Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/czPff2lrTb5YV5EvNqJEit3u2Kk.roa
File:                     czPff2lrTb5YV5EvNqJEit3u2Kk.roa (raw, json)
Hash identifier:          UsZsmZKlNH/ST6HPD+CHmf6qgWzxDNm8fOXqx5Gsyzc=
Subject key identifier:   73:33:DF:7F:69:6B:4D:BE:58:57:91:2F:36:A2:44:8A:DD:EE:D8:A9
Certificate issuer:       /CN=d24322b2d0a794fd076b85e8dc578abb0d03ec40
Certificate serial:       018D88CC225965A3AE9BDF68A9D8EF1884F0
Authority key identifier: D2:43:22:B2:D0:A7:94:FD:07:6B:85:E8:DC:57:8A:BB:0D:03:EC:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0kMistCnlP0Ha4Xo3FeKuw0D7EA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/czPff2lrTb5YV5EvNqJEit3u2Kk.roa
Signing time:             Thu 08 Feb 2024 12:58:15 +0000
ROA not before:           Thu 08 Feb 2024 12:58:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51634
IP address blocks:        2001:67c:21e4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/0kMistCnlP0Ha4Xo3FeKuw0D7EA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/0kMistCnlP0Ha4Xo3FeKuw0D7EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0kMistCnlP0Ha4Xo3FeKuw0D7EA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:88:cc:22:59:65:a3:ae:9b:df:68:a9:d8:ef:18:84:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d24322b2d0a794fd076b85e8dc578abb0d03ec40
        Validity
            Not Before: Feb  8 12:58:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7333df7f696b4dbe5857912f36a2448addeed8a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f8:24:2e:67:bc:f0:95:72:55:d1:c5:f1:b8:
                    56:26:93:6e:61:17:e4:4b:ff:4f:cf:b8:60:30:d7:
                    3e:55:7f:4c:58:f7:f4:1a:86:da:f2:21:67:2e:07:
                    8d:f3:ce:bc:45:5f:e6:9f:69:ae:59:79:3f:8a:9a:
                    ee:36:3c:ae:4d:e1:16:43:a0:fd:62:4a:e2:f6:63:
                    cf:26:ec:f5:cf:7f:ec:9c:0e:ae:3f:e4:03:45:71:
                    0e:0b:a2:43:53:a1:67:13:15:ca:79:74:f5:ba:80:
                    47:e7:8f:f0:8b:c8:44:06:f0:3d:39:e8:c1:83:52:
                    34:2b:71:98:cb:b4:c8:5f:9b:1e:1d:8e:d3:24:ec:
                    15:7d:e0:02:fc:53:50:e5:2f:56:18:5b:35:35:9f:
                    2a:89:45:0e:7d:3f:37:78:73:d2:75:46:9e:3a:4a:
                    e6:fb:29:33:ed:87:94:55:ad:01:5b:d0:68:f1:c8:
                    d3:7a:88:f1:d8:d4:d2:6b:64:b6:5d:3a:4b:e4:21:
                    c4:fa:a3:35:45:8a:07:12:76:74:9a:10:d2:af:cf:
                    02:fa:4b:f1:dc:6a:eb:58:1d:ec:ab:8b:58:ba:d6:
                    18:8f:3a:1a:9a:0f:28:41:41:87:ac:e3:55:ce:8f:
                    d5:91:07:69:33:79:79:c6:ec:a4:0f:23:b6:69:e4:
                    1a:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:33:DF:7F:69:6B:4D:BE:58:57:91:2F:36:A2:44:8A:DD:EE:D8:A9
            X509v3 Authority Key Identifier:
                keyid:D2:43:22:B2:D0:A7:94:FD:07:6B:85:E8:DC:57:8A:BB:0D:03:EC:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0kMistCnlP0Ha4Xo3FeKuw0D7EA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/czPff2lrTb5YV5EvNqJEit3u2Kk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/0kMistCnlP0Ha4Xo3FeKuw0D7EA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:21e4::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:5b:34:f5:3e:25:23:c7:d9:99:82:c0:fc:5b:eb:10:a5:6c:
         0a:57:ea:e1:b6:f5:b9:cc:43:37:93:bf:d8:d9:2f:5e:ec:4a:
         82:cc:64:91:c1:ce:5e:60:b0:a5:ec:b4:ca:5c:99:d3:4d:10:
         19:25:e1:2a:30:40:47:f7:d8:00:f1:be:14:b9:80:8a:08:87:
         ec:fd:e2:54:7a:d3:db:d6:fd:65:26:aa:4b:7d:3f:c8:4f:d0:
         29:16:b3:c6:dc:62:bd:14:92:d4:f9:13:11:69:11:12:c8:11:
         d1:6c:b8:99:c5:da:91:bf:d5:b0:20:37:1b:4a:80:9e:39:8a:
         06:fd:a2:4d:fe:aa:41:37:7a:ac:75:f7:b5:2c:73:cb:fb:74:
         87:f3:70:02:77:0a:d4:a4:e2:b1:ef:00:63:67:a3:76:c6:8d:
         e9:6b:df:a7:09:de:0a:6f:3a:18:0a:51:14:3a:e1:b9:31:d0:
         43:44:ef:19:06:06:92:52:ae:c9:10:a6:63:f2:91:6a:d6:71:
         80:bb:91:f0:67:dc:75:30:34:b0:73:7c:60:3f:36:d7:41:6d:
         f6:5a:50:ed:ef:a0:cb:b7:da:f0:44:83:88:f8:d9:bf:91:aa:
         f1:49:7d:fc:20:da:7c:c1:7b:70:22:5c:14:2f:7a:12:de:16:
         4b:f6:3e:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2IzCJZZaOum99oqdjvGITwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNDMyMmIyZDBhNzk0ZmQwNzZiODVlOGRjNTc4YWJiMGQw
M2VjNDAwHhcNMjQwMjA4MTI1ODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzMzZGY3ZjY5NmI0ZGJlNTg1NzkxMmYzNmEyNDQ4YWRkZWVkOGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfgkLme88JVyVdHF8bhWJpNuYRfk
S/9Pz7hgMNc+VX9MWPf0Goba8iFnLgeN8868RV/mn2muWXk/ipruNjyuTeEWQ6D9
Ykri9mPPJuz1z3/snA6uP+QDRXEOC6JDU6FnExXKeXT1uoBH54/wi8hEBvA9OejB
g1I0K3GYy7TIX5seHY7TJOwVfeAC/FNQ5S9WGFs1NZ8qiUUOfT83eHPSdUaeOkrm
+ykz7YeUVa0BW9Bo8cjTeojx2NTSa2S2XTpL5CHE+qM1RYoHEnZ0mhDSr88C+kvx
3GrrWB3sq4tYutYYjzoamg8oQUGHrONVzo/VkQdpM3l5xuykDyO2aeQa4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHMz339pa02+WFeRLzaiRIrd7tipMB8GA1UdIwQY
MBaAFNJDIrLQp5T9B2uF6NxXirsNA+xAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGtNaXN0Q25sUDBIYTRYbzNGZUt1dzBEN0VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy85N2MzNTMtMGMzNi00MDY2LWE1NmIt
MTM5YTQ5NmNkNTljLzEvY3pQZmYybHJUYjVZVjVFdk5xSkVpdDN1MktrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy85N2MzNTMtMGMzNi00MDY2LWE1NmItMTM5YTQ5NmNkNTlj
LzEvMGtNaXN0Q25sUDBIYTRYbzNGZUt1dzBEN0VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCHk
MA0GCSqGSIb3DQEBCwUAA4IBAQBuWzT1PiUjx9mZgsD8W+sQpWwKV+rhtvW5zEM3
k7/Y2S9e7EqCzGSRwc5eYLCl7LTKXJnTTRAZJeEqMEBH99gA8b4UuYCKCIfs/eJU
etPb1v1lJqpLfT/IT9ApFrPG3GK9FJLU+RMRaRESyBHRbLiZxdqRv9WwIDcbSoCe
OYoG/aJN/qpBN3qsdfe1LHPL+3SH83ACdwrUpOKx7wBjZ6N2xo3pa9+nCd4KbzoY
ClEUOuG5MdBDRO8ZBgaSUq7JEKZj8pFq1nGAu5HwZ9x1MDSwc3xgPzbXQW32WlDt
76DLt9rwRIOI+Nm/karxSX38INp8wXtwIlwUL3oS3hZL9j4y
-----END CERTIFICATE-----