Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/wUv-lrDooRs7_Qicc8NcQRJQzcY.roa
File:                     wUv-lrDooRs7_Qicc8NcQRJQzcY.roa (raw, json)
Hash identifier:          U9zv2tyVQtkeIhxob00A4vtFSswGsxJ+/PrGgKYcb5A=
Subject key identifier:   C1:4B:FE:96:B0:E8:A1:1B:3B:FD:08:9C:73:C3:5C:41:12:50:CD:C6
Certificate issuer:       /CN=d24322b2d0a794fd076b85e8dc578abb0d03ec40
Certificate serial:       018D88CD0C7845A03E2FACC37B2AB62F577D
Authority key identifier: D2:43:22:B2:D0:A7:94:FD:07:6B:85:E8:DC:57:8A:BB:0D:03:EC:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0kMistCnlP0Ha4Xo3FeKuw0D7EA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/wUv-lrDooRs7_Qicc8NcQRJQzcY.roa
Signing time:             Thu 08 Feb 2024 12:59:15 +0000
ROA not before:           Thu 08 Feb 2024 12:59:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8434
IP address blocks:        2001:67c:21e4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/0kMistCnlP0Ha4Xo3FeKuw0D7EA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/0kMistCnlP0Ha4Xo3FeKuw0D7EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0kMistCnlP0Ha4Xo3FeKuw0D7EA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:88:cd:0c:78:45:a0:3e:2f:ac:c3:7b:2a:b6:2f:57:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d24322b2d0a794fd076b85e8dc578abb0d03ec40
        Validity
            Not Before: Feb  8 12:59:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c14bfe96b0e8a11b3bfd089c73c35c411250cdc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:28:15:ff:d7:8b:c2:b1:1b:d4:a6:51:60:79:
                    4d:5f:dc:68:14:1a:f4:2d:e3:76:70:31:f9:76:01:
                    4d:73:af:fd:77:32:3d:d5:db:f6:03:49:f5:cd:5a:
                    a8:8e:5f:1f:a7:ce:84:7f:a7:c0:41:9e:9f:01:f1:
                    d9:27:63:6a:4c:8c:53:0f:4c:69:37:86:b9:fc:ec:
                    14:0f:fa:a1:5e:71:f9:a8:d4:40:80:f6:01:9c:49:
                    e2:94:72:6e:18:1f:a3:13:c4:dd:a8:c4:7f:6a:01:
                    d3:d3:6a:f1:35:77:16:66:77:4a:c3:4d:e2:d2:f8:
                    b3:c1:a7:6a:81:76:5e:8e:d3:2a:3c:c8:58:99:1d:
                    b2:d4:4d:66:e9:d3:c4:fa:59:70:0a:56:df:81:31:
                    87:3c:e2:1d:fb:76:4c:c9:f1:f5:13:53:90:69:31:
                    d9:a8:bf:ed:ef:09:4a:13:c5:9d:d7:0f:8e:f6:b3:
                    df:70:56:bd:91:4e:e7:87:60:b3:1c:d9:f3:30:a9:
                    dd:e1:47:79:cc:46:e0:36:ec:eb:be:97:ea:04:10:
                    e5:cc:94:9f:f8:1e:43:dc:00:15:4c:28:52:69:1c:
                    89:ef:20:cc:cc:1e:c6:d8:ba:42:df:6d:cc:4b:b1:
                    a3:06:2d:cf:86:80:b9:9a:cc:08:2c:f5:14:37:d2:
                    db:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:4B:FE:96:B0:E8:A1:1B:3B:FD:08:9C:73:C3:5C:41:12:50:CD:C6
            X509v3 Authority Key Identifier:
                keyid:D2:43:22:B2:D0:A7:94:FD:07:6B:85:E8:DC:57:8A:BB:0D:03:EC:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0kMistCnlP0Ha4Xo3FeKuw0D7EA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/wUv-lrDooRs7_Qicc8NcQRJQzcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/0kMistCnlP0Ha4Xo3FeKuw0D7EA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:21e4::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:fa:dd:2d:4e:e1:bd:f9:18:20:26:a1:22:b6:c3:a5:ad:05:
         bf:5e:67:ce:53:0d:24:10:c8:54:12:77:1d:6d:2c:1f:f8:be:
         2c:22:5a:46:65:dd:e9:61:1e:5a:34:cc:ae:cb:c1:e7:75:16:
         e3:73:05:99:59:34:9b:29:24:99:e1:de:8b:c3:12:10:97:fa:
         21:74:73:48:c6:fe:4f:61:0e:9e:28:4a:2b:bc:8b:90:60:fd:
         08:a7:f4:16:71:72:a4:5b:74:be:eb:b8:c7:59:ea:5b:59:b5:
         db:ed:7d:b6:d9:a8:48:91:93:7b:e7:99:8c:64:14:93:f0:32:
         64:ee:be:09:74:c8:f7:80:d7:57:66:11:a8:65:3b:fe:22:90:
         2a:03:e7:ab:33:ac:a1:27:8a:f5:0e:80:11:f9:28:16:a7:19:
         ed:56:0a:85:4f:89:51:b0:94:01:11:fc:b6:1f:13:07:02:86:
         97:8f:00:98:bb:94:32:e2:cf:9b:42:d0:64:2b:53:de:b9:a8:
         f1:0e:06:0b:39:4f:30:a8:68:38:24:b7:ed:8e:b8:34:8c:89:
         5a:75:64:fe:ae:2a:33:dc:f7:10:8c:1d:0a:7e:84:14:34:4c:
         db:b4:cb:f1:5d:0c:f0:50:f9:12:54:62:57:23:8c:8d:70:df:
         b0:97:63:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2IzQx4RaA+L6zDeyq2L1d9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNDMyMmIyZDBhNzk0ZmQwNzZiODVlOGRjNTc4YWJiMGQw
M2VjNDAwHhcNMjQwMjA4MTI1OTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTRiZmU5NmIwZThhMTFiM2JmZDA4OWM3M2MzNWM0MTEyNTBjZGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqygV/9eLwrEb1KZRYHlNX9xoFBr0
LeN2cDH5dgFNc6/9dzI91dv2A0n1zVqojl8fp86Ef6fAQZ6fAfHZJ2NqTIxTD0xp
N4a5/OwUD/qhXnH5qNRAgPYBnEnilHJuGB+jE8TdqMR/agHT02rxNXcWZndKw03i
0vizwadqgXZejtMqPMhYmR2y1E1m6dPE+llwClbfgTGHPOId+3ZMyfH1E1OQaTHZ
qL/t7wlKE8Wd1w+O9rPfcFa9kU7nh2CzHNnzMKnd4Ud5zEbgNuzrvpfqBBDlzJSf
+B5D3AAVTChSaRyJ7yDMzB7G2LpC323MS7GjBi3PhoC5mswILPUUN9LbqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMFL/paw6KEbO/0InHPDXEESUM3GMB8GA1UdIwQY
MBaAFNJDIrLQp5T9B2uF6NxXirsNA+xAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGtNaXN0Q25sUDBIYTRYbzNGZUt1dzBEN0VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy85N2MzNTMtMGMzNi00MDY2LWE1NmIt
MTM5YTQ5NmNkNTljLzEvd1V2LWxyRG9vUnM3X1FpY2M4TmNRUkpRemNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy85N2MzNTMtMGMzNi00MDY2LWE1NmItMTM5YTQ5NmNkNTlj
LzEvMGtNaXN0Q25sUDBIYTRYbzNGZUt1dzBEN0VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCHk
MA0GCSqGSIb3DQEBCwUAA4IBAQBq+t0tTuG9+RggJqEitsOlrQW/XmfOUw0kEMhU
EncdbSwf+L4sIlpGZd3pYR5aNMyuy8HndRbjcwWZWTSbKSSZ4d6LwxIQl/ohdHNI
xv5PYQ6eKEorvIuQYP0Ip/QWcXKkW3S+67jHWepbWbXb7X222ahIkZN755mMZBST
8DJk7r4JdMj3gNdXZhGoZTv+IpAqA+erM6yhJ4r1DoAR+SgWpxntVgqFT4lRsJQB
Efy2HxMHAoaXjwCYu5Qy4s+bQtBkK1PeuajxDgYLOU8wqGg4JLftjrg0jIladWT+
rioz3PcQjB0KfoQUNEzbtMvxXQzwUPkSVGJXI4yNcN+wl2O6
-----END CERTIFICATE-----