:AD:CA:3B:44:06:7B:A8:D8:DC:AB:AE:69:8A:8B:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/axoVfiCtyjtEBnuo2NyrrmmKi-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/870383-df9a-479c-8ee1-36dc2800fded/1/090iEnpedWdEk_mlgN_ffJmXwls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/870383-df9a-479c-8ee1-36dc2800fded/1/axoVfiCtyjtEBnuo2NyrrmmKi-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:11d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:83:55:f7:b5:e9:75:c0:46:f9:ef:18:2d:c1:38:30:f8:04:
         e6:60:78:2f:90:d0:79:b4:45:c0:bb:b3:ca:73:ee:65:17:34:
         68:ed:a2:14:f6:04:1c:0f:9b:40:00:f0:bd:83:37:5d:eb:ae:
         5f:a8:5b:ec:e4:16:b6:32:cd:5d:97:0d:b6:23:4b:2e:a7:4a:
         9c:1e:3d:93:0e:11:2b:21:48:ed:4a:96:57:10:bd:30:94:05:
         7d:9e:65:fb:2b:f3:61:9d:84:13:1e:ae:a2:a7:2b:24:f9:08:
         6c:0c:3a:fe:50:6a:94:08:9f:1b:c7:0e:31:b8:fd:36:ab:48:
         0c:c2:e6:34:ca:2b:bf:01:04:22:92:1f:a6:46:1f:95:f8:47:
         7d:15:40:73:3b:75:8e:f0:06:b2:4f:fc:3b:21:96:ab:8a:3b:
         f2:e2:64:c5:fe:88:82:2e:53:0c:49:66:17:31:07:00:86:b4:
         70:03:75:47:01:aa:e9:6a:e5:78:1c:ac:a6:56:fc:9b:5a:67:
         99:d4:cb:fd:09:b1:d1:c6:52:44:d9:0e:ba:f3:19:95:30:b1:
         5b:95:4c:8d:c1:0c:a8:23:b5:b5:bb:87:b7:06:ee:42:82:f1:
         66:8c:45:5d:64:68:0f:91:0f:d8:10:f4:b3:ee:d2:b8:20:f3:
         71:d7:26:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlROk8gmaHRPUNUoFXgoDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMWExNTdlMjBhZGNhM2I0NDA2N2JhOGQ4ZGNhYmFlNjk4
YThiZWMwHhcNMjQwMTAyMDAzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2RkMjIxMjdhNWU3NTY3NDQ5M2Y5YTU4MGRmZGY3Yzk5OTdjMjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhw36P9xv1xKTy6Jk/Ve7va8UB9Sl
6KK2oTLSa78JlIZREcKvEzru2jAa6shWv3aEj+ayfp0ay3je1tOF491yv3jsZVRd
wxvXo+60gEjQueYWOeSYIK5cfIRTVBPfPA3rXIUliAoLnFBCXo5yqIRs1IZybPwe
r+S/EdII0TwTUUFWG09LjDaxmsAgwQ7UyLk87U/LeMPJAuhJP/u6XXmgUX0h9ipo
Xgj8sWxhq/2FDvJvkmBrFJK4cyHdGqXok24/vEYFtS+U31QchDwBzieyEWP5h61i
f8zeYnLIeJz5Ff4yfYAFCHdsizQkeHXfwPR7+dI4z5BMaOHY511NNIEN3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNPdIhJ6XnVnRJP5pYDf33yZl8JbMB8GA1UdIwQY
MBaAFGsaFX4grco7RAZ7qNjcq65piovsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXhvVmZpQ3R5anRFQm51bzJOeXJybW1LaS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC84NzAzODMtZGY5YS00NzljLThlZTEt
MzZkYzI4MDBmZGVkLzEvMDkwaUVucGVkV2RFa19tbGdOX2ZmSm1Yd2xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC84NzAzODMtZGY5YS00NzljLThlZTEtMzZkYzI4MDBmZGVk
LzEvYXhvVmZpQ3R5anRFQm51bzJOeXJybW1LaS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBHQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCGg1X3tel1wEb57xgtwTgw+ATmYHgvkNB5tEXA
u7PKc+5lFzRo7aIU9gQcD5tAAPC9gzdd665fqFvs5Ba2Ms1dlw22I0sup0qcHj2T
DhErIUjtSpZXEL0wlAV9nmX7K/NhnYQTHq6ipysk+QhsDDr+UGqUCJ8bxw4xuP02
q0gMwuY0yiu/AQQikh+mRh+V+Ed9FUBzO3WO8AayT/w7IZarijvy4mTF/oiCLlMM
SWYXMQcAhrRwA3VHAarpauV4HKymVvybWmeZ1Mv9CbHRxlJE2Q668xmVMLFblUyN
wQyoI7W1u4e3Bu5CgvFmjEVdZGgPkQ/YEPSz7tK4IPNx1yYN
-----END CERTIFICATE-----