Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/cd2f41-59e0-4b8b-8206-bed55c47a578/1/unZQZgi0VsnG2ND5sq4TexiiXQg.roa
File:                     unZQZgi0VsnG2ND5sq4TexiiXQg.roa (raw, json)
Hash identifier:          Jn32CjA5LHOciX9Ns7L7NTRV0wJSPFg4yAlNiII76yg=
Subject key identifier:   BA:76:50:66:08:B4:56:C9:C6:D8:D0:F9:B2:AE:13:7B:18:A2:5D:08
Certificate issuer:       /CN=54718af6a36f66a91939364aafc86445ab8a6e0e
Certificate serial:       018CC64AE65FD0C58E9E6480ABF6326332A3
Authority key identifier: 54:71:8A:F6:A3:6F:66:A9:19:39:36:4A:AF:C8:64:45:AB:8A:6E:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VHGK9qNvZqkZOTZKr8hkRauKbg4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/cd2f41-59e0-4b8b-8206-bed55c47a578/1/unZQZgi0VsnG2ND5sq4TexiiXQg.roa
Signing time:             Mon 01 Jan 2024 18:30:46 +0000
ROA not before:           Mon 01 Jan 2024 18:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57763
IP address blocks:        2001:67c:2c2c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/cd2f41-59e0-4b8b-8206-bed55c47a578/1/VHGK9qNvZqkZOTZKr8hkRauKbg4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/cd2f41-59e0-4b8b-8206-bed55c47a578/1/VHGK9qNvZqkZOTZKr8hkRauKbg4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VHGK9qNvZqkZOTZKr8hkRauKbg4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e6:5f:d0:c5:8e:9e:64:80:ab:f6:32:63:32:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54718af6a36f66a91939364aafc86445ab8a6e0e
        Validity
            Not Before: Jan  1 18:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba76506608b456c9c6d8d0f9b2ae137b18a25d08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:54:9a:78:0f:f7:75:26:a7:e9:95:54:b7:67:
                    2a:7e:d3:36:69:32:4c:cf:44:fe:96:22:3b:19:d8:
                    87:9b:20:4e:d2:77:e2:dc:71:7e:48:f1:46:64:9b:
                    b7:e2:22:6d:05:f1:7f:64:44:38:64:57:72:a9:b0:
                    48:1c:45:f9:5b:33:ef:51:58:a4:60:9b:ed:61:04:
                    ba:66:b6:f8:aa:ce:04:84:89:11:67:da:6f:b6:56:
                    81:4d:2b:30:63:3b:0c:04:89:b0:ed:d8:ff:76:03:
                    38:58:35:49:a9:93:32:cb:25:0d:75:35:b5:d5:bb:
                    bc:b1:72:59:0f:66:37:61:0e:53:4f:99:13:c1:1d:
                    d9:ba:32:d5:85:d4:8b:c1:5b:2f:87:26:a2:fc:74:
                    ee:55:0b:45:ec:2b:bc:8e:94:74:ee:3f:20:21:b3:
                    41:d2:7b:18:f1:5a:5b:15:f1:d8:61:ac:7c:4b:ad:
                    8f:55:cc:23:81:e6:40:63:e0:34:a5:1e:c7:e8:4d:
                    f3:34:e8:d6:02:b8:27:31:0f:24:eb:8d:51:a3:4a:
                    7f:27:05:e8:84:fc:b5:b5:f3:1d:cd:85:85:f1:70:
                    b8:a1:36:d3:f1:ee:9c:fa:04:32:2b:73:2c:df:51:
                    ce:ae:ee:b0:70:74:72:c5:6f:e4:d9:9a:d9:58:44:
                    86:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:76:50:66:08:B4:56:C9:C6:D8:D0:F9:B2:AE:13:7B:18:A2:5D:08
            X509v3 Authority Key Identifier:
                keyid:54:71:8A:F6:A3:6F:66:A9:19:39:36:4A:AF:C8:64:45:AB:8A:6E:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VHGK9qNvZqkZOTZKr8hkRauKbg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/cd2f41-59e0-4b8b-8206-bed55c47a578/1/unZQZgi0VsnG2ND5sq4TexiiXQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/cd2f41-59e0-4b8b-8206-bed55c47a578/1/VHGK9qNvZqkZOTZKr8hkRauKbg4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2c2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:c1:5a:2e:d7:23:51:60:53:9e:23:27:26:7d:fb:18:75:99:
         f3:47:10:cb:e0:66:2a:5a:b4:fd:61:18:c6:ff:e3:29:4d:89:
         f5:c0:5c:6d:b3:a8:3d:4b:9c:90:f3:64:ad:b1:f4:d0:a3:f3:
         bb:ef:41:6c:67:8c:26:c1:9b:f0:b6:43:1d:8f:d5:7e:8d:fb:
         17:7e:a0:cf:fb:45:c1:1e:60:8f:92:98:20:27:4f:25:19:0f:
         7c:02:2a:34:6a:a4:b6:5c:33:d9:79:c6:03:7f:5c:99:b3:47:
         f3:82:c2:ea:9e:90:db:e4:5a:b7:01:64:6b:ad:b8:c3:9f:5b:
         bc:a8:84:c9:d5:e5:c5:cc:b8:ce:af:39:4f:32:d7:73:be:15:
         77:13:fa:f0:3a:d9:00:9a:70:e5:90:14:4d:a2:e6:d1:8d:fa:
         b1:6f:96:eb:3f:00:23:8d:c6:ac:27:29:8e:a6:12:99:85:df:
         1e:78:7c:0b:f6:3e:10:de:77:cb:99:cc:74:9e:e3:f9:33:d2:
         38:bf:31:d5:10:66:88:0d:60:3d:6a:8c:cb:83:2d:35:7c:3e:
         39:33:ce:0b:90:19:ae:53:d5:cf:2d:94:54:63:4e:80:a8:b2:
         bc:89:fe:40:6c:f2:b0:d2:66:3a:3e:7c:c1:dd:88:83:9d:b9:
         af:61:0d:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSuZf0MWOnmSAq/YyYzKjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NzE4YWY2YTM2ZjY2YTkxOTM5MzY0YWFmYzg2NDQ1YWI4
YTZlMGUwHhcNMjQwMTAxMTgzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTc2NTA2NjA4YjQ1NmM5YzZkOGQwZjliMmFlMTM3YjE4YTI1ZDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFSaeA/3dSan6ZVUt2cqftM2aTJM
z0T+liI7GdiHmyBO0nfi3HF+SPFGZJu34iJtBfF/ZEQ4ZFdyqbBIHEX5WzPvUVik
YJvtYQS6Zrb4qs4EhIkRZ9pvtlaBTSswYzsMBImw7dj/dgM4WDVJqZMyyyUNdTW1
1bu8sXJZD2Y3YQ5TT5kTwR3ZujLVhdSLwVsvhyai/HTuVQtF7Cu8jpR07j8gIbNB
0nsY8VpbFfHYYax8S62PVcwjgeZAY+A0pR7H6E3zNOjWArgnMQ8k641Ro0p/JwXo
hPy1tfMdzYWF8XC4oTbT8e6c+gQyK3Ms31HOru6wcHRyxW/k2ZrZWESG0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLp2UGYItFbJxtjQ+bKuE3sYol0IMB8GA1UdIwQY
MBaAFFRxivajb2apGTk2Sq/IZEWrim4OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkhHSzlxTnZacWtaT1RaS3I4aGtSYXVLYmc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9jZDJmNDEtNTllMC00YjhiLTgyMDYt
YmVkNTVjNDdhNTc4LzEvdW5aUVpnaTBWc25HMk5ENXNxNFRleGlpWFFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9jZDJmNDEtNTllMC00YjhiLTgyMDYtYmVkNTVjNDdhNTc4
LzEvVkhHSzlxTnZacWtaT1RaS3I4aGtSYXVLYmc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCws
MA0GCSqGSIb3DQEBCwUAA4IBAQA2wVou1yNRYFOeIycmffsYdZnzRxDL4GYqWrT9
YRjG/+MpTYn1wFxts6g9S5yQ82StsfTQo/O770FsZ4wmwZvwtkMdj9V+jfsXfqDP
+0XBHmCPkpggJ08lGQ98Aio0aqS2XDPZecYDf1yZs0fzgsLqnpDb5Fq3AWRrrbjD
n1u8qITJ1eXFzLjOrzlPMtdzvhV3E/rwOtkAmnDlkBRNoubRjfqxb5brPwAjjcas
JymOphKZhd8eeHwL9j4Q3nfLmcx0nuP5M9I4vzHVEGaIDWA9aozLgy01fD45M84L
kBmuU9XPLZRUY06AqLK8if5AbPKw0mY6PnzB3YiDnbmvYQ0g
-----END CERTIFICATE-----