Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/a21f34-82f2-41c9-b60c-ad43ccd7aae8/1/BPDSWMKd60DpnVnw2Y5MB0-PI7o.roa
File:                     BPDSWMKd60DpnVnw2Y5MB0-PI7o.roa (raw, json)
Hash identifier:          dekY+rWbsamWfF40ez4tSTb/Avd8uEhijkcAL1uwqVM=
Subject key identifier:   04:F0:D2:58:C2:9D:EB:40:E9:9D:59:F0:D9:8E:4C:07:4F:8F:23:BA
Certificate issuer:       /CN=acf7ab3f1a93e714f3074a05d86fcce2206305a8
Certificate serial:       018D02AE688482CF58DDDC5A34BFE7949AD2
Authority key identifier: AC:F7:AB:3F:1A:93:E7:14:F3:07:4A:05:D8:6F:CC:E2:20:63:05:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rPerPxqT5xTzB0oF2G_M4iBjBag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/a21f34-82f2-41c9-b60c-ad43ccd7aae8/1/BPDSWMKd60DpnVnw2Y5MB0-PI7o.roa
Signing time:             Sat 13 Jan 2024 11:56:40 +0000
ROA not before:           Sat 13 Jan 2024 11:56:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215754
IP address blocks:        2001:67c:c48::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/a21f34-82f2-41c9-b60c-ad43ccd7aae8/1/rPerPxqT5xTzB0oF2G_M4iBjBag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/a21f34-82f2-41c9-b60c-ad43ccd7aae8/1/rPerPxqT5xTzB0oF2G_M4iBjBag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rPerPxqT5xTzB0oF2G_M4iBjBag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 11:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:02:ae:68:84:82:cf:58:dd:dc:5a:34:bf:e7:94:9a:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acf7ab3f1a93e714f3074a05d86fcce2206305a8
        Validity
            Not Before: Jan 13 11:56:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04f0d258c29deb40e99d59f0d98e4c074f8f23ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:48:fd:c7:c8:26:b9:bd:a3:b0:34:88:d0:31:
                    52:d1:a2:c2:7d:fb:02:10:fe:25:74:89:98:b2:5f:
                    52:b0:62:7b:82:b2:8e:a6:d4:89:51:a5:1e:23:ee:
                    c0:4a:bd:43:0a:1e:7c:01:93:d3:db:6a:36:1b:18:
                    ec:a2:99:0c:dd:c8:0d:e6:5d:30:0c:b0:a6:5d:27:
                    9d:69:25:33:33:0b:0e:e8:1f:74:b6:8c:f9:03:97:
                    0f:4e:97:03:ab:25:b2:c3:23:f2:2c:c6:05:c1:2c:
                    08:44:ba:f8:06:a7:1c:fe:dc:61:e8:84:90:88:16:
                    35:d7:18:7a:ae:5b:60:18:b2:a0:9d:60:60:d6:d0:
                    1b:ff:35:c7:e3:ec:8e:70:54:fb:b9:9a:07:29:01:
                    5d:ae:0c:18:60:5b:15:2d:16:e8:a2:4d:df:9a:68:
                    a5:2f:dd:86:79:de:2d:36:b4:da:6b:75:74:56:9f:
                    1c:fd:1b:f5:9b:46:f8:3a:eb:67:1d:27:af:47:8e:
                    f5:2c:c9:38:f0:fd:30:00:0e:7f:16:ee:ad:43:2f:
                    93:87:7f:67:a0:56:dd:62:59:d6:9c:f4:9b:c3:15:
                    cc:47:b3:3e:fe:ea:e5:a2:b7:5d:f0:bd:bc:47:3c:
                    63:f1:02:c1:4a:1e:03:84:6d:d3:79:35:49:3e:c4:
                    1b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:F0:D2:58:C2:9D:EB:40:E9:9D:59:F0:D9:8E:4C:07:4F:8F:23:BA
            X509v3 Authority Key Identifier:
                keyid:AC:F7:AB:3F:1A:93:E7:14:F3:07:4A:05:D8:6F:CC:E2:20:63:05:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rPerPxqT5xTzB0oF2G_M4iBjBag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/a21f34-82f2-41c9-b60c-ad43ccd7aae8/1/BPDSWMKd60DpnVnw2Y5MB0-PI7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/a21f34-82f2-41c9-b60c-ad43ccd7aae8/1/rPerPxqT5xTzB0oF2G_M4iBjBag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c48::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:02:71:ef:c2:ec:9b:d2:23:12:0c:40:cf:af:df:7c:1e:79:
         6a:4d:52:fe:fd:16:58:e3:34:7b:9f:f7:84:31:8c:7e:e7:38:
         9c:0c:c5:d4:31:cc:42:fe:70:61:32:8a:30:e0:70:9b:ff:3d:
         56:d2:78:05:49:f8:c8:62:51:f8:20:00:8a:85:7f:8c:41:6f:
         88:77:aa:ce:0d:12:a6:ab:8a:06:64:24:9d:46:0c:48:f6:4b:
         3d:a3:27:57:8c:80:84:f4:a1:42:30:24:48:75:b3:d5:f8:53:
         de:73:54:64:4f:52:ee:39:5a:e2:58:c2:ca:81:6a:cb:86:c0:
         9a:c3:30:d4:1b:71:b6:31:42:77:1e:2d:44:17:ab:ec:a5:48:
         fc:de:46:1c:1f:3d:9d:6e:d1:8f:9e:b9:e5:f1:1e:29:0c:16:
         b0:b4:59:01:8a:45:87:cc:67:3b:92:b5:10:17:7f:4f:29:91:
         bc:ee:01:3f:89:cb:eb:f5:48:a6:91:cf:f6:43:f8:fd:88:04:
         83:b2:e5:75:1c:d5:48:64:88:6c:69:50:6a:89:a2:e3:e4:a3:
         a1:86:68:52:42:7a:52:e9:60:29:d7:75:10:82:9c:73:0d:aa:
         25:bc:77:b7:0b:4e:8c:e5:cb:b3:e7:ec:1e:88:37:87:d5:61:
         14:60:3b:7d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY0CrmiEgs9Y3dxaNL/nlJrSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZjdhYjNmMWE5M2U3MTRmMzA3NGEwNWQ4NmZjY2UyMjA2
MzA1YTgwHhcNMjQwMTEzMTE1NjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGYwZDI1OGMyOWRlYjQwZTk5ZDU5ZjBkOThlNGMwNzRmOGYyM2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUj9x8gmub2jsDSI0DFS0aLCffsC
EP4ldImYsl9SsGJ7grKOptSJUaUeI+7ASr1DCh58AZPT22o2GxjsopkM3cgN5l0w
DLCmXSedaSUzMwsO6B90toz5A5cPTpcDqyWywyPyLMYFwSwIRLr4Bqcc/txh6ISQ
iBY11xh6rltgGLKgnWBg1tAb/zXH4+yOcFT7uZoHKQFdrgwYYFsVLRbook3fmmil
L92Ged4tNrTaa3V0Vp8c/Rv1m0b4OutnHSevR471LMk48P0wAA5/Fu6tQy+Th39n
oFbdYlnWnPSbwxXMR7M+/urlordd8L28Rzxj8QLBSh4DhG3TeTVJPsQbMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFATw0ljCnetA6Z1Z8NmOTAdPjyO6MB8GA1UdIwQY
MBaAFKz3qz8ak+cU8wdKBdhvzOIgYwWoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclBlclB4cVQ1eFR6QjBvRjJHX000aUJqQmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9hMjFmMzQtODJmMi00MWM5LWI2MGMt
YWQ0M2NjZDdhYWU4LzEvQlBEU1dNS2Q2MERwblZudzJZNU1CMC1QSTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9hMjFmMzQtODJmMi00MWM5LWI2MGMtYWQ0M2NjZDdhYWU4
LzEvclBlclB4cVQ1eFR6QjBvRjJHX000aUJqQmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAxI
MA0GCSqGSIb3DQEBCwUAA4IBAQCEAnHvwuyb0iMSDEDPr998HnlqTVL+/RZY4zR7
n/eEMYx+5zicDMXUMcxC/nBhMoow4HCb/z1W0ngFSfjIYlH4IACKhX+MQW+Id6rO
DRKmq4oGZCSdRgxI9ks9oydXjICE9KFCMCRIdbPV+FPec1RkT1LuOVriWMLKgWrL
hsCawzDUG3G2MUJ3Hi1EF6vspUj83kYcHz2dbtGPnrnl8R4pDBawtFkBikWHzGc7
krUQF39PKZG87gE/icvr9Uimkc/2Q/j9iASDsuV1HNVIZIhsaVBqiaLj5KOhhmhS
QnpS6WAp13UQgpxzDaolvHe3C06M5cuz5+weiDeH1WEUYDt9
-----END CERTIFICATE-----