Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/T7rLZxQy9x1-qSvfp2vd7G0Mop0.roa
File:                     T7rLZxQy9x1-qSvfp2vd7G0Mop0.roa (raw, json)
Hash identifier:          CXBs1hEl7d60GEyaTIOUsIhoiANCFRwZzCFOomBHslQ=
Subject key identifier:   4F:BA:CB:67:14:32:F7:1D:7E:A9:2B:DF:A7:6B:DD:EC:6D:0C:A2:9D
Certificate issuer:       /CN=cbd95ead6d2a1daf2ef687acb4c29e76076b2809
Certificate serial:       018CC5DC52C11BAF011AB83466A16EB839F8
Authority key identifier: CB:D9:5E:AD:6D:2A:1D:AF:2E:F6:87:AC:B4:C2:9E:76:07:6B:28:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y9lerW0qHa8u9oestMKedgdrKAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/T7rLZxQy9x1-qSvfp2vd7G0Mop0.roa
Signing time:             Mon 01 Jan 2024 16:29:59 +0000
ROA not before:           Mon 01 Jan 2024 16:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200259
IP address blocks:        2001:67c:2ebc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/y9lerW0qHa8u9oestMKedgdrKAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/y9lerW0qHa8u9oestMKedgdrKAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y9lerW0qHa8u9oestMKedgdrKAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 19:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:52:c1:1b:af:01:1a:b8:34:66:a1:6e:b8:39:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbd95ead6d2a1daf2ef687acb4c29e76076b2809
        Validity
            Not Before: Jan  1 16:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fbacb671432f71d7ea92bdfa76bddec6d0ca29d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:17:16:48:c6:3f:94:a3:d7:c2:94:76:83:29:
                    e9:24:93:c5:70:d6:37:ff:0c:d5:29:ed:ba:8c:91:
                    06:bb:9e:2e:df:ca:47:9e:e7:0d:bf:e5:db:a2:ee:
                    9e:05:3b:95:34:ca:d7:fd:d5:d4:c1:58:fb:18:04:
                    c3:b7:0d:86:d2:74:4b:c0:60:a3:78:51:c6:20:8c:
                    dc:d1:82:24:89:62:0f:8f:b6:cc:4d:2b:9d:6e:ef:
                    5f:04:ab:db:c6:21:18:fd:73:d8:23:57:46:26:a0:
                    58:5f:d2:51:ee:f4:06:79:d3:c7:c1:6f:fc:bc:a4:
                    35:bc:94:88:ce:dc:50:ac:37:da:81:94:56:b0:30:
                    a8:a9:4d:48:c3:b2:26:07:42:71:69:70:07:1b:a2:
                    96:f1:a7:42:f7:a0:91:5b:2d:c4:56:26:b3:9f:f8:
                    b5:55:e1:48:e0:48:bb:5a:6e:ff:30:13:e2:89:9c:
                    44:b7:42:86:22:ee:e9:17:6b:9a:8f:5c:9c:9b:2d:
                    3b:f5:a7:99:c8:10:bf:cd:5f:03:3c:e3:2b:e7:c3:
                    df:76:45:ca:0e:aa:88:98:2a:00:43:76:21:2b:bb:
                    73:bf:4f:fe:21:50:82:e4:e5:2b:08:2a:c9:50:fd:
                    9a:90:11:a4:c1:47:10:bc:54:05:92:df:98:5f:70:
                    ea:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:BA:CB:67:14:32:F7:1D:7E:A9:2B:DF:A7:6B:DD:EC:6D:0C:A2:9D
            X509v3 Authority Key Identifier:
                keyid:CB:D9:5E:AD:6D:2A:1D:AF:2E:F6:87:AC:B4:C2:9E:76:07:6B:28:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y9lerW0qHa8u9oestMKedgdrKAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/T7rLZxQy9x1-qSvfp2vd7G0Mop0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/d16463-89be-4f5b-b2f2-acc41cacf7e1/1/y9lerW0qHa8u9oestMKedgdrKAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2ebc::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:4f:e5:1a:76:e5:0d:96:4f:dd:cd:c2:73:0b:57:49:a5:30:
         12:36:8a:be:a8:e2:ea:94:0b:2b:7a:ba:dd:6a:07:51:fc:e9:
         a8:17:39:d8:c2:c2:56:24:0e:e3:01:42:27:6d:b7:a7:64:77:
         52:dd:9b:a5:e0:bf:24:7e:b9:76:f5:05:28:f9:ae:e1:da:55:
         a1:d6:12:a7:fb:15:a8:fd:cd:cc:fb:66:99:93:02:3d:e0:9c:
         66:05:12:33:e6:e9:2e:3b:db:56:97:2a:dc:db:8d:93:e7:7f:
         b6:13:19:26:7b:c7:f3:b0:a1:67:21:04:31:7f:3f:f2:84:9f:
         31:3e:41:d5:dd:61:67:be:db:24:93:d0:72:1e:ce:aa:a8:5e:
         a0:a6:e5:2d:ee:49:90:fb:23:88:31:e2:0a:10:3b:95:d6:d4:
         3c:d7:ce:fc:03:8d:03:64:35:19:bb:20:c0:68:54:25:e0:26:
         18:b1:0a:de:0a:cb:f4:4c:c4:a1:b5:cc:54:74:91:1a:2e:4f:
         31:75:18:a0:3a:3e:ce:a6:5c:1b:95:99:52:60:ab:b8:be:7f:
         70:0a:57:9d:4c:f1:4d:65:f8:70:4a:c8:d6:71:17:60:0f:85:
         0a:f2:e1:5c:2c:fe:13:b9:06:8d:f3:b7:3b:4b:fb:8a:14:1a:
         06:0c:dc:47
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3FLBG68BGrg0ZqFuuDn4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZDk1ZWFkNmQyYTFkYWYyZWY2ODdhY2I0YzI5ZTc2MDc2
YjI4MDkwHhcNMjQwMTAxMTYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmJhY2I2NzE0MzJmNzFkN2VhOTJiZGZhNzZiZGRlYzZkMGNhMjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhcWSMY/lKPXwpR2gynpJJPFcNY3
/wzVKe26jJEGu54u38pHnucNv+Xbou6eBTuVNMrX/dXUwVj7GATDtw2G0nRLwGCj
eFHGIIzc0YIkiWIPj7bMTSudbu9fBKvbxiEY/XPYI1dGJqBYX9JR7vQGedPHwW/8
vKQ1vJSIztxQrDfagZRWsDCoqU1Iw7ImB0JxaXAHG6KW8adC96CRWy3EViazn/i1
VeFI4Ei7Wm7/MBPiiZxEt0KGIu7pF2uaj1ycmy079aeZyBC/zV8DPOMr58PfdkXK
DqqImCoAQ3YhK7tzv0/+IVCC5OUrCCrJUP2akBGkwUcQvFQFkt+YX3Dq/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE+6y2cUMvcdfqkr36dr3extDKKdMB8GA1UdIwQY
MBaAFMvZXq1tKh2vLvaHrLTCnnYHaygJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTlsZXJXMHFIYTh1OW9lc3RNS2VkZ2RyS0FrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9kMTY0NjMtODliZS00ZjViLWIyZjIt
YWNjNDFjYWNmN2UxLzEvVDdyTFp4UXk5eDEtcVN2ZnAydmQ3RzBNb3AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9kMTY0NjMtODliZS00ZjViLWIyZjItYWNjNDFjYWNmN2Ux
LzEveTlsZXJXMHFIYTh1OW9lc3RNS2VkZ2RyS0FrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC68
MA0GCSqGSIb3DQEBCwUAA4IBAQBXT+UaduUNlk/dzcJzC1dJpTASNoq+qOLqlAsr
errdagdR/OmoFznYwsJWJA7jAUInbbenZHdS3Zul4L8kfrl29QUo+a7h2lWh1hKn
+xWo/c3M+2aZkwI94JxmBRIz5ukuO9tWlyrc242T53+2Exkme8fzsKFnIQQxfz/y
hJ8xPkHV3WFnvtskk9ByHs6qqF6gpuUt7kmQ+yOIMeIKEDuV1tQ81878A40DZDUZ
uyDAaFQl4CYYsQreCsv0TMShtcxUdJEaLk8xdRigOj7OplwblZlSYKu4vn9wCled
TPFNZfhwSsjWcRdgD4UK8uFcLP4TuQaN87c7S/uKFBoGDNxH
-----END CERTIFICATE-----