Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/27e1ca-e61f-4e8c-ad9c-145c36e38276/1/SQboT7725hbEv-TnUvLJC-FyDIw.roa
File:                     SQboT7725hbEv-TnUvLJC-FyDIw.roa (raw, json)
Hash identifier:          ubth3dQuoden2CNgRUEB6ZrDuqEN9TVWCESeBnW+HG4=
Subject key identifier:   49:06:E8:4F:BE:F6:E6:16:C4:BF:E4:E7:52:F2:C9:0B:E1:72:0C:8C
Certificate issuer:       /CN=4de2dc2c1c93847bf979f9b010edc4cda849f4f8
Certificate serial:       018CCA28F579EC78D97665B0ABCF827BC73C
Authority key identifier: 4D:E2:DC:2C:1C:93:84:7B:F9:79:F9:B0:10:ED:C4:CD:A8:49:F4:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TeLcLByThHv5efmwEO3EzahJ9Pg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/27e1ca-e61f-4e8c-ad9c-145c36e38276/1/SQboT7725hbEv-TnUvLJC-FyDIw.roa
Signing time:             Tue 02 Jan 2024 12:32:11 +0000
ROA not before:           Tue 02 Jan 2024 12:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15435
IP address blocks:        2001:67c:2e64::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/27e1ca-e61f-4e8c-ad9c-145c36e38276/1/TeLcLByThHv5efmwEO3EzahJ9Pg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/27e1ca-e61f-4e8c-ad9c-145c36e38276/1/TeLcLByThHv5efmwEO3EzahJ9Pg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TeLcLByThHv5efmwEO3EzahJ9Pg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:f5:79:ec:78:d9:76:65:b0:ab:cf:82:7b:c7:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4de2dc2c1c93847bf979f9b010edc4cda849f4f8
        Validity
            Not Before: Jan  2 12:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4906e84fbef6e616c4bfe4e752f2c90be1720c8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:99:1d:13:86:fb:38:2c:05:e3:53:28:1d:07:
                    1e:73:1f:25:14:9f:3b:36:20:ff:11:65:89:8d:be:
                    a0:6d:5b:f3:c7:9b:32:8f:20:79:99:e9:d9:73:7d:
                    0c:d7:09:1a:a3:52:74:14:fc:8c:71:15:d8:e3:cc:
                    24:f2:94:99:7a:71:8b:59:6e:dc:e5:fa:dd:bc:c9:
                    2f:22:24:0d:39:50:d4:19:04:13:68:7e:55:d9:fc:
                    a8:75:20:73:fe:6c:8b:9c:d7:cc:21:ff:23:c8:b6:
                    12:9f:05:15:f4:f0:39:85:1f:4d:ec:68:5c:7a:42:
                    db:da:9a:e3:1b:ac:3e:b7:a5:14:67:4c:9e:02:f9:
                    d4:75:e9:a1:66:03:bd:3c:e7:c9:2d:32:08:a7:71:
                    24:cd:b1:d5:c3:50:51:54:9d:23:35:dc:32:57:c0:
                    49:68:da:50:27:ac:bc:42:59:44:74:7c:6b:4e:15:
                    c2:f0:b4:c1:2b:9f:03:ad:89:2a:cb:a3:1d:41:82:
                    5f:90:fd:a2:76:74:01:48:4f:b3:83:12:de:fa:3d:
                    ef:d1:3e:5c:d7:ff:b9:0f:ba:7e:9d:cd:11:7d:14:
                    5c:4b:28:eb:c0:b6:87:d5:98:13:c1:f6:86:95:e0:
                    fa:88:2d:26:2f:a9:cc:12:f9:96:de:f4:5c:e9:36:
                    af:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:06:E8:4F:BE:F6:E6:16:C4:BF:E4:E7:52:F2:C9:0B:E1:72:0C:8C
            X509v3 Authority Key Identifier:
                keyid:4D:E2:DC:2C:1C:93:84:7B:F9:79:F9:B0:10:ED:C4:CD:A8:49:F4:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TeLcLByThHv5efmwEO3EzahJ9Pg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/27e1ca-e61f-4e8c-ad9c-145c36e38276/1/SQboT7725hbEv-TnUvLJC-FyDIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/27e1ca-e61f-4e8c-ad9c-145c36e38276/1/TeLcLByThHv5efmwEO3EzahJ9Pg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2e64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:d5:36:87:c9:bf:fe:a8:8e:33:67:8d:ea:25:65:be:83:c4:
         f0:7f:d3:17:40:fd:47:10:28:c0:3d:2c:d1:76:b4:21:d8:6f:
         8e:3e:26:6f:09:a0:16:52:a1:40:90:df:4e:eb:09:a1:1f:d2:
         18:12:87:31:6d:64:ff:69:ce:40:28:92:81:a6:fd:c7:32:b0:
         39:53:5d:ca:c3:ad:92:36:a2:4c:b7:a3:ac:71:dc:0e:97:57:
         c3:99:76:3f:e4:f3:90:f3:a4:0f:c9:c4:47:3f:b0:ff:63:ab:
         e1:6f:81:1f:9d:dc:0b:68:7a:fc:dd:b7:30:31:0e:7e:a2:50:
         87:00:c2:70:ef:3d:02:a6:64:b3:f3:24:39:9b:34:4d:5e:ff:
         40:b8:11:1a:de:54:ec:67:0b:70:68:0d:09:8b:26:fd:43:9b:
         29:31:7b:c6:73:91:cb:a8:71:05:b8:6d:bb:8c:40:5d:ae:cf:
         7e:1f:bf:b5:13:8b:53:fa:34:47:15:5e:ae:1c:31:02:37:c4:
         cd:cc:16:37:4c:c9:40:59:9d:d1:59:0c:94:2c:e0:a9:45:b4:
         ea:30:c3:e0:34:90:a9:99:fa:e1:0c:19:96:50:32:f9:d1:58:
         84:6a:73:4e:cb:2e:de:c0:b8:5e:24:41:9b:f3:5a:34:f5:bd:
         37:99:80:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKPV57HjZdmWwq8+Ce8c8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZTJkYzJjMWM5Mzg0N2JmOTc5ZjliMDEwZWRjNGNkYTg0
OWY0ZjgwHhcNMjQwMTAyMTIzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTA2ZTg0ZmJlZjZlNjE2YzRiZmU0ZTc1MmYyYzkwYmUxNzIwYzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZkdE4b7OCwF41MoHQcecx8lFJ87
NiD/EWWJjb6gbVvzx5syjyB5menZc30M1wkao1J0FPyMcRXY48wk8pSZenGLWW7c
5frdvMkvIiQNOVDUGQQTaH5V2fyodSBz/myLnNfMIf8jyLYSnwUV9PA5hR9N7Ghc
ekLb2prjG6w+t6UUZ0yeAvnUdemhZgO9POfJLTIIp3EkzbHVw1BRVJ0jNdwyV8BJ
aNpQJ6y8QllEdHxrThXC8LTBK58DrYkqy6MdQYJfkP2idnQBSE+zgxLe+j3v0T5c
1/+5D7p+nc0RfRRcSyjrwLaH1ZgTwfaGleD6iC0mL6nMEvmW3vRc6Tav6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEkG6E++9uYWxL/k51LyyQvhcgyMMB8GA1UdIwQY
MBaAFE3i3Cwck4R7+Xn5sBDtxM2oSfT4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGVMY0xCeVRoSHY1ZWZtd0VPM0V6YWhKOVBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yN2UxY2EtZTYxZi00ZThjLWFkOWMt
MTQ1YzM2ZTM4Mjc2LzEvU1Fib1Q3NzI1aGJFdi1UblV2TEpDLUZ5REl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yN2UxY2EtZTYxZi00ZThjLWFkOWMtMTQ1YzM2ZTM4Mjc2
LzEvVGVMY0xCeVRoSHY1ZWZtd0VPM0V6YWhKOVBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC5k
MA0GCSqGSIb3DQEBCwUAA4IBAQAu1TaHyb/+qI4zZ43qJWW+g8Twf9MXQP1HECjA
PSzRdrQh2G+OPiZvCaAWUqFAkN9O6wmhH9IYEocxbWT/ac5AKJKBpv3HMrA5U13K
w62SNqJMt6OscdwOl1fDmXY/5POQ86QPycRHP7D/Y6vhb4EfndwLaHr83bcwMQ5+
olCHAMJw7z0CpmSz8yQ5mzRNXv9AuBEa3lTsZwtwaA0Jiyb9Q5spMXvGc5HLqHEF
uG27jEBdrs9+H7+1E4tT+jRHFV6uHDECN8TNzBY3TMlAWZ3RWQyULOCpRbTqMMPg
NJCpmfrhDBmWUDL50ViEanNOyy7ewLheJEGb81o09b03mYCv
-----END CERTIFICATE-----