Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/307be8-5e11-4110-a1d3-3a9c0fbc8a0a/1/YQnek48M5AKsIVRLPDxYELj6Lvk.roa
File:                     YQnek48M5AKsIVRLPDxYELj6Lvk.roa (raw, json)
Hash identifier:          GYNlanmMIkUc9k4vMLwMwWzFW1qgXr+fXKTwqsATNe4=
Subject key identifier:   61:09:DE:93:8F:0C:E4:02:AC:21:54:4B:3C:3C:58:10:B8:FA:2E:F9
Certificate issuer:       /CN=6693f2b04eb85b6a2a6e21c03cfbb77287a45aff
Certificate serial:       018CC72600ECD6E921F248175DC905658AE6
Authority key identifier: 66:93:F2:B0:4E:B8:5B:6A:2A:6E:21:C0:3C:FB:B7:72:87:A4:5A:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZpPysE64W2oqbiHAPPu3coekWv8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/307be8-5e11-4110-a1d3-3a9c0fbc8a0a/1/YQnek48M5AKsIVRLPDxYELj6Lvk.roa
Signing time:             Mon 01 Jan 2024 22:30:05 +0000
ROA not before:           Mon 01 Jan 2024 22:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44227
IP address blocks:        156.67.15.0/24 maxlen: 24
                          2001:67c:978::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/307be8-5e11-4110-a1d3-3a9c0fbc8a0a/1/ZpPysE64W2oqbiHAPPu3coekWv8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/307be8-5e11-4110-a1d3-3a9c0fbc8a0a/1/ZpPysE64W2oqbiHAPPu3coekWv8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZpPysE64W2oqbiHAPPu3coekWv8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:00:ec:d6:e9:21:f2:48:17:5d:c9:05:65:8a:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6693f2b04eb85b6a2a6e21c03cfbb77287a45aff
        Validity
            Not Before: Jan  1 22:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6109de938f0ce402ac21544b3c3c5810b8fa2ef9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a5:64:b6:46:25:1f:a3:ec:35:0c:58:9d:3e:
                    7a:47:aa:30:1f:48:65:58:38:6a:89:b3:8d:9f:93:
                    cb:57:76:80:56:19:f1:78:22:fe:c9:d6:47:e8:00:
                    3a:1d:7e:76:6c:59:b0:1d:a9:35:d4:93:9f:31:38:
                    7b:1e:ba:09:2b:f3:85:f9:76:ee:20:a4:87:53:8f:
                    43:d3:28:d7:e5:4c:66:20:75:d4:38:30:b8:85:d4:
                    49:87:e5:89:73:49:3e:99:3b:0a:15:69:ba:ef:27:
                    20:16:90:89:1e:db:07:51:14:86:51:33:03:65:c5:
                    56:7c:69:ad:94:dc:ef:5d:08:3a:25:7b:e7:1a:3c:
                    70:a7:bb:87:1b:89:44:fc:af:f8:28:c0:b3:a0:33:
                    93:27:2e:fa:5d:dd:6a:de:46:ad:45:f7:ee:40:28:
                    b7:ff:a0:7c:af:3a:ef:05:f5:b5:e5:a1:cd:4e:9a:
                    fd:cd:f5:d8:86:c8:60:08:36:fe:64:fc:c6:b0:c4:
                    12:4d:47:53:c0:9f:9d:21:47:ed:65:32:8e:c0:7c:
                    02:df:ac:4b:15:42:7d:f2:86:90:0d:08:ff:b8:94:
                    5f:8e:7d:05:0e:a6:45:64:3f:c1:ee:5e:bd:34:4c:
                    0a:a0:88:c9:33:b1:1b:e5:35:eb:63:5e:31:7d:35:
                    12:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:09:DE:93:8F:0C:E4:02:AC:21:54:4B:3C:3C:58:10:B8:FA:2E:F9
            X509v3 Authority Key Identifier:
                keyid:66:93:F2:B0:4E:B8:5B:6A:2A:6E:21:C0:3C:FB:B7:72:87:A4:5A:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZpPysE64W2oqbiHAPPu3coekWv8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/307be8-5e11-4110-a1d3-3a9c0fbc8a0a/1/YQnek48M5AKsIVRLPDxYELj6Lvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/307be8-5e11-4110-a1d3-3a9c0fbc8a0a/1/ZpPysE64W2oqbiHAPPu3coekWv8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.67.15.0/24
                IPv6:
                  2001:67c:978::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:1f:75:c1:a9:1d:de:b6:ed:48:0f:65:47:c4:ef:aa:92:b6:
         01:76:b8:33:a0:dc:53:88:b3:df:eb:68:77:0f:af:89:8b:06:
         ca:17:c3:ac:25:2e:72:2c:15:d4:6d:b4:a0:bd:52:75:26:ba:
         56:a7:15:25:5a:f6:b7:05:e2:8b:06:7d:81:00:04:5d:35:3a:
         f6:9c:28:f3:09:0d:40:b9:97:c4:8b:91:cb:e1:5d:cd:31:72:
         bc:d0:f9:4f:b1:3d:d0:9a:2d:64:32:c8:f9:ad:31:dd:a6:45:
         3f:47:19:39:a0:96:f8:5b:32:0f:0b:14:cb:58:e5:1c:9b:77:
         5a:63:e0:69:8b:3b:6b:4e:d2:cf:1a:7b:90:2f:ba:63:69:2f:
         d9:1a:b4:47:a5:fd:b1:0c:70:fb:94:d2:db:27:e5:93:77:ed:
         9e:c0:c6:3b:86:4c:4c:49:de:7e:55:51:61:7c:38:75:1d:30:
         83:9c:ed:d5:54:e8:6a:84:56:a8:ab:ad:99:f7:d6:63:3e:b6:
         40:1f:b3:f4:7c:41:b9:e2:02:ad:56:2a:41:9f:59:df:48:07:
         8a:96:61:71:c1:32:6c:43:64:78:7c:c9:37:8b:57:6d:cd:54:
         1d:b0:92:49:c4:8f:5f:1b:d5:15:2b:4e:db:8c:0c:2b:3d:6d:
         c0:e5:c5:1f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJgDs1ukh8kgXXckFZYrmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OTNmMmIwNGViODViNmEyYTZlMjFjMDNjZmJiNzcyODdh
NDVhZmYwHhcNMjQwMTAxMjIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTA5ZGU5MzhmMGNlNDAyYWMyMTU0NGIzYzNjNTgxMGI4ZmEyZWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6VktkYlH6PsNQxYnT56R6owH0hl
WDhqibONn5PLV3aAVhnxeCL+ydZH6AA6HX52bFmwHak11JOfMTh7HroJK/OF+Xbu
IKSHU49D0yjX5UxmIHXUODC4hdRJh+WJc0k+mTsKFWm67ycgFpCJHtsHURSGUTMD
ZcVWfGmtlNzvXQg6JXvnGjxwp7uHG4lE/K/4KMCzoDOTJy76Xd1q3katRffuQCi3
/6B8rzrvBfW15aHNTpr9zfXYhshgCDb+ZPzGsMQSTUdTwJ+dIUftZTKOwHwC36xL
FUJ98oaQDQj/uJRfjn0FDqZFZD/B7l69NEwKoIjJM7Eb5TXrY14xfTUSTQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGEJ3pOPDOQCrCFUSzw8WBC4+i75MB8GA1UdIwQY
MBaAFGaT8rBOuFtqKm4hwDz7t3KHpFr/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnBQeXNFNjRXMm9xYmlIQVBQdTNjb2VrV3Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8zMDdiZTgtNWUxMS00MTEwLWExZDMt
M2E5YzBmYmM4YTBhLzEvWVFuZWs0OE01QUtzSVZSTFBEeFlFTGo2THZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8zMDdiZTgtNWUxMS00MTEwLWExZDMtM2E5YzBmYmM4YTBh
LzEvWnBQeXNFNjRXMm9xYmlIQVBQdTNjb2VrV3Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAnEMPMA8E
AgACMAkDBwAgAQZ8CXgwDQYJKoZIhvcNAQELBQADggEBAFYfdcGpHd627UgPZUfE
76qStgF2uDOg3FOIs9/raHcPr4mLBsoXw6wlLnIsFdRttKC9UnUmulanFSVa9rcF
4osGfYEABF01OvacKPMJDUC5l8SLkcvhXc0xcrzQ+U+xPdCaLWQyyPmtMd2mRT9H
GTmglvhbMg8LFMtY5Rybd1pj4GmLO2tO0s8ae5AvumNpL9katEel/bEMcPuU0tsn
5ZN37Z7AxjuGTExJ3n5VUWF8OHUdMIOc7dVU6GqEVqirrZn31mM+tkAfs/R8Qbni
Aq1WKkGfWd9IB4qWYXHBMmxDZHh8yTeLV23NVB2wkknEj18b1RUrTtuMDCs9bcDl
xR8=
-----END CERTIFICATE-----