Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/RShgZMaKc2yIEYvPrUWHigreccE.roa
File:                     RShgZMaKc2yIEYvPrUWHigreccE.roa (raw, json)
Hash identifier:          7CfV4hVaSXZmpD3K+sb/XopeHwRcG2l9Z/Rv2+hddRE=
Subject key identifier:   45:28:60:64:C6:8A:73:6C:88:11:8B:CF:AD:45:87:8A:0A:DE:71:C1
Certificate issuer:       /CN=c68c65e699b576ab113a79be8828948f1e6cc260
Certificate serial:       018CC7270FB3E3EAF2EB6FF30F2FEAE62865
Authority key identifier: C6:8C:65:E6:99:B5:76:AB:11:3A:79:BE:88:28:94:8F:1E:6C:C2:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xoxl5pm1dqsROnm-iCiUjx5swmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/RShgZMaKc2yIEYvPrUWHigreccE.roa
Signing time:             Mon 01 Jan 2024 22:31:14 +0000
ROA not before:           Mon 01 Jan 2024 22:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50395
IP address blocks:        2a0e:c6c6::/32 maxlen: 32
                          2a0d:2d45::/32 maxlen: 32
                          2001:67c:1b0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/xoxl5pm1dqsROnm-iCiUjx5swmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/xoxl5pm1dqsROnm-iCiUjx5swmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xoxl5pm1dqsROnm-iCiUjx5swmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:0f:b3:e3:ea:f2:eb:6f:f3:0f:2f:ea:e6:28:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c68c65e699b576ab113a79be8828948f1e6cc260
        Validity
            Not Before: Jan  1 22:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45286064c68a736c88118bcfad45878a0ade71c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:a0:dc:7c:10:8c:da:2a:db:0b:18:9c:9d:0e:
                    21:e4:02:b0:4f:89:31:c5:18:8b:61:19:16:a9:ab:
                    2a:db:08:94:a6:84:9b:e0:cb:d7:34:4f:f6:f4:08:
                    bf:61:b0:53:55:5d:b8:97:61:a0:6b:f3:4a:5a:cd:
                    d3:6a:0d:17:9c:89:04:c4:bb:8b:fe:69:3d:da:59:
                    1e:ce:83:a5:0b:7e:54:bf:0e:2f:17:69:4b:55:1d:
                    57:aa:e1:c1:0f:9f:cc:43:fc:2e:61:0f:13:c3:13:
                    c8:fa:e5:16:0d:ca:bf:1d:5f:de:1c:83:f8:7a:ce:
                    93:03:5a:74:50:c0:e0:51:c7:f3:5c:f9:2d:98:4b:
                    39:99:21:1f:f4:9f:a5:8d:cd:4e:0e:70:16:3e:9a:
                    a2:0d:fc:94:17:e3:7d:c8:4f:fb:83:2e:ba:c1:b2:
                    ef:79:97:91:e2:9d:22:cf:a6:ae:4b:cc:77:d2:0b:
                    39:e3:27:83:13:39:80:56:b2:92:ce:15:92:91:a6:
                    11:a9:99:4f:bd:54:ad:46:df:74:a9:e2:25:b3:ea:
                    02:6e:b6:fe:c1:b2:a9:43:bf:d2:ce:24:b1:1e:d7:
                    45:37:b4:8c:a7:b6:28:ca:36:5d:8f:3c:28:32:fb:
                    91:70:5d:e3:1d:f4:ac:fe:f4:66:ca:27:65:84:e5:
                    7c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:28:60:64:C6:8A:73:6C:88:11:8B:CF:AD:45:87:8A:0A:DE:71:C1
            X509v3 Authority Key Identifier:
                keyid:C6:8C:65:E6:99:B5:76:AB:11:3A:79:BE:88:28:94:8F:1E:6C:C2:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xoxl5pm1dqsROnm-iCiUjx5swmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/RShgZMaKc2yIEYvPrUWHigreccE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/xoxl5pm1dqsROnm-iCiUjx5swmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1b0::/48
                  2a0d:2d45::/32
                  2a0e:c6c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:98:30:49:22:9e:58:ec:1e:69:72:f1:c8:d6:75:9a:c3:b7:
         56:b9:cd:22:2f:86:30:52:6a:2e:2b:c2:15:dd:bf:6f:4e:91:
         df:50:5f:8b:51:f6:4b:84:56:69:ea:88:7b:85:36:0d:72:87:
         bd:24:ac:ee:1c:8d:3b:68:7f:4f:c9:07:4c:e3:d6:44:33:7d:
         26:cd:0b:0e:37:e1:c8:72:f8:ca:14:df:da:1d:81:5d:b7:3c:
         f0:8e:22:42:54:26:b5:ce:44:dd:6c:03:66:91:32:b6:de:74:
         9f:41:b1:2e:e2:23:ba:2c:6f:c7:84:d5:48:96:68:f5:08:c8:
         b5:59:4f:ed:8f:e8:bf:e7:09:d2:f3:7b:00:a1:31:40:fb:57:
         1b:9e:1e:b3:65:9f:29:ab:8a:6e:f4:f3:ab:44:70:d7:43:2e:
         59:28:06:1e:db:aa:40:0f:ca:96:b3:65:3e:42:ee:24:b6:5d:
         bd:78:4e:f0:08:aa:f6:6b:0c:fe:a6:b8:fd:78:9f:e5:5a:f3:
         b3:18:bc:fd:b6:67:e1:52:6f:60:56:1e:78:e3:60:ea:6c:54:
         73:77:ec:00:13:67:85:4b:f0:d1:dc:7d:ac:27:de:c8:e8:0c:
         27:d7:6c:5a:ba:9a:7e:f9:d2:97:e5:e6:8b:8d:6c:33:b4:10:
         e0:ad:37:fa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJw+z4+ry62/zDy/q5ihlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2OGM2NWU2OTliNTc2YWIxMTNhNzliZTg4Mjg5NDhmMWU2
Y2MyNjAwHhcNMjQwMTAxMjIzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTI4NjA2NGM2OGE3MzZjODgxMThiY2ZhZDQ1ODc4YTBhZGU3MWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKDcfBCM2irbCxicnQ4h5AKwT4kx
xRiLYRkWqasq2wiUpoSb4MvXNE/29Ai/YbBTVV24l2Gga/NKWs3Tag0XnIkExLuL
/mk92lkezoOlC35Uvw4vF2lLVR1XquHBD5/MQ/wuYQ8TwxPI+uUWDcq/HV/eHIP4
es6TA1p0UMDgUcfzXPktmEs5mSEf9J+ljc1ODnAWPpqiDfyUF+N9yE/7gy66wbLv
eZeR4p0iz6auS8x30gs54yeDEzmAVrKSzhWSkaYRqZlPvVStRt90qeIls+oCbrb+
wbKpQ7/SziSxHtdFN7SMp7YoyjZdjzwoMvuRcF3jHfSs/vRmyidlhOV8MQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEUoYGTGinNsiBGLz61Fh4oK3nHBMB8GA1UdIwQY
MBaAFMaMZeaZtXarETp5vogolI8ebMJgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG94bDVwbTFkcXNST25tLWlDaVVqeDVzd21BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zNDBjNzMtNzllZS00OTI2LThlNGYt
NjA3ZDRmMzdmNTlmLzEvUlNoZ1pNYUtjMnlJRVl2UHJVV0hpZ3JlY2NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zNDBjNzMtNzllZS00OTI2LThlNGYtNjA3ZDRmMzdmNTlm
LzEveG94bDVwbTFkcXNST25tLWlDaVVqeDVzd21BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAAjAXAwcAIAEGfAGw
AwUAKg0tRQMFACoOxsYwDQYJKoZIhvcNAQELBQADggEBABqYMEkinljsHmly8cjW
dZrDt1a5zSIvhjBSai4rwhXdv29Okd9QX4tR9kuEVmnqiHuFNg1yh70krO4cjTto
f0/JB0zj1kQzfSbNCw434chy+MoU39odgV23PPCOIkJUJrXORN1sA2aRMrbedJ9B
sS7iI7osb8eE1UiWaPUIyLVZT+2P6L/nCdLzewChMUD7VxueHrNlnymrim7086tE
cNdDLlkoBh7bqkAPypazZT5C7iS2Xb14TvAIqvZrDP6muP14n+Va87MYvP22Z+FS
b2BWHnjjYOpsVHN37AATZ4VL8NHcfawn3sjoDCfXbFq6mn750pfl5ouNbDO0EOCt
N/o=
-----END CERTIFICATE-----