Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/d1a717-4cf3-4ae5-b0fc-0bd9ddf3970e/1/AcJnGRtcTaz7LNb4IJzV6WV50pQ.roa
File:                     AcJnGRtcTaz7LNb4IJzV6WV50pQ.roa (raw, json)
Hash identifier:          j8xwomBukQ0vuV+sHxmkDVaRSAJB09gEi1gAh2ZjsbA=
Subject key identifier:   01:C2:67:19:1B:5C:4D:AC:FB:2C:D6:F8:20:9C:D5:E9:65:79:D2:94
Certificate issuer:       /CN=8d892f4ded92257e67ba74f1762c8bc914ebd61c
Certificate serial:       018CC8DF3B479AE444B2988F706ED78469F7
Authority key identifier: 8D:89:2F:4D:ED:92:25:7E:67:BA:74:F1:76:2C:8B:C9:14:EB:D6:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYkvTe2SJX5nunTxdiyLyRTr1hw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/d1a717-4cf3-4ae5-b0fc-0bd9ddf3970e/1/AcJnGRtcTaz7LNb4IJzV6WV50pQ.roa
Signing time:             Tue 02 Jan 2024 06:32:02 +0000
ROA not before:           Tue 02 Jan 2024 06:32:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39892
IP address blocks:        2001:67c:1098::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/d1a717-4cf3-4ae5-b0fc-0bd9ddf3970e/1/jYkvTe2SJX5nunTxdiyLyRTr1hw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/d1a717-4cf3-4ae5-b0fc-0bd9ddf3970e/1/jYkvTe2SJX5nunTxdiyLyRTr1hw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jYkvTe2SJX5nunTxdiyLyRTr1hw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:3b:47:9a:e4:44:b2:98:8f:70:6e:d7:84:69:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d892f4ded92257e67ba74f1762c8bc914ebd61c
        Validity
            Not Before: Jan  2 06:32:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01c267191b5c4dacfb2cd6f8209cd5e96579d294
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:dc:f0:a8:c5:cf:d7:3a:6c:05:65:1e:1f:11:
                    d7:f4:36:ac:02:ba:69:19:29:47:6c:4d:50:bc:ef:
                    81:b7:88:4a:2f:53:3b:af:2c:fb:a1:4d:17:32:4c:
                    c4:f7:f8:5f:e7:47:60:91:42:64:38:c3:d0:e4:1e:
                    72:65:6f:7b:00:0e:ea:76:10:d4:4c:d1:2b:42:11:
                    d8:60:9e:0d:73:d9:d7:80:ef:46:0a:12:f9:63:0c:
                    44:31:90:af:97:0e:88:a4:99:ee:df:1f:e8:ea:aa:
                    f5:05:d5:72:e6:e7:ca:38:69:97:97:4e:a8:5e:0a:
                    48:71:58:e2:e6:11:1f:46:07:00:2b:1e:9a:6e:19:
                    27:e4:22:cd:12:d0:46:e2:15:56:76:36:a0:48:a3:
                    65:96:5a:d0:5f:97:5f:b1:94:6d:7f:ac:5e:78:5e:
                    59:42:65:87:02:89:87:2e:08:87:de:14:ef:b3:58:
                    2b:3d:82:48:34:14:b3:7f:68:91:38:62:1c:01:4f:
                    4e:7a:bc:22:08:c8:36:c9:b2:bd:ad:a8:dd:72:bc:
                    ce:6f:f0:b5:71:63:bd:8b:43:29:8e:9b:6a:46:ce:
                    7c:ef:3b:98:6d:8b:33:ef:4b:c1:69:82:b7:88:12:
                    41:70:4c:13:fa:11:19:a3:8f:97:08:c8:d9:a8:96:
                    b1:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:C2:67:19:1B:5C:4D:AC:FB:2C:D6:F8:20:9C:D5:E9:65:79:D2:94
            X509v3 Authority Key Identifier:
                keyid:8D:89:2F:4D:ED:92:25:7E:67:BA:74:F1:76:2C:8B:C9:14:EB:D6:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYkvTe2SJX5nunTxdiyLyRTr1hw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/d1a717-4cf3-4ae5-b0fc-0bd9ddf3970e/1/AcJnGRtcTaz7LNb4IJzV6WV50pQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/d1a717-4cf3-4ae5-b0fc-0bd9ddf3970e/1/jYkvTe2SJX5nunTxdiyLyRTr1hw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1098::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:54:c1:33:ce:dc:f0:e8:71:4a:12:28:2d:a3:9c:69:3f:7f:
         05:a1:6b:c5:24:cc:d3:30:be:bb:f8:3c:21:9f:a3:85:d1:3a:
         19:ef:8b:4f:33:21:3a:ed:a0:b8:6d:4c:23:68:bc:3c:96:0b:
         c6:17:bf:88:ad:d1:b3:21:fa:5a:66:8e:a7:f7:e7:cc:e8:b1:
         c2:d3:0b:d6:d6:22:af:66:94:5d:42:c5:9d:7d:09:63:25:83:
         fd:7e:14:b2:27:6a:9f:60:b9:35:e8:46:d7:e1:e2:8d:65:34:
         3c:fa:50:a8:ea:0a:9c:a9:4e:f0:1d:5b:5a:58:38:69:e4:b4:
         1f:ab:e8:26:85:ab:22:19:09:e2:8c:36:11:93:44:c0:fc:15:
         a2:8d:5e:dd:12:9b:1c:8f:ed:da:a6:1e:f1:b0:11:86:a3:d0:
         60:6c:b6:f6:a7:8c:84:6e:21:2c:6f:35:7a:6c:72:6f:3f:7e:
         24:43:86:b3:c6:71:af:c3:37:f1:e7:16:88:b9:24:26:39:62:
         6c:16:ba:f2:7f:bd:15:c3:f6:7b:a9:24:0d:bb:a6:46:0d:87:
         b0:a0:e7:81:8d:ea:58:0f:16:cb:87:4e:f0:b0:64:ae:96:5d:
         3f:38:72:9a:bc:0a:da:7c:23:8e:e2:21:5e:a7:1f:3a:38:bb:
         5d:84:1e:53
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3ztHmuREspiPcG7XhGn3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODkyZjRkZWQ5MjI1N2U2N2JhNzRmMTc2MmM4YmM5MTRl
YmQ2MWMwHhcNMjQwMTAyMDYzMjAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWMyNjcxOTFiNWM0ZGFjZmIyY2Q2ZjgyMDljZDVlOTY1NzlkMjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdzwqMXP1zpsBWUeHxHX9DasArpp
GSlHbE1QvO+Bt4hKL1M7ryz7oU0XMkzE9/hf50dgkUJkOMPQ5B5yZW97AA7qdhDU
TNErQhHYYJ4Nc9nXgO9GChL5YwxEMZCvlw6IpJnu3x/o6qr1BdVy5ufKOGmXl06o
XgpIcVji5hEfRgcAKx6abhkn5CLNEtBG4hVWdjagSKNlllrQX5dfsZRtf6xeeF5Z
QmWHAomHLgiH3hTvs1grPYJINBSzf2iROGIcAU9OerwiCMg2ybK9rajdcrzOb/C1
cWO9i0MpjptqRs587zuYbYsz70vBaYK3iBJBcEwT+hEZo4+XCMjZqJaxfQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAHCZxkbXE2s+yzW+CCc1elledKUMB8GA1UdIwQY
MBaAFI2JL03tkiV+Z7p08XYsi8kU69YcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallrdlRlMlNKWDVudW5UeGRpeUx5UlRyMWh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9kMWE3MTctNGNmMy00YWU1LWIwZmMt
MGJkOWRkZjM5NzBlLzEvQWNKbkdSdGNUYXo3TE5iNElKelY2V1Y1MHBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9kMWE3MTctNGNmMy00YWU1LWIwZmMtMGJkOWRkZjM5NzBl
LzEvallrdlRlMlNKWDVudW5UeGRpeUx5UlRyMWh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBCY
MA0GCSqGSIb3DQEBCwUAA4IBAQBXVMEzztzw6HFKEigto5xpP38FoWvFJMzTML67
+Dwhn6OF0ToZ74tPMyE67aC4bUwjaLw8lgvGF7+IrdGzIfpaZo6n9+fM6LHC0wvW
1iKvZpRdQsWdfQljJYP9fhSyJ2qfYLk16EbX4eKNZTQ8+lCo6gqcqU7wHVtaWDhp
5LQfq+gmhasiGQnijDYRk0TA/BWijV7dEpscj+3aph7xsBGGo9BgbLb2p4yEbiEs
bzV6bHJvP34kQ4azxnGvwzfx5xaIuSQmOWJsFrryf70Vw/Z7qSQNu6ZGDYewoOeB
jepYDxbLh07wsGSull0/OHKavArafCOO4iFepx86OLtdhB5T
-----END CERTIFICATE-----