Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/127fb3-7d87-468b-94d2-2f9059c4f3a5/1/mXS0e2GR9WO9tt5KoGW-_64QHw0.roa
File:                     mXS0e2GR9WO9tt5KoGW-_64QHw0.roa (raw, json)
Hash identifier:          6MviHnE7V7AFCic9HB10V/9ttxs9JASs/vBubLtX7To=
Subject key identifier:   99:74:B4:7B:61:91:F5:63:BD:B6:DE:4A:A0:65:BE:FF:AE:10:1F:0D
Certificate issuer:       /CN=edbe73ab2730f34e94f120e9bfc55af4405369f6
Certificate serial:       0191502973B891699CB4F8D8BBE0FDDF8218
Authority key identifier: ED:BE:73:AB:27:30:F3:4E:94:F1:20:E9:BF:C5:5A:F4:40:53:69:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7b5zqycw806U8SDpv8Va9EBTafY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/127fb3-7d87-468b-94d2-2f9059c4f3a5/1/mXS0e2GR9WO9tt5KoGW-_64QHw0.roa
Signing time:             Wed 14 Aug 2024 09:12:59 +0000
ROA not before:           Wed 14 Aug 2024 09:12:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42708
IP address blocks:        2001:67c:d34::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/127fb3-7d87-468b-94d2-2f9059c4f3a5/1/7b5zqycw806U8SDpv8Va9EBTafY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/127fb3-7d87-468b-94d2-2f9059c4f3a5/1/7b5zqycw806U8SDpv8Va9EBTafY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7b5zqycw806U8SDpv8Va9EBTafY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:50:29:73:b8:91:69:9c:b4:f8:d8:bb:e0:fd:df:82:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edbe73ab2730f34e94f120e9bfc55af4405369f6
        Validity
            Not Before: Aug 14 09:12:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9974b47b6191f563bdb6de4aa065beffae101f0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:07:72:d7:1c:b7:d5:ac:bf:d4:0c:1a:43:9a:
                    dd:f9:eb:68:d4:be:05:d0:3b:92:91:62:0c:0b:7f:
                    0e:d2:d7:68:65:74:d8:5c:7e:8b:bd:a8:6b:c4:3f:
                    45:aa:97:7d:23:21:4b:e8:b5:2f:cc:f9:c7:25:4a:
                    f5:39:15:4a:d0:58:41:e6:d9:69:01:0e:2e:54:78:
                    b2:24:bd:fb:91:62:5e:48:bb:02:64:cf:db:69:e1:
                    d2:03:2e:44:ea:75:63:06:33:b3:41:94:38:88:56:
                    73:2a:2f:69:1d:af:ee:ea:2f:9b:33:b7:79:2b:9b:
                    da:74:3d:3e:ae:a0:ad:ff:69:0e:5a:a2:ae:1a:f1:
                    2b:89:6b:25:03:50:a0:5d:63:26:7d:70:f7:ad:a7:
                    c9:0f:44:cc:93:e9:3c:08:86:4c:52:8a:02:42:0c:
                    71:35:e6:0a:ed:28:0e:77:46:82:c2:61:86:9c:e5:
                    4f:45:cd:b5:4c:78:ac:e4:ad:e3:73:01:83:bb:0d:
                    53:55:09:1a:47:da:74:ce:97:86:42:cf:df:97:6d:
                    48:70:d0:40:89:37:58:0f:c8:8a:ef:2d:15:b5:f8:
                    2b:e4:72:76:5e:e0:8e:da:50:29:66:00:65:2e:64:
                    d3:5d:38:b8:0d:fc:53:4f:6a:db:0b:d5:e2:b2:87:
                    6e:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:74:B4:7B:61:91:F5:63:BD:B6:DE:4A:A0:65:BE:FF:AE:10:1F:0D
            X509v3 Authority Key Identifier:
                keyid:ED:BE:73:AB:27:30:F3:4E:94:F1:20:E9:BF:C5:5A:F4:40:53:69:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b5zqycw806U8SDpv8Va9EBTafY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/127fb3-7d87-468b-94d2-2f9059c4f3a5/1/mXS0e2GR9WO9tt5KoGW-_64QHw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/127fb3-7d87-468b-94d2-2f9059c4f3a5/1/7b5zqycw806U8SDpv8Va9EBTafY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d34::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:e2:bb:a2:de:65:a5:87:77:d5:ce:22:3e:8d:36:cb:f5:d1:
         39:24:1d:2d:b1:70:67:27:c4:9f:21:fb:c1:42:33:7c:7b:f2:
         2a:ae:71:87:60:46:8e:54:68:c3:1d:60:6c:8e:8a:18:64:08:
         dc:e2:e6:f4:f5:00:dd:1c:e5:d6:b0:d4:f1:64:29:f9:b0:1b:
         63:46:22:9b:a2:95:82:34:f7:d7:1f:da:3d:c3:9a:0a:44:01:
         28:b5:1d:32:e1:93:dd:89:c3:91:9d:bb:f3:37:80:4e:a3:cb:
         29:43:8c:7b:2c:95:0f:f9:4a:63:40:62:75:f8:85:ca:45:f5:
         d3:e6:99:1b:23:20:34:2b:47:b4:50:f9:3e:4d:c1:e0:2a:0e:
         18:20:f0:ce:fa:49:cb:20:5d:24:2b:9d:4b:59:23:f9:b1:2b:
         08:b6:f0:2a:8c:5c:20:89:f0:64:63:ca:6a:87:d1:99:b8:d4:
         56:a6:dc:ec:5c:39:9a:63:67:08:0a:53:79:ae:5b:4b:86:ac:
         13:60:31:86:bb:c9:91:24:2d:00:78:42:db:9a:09:cc:04:a7:
         2d:a8:ea:4b:4b:0c:9d:f4:51:8c:3e:06:5d:84:e7:1e:be:88:
         dd:9a:3f:52:be:e1:c0:fe:c3:d8:6b:f8:fd:37:c8:8b:28:7c:
         e1:f4:d7:fc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZFQKXO4kWmctPjYu+D934IYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkYmU3M2FiMjczMGYzNGU5NGYxMjBlOWJmYzU1YWY0NDA1
MzY5ZjYwHhcNMjQwODE0MDkxMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTc0YjQ3YjYxOTFmNTYzYmRiNmRlNGFhMDY1YmVmZmFlMTAxZjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQdy1xy31ay/1AwaQ5rd+eto1L4F
0DuSkWIMC38O0tdoZXTYXH6LvahrxD9Fqpd9IyFL6LUvzPnHJUr1ORVK0FhB5tlp
AQ4uVHiyJL37kWJeSLsCZM/baeHSAy5E6nVjBjOzQZQ4iFZzKi9pHa/u6i+bM7d5
K5vadD0+rqCt/2kOWqKuGvEriWslA1CgXWMmfXD3rafJD0TMk+k8CIZMUooCQgxx
NeYK7SgOd0aCwmGGnOVPRc21THis5K3jcwGDuw1TVQkaR9p0zpeGQs/fl21IcNBA
iTdYD8iK7y0Vtfgr5HJ2XuCO2lApZgBlLmTTXTi4DfxTT2rbC9XisoduLwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJl0tHthkfVjvbbeSqBlvv+uEB8NMB8GA1UdIwQY
MBaAFO2+c6snMPNOlPEg6b/FWvRAU2n2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2I1enF5Y3c4MDZVOFNEcHY4VmE5RUJUYWZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8xMjdmYjMtN2Q4Ny00NjhiLTk0ZDIt
MmY5MDU5YzRmM2E1LzEvbVhTMGUyR1I5V085dHQ1S29HVy1fNjRRSHcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8xMjdmYjMtN2Q4Ny00NjhiLTk0ZDItMmY5MDU5YzRmM2E1
LzEvN2I1enF5Y3c4MDZVOFNEcHY4VmE5RUJUYWZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA00
MA0GCSqGSIb3DQEBCwUAA4IBAQCc4rui3mWlh3fVziI+jTbL9dE5JB0tsXBnJ8Sf
IfvBQjN8e/IqrnGHYEaOVGjDHWBsjooYZAjc4ub09QDdHOXWsNTxZCn5sBtjRiKb
opWCNPfXH9o9w5oKRAEotR0y4ZPdicORnbvzN4BOo8spQ4x7LJUP+UpjQGJ1+IXK
RfXT5pkbIyA0K0e0UPk+TcHgKg4YIPDO+knLIF0kK51LWSP5sSsItvAqjFwgifBk
Y8pqh9GZuNRWptzsXDmaY2cIClN5rltLhqwTYDGGu8mRJC0AeELbmgnMBKctqOpL
Swyd9FGMPgZdhOcevojdmj9SvuHA/sPYa/j9N8iLKHzh9Nf8
-----END CERTIFICATE-----