Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/a3bd71-d34e-4c13-b95e-834b14362392/1/XioP7kA7aWxBuvpqTW82pU0_Zds.roa
File:                     XioP7kA7aWxBuvpqTW82pU0_Zds.roa (raw, json)
Hash identifier:          n5YrjIDePEWtmIWF5i8zL5CqMWy1O8nJd6uwlZQ2zCI=
Subject key identifier:   5E:2A:0F:EE:40:3B:69:6C:41:BA:FA:6A:4D:6F:36:A5:4D:3F:65:DB
Certificate issuer:       /CN=0e331e747add382925d6ca0db22a4daaeaa2d61f
Certificate serial:       018DACE0FABE286920CF217AB48C01A35436
Authority key identifier: 0E:33:1E:74:7A:DD:38:29:25:D6:CA:0D:B2:2A:4D:AA:EA:A2:D6:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DjMedHrdOCkl1soNsipNquqi1h8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/a3bd71-d34e-4c13-b95e-834b14362392/1/XioP7kA7aWxBuvpqTW82pU0_Zds.roa
Signing time:             Thu 15 Feb 2024 13:07:21 +0000
ROA not before:           Thu 15 Feb 2024 13:07:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215544
IP address blocks:        2001:67c:de0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/a3bd71-d34e-4c13-b95e-834b14362392/1/DjMedHrdOCkl1soNsipNquqi1h8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/a3bd71-d34e-4c13-b95e-834b14362392/1/DjMedHrdOCkl1soNsipNquqi1h8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DjMedHrdOCkl1soNsipNquqi1h8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:e0:fa:be:28:69:20:cf:21:7a:b4:8c:01:a3:54:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e331e747add382925d6ca0db22a4daaeaa2d61f
        Validity
            Not Before: Feb 15 13:07:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e2a0fee403b696c41bafa6a4d6f36a54d3f65db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:5e:98:de:dc:83:46:31:c1:7a:b5:5d:53:39:
                    cb:f0:02:f1:95:65:4c:9a:62:be:32:d4:01:da:7e:
                    1a:3b:0c:1f:b1:f2:62:c8:4d:68:4d:3d:c8:7e:99:
                    d5:d8:88:06:5f:19:5b:1e:18:ba:b8:74:47:8b:98:
                    1f:11:e1:4f:98:27:9d:b0:ba:9d:65:19:7e:8b:ba:
                    02:b0:b0:db:2f:33:9e:64:b5:40:05:3a:31:9d:46:
                    0f:5d:67:38:67:28:6c:c2:cd:ca:d5:12:d1:47:57:
                    b9:33:8c:0e:c2:6e:ba:7c:37:08:18:ab:7c:24:a9:
                    b0:29:b8:fa:7d:9e:f6:08:3f:02:01:de:7b:b8:a3:
                    17:19:e6:7f:f4:13:37:96:f9:29:d9:98:48:d4:5e:
                    1f:b2:00:dc:46:f7:79:24:63:58:4f:c3:13:e5:2e:
                    80:90:18:54:9f:99:05:b3:90:b0:7e:5d:3d:48:3b:
                    43:ef:44:15:35:7d:f5:17:4d:97:b5:20:4e:27:2b:
                    9b:93:70:06:31:d9:d5:65:53:bf:41:81:1f:c9:40:
                    64:ed:f3:96:5f:c5:28:b5:50:70:f9:5b:05:8e:ad:
                    2e:77:61:92:ac:76:f0:14:9a:1a:8e:5e:98:cf:b4:
                    9e:e8:e2:7f:69:22:1c:55:fe:b4:1f:37:83:1f:97:
                    9f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:2A:0F:EE:40:3B:69:6C:41:BA:FA:6A:4D:6F:36:A5:4D:3F:65:DB
            X509v3 Authority Key Identifier:
                keyid:0E:33:1E:74:7A:DD:38:29:25:D6:CA:0D:B2:2A:4D:AA:EA:A2:D6:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DjMedHrdOCkl1soNsipNquqi1h8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/a3bd71-d34e-4c13-b95e-834b14362392/1/XioP7kA7aWxBuvpqTW82pU0_Zds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/a3bd71-d34e-4c13-b95e-834b14362392/1/DjMedHrdOCkl1soNsipNquqi1h8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:de0::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:a0:d8:4b:13:9e:99:9f:78:d8:78:cc:e8:dc:37:e0:c6:67:
         61:01:5f:9c:24:ca:42:34:e2:72:e2:3e:1b:8b:0e:f7:56:24:
         15:d7:18:e6:1d:ca:5a:95:8d:4e:f5:67:4b:4d:e9:c5:f5:d4:
         0a:e8:5f:00:4a:f9:b3:d7:51:68:06:90:ff:45:bb:9c:f6:7b:
         20:d1:e4:a5:01:ba:30:9b:19:20:4e:cb:7f:e7:de:68:f7:d3:
         73:5e:c9:bb:ce:c2:65:0d:e9:e6:8a:1f:a3:3e:9d:b4:20:98:
         5a:b5:0f:d7:b3:8e:af:b0:de:29:a8:4e:2d:39:03:6b:a5:30:
         b5:9b:9c:38:c4:a2:f8:05:d4:0f:91:69:4b:22:66:1a:8d:fe:
         30:5f:30:c8:33:81:49:a9:a7:a3:33:28:94:9b:68:c7:35:a5:
         54:6b:08:0b:cc:36:46:b0:62:ca:c7:ce:31:47:5b:3f:6f:e6:
         0f:fa:c8:b8:ad:8e:89:a2:3c:4a:16:82:49:23:ef:87:5e:fd:
         95:f7:5d:73:f3:5d:8b:88:e0:eb:38:19:bb:91:8e:e4:79:de:
         97:b8:28:61:b6:43:a4:58:cc:54:93:19:bc:f1:01:86:f8:0a:
         e9:80:9f:bf:7f:c5:2e:98:5d:ba:3b:ca:f4:d5:36:2d:a2:8a:
         1a:9d:37:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2s4Pq+KGkgzyF6tIwBo1Q2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMzMxZTc0N2FkZDM4MjkyNWQ2Y2EwZGIyMmE0ZGFhZWFh
MmQ2MWYwHhcNMjQwMjE1MTMwNzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTJhMGZlZTQwM2I2OTZjNDFiYWZhNmE0ZDZmMzZhNTRkM2Y2NWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhF6Y3tyDRjHBerVdUznL8ALxlWVM
mmK+MtQB2n4aOwwfsfJiyE1oTT3IfpnV2IgGXxlbHhi6uHRHi5gfEeFPmCedsLqd
ZRl+i7oCsLDbLzOeZLVABToxnUYPXWc4Zyhsws3K1RLRR1e5M4wOwm66fDcIGKt8
JKmwKbj6fZ72CD8CAd57uKMXGeZ/9BM3lvkp2ZhI1F4fsgDcRvd5JGNYT8MT5S6A
kBhUn5kFs5Cwfl09SDtD70QVNX31F02XtSBOJyubk3AGMdnVZVO/QYEfyUBk7fOW
X8UotVBw+VsFjq0ud2GSrHbwFJoajl6Yz7Se6OJ/aSIcVf60HzeDH5efywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF4qD+5AO2lsQbr6ak1vNqVNP2XbMB8GA1UdIwQY
MBaAFA4zHnR63TgpJdbKDbIqTarqotYfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGpNZWRIcmRPQ2tsMXNvTnNpcE5xdXFpMWg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9hM2JkNzEtZDM0ZS00YzEzLWI5NWUt
ODM0YjE0MzYyMzkyLzEvWGlvUDdrQTdhV3hCdXZwcVRXODJwVTBfWmRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9hM2JkNzEtZDM0ZS00YzEzLWI5NWUtODM0YjE0MzYyMzky
LzEvRGpNZWRIcmRPQ2tsMXNvTnNpcE5xdXFpMWg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA3g
MA0GCSqGSIb3DQEBCwUAA4IBAQBFoNhLE56Zn3jYeMzo3DfgxmdhAV+cJMpCNOJy
4j4biw73ViQV1xjmHcpalY1O9WdLTenF9dQK6F8ASvmz11FoBpD/Rbuc9nsg0eSl
AbowmxkgTst/595o99NzXsm7zsJlDenmih+jPp20IJhatQ/Xs46vsN4pqE4tOQNr
pTC1m5w4xKL4BdQPkWlLImYajf4wXzDIM4FJqaejMyiUm2jHNaVUawgLzDZGsGLK
x84xR1s/b+YP+si4rY6JojxKFoJJI++HXv2V911z812LiODrOBm7kY7ked6XuChh
tkOkWMxUkxm88QGG+ArpgJ+/f8UumF26O8r01TYtoooanTcV
-----END CERTIFICATE-----