Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/6af6b2-578c-4a25-a2cc-ffad4fb0a713/1/k9doUOSx6S0vxC87YvqaAV28FXY.roa
File:                     k9doUOSx6S0vxC87YvqaAV28FXY.roa (raw, json)
Hash identifier:          REZiaQy5D+uMicHP7n0DgIEBTTlegPsEy+e4hPnSdnU=
Subject key identifier:   93:D7:68:50:E4:B1:E9:2D:2F:C4:2F:3B:62:FA:9A:01:5D:BC:15:76
Certificate issuer:       /CN=f7fac2c21b2dbc812dd25d1cb79c3fba5419e593
Certificate serial:       018CC56E1F508917906052980F2C4F2BEE46
Authority key identifier: F7:FA:C2:C2:1B:2D:BC:81:2D:D2:5D:1C:B7:9C:3F:BA:54:19:E5:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9_rCwhstvIEt0l0ct5w_ulQZ5ZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/6af6b2-578c-4a25-a2cc-ffad4fb0a713/1/k9doUOSx6S0vxC87YvqaAV28FXY.roa
Signing time:             Mon 01 Jan 2024 14:29:37 +0000
ROA not before:           Mon 01 Jan 2024 14:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211194
IP address blocks:        2001:67c:b28::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/6af6b2-578c-4a25-a2cc-ffad4fb0a713/1/9_rCwhstvIEt0l0ct5w_ulQZ5ZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/6af6b2-578c-4a25-a2cc-ffad4fb0a713/1/9_rCwhstvIEt0l0ct5w_ulQZ5ZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9_rCwhstvIEt0l0ct5w_ulQZ5ZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1f:50:89:17:90:60:52:98:0f:2c:4f:2b:ee:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7fac2c21b2dbc812dd25d1cb79c3fba5419e593
        Validity
            Not Before: Jan  1 14:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93d76850e4b1e92d2fc42f3b62fa9a015dbc1576
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:2d:6d:f9:2a:3a:4c:a2:ce:6e:96:bd:ea:0f:
                    28:94:89:73:25:0d:55:7f:4e:13:62:72:33:02:df:
                    4b:7f:20:1f:a9:ed:20:49:f6:d2:32:78:b5:17:29:
                    42:02:76:f8:85:9f:d8:9f:ba:df:04:a6:f2:63:59:
                    f2:4c:2a:1b:9a:fd:49:8c:41:f1:70:b4:24:29:3b:
                    eb:b5:d9:00:03:43:8b:6e:fe:23:a0:18:91:e7:91:
                    f5:72:ff:b4:9d:90:ba:4e:11:19:e7:fc:87:8f:4f:
                    ef:e1:4e:85:63:c6:ab:bd:21:69:b4:8e:bf:ea:af:
                    25:12:c2:44:a6:ea:0a:f1:26:8e:e4:19:42:fe:08:
                    dd:b4:18:d0:3b:0d:d1:e4:42:50:9c:99:e8:07:15:
                    37:d8:ec:11:bd:c4:95:80:bc:68:1e:0d:32:f1:db:
                    83:f1:39:dc:96:40:95:b8:10:5b:d1:7d:78:f0:11:
                    cd:b9:c5:cf:da:10:91:9c:6a:83:2d:91:32:0e:36:
                    dd:47:bd:60:a2:3c:e6:d1:20:f6:47:89:5d:79:0b:
                    49:ca:b0:b9:12:b8:32:dd:47:9f:ba:2b:7a:3d:d0:
                    a8:7a:6a:48:97:51:7b:aa:f8:1a:3f:a2:99:fc:c6:
                    c9:fe:f9:95:bb:ff:25:ad:88:69:0a:11:47:27:6e:
                    89:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:D7:68:50:E4:B1:E9:2D:2F:C4:2F:3B:62:FA:9A:01:5D:BC:15:76
            X509v3 Authority Key Identifier:
                keyid:F7:FA:C2:C2:1B:2D:BC:81:2D:D2:5D:1C:B7:9C:3F:BA:54:19:E5:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9_rCwhstvIEt0l0ct5w_ulQZ5ZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/6af6b2-578c-4a25-a2cc-ffad4fb0a713/1/k9doUOSx6S0vxC87YvqaAV28FXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/6af6b2-578c-4a25-a2cc-ffad4fb0a713/1/9_rCwhstvIEt0l0ct5w_ulQZ5ZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b28::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:5a:43:88:88:01:17:2d:74:e7:49:c7:90:b3:e8:5d:d2:47:
         93:77:79:11:18:f5:6a:b1:f3:04:dc:ce:23:19:a4:d3:52:e5:
         84:03:3f:4f:5f:18:15:81:ee:2f:84:aa:e9:40:d9:0d:39:49:
         0a:59:54:3c:10:65:7c:1f:27:98:79:1f:fe:61:7d:a2:21:0c:
         78:c6:26:0d:cd:d9:a1:b5:75:2a:21:22:89:12:08:34:74:65:
         e3:9e:fc:e7:15:22:a6:03:18:6b:f3:20:d9:0d:c8:0c:97:1a:
         b2:26:0f:7a:47:36:ea:17:e2:4f:6c:db:e9:1f:33:bf:b2:68:
         9a:c3:d5:80:75:a4:f8:88:7a:27:ff:0d:cd:85:31:12:4e:46:
         8c:80:f8:82:59:c4:4c:dd:78:5f:25:81:2e:39:4e:8a:97:24:
         1c:5a:93:19:f5:73:d3:29:3e:3c:4a:22:cc:e4:fe:8e:5b:3c:
         90:3f:f5:a6:27:6a:ce:ef:b6:44:df:3d:49:5c:5c:f1:eb:6f:
         ef:cf:ba:33:4b:06:1c:3f:29:bb:50:67:81:9b:2a:d2:f4:59:
         3c:21:be:7c:7b:d4:b5:a9:88:d3:05:4c:0e:9d:7b:f1:e2:4f:
         cf:4a:04:6c:46:6b:01:7e:a6:41:3c:f3:32:65:7d:5a:62:c3:
         93:2c:98:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbh9QiReQYFKYDyxPK+5GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3ZmFjMmMyMWIyZGJjODEyZGQyNWQxY2I3OWMzZmJhNTQx
OWU1OTMwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2Q3Njg1MGU0YjFlOTJkMmZjNDJmM2I2MmZhOWEwMTVkYmMxNTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmC1t+So6TKLObpa96g8olIlzJQ1V
f04TYnIzAt9LfyAfqe0gSfbSMni1FylCAnb4hZ/Yn7rfBKbyY1nyTCobmv1JjEHx
cLQkKTvrtdkAA0OLbv4joBiR55H1cv+0nZC6ThEZ5/yHj0/v4U6FY8arvSFptI6/
6q8lEsJEpuoK8SaO5BlC/gjdtBjQOw3R5EJQnJnoBxU32OwRvcSVgLxoHg0y8duD
8TnclkCVuBBb0X148BHNucXP2hCRnGqDLZEyDjbdR71gojzm0SD2R4ldeQtJyrC5
Ergy3Uefuit6PdCoempIl1F7qvgaP6KZ/MbJ/vmVu/8lrYhpChFHJ26J9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJPXaFDksektL8QvO2L6mgFdvBV2MB8GA1UdIwQY
MBaAFPf6wsIbLbyBLdJdHLecP7pUGeWTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOV9yQ3doc3R2SUV0MGwwY3Q1d191bFFaNVpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS82YWY2YjItNTc4Yy00YTI1LWEyY2Mt
ZmZhZDRmYjBhNzEzLzEvazlkb1VPU3g2UzB2eEM4N1l2cWFBVjI4RlhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS82YWY2YjItNTc4Yy00YTI1LWEyY2MtZmZhZDRmYjBhNzEz
LzEvOV9yQ3doc3R2SUV0MGwwY3Q1d191bFFaNVpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAso
MA0GCSqGSIb3DQEBCwUAA4IBAQCuWkOIiAEXLXTnSceQs+hd0keTd3kRGPVqsfME
3M4jGaTTUuWEAz9PXxgVge4vhKrpQNkNOUkKWVQ8EGV8HyeYeR/+YX2iIQx4xiYN
zdmhtXUqISKJEgg0dGXjnvznFSKmAxhr8yDZDcgMlxqyJg96RzbqF+JPbNvpHzO/
smiaw9WAdaT4iHon/w3NhTESTkaMgPiCWcRM3XhfJYEuOU6KlyQcWpMZ9XPTKT48
SiLM5P6OWzyQP/WmJ2rO77ZE3z1JXFzx62/vz7ozSwYcPym7UGeBmyrS9Fk8Ib58
e9S1qYjTBUwOnXvx4k/PSgRsRmsBfqZBPPMyZX1aYsOTLJgY
-----END CERTIFICATE-----