Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/7f2cf2-4294-43d6-a321-47eddde2a372/1/4g5HEaFFljWmR0JVf5FxhlhciQQ.roa
File:                     4g5HEaFFljWmR0JVf5FxhlhciQQ.roa (raw, json)
Hash identifier:          wnAoZUGMXgcdr/y8VKogl7eL+n5HTBN4Ie1IT5AoMlo=
Subject key identifier:   E2:0E:47:11:A1:45:96:35:A6:47:42:55:7F:91:71:86:58:5C:89:04
Certificate issuer:       /CN=f4272ac0423fb097583c6872567d84cae410c89b
Certificate serial:       018CC8013A03CB4CDED72968CFD36FE6FD9B
Authority key identifier: F4:27:2A:C0:42:3F:B0:97:58:3C:68:72:56:7D:84:CA:E4:10:C8:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9CcqwEI_sJdYPGhyVn2EyuQQyJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/7f2cf2-4294-43d6-a321-47eddde2a372/1/4g5HEaFFljWmR0JVf5FxhlhciQQ.roa
Signing time:             Tue 02 Jan 2024 02:29:32 +0000
ROA not before:           Tue 02 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210199
IP address blocks:        2001:67c:c0c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/7f2cf2-4294-43d6-a321-47eddde2a372/1/9CcqwEI_sJdYPGhyVn2EyuQQyJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/7f2cf2-4294-43d6-a321-47eddde2a372/1/9CcqwEI_sJdYPGhyVn2EyuQQyJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9CcqwEI_sJdYPGhyVn2EyuQQyJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3a:03:cb:4c:de:d7:29:68:cf:d3:6f:e6:fd:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4272ac0423fb097583c6872567d84cae410c89b
        Validity
            Not Before: Jan  2 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e20e4711a1459635a64742557f917186585c8904
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:31:f7:b5:4f:46:10:00:d7:16:50:ee:5f:8f:
                    80:73:30:6c:44:a0:cd:9d:db:e1:30:38:67:82:93:
                    97:1d:3b:aa:f3:bd:04:b4:e9:a5:6e:e7:6c:ce:0d:
                    fd:03:22:2b:39:fa:c5:22:46:ff:d6:55:2a:72:3e:
                    f3:0d:43:bc:c5:67:f8:bc:37:6b:86:49:b3:8a:54:
                    b9:d9:96:bf:01:69:fc:09:c0:70:ed:81:58:44:7d:
                    eb:59:57:9a:46:ef:fa:c7:dc:48:a8:c2:61:20:f9:
                    8e:64:d5:e6:f6:e3:5f:e6:68:28:69:62:3e:33:8b:
                    c6:bb:39:aa:fd:f3:13:d9:5e:bf:a6:b6:2c:fb:ef:
                    14:79:d8:52:9c:88:27:c5:b4:07:29:2f:7a:d5:d1:
                    cb:de:bb:e7:c6:01:87:f4:a2:f4:c2:0b:b2:0c:94:
                    82:bc:78:cc:69:51:82:56:55:d4:45:26:73:85:07:
                    f9:f6:f8:f0:1f:a0:d2:58:0f:64:72:f2:2f:db:8e:
                    a0:fc:39:4e:ec:36:ae:cf:71:56:82:74:84:79:01:
                    ad:cc:4c:76:25:97:94:a3:b4:e7:c1:02:4d:6a:65:
                    5e:9e:51:e0:5a:e9:3c:14:58:10:5f:18:05:17:4c:
                    b0:1c:0a:bf:21:a6:19:cd:71:b7:c8:b0:9f:a0:a1:
                    c1:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:0E:47:11:A1:45:96:35:A6:47:42:55:7F:91:71:86:58:5C:89:04
            X509v3 Authority Key Identifier:
                keyid:F4:27:2A:C0:42:3F:B0:97:58:3C:68:72:56:7D:84:CA:E4:10:C8:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9CcqwEI_sJdYPGhyVn2EyuQQyJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/7f2cf2-4294-43d6-a321-47eddde2a372/1/4g5HEaFFljWmR0JVf5FxhlhciQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/7f2cf2-4294-43d6-a321-47eddde2a372/1/9CcqwEI_sJdYPGhyVn2EyuQQyJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c0c::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:86:71:7a:1b:61:20:80:b8:f0:77:c8:ed:ae:14:4d:da:52:
         6e:40:ca:68:48:df:e1:2d:a8:33:3e:2c:83:cf:e8:4a:38:1c:
         78:e8:2d:3c:d7:86:ec:75:b9:8f:6f:1e:91:e2:ec:91:2d:28:
         c4:59:7d:10:8e:46:3b:40:22:ec:d2:da:fe:bb:05:6c:2f:05:
         8f:dc:ff:e9:b2:2e:e6:c7:12:9b:e2:ae:42:d9:57:af:b1:b5:
         6f:38:0d:d0:9a:ec:d0:26:6d:4f:ff:18:dc:95:50:19:a7:0a:
         92:52:97:9c:20:a3:ec:ab:a5:b2:c7:6b:d8:93:76:cd:a0:75:
         f1:7e:57:f4:90:df:47:fc:21:c8:85:f2:d4:a7:26:b6:1b:ac:
         0d:a0:a1:ee:86:ce:98:b4:85:e7:2d:3a:6a:b1:7d:05:12:79:
         7c:37:27:3b:ae:15:d3:8c:cb:0f:b5:40:a6:51:1c:57:e0:09:
         be:dc:c0:2c:ab:88:8d:5f:d5:05:88:ac:b1:9f:36:21:01:2a:
         5a:e1:9c:64:88:39:67:2b:c5:d3:3a:d2:39:d3:b5:0f:c9:bc:
         a5:c6:46:f5:fa:59:5d:f2:48:5c:76:f9:ff:8e:db:b5:a6:13:
         8a:16:5b:51:61:8f:1e:a8:d4:23:48:aa:13:ca:ba:27:78:43:
         3a:23:06:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAToDy0ze1yloz9Nv5v2bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0MjcyYWMwNDIzZmIwOTc1ODNjNjg3MjU2N2Q4NGNhZTQx
MGM4OWIwHhcNMjQwMTAyMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjBlNDcxMWExNDU5NjM1YTY0NzQyNTU3ZjkxNzE4NjU4NWM4OTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjH3tU9GEADXFlDuX4+AczBsRKDN
ndvhMDhngpOXHTuq870EtOmlbudszg39AyIrOfrFIkb/1lUqcj7zDUO8xWf4vDdr
hkmzilS52Za/AWn8CcBw7YFYRH3rWVeaRu/6x9xIqMJhIPmOZNXm9uNf5mgoaWI+
M4vGuzmq/fMT2V6/prYs++8UedhSnIgnxbQHKS961dHL3rvnxgGH9KL0wguyDJSC
vHjMaVGCVlXURSZzhQf59vjwH6DSWA9kcvIv246g/DlO7Dauz3FWgnSEeQGtzEx2
JZeUo7TnwQJNamVenlHgWuk8FFgQXxgFF0ywHAq/IaYZzXG3yLCfoKHBXQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOIORxGhRZY1pkdCVX+RcYZYXIkEMB8GA1UdIwQY
MBaAFPQnKsBCP7CXWDxoclZ9hMrkEMibMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUNjcXdFSV9zSmRZUEdoeVZuMkV5dVFReUpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy83ZjJjZjItNDI5NC00M2Q2LWEzMjEt
NDdlZGRkZTJhMzcyLzEvNGc1SEVhRkZsaldtUjBKVmY1RnhobGhjaVFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy83ZjJjZjItNDI5NC00M2Q2LWEzMjEtNDdlZGRkZTJhMzcy
LzEvOUNjcXdFSV9zSmRZUEdoeVZuMkV5dVFReUpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAwM
MA0GCSqGSIb3DQEBCwUAA4IBAQAchnF6G2EggLjwd8jtrhRN2lJuQMpoSN/hLagz
PiyDz+hKOBx46C0814bsdbmPbx6R4uyRLSjEWX0QjkY7QCLs0tr+uwVsLwWP3P/p
si7mxxKb4q5C2VevsbVvOA3QmuzQJm1P/xjclVAZpwqSUpecIKPsq6Wyx2vYk3bN
oHXxflf0kN9H/CHIhfLUpya2G6wNoKHuhs6YtIXnLTpqsX0FEnl8Nyc7rhXTjMsP
tUCmURxX4Am+3MAsq4iNX9UFiKyxnzYhASpa4ZxkiDlnK8XTOtI507UPybylxkb1
+lld8khcdvn/jtu1phOKFltRYY8eqNQjSKoTyroneEM6Iwbj
-----END CERTIFICATE-----