Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/d317ca-3961-4fe0-bde8-f7c501418e56/1/uTCBnf3b-yLqqvnCUxCOVWTzq_I.roa
File:                     uTCBnf3b-yLqqvnCUxCOVWTzq_I.roa (raw, json)
Hash identifier:          IBgfRhw8lwowyO1fejNqf6FaL0VtSvn1AWjauBJkT6k=
Subject key identifier:   B9:30:81:9D:FD:DB:FB:22:EA:AA:F9:C2:53:10:8E:55:64:F3:AB:F2
Certificate issuer:       /CN=8041feea123fcb07e872a8cb4bdd9ab7b8da2fcf
Certificate serial:       018CC2DADEFE531B4B366628CA45A908C298
Authority key identifier: 80:41:FE:EA:12:3F:CB:07:E8:72:A8:CB:4B:DD:9A:B7:B8:DA:2F:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gEH-6hI_ywfocqjLS92at7jaL88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/d317ca-3961-4fe0-bde8-f7c501418e56/1/uTCBnf3b-yLqqvnCUxCOVWTzq_I.roa
Signing time:             Mon 01 Jan 2024 02:29:32 +0000
ROA not before:           Mon 01 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200258
IP address blocks:        2001:67c:b50::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/d317ca-3961-4fe0-bde8-f7c501418e56/1/gEH-6hI_ywfocqjLS92at7jaL88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/d317ca-3961-4fe0-bde8-f7c501418e56/1/gEH-6hI_ywfocqjLS92at7jaL88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gEH-6hI_ywfocqjLS92at7jaL88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 01:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:de:fe:53:1b:4b:36:66:28:ca:45:a9:08:c2:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8041feea123fcb07e872a8cb4bdd9ab7b8da2fcf
        Validity
            Not Before: Jan  1 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b930819dfddbfb22eaaaf9c253108e5564f3abf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:97:47:72:45:b1:58:ba:a0:0d:f1:07:dd:a8:
                    84:f0:ea:14:d1:a1:b3:0d:b2:2b:cd:66:b0:a8:37:
                    a0:e5:1a:09:45:99:c9:be:b7:cc:29:59:bc:5b:5b:
                    65:94:04:f5:60:b0:21:80:15:29:49:b9:38:42:e7:
                    30:8e:b3:4c:61:15:d8:3d:aa:19:da:7e:ce:a1:d4:
                    82:4b:70:2e:8d:50:0a:7c:c1:9e:35:72:95:fd:85:
                    dd:d0:40:91:8d:7f:32:4b:4a:8d:29:a8:22:f7:b2:
                    ca:63:a5:ed:4b:5e:93:94:4b:db:e9:86:46:7f:29:
                    17:95:77:a7:a6:1c:94:94:fd:18:a9:71:bf:14:f0:
                    6f:3a:79:bb:6e:55:d8:31:aa:68:8d:ce:9a:bf:e8:
                    d5:37:16:4a:6b:f9:36:38:0a:46:4a:a1:76:6c:d0:
                    74:de:b3:7d:49:81:3d:c5:50:4f:25:77:1b:53:92:
                    1d:0d:30:9b:3a:61:f1:99:42:aa:a1:63:23:e6:fe:
                    cc:67:00:a7:00:77:00:a3:40:0d:3e:d7:56:57:6c:
                    81:a4:6e:58:ed:92:97:a3:8a:b1:84:0d:18:9d:ac:
                    b0:64:e5:24:8b:8c:6b:21:23:9f:44:5f:a5:73:11:
                    60:c1:7f:c0:69:e1:b1:89:34:34:3d:a0:1e:dc:4a:
                    ba:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:30:81:9D:FD:DB:FB:22:EA:AA:F9:C2:53:10:8E:55:64:F3:AB:F2
            X509v3 Authority Key Identifier:
                keyid:80:41:FE:EA:12:3F:CB:07:E8:72:A8:CB:4B:DD:9A:B7:B8:DA:2F:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gEH-6hI_ywfocqjLS92at7jaL88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/d317ca-3961-4fe0-bde8-f7c501418e56/1/uTCBnf3b-yLqqvnCUxCOVWTzq_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/d317ca-3961-4fe0-bde8-f7c501418e56/1/gEH-6hI_ywfocqjLS92at7jaL88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b50::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:dc:c7:f7:c5:be:ba:d2:a2:87:f7:d2:39:36:95:b9:5c:60:
         b9:00:93:d1:6b:49:96:74:9f:a9:48:b3:c4:2e:43:23:50:0c:
         0b:2c:84:d8:63:4a:b4:17:9d:0a:fc:46:95:97:bf:73:ab:0a:
         e8:84:6c:e8:d5:eb:ad:1e:bd:20:b1:5f:4f:36:0f:13:7f:9e:
         1b:98:95:7c:ed:d9:14:84:c9:68:72:32:0b:31:f4:d8:04:bd:
         12:60:23:8f:54:58:6a:da:72:c7:d2:0a:f3:59:7b:a6:84:a5:
         b3:8d:ff:5b:f1:20:67:2e:4a:93:a9:a9:6f:e9:ae:6b:66:ec:
         70:08:60:30:56:07:22:a2:68:e5:76:83:3e:b1:b8:a3:a4:10:
         a7:fe:57:e6:78:9e:03:a8:6c:42:24:55:e3:e3:f8:37:51:c6:
         eb:03:3f:9a:41:95:8b:c5:fb:3c:78:15:54:fe:17:5c:ac:33:
         62:2b:0a:c6:be:a4:03:38:6d:ed:92:6b:b8:1e:13:5b:46:e2:
         e8:dc:f8:71:e3:22:1c:37:9c:fc:a5:dc:19:3d:0b:20:e0:d8:
         22:8c:f8:d5:ab:39:7d:79:aa:ea:f9:46:ef:ed:be:aa:29:1a:
         72:62:3b:69:eb:a7:aa:44:dc:2e:b8:64:3f:9e:c6:e5:73:64:
         b9:ac:16:cf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2t7+UxtLNmYoykWpCMKYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNDFmZWVhMTIzZmNiMDdlODcyYThjYjRiZGQ5YWI3Yjhk
YTJmY2YwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTMwODE5ZGZkZGJmYjIyZWFhYWY5YzI1MzEwOGU1NTY0ZjNhYmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZdHckWxWLqgDfEH3aiE8OoU0aGz
DbIrzWawqDeg5RoJRZnJvrfMKVm8W1tllAT1YLAhgBUpSbk4QucwjrNMYRXYPaoZ
2n7OodSCS3AujVAKfMGeNXKV/YXd0ECRjX8yS0qNKagi97LKY6XtS16TlEvb6YZG
fykXlXenphyUlP0YqXG/FPBvOnm7blXYMapojc6av+jVNxZKa/k2OApGSqF2bNB0
3rN9SYE9xVBPJXcbU5IdDTCbOmHxmUKqoWMj5v7MZwCnAHcAo0ANPtdWV2yBpG5Y
7ZKXo4qxhA0YnaywZOUki4xrISOfRF+lcxFgwX/AaeGxiTQ0PaAe3Eq6FwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLkwgZ392/si6qr5wlMQjlVk86vyMB8GA1UdIwQY
MBaAFIBB/uoSP8sH6HKoy0vdmre42i/PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0VILTZoSV95d2ZvY3FqTFM5MmF0N2phTDg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9kMzE3Y2EtMzk2MS00ZmUwLWJkZTgt
ZjdjNTAxNDE4ZTU2LzEvdVRDQm5mM2IteUxxcXZuQ1V4Q09WV1R6cV9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9kMzE3Y2EtMzk2MS00ZmUwLWJkZTgtZjdjNTAxNDE4ZTU2
LzEvZ0VILTZoSV95d2ZvY3FqTFM5MmF0N2phTDg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAtQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBt3Mf3xb660qKH99I5NpW5XGC5AJPRa0mWdJ+p
SLPELkMjUAwLLITYY0q0F50K/EaVl79zqwrohGzo1eutHr0gsV9PNg8Tf54bmJV8
7dkUhMlocjILMfTYBL0SYCOPVFhq2nLH0grzWXumhKWzjf9b8SBnLkqTqalv6a5r
ZuxwCGAwVgciomjldoM+sbijpBCn/lfmeJ4DqGxCJFXj4/g3UcbrAz+aQZWLxfs8
eBVU/hdcrDNiKwrGvqQDOG3tkmu4HhNbRuLo3Phx4yIcN5z8pdwZPQsg4NgijPjV
qzl9earq+Ubv7b6qKRpyYjtp66eqRNwuuGQ/nsblc2S5rBbP
-----END CERTIFICATE-----