Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/a16ea5-3867-4406-9f2a-a4944e9625c0/1/ri7gvn6JVD4kRWEpsdz9fU7qEoU.roa
File:                     ri7gvn6JVD4kRWEpsdz9fU7qEoU.roa (raw, json)
Hash identifier:          9+XL2SkTYCs53ndW3uOfZlUbkSKoBlSHhXfgVltZeQI=
Subject key identifier:   AE:2E:E0:BE:7E:89:54:3E:24:45:61:29:B1:DC:FD:7D:4E:EA:12:85
Certificate issuer:       /CN=61106d2dff7116f35ab7fa10275a45e383bce523
Certificate serial:       018CC42554B4C196EB58EADE5E594323053E
Authority key identifier: 61:10:6D:2D:FF:71:16:F3:5A:B7:FA:10:27:5A:45:E3:83:BC:E5:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YRBtLf9xFvNat_oQJ1pF44O85SM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/a16ea5-3867-4406-9f2a-a4944e9625c0/1/ri7gvn6JVD4kRWEpsdz9fU7qEoU.roa
Signing time:             Mon 01 Jan 2024 08:30:29 +0000
ROA not before:           Mon 01 Jan 2024 08:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1836
IP address blocks:        2001:67c:1300::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/a16ea5-3867-4406-9f2a-a4944e9625c0/1/YRBtLf9xFvNat_oQJ1pF44O85SM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/a16ea5-3867-4406-9f2a-a4944e9625c0/1/YRBtLf9xFvNat_oQJ1pF44O85SM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YRBtLf9xFvNat_oQJ1pF44O85SM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:54:b4:c1:96:eb:58:ea:de:5e:59:43:23:05:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61106d2dff7116f35ab7fa10275a45e383bce523
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae2ee0be7e89543e24456129b1dcfd7d4eea1285
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:a7:93:b1:bd:5b:9d:83:c9:57:d4:4b:79:c5:
                    68:b2:bf:40:02:2a:36:26:db:ba:2b:43:eb:c5:4b:
                    b6:32:ba:bd:c0:40:31:d6:9b:be:90:d0:f5:f8:73:
                    98:67:c1:0a:81:ac:44:f4:b3:1c:cc:e6:b9:6c:1e:
                    ce:65:30:1b:20:1b:46:cf:d8:02:3e:7d:3c:39:50:
                    89:3b:1c:bc:d1:8f:0f:89:59:2e:1c:8b:4b:2f:71:
                    1b:9a:bf:93:e9:84:86:0e:b5:bd:a0:42:1e:be:44:
                    63:22:ef:dc:b4:ed:c5:8c:11:22:1a:f6:03:95:46:
                    1c:8f:69:47:37:90:63:cd:fd:c4:a4:e6:ad:d8:18:
                    48:32:44:07:6c:5a:1a:06:09:f3:b1:f6:8b:00:26:
                    15:cf:fa:78:4e:77:ef:d5:8b:14:10:ce:a4:b8:0b:
                    14:ed:1f:7e:bf:e6:66:fe:18:53:38:ad:94:85:2f:
                    b3:c7:2b:eb:7d:36:07:d5:ea:0f:23:07:9e:30:1f:
                    ad:d8:f4:79:d5:f6:84:61:38:a1:a4:ac:11:cd:52:
                    b0:0f:4c:d3:46:06:5f:f0:c5:22:02:bf:89:12:d1:
                    7a:5a:f3:f8:a9:9d:34:cf:e5:5a:f2:f0:01:55:42:
                    b7:4e:d7:9c:fd:97:cb:71:ae:71:67:63:03:f7:c2:
                    c6:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:2E:E0:BE:7E:89:54:3E:24:45:61:29:B1:DC:FD:7D:4E:EA:12:85
            X509v3 Authority Key Identifier:
                keyid:61:10:6D:2D:FF:71:16:F3:5A:B7:FA:10:27:5A:45:E3:83:BC:E5:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YRBtLf9xFvNat_oQJ1pF44O85SM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/a16ea5-3867-4406-9f2a-a4944e9625c0/1/ri7gvn6JVD4kRWEpsdz9fU7qEoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/a16ea5-3867-4406-9f2a-a4944e9625c0/1/YRBtLf9xFvNat_oQJ1pF44O85SM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1300::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:f6:41:26:2b:e7:e7:e4:31:83:53:6b:44:7f:86:54:3c:ad:
         55:6c:a2:74:0d:5d:71:c0:bf:f8:ac:f6:1d:40:c1:9e:6a:59:
         fa:06:90:36:9e:ea:b8:10:09:64:e4:be:65:a0:4e:66:50:0d:
         4b:e2:d0:6b:32:d7:d2:5e:39:9e:33:bc:2b:b4:03:60:f1:ac:
         05:a5:db:97:24:6e:4c:4b:bf:75:0a:f1:91:22:a1:6a:4e:fe:
         79:c1:cc:17:28:af:48:58:ef:b2:68:63:9d:ab:a7:ff:73:ea:
         e6:e8:8b:84:bb:bd:59:f3:99:f7:0e:42:f8:24:fa:89:29:0a:
         f8:9b:ed:3f:ef:f0:37:e0:60:7e:60:79:08:4e:8f:61:36:3b:
         25:0e:95:e3:6f:e7:92:9d:6b:e9:1e:1a:6f:e1:84:5a:3a:fb:
         20:47:0b:2e:25:7c:36:67:76:90:12:3d:ab:74:1c:b8:77:5e:
         df:c3:40:77:05:0a:ec:99:fc:65:82:19:ac:db:92:47:0d:e4:
         25:f0:0f:7a:9f:5c:6d:4b:6e:35:36:a4:4e:e6:70:47:7e:a0:
         06:fe:58:0f:89:24:ee:c7:99:b0:b5:18:06:c1:24:38:46:e7:
         45:e0:49:89:d4:f6:4c:2e:20:5f:9c:97:0f:40:c1:09:49:b5:
         d4:0c:37:4d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJVS0wZbrWOreXllDIwU+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxMTA2ZDJkZmY3MTE2ZjM1YWI3ZmExMDI3NWE0NWUzODNi
Y2U1MjMwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTJlZTBiZTdlODk1NDNlMjQ0NTYxMjliMWRjZmQ3ZDRlZWExMjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjKeTsb1bnYPJV9RLecVosr9AAio2
Jtu6K0PrxUu2Mrq9wEAx1pu+kND1+HOYZ8EKgaxE9LMczOa5bB7OZTAbIBtGz9gC
Pn08OVCJOxy80Y8PiVkuHItLL3Ebmr+T6YSGDrW9oEIevkRjIu/ctO3FjBEiGvYD
lUYcj2lHN5Bjzf3EpOat2BhIMkQHbFoaBgnzsfaLACYVz/p4Tnfv1YsUEM6kuAsU
7R9+v+Zm/hhTOK2UhS+zxyvrfTYH1eoPIweeMB+t2PR51faEYTihpKwRzVKwD0zT
RgZf8MUiAr+JEtF6WvP4qZ00z+Va8vABVUK3Ttec/ZfLca5xZ2MD98LGxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK4u4L5+iVQ+JEVhKbHc/X1O6hKFMB8GA1UdIwQY
MBaAFGEQbS3/cRbzWrf6ECdaReODvOUjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVJCdExmOXhGdk5hdF9vUUoxcEY0NE84NVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hMTZlYTUtMzg2Ny00NDA2LTlmMmEt
YTQ5NDRlOTYyNWMwLzEvcmk3Z3ZuNkpWRDRrUldFcHNkejlmVTdxRW9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hMTZlYTUtMzg2Ny00NDA2LTlmMmEtYTQ5NDRlOTYyNWMw
LzEvWVJCdExmOXhGdk5hdF9vUUoxcEY0NE84NVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBMA
MA0GCSqGSIb3DQEBCwUAA4IBAQA59kEmK+fn5DGDU2tEf4ZUPK1VbKJ0DV1xwL/4
rPYdQMGealn6BpA2nuq4EAlk5L5loE5mUA1L4tBrMtfSXjmeM7wrtANg8awFpduX
JG5MS791CvGRIqFqTv55wcwXKK9IWO+yaGOdq6f/c+rm6IuEu71Z85n3DkL4JPqJ
KQr4m+0/7/A34GB+YHkITo9hNjslDpXjb+eSnWvpHhpv4YRaOvsgRwsuJXw2Z3aQ
Ej2rdBy4d17fw0B3BQrsmfxlghms25JHDeQl8A96n1xtS241NqRO5nBHfqAG/lgP
iSTux5mwtRgGwSQ4RudF4EmJ1PZMLiBfnJcPQMEJSbXUDDdN
-----END CERTIFICATE-----