Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/4df969-57a6-45f7-8082-5ebde8b8ce1d/1/ia7WlMCtWsawTPgbi6dV170BmWo.roa
File:                     ia7WlMCtWsawTPgbi6dV170BmWo.roa (raw, json)
Hash identifier:          zRJtMHKkRwd5YCr1iTPTlQRiomhQhgOkbyCykd1/N/A=
Subject key identifier:   89:AE:D6:94:C0:AD:5A:C6:B0:4C:F8:1B:8B:A7:55:D7:BD:01:99:6A
Certificate issuer:       /CN=b25a5a43bd2384f892d265e558b4411e8b232b55
Certificate serial:       018CC5DC35715898141C111A7FE4864A3048
Authority key identifier: B2:5A:5A:43:BD:23:84:F8:92:D2:65:E5:58:B4:41:1E:8B:23:2B:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/slpaQ70jhPiS0mXlWLRBHosjK1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/4df969-57a6-45f7-8082-5ebde8b8ce1d/1/ia7WlMCtWsawTPgbi6dV170BmWo.roa
Signing time:             Mon 01 Jan 2024 16:29:52 +0000
ROA not before:           Mon 01 Jan 2024 16:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51861
IP address blocks:        2001:67c:374::/48 maxlen: 48
                          2001:67c:374:4000::/50 maxlen: 50

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/4df969-57a6-45f7-8082-5ebde8b8ce1d/1/slpaQ70jhPiS0mXlWLRBHosjK1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/4df969-57a6-45f7-8082-5ebde8b8ce1d/1/slpaQ70jhPiS0mXlWLRBHosjK1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/slpaQ70jhPiS0mXlWLRBHosjK1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:35:71:58:98:14:1c:11:1a:7f:e4:86:4a:30:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b25a5a43bd2384f892d265e558b4411e8b232b55
        Validity
            Not Before: Jan  1 16:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89aed694c0ad5ac6b04cf81b8ba755d7bd01996a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:da:26:2b:99:e3:d3:30:7a:a3:c5:13:18:3c:
                    f9:de:c0:fe:b6:07:96:22:91:8c:a5:5c:55:91:fd:
                    8b:d5:0f:13:94:63:45:d1:38:0b:5a:4d:15:70:e1:
                    1e:99:c6:a1:b6:f1:1e:99:8b:93:ff:13:7c:37:be:
                    be:85:ae:60:44:45:da:ff:c8:0b:57:58:a0:44:ee:
                    a4:de:b0:77:43:50:1a:cc:5b:c6:65:da:0f:ea:eb:
                    f6:4d:95:47:a8:ec:28:65:71:7a:6a:01:a0:28:1a:
                    d4:03:89:c4:cf:6f:09:76:5e:68:a8:6e:ae:3b:65:
                    24:0b:9f:82:16:3a:57:f3:75:e4:f3:e4:32:a0:75:
                    c5:9b:f9:fe:8b:c5:a0:91:ab:72:2c:30:90:a2:81:
                    22:66:84:2f:2a:1c:a5:bd:b5:02:a4:94:b7:f8:5a:
                    f1:dd:6f:b6:b7:2a:e0:f8:90:da:a1:eb:15:51:68:
                    b4:7c:b9:43:93:08:57:37:1f:ea:fe:34:33:26:d0:
                    42:e4:65:b4:f1:91:2c:6b:02:e0:b4:55:06:64:77:
                    12:68:cf:4e:c4:f2:11:d8:1c:43:54:69:78:da:7c:
                    12:ca:10:2e:dd:3e:8f:3b:d8:37:02:e3:cb:44:d1:
                    83:8b:25:95:f8:5a:dd:3f:e4:9a:2f:72:74:ad:84:
                    d1:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:AE:D6:94:C0:AD:5A:C6:B0:4C:F8:1B:8B:A7:55:D7:BD:01:99:6A
            X509v3 Authority Key Identifier:
                keyid:B2:5A:5A:43:BD:23:84:F8:92:D2:65:E5:58:B4:41:1E:8B:23:2B:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/slpaQ70jhPiS0mXlWLRBHosjK1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/4df969-57a6-45f7-8082-5ebde8b8ce1d/1/ia7WlMCtWsawTPgbi6dV170BmWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/4df969-57a6-45f7-8082-5ebde8b8ce1d/1/slpaQ70jhPiS0mXlWLRBHosjK1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:374::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:63:6e:e1:74:41:ee:ac:24:ea:71:05:9f:2c:c8:6b:eb:56:
         5f:78:6c:e1:26:10:ad:8c:1c:0b:24:7f:69:11:0c:d8:6d:8c:
         32:7c:78:c4:b9:66:be:49:9e:83:9d:3d:03:0a:51:87:a8:b7:
         f4:7c:97:52:c9:ce:75:5a:c6:7e:17:9a:40:11:a6:d4:7a:83:
         09:d6:a6:54:54:aa:5c:9c:86:62:b6:4d:5f:f7:78:c0:81:8e:
         72:ac:bc:1d:14:ec:ea:e6:3a:3f:fd:7e:ec:79:ef:09:35:4e:
         c2:26:90:b0:41:40:69:af:ad:95:83:33:9b:7a:d1:59:44:18:
         4d:c4:14:85:ef:16:60:03:35:f2:fc:4c:95:52:24:c1:c6:4d:
         06:54:ac:4b:3c:51:14:7b:d7:b4:0f:66:bb:02:9a:60:db:ca:
         10:74:ec:d1:08:fd:48:7a:ce:23:e4:09:29:31:16:53:88:53:
         56:eb:16:70:9b:3c:ca:cd:42:7f:6a:c2:49:51:99:9c:98:d3:
         b4:6d:7a:28:69:e6:71:03:75:9f:9e:07:7b:d0:bc:c2:ec:ea:
         a6:fa:45:11:38:7f:51:65:3b:bc:48:d9:c1:d6:8f:65:99:23:
         ed:09:a8:08:e7:db:95:a8:07:68:ec:f4:07:5e:09:0a:8e:98:
         69:38:3f:70
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3DVxWJgUHBEaf+SGSjBIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNWE1YTQzYmQyMzg0Zjg5MmQyNjVlNTU4YjQ0MTFlOGIy
MzJiNTUwHhcNMjQwMTAxMTYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWFlZDY5NGMwYWQ1YWM2YjA0Y2Y4MWI4YmE3NTVkN2JkMDE5OTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtomK5nj0zB6o8UTGDz53sD+tgeW
IpGMpVxVkf2L1Q8TlGNF0TgLWk0VcOEemcahtvEemYuT/xN8N76+ha5gREXa/8gL
V1igRO6k3rB3Q1AazFvGZdoP6uv2TZVHqOwoZXF6agGgKBrUA4nEz28Jdl5oqG6u
O2UkC5+CFjpX83Xk8+QyoHXFm/n+i8WgkatyLDCQooEiZoQvKhylvbUCpJS3+Frx
3W+2tyrg+JDaoesVUWi0fLlDkwhXNx/q/jQzJtBC5GW08ZEsawLgtFUGZHcSaM9O
xPIR2BxDVGl42nwSyhAu3T6PO9g3AuPLRNGDiyWV+FrdP+SaL3J0rYTRMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFImu1pTArVrGsEz4G4unVde9AZlqMB8GA1UdIwQY
MBaAFLJaWkO9I4T4ktJl5Vi0QR6LIytVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2xwYVE3MGpoUGlTMG1YbFdMUkJIb3NqSzFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS80ZGY5NjktNTdhNi00NWY3LTgwODIt
NWViZGU4YjhjZTFkLzEvaWE3V2xNQ3RXc2F3VFBnYmk2ZFYxNzBCbVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS80ZGY5NjktNTdhNi00NWY3LTgwODItNWViZGU4YjhjZTFk
LzEvc2xwYVE3MGpoUGlTMG1YbFdMUkJIb3NqSzFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAN0
MA0GCSqGSIb3DQEBCwUAA4IBAQAgY27hdEHurCTqcQWfLMhr61ZfeGzhJhCtjBwL
JH9pEQzYbYwyfHjEuWa+SZ6DnT0DClGHqLf0fJdSyc51WsZ+F5pAEabUeoMJ1qZU
VKpcnIZitk1f93jAgY5yrLwdFOzq5jo//X7see8JNU7CJpCwQUBpr62VgzObetFZ
RBhNxBSF7xZgAzXy/EyVUiTBxk0GVKxLPFEUe9e0D2a7Appg28oQdOzRCP1Ies4j
5AkpMRZTiFNW6xZwmzzKzUJ/asJJUZmcmNO0bXooaeZxA3Wfngd70LzC7Oqm+kUR
OH9RZTu8SNnB1o9lmSPtCagI59uVqAdo7PQHXgkKjphpOD9w
-----END CERTIFICATE-----