Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/852cfd-d592-4c2d-94cf-b9ca7555c2c5/1/5gvCIZSJlUxGQWrlwO1eWd6pBCM.roa
File:                     5gvCIZSJlUxGQWrlwO1eWd6pBCM.roa (raw, json)
Hash identifier:          zXLo9l4Gg2uAiMyqQz3Vxae2/WG7YV5YzMihBW0aGk8=
Subject key identifier:   E6:0B:C2:21:94:89:95:4C:46:41:6A:E5:C0:ED:5E:59:DE:A9:04:23
Certificate issuer:       /CN=931e3c8de0add9da95cf44d89f50bfde7ae19a57
Certificate serial:       018CC500D5790CFF4B372F94211C2102C0D8
Authority key identifier: 93:1E:3C:8D:E0:AD:D9:DA:95:CF:44:D8:9F:50:BF:DE:7A:E1:9A:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kx48jeCt2dqVz0TYn1C_3nrhmlc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/852cfd-d592-4c2d-94cf-b9ca7555c2c5/1/5gvCIZSJlUxGQWrlwO1eWd6pBCM.roa
Signing time:             Mon 01 Jan 2024 12:30:15 +0000
ROA not before:           Mon 01 Jan 2024 12:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196960
IP address blocks:        2001:67c:268::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/852cfd-d592-4c2d-94cf-b9ca7555c2c5/1/kx48jeCt2dqVz0TYn1C_3nrhmlc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/852cfd-d592-4c2d-94cf-b9ca7555c2c5/1/kx48jeCt2dqVz0TYn1C_3nrhmlc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kx48jeCt2dqVz0TYn1C_3nrhmlc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:d5:79:0c:ff:4b:37:2f:94:21:1c:21:02:c0:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=931e3c8de0add9da95cf44d89f50bfde7ae19a57
        Validity
            Not Before: Jan  1 12:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e60bc2219489954c46416ae5c0ed5e59dea90423
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:7d:56:dc:27:9c:ed:a7:54:b7:8a:9b:43:53:
                    e8:5f:ca:0c:1e:a0:28:eb:78:06:4f:0b:a3:24:b9:
                    fb:80:7a:7f:d8:32:09:76:7e:c7:16:8d:c4:5b:09:
                    86:fe:f4:03:ff:be:33:dd:6e:d8:2b:2f:9a:c1:64:
                    08:dc:ca:92:c0:fd:fb:0c:55:ec:e2:29:71:79:b9:
                    92:1e:01:e5:b7:53:0c:e8:d1:cf:cd:49:4e:1b:78:
                    49:e7:8e:38:d6:91:34:27:e6:ed:01:c5:0a:18:b0:
                    84:ca:de:52:0e:17:a9:56:da:50:ef:c6:24:16:f2:
                    ae:55:a7:65:43:c8:da:d5:be:b6:10:1a:d8:41:05:
                    53:b9:d0:00:43:9c:69:6b:1c:9e:43:fc:1c:73:f8:
                    e9:20:95:d7:63:ee:9d:33:65:64:45:9e:bf:b6:42:
                    4d:40:34:a0:58:6a:96:e9:88:f1:28:f1:09:4b:bf:
                    65:b5:f2:40:34:e9:55:bb:8d:15:19:ff:24:25:ed:
                    22:8b:f8:b8:4a:37:42:30:5f:a3:c1:6c:14:cd:6a:
                    30:ad:7d:ca:50:1a:fc:6d:bc:42:bf:50:96:e4:cb:
                    6f:e2:7d:af:5a:6d:5d:0a:17:92:45:d0:fc:12:2a:
                    d2:c8:e6:30:97:00:d2:c1:72:93:b7:f5:d1:70:d3:
                    f5:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:0B:C2:21:94:89:95:4C:46:41:6A:E5:C0:ED:5E:59:DE:A9:04:23
            X509v3 Authority Key Identifier:
                keyid:93:1E:3C:8D:E0:AD:D9:DA:95:CF:44:D8:9F:50:BF:DE:7A:E1:9A:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kx48jeCt2dqVz0TYn1C_3nrhmlc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/852cfd-d592-4c2d-94cf-b9ca7555c2c5/1/5gvCIZSJlUxGQWrlwO1eWd6pBCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/852cfd-d592-4c2d-94cf-b9ca7555c2c5/1/kx48jeCt2dqVz0TYn1C_3nrhmlc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:268::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:9f:af:38:87:9a:3a:07:65:d6:40:f2:4d:36:77:de:1b:82:
         6e:9b:83:60:d8:6e:04:be:9c:33:1f:ef:32:41:1f:28:f6:de:
         28:e8:37:f9:9d:52:2c:b7:66:ba:e7:72:13:00:6c:e7:d3:e3:
         8f:c8:a0:1f:f0:50:89:a7:64:f0:c4:61:66:87:37:24:ff:ee:
         54:e0:da:53:76:c1:7c:13:65:0f:00:6e:28:17:8d:27:a9:4b:
         52:5e:34:0a:7f:fd:64:69:b8:db:5c:75:e8:1c:d5:09:4c:49:
         0d:85:1c:07:a5:8d:8b:62:67:c5:b6:1c:da:6e:86:cd:98:63:
         29:43:11:90:0e:c6:28:7c:04:41:3e:cf:c8:58:77:4c:49:9a:
         21:ad:6d:80:cf:26:45:c2:af:68:c3:aa:f2:60:44:1d:9f:5a:
         4d:fb:33:d7:73:fe:32:9e:bd:c4:37:6e:62:98:12:f8:78:05:
         ad:27:52:b8:ce:9c:42:27:74:ae:8e:0d:8a:11:d6:20:2c:47:
         1e:d4:87:62:d3:f9:14:27:4a:8e:d4:fc:5b:d0:53:8f:29:3e:
         0e:2b:8c:90:da:9e:af:d4:92:38:47:ac:61:dc:ec:3d:c7:5c:
         b6:c2:80:87:c2:fa:b2:55:a2:30:d3:1c:ed:47:d3:a7:3b:60:
         df:33:ad:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFANV5DP9LNy+UIRwhAsDYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMWUzYzhkZTBhZGQ5ZGE5NWNmNDRkODlmNTBiZmRlN2Fl
MTlhNTcwHhcNMjQwMTAxMTIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjBiYzIyMTk0ODk5NTRjNDY0MTZhZTVjMGVkNWU1OWRlYTkwNDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAon1W3Cec7adUt4qbQ1PoX8oMHqAo
63gGTwujJLn7gHp/2DIJdn7HFo3EWwmG/vQD/74z3W7YKy+awWQI3MqSwP37DFXs
4ilxebmSHgHlt1MM6NHPzUlOG3hJ54441pE0J+btAcUKGLCEyt5SDhepVtpQ78Yk
FvKuVadlQ8ja1b62EBrYQQVTudAAQ5xpaxyeQ/wcc/jpIJXXY+6dM2VkRZ6/tkJN
QDSgWGqW6YjxKPEJS79ltfJANOlVu40VGf8kJe0ii/i4SjdCMF+jwWwUzWowrX3K
UBr8bbxCv1CW5Mtv4n2vWm1dCheSRdD8EirSyOYwlwDSwXKTt/XRcNP1WwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOYLwiGUiZVMRkFq5cDtXlneqQQjMB8GA1UdIwQY
MBaAFJMePI3grdnalc9E2J9Qv9564ZpXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3g0OGplQ3QyZHFWejBUWW4xQ18zbnJobWxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi84NTJjZmQtZDU5Mi00YzJkLTk0Y2Yt
YjljYTc1NTVjMmM1LzEvNWd2Q0laU0psVXhHUVdybHdPMWVXZDZwQkNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi84NTJjZmQtZDU5Mi00YzJkLTk0Y2YtYjljYTc1NTVjMmM1
LzEva3g0OGplQ3QyZHFWejBUWW4xQ18zbnJobWxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAJo
MA0GCSqGSIb3DQEBCwUAA4IBAQCWn684h5o6B2XWQPJNNnfeG4Jum4Ng2G4Evpwz
H+8yQR8o9t4o6Df5nVIst2a653ITAGzn0+OPyKAf8FCJp2TwxGFmhzck/+5U4NpT
dsF8E2UPAG4oF40nqUtSXjQKf/1kabjbXHXoHNUJTEkNhRwHpY2LYmfFthzabobN
mGMpQxGQDsYofARBPs/IWHdMSZohrW2AzyZFwq9ow6ryYEQdn1pN+zPXc/4ynr3E
N25imBL4eAWtJ1K4zpxCJ3Sujg2KEdYgLEce1Idi0/kUJ0qO1Pxb0FOPKT4OK4yQ
2p6v1JI4R6xh3Ow9x1y2woCHwvqyVaIw0xztR9OnO2DfM63k
-----END CERTIFICATE-----