Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/8cc47f-0265-407c-ba45-05d7bd4a741d/1/5jVM-ITIBVTAx1quZ2Yy9bs_65k.roa
File:                     5jVM-ITIBVTAx1quZ2Yy9bs_65k.roa (raw, json)
Hash identifier:          geMPX6gtC3cBDABcUXby65S/C0HP76fPRoY1XgCW7K0=
Subject key identifier:   E6:35:4C:F8:84:C8:05:54:C0:C7:5A:AE:67:66:32:F5:BB:3F:EB:99
Certificate issuer:       /CN=bc184d30d1fd2fde50bea6f70fe2dbe20518a03e
Certificate serial:       018FA596022D2B6FC66965BCFBA82206C1FF
Authority key identifier: BC:18:4D:30:D1:FD:2F:DE:50:BE:A6:F7:0F:E2:DB:E2:05:18:A0:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vBhNMNH9L95Qvqb3D-Lb4gUYoD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/8cc47f-0265-407c-ba45-05d7bd4a741d/1/5jVM-ITIBVTAx1quZ2Yy9bs_65k.roa
Signing time:             Thu 23 May 2024 13:13:42 +0000
ROA not before:           Thu 23 May 2024 13:13:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        2001:67c:2dc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/8cc47f-0265-407c-ba45-05d7bd4a741d/1/vBhNMNH9L95Qvqb3D-Lb4gUYoD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/8cc47f-0265-407c-ba45-05d7bd4a741d/1/vBhNMNH9L95Qvqb3D-Lb4gUYoD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vBhNMNH9L95Qvqb3D-Lb4gUYoD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a5:96:02:2d:2b:6f:c6:69:65:bc:fb:a8:22:06:c1:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc184d30d1fd2fde50bea6f70fe2dbe20518a03e
        Validity
            Not Before: May 23 13:13:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6354cf884c80554c0c75aae676632f5bb3feb99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:17:42:86:b4:ed:41:c1:e3:cc:52:87:df:c5:
                    e4:61:22:b9:83:05:c7:d9:ab:f5:c8:6e:b2:7a:ee:
                    04:64:6a:29:8a:24:d5:54:38:b9:0d:d0:88:1f:d2:
                    5a:c2:e4:54:ac:08:8d:e5:fb:1e:01:c5:9a:9b:25:
                    da:3c:9e:16:bd:b1:55:ee:d7:9f:e3:da:0b:76:94:
                    d5:04:8c:91:8c:11:79:6c:ab:f8:63:f5:4b:22:6a:
                    9a:d4:1b:24:bb:4b:7e:a2:8c:18:39:3a:a6:df:a6:
                    92:df:f3:8c:2a:d3:14:a5:89:5e:1d:96:86:e0:cf:
                    d6:65:47:83:5f:42:62:fc:ff:e2:c7:c7:6e:31:f4:
                    8d:2d:af:3d:8c:96:1d:b4:5e:99:c8:d6:0d:c0:9e:
                    b8:8b:59:df:c4:d9:57:b2:02:e9:a5:97:9d:52:86:
                    f3:dd:2f:58:72:bb:5b:cc:be:d7:b2:58:84:4e:b9:
                    1b:64:70:4b:9a:d4:89:e5:b0:1c:bb:12:26:20:7e:
                    c6:93:ba:bf:38:df:8f:ed:5a:ef:45:2f:67:f9:ce:
                    2f:df:8c:df:69:d9:2b:b3:80:af:6d:43:86:38:3f:
                    61:c7:24:70:da:4d:80:a1:23:41:51:e9:40:ae:7f:
                    19:94:59:54:dd:a0:33:bb:c6:2e:4e:61:9d:16:95:
                    25:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:35:4C:F8:84:C8:05:54:C0:C7:5A:AE:67:66:32:F5:BB:3F:EB:99
            X509v3 Authority Key Identifier:
                keyid:BC:18:4D:30:D1:FD:2F:DE:50:BE:A6:F7:0F:E2:DB:E2:05:18:A0:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vBhNMNH9L95Qvqb3D-Lb4gUYoD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/8cc47f-0265-407c-ba45-05d7bd4a741d/1/5jVM-ITIBVTAx1quZ2Yy9bs_65k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/8cc47f-0265-407c-ba45-05d7bd4a741d/1/vBhNMNH9L95Qvqb3D-Lb4gUYoD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2dc::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:37:67:f6:9b:6f:2c:1f:1c:5b:0b:c9:66:64:66:13:27:b0:
         32:29:a4:eb:51:e6:0b:20:ca:0f:b7:e4:6a:8b:ed:0c:0b:e0:
         be:e6:7f:88:2c:ca:19:30:55:4b:ba:d2:81:31:fc:bc:eb:31:
         fa:8a:c6:5e:cf:a1:fd:9c:6b:e3:f9:8e:71:9b:a2:0e:1b:1f:
         03:e0:0c:41:3e:8b:4d:60:ce:d7:8b:e1:0f:72:3c:86:9d:63:
         84:83:9d:95:a4:8c:e0:3d:1c:9b:ee:17:9e:7a:0a:57:26:a6:
         d7:a2:ad:8b:b0:f5:c5:06:b5:5e:f6:51:08:26:8e:43:34:78:
         56:04:eb:28:16:3b:de:88:9e:35:20:d7:5d:d2:87:ef:c1:c0:
         6b:b0:17:80:ac:b8:d6:64:0d:1e:30:a2:5a:50:3c:a4:48:7f:
         fc:2c:35:6a:20:0e:17:ce:41:03:42:7a:0d:5c:3c:05:44:51:
         4b:38:a3:33:26:9a:43:27:cb:e3:fc:e2:77:63:05:c0:3f:a0:
         df:99:92:4d:3f:32:5b:cc:40:a1:ef:61:39:71:ea:db:25:d1:
         46:1d:e6:c2:c7:9d:5a:3f:b1:27:57:e6:e0:0d:a8:4f:a4:6c:
         47:18:3e:4d:2b:cf:fc:45:9c:f3:a5:eb:61:4f:7f:7b:85:26:
         24:84:64:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY+llgItK2/GaWW8+6giBsH/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjMTg0ZDMwZDFmZDJmZGU1MGJlYTZmNzBmZTJkYmUyMDUx
OGEwM2UwHhcNMjQwNTIzMTMxMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjM1NGNmODg0YzgwNTU0YzBjNzVhYWU2NzY2MzJmNWJiM2ZlYjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxdChrTtQcHjzFKH38XkYSK5gwXH
2av1yG6yeu4EZGopiiTVVDi5DdCIH9JawuRUrAiN5fseAcWamyXaPJ4WvbFV7tef
49oLdpTVBIyRjBF5bKv4Y/VLImqa1Bsku0t+oowYOTqm36aS3/OMKtMUpYleHZaG
4M/WZUeDX0Ji/P/ix8duMfSNLa89jJYdtF6ZyNYNwJ64i1nfxNlXsgLppZedUobz
3S9YcrtbzL7XsliETrkbZHBLmtSJ5bAcuxImIH7Gk7q/ON+P7VrvRS9n+c4v34zf
adkrs4CvbUOGOD9hxyRw2k2AoSNBUelArn8ZlFlU3aAzu8YuTmGdFpUl6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOY1TPiEyAVUwMdarmdmMvW7P+uZMB8GA1UdIwQY
MBaAFLwYTTDR/S/eUL6m9w/i2+IFGKA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkJoTk1OSDlMOTVRdnFiM0QtTGI0Z1VZb0Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC84Y2M0N2YtMDI2NS00MDdjLWJhNDUt
MDVkN2JkNGE3NDFkLzEvNWpWTS1JVElCVlRBeDFxdVoyWXk5YnNfNjVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC84Y2M0N2YtMDI2NS00MDdjLWJhNDUtMDVkN2JkNGE3NDFk
LzEvdkJoTk1OSDlMOTVRdnFiM0QtTGI0Z1VZb0Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfALc
MA0GCSqGSIb3DQEBCwUAA4IBAQBWN2f2m28sHxxbC8lmZGYTJ7AyKaTrUeYLIMoP
t+Rqi+0MC+C+5n+ILMoZMFVLutKBMfy86zH6isZez6H9nGvj+Y5xm6IOGx8D4AxB
PotNYM7Xi+EPcjyGnWOEg52VpIzgPRyb7heeegpXJqbXoq2LsPXFBrVe9lEIJo5D
NHhWBOsoFjveiJ41INdd0ofvwcBrsBeArLjWZA0eMKJaUDykSH/8LDVqIA4XzkED
QnoNXDwFRFFLOKMzJppDJ8vj/OJ3YwXAP6DfmZJNPzJbzECh72E5cerbJdFGHebC
x51aP7EnV+bgDahPpGxHGD5NK8/8RZzzpethT397hSYkhGSY
-----END CERTIFICATE-----