Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/d317ca-3961-4fe0-bde8-f7c501418e56/1/5QlNV7-3Q34zZfQ5XbNLc8wKA40.roa
File:                     5QlNV7-3Q34zZfQ5XbNLc8wKA40.roa (raw, json)
Hash identifier:          T1GmpANOUDoxZLUDnHoNMN2ENMK9C/xESzMwTNL0s2Y=
Subject key identifier:   E5:09:4D:57:BF:B7:43:7E:33:65:F4:39:5D:B3:4B:73:CC:0A:03:8D
Certificate issuer:       /CN=8041feea123fcb07e872a8cb4bdd9ab7b8da2fcf
Certificate serial:       019422203352A9D8143A531EDAB87D8D16CF
Authority key identifier: 80:41:FE:EA:12:3F:CB:07:E8:72:A8:CB:4B:DD:9A:B7:B8:DA:2F:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gEH-6hI_ywfocqjLS92at7jaL88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/d317ca-3961-4fe0-bde8-f7c501418e56/1/5QlNV7-3Q34zZfQ5XbNLc8wKA40.roa
Signing time:             Wed 01 Jan 2025 13:48:43 +0000
ROA not before:           Wed 01 Jan 2025 13:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200258
IP address blocks:        2001:67c:b50::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/d317ca-3961-4fe0-bde8-f7c501418e56/1/gEH-6hI_ywfocqjLS92at7jaL88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/d317ca-3961-4fe0-bde8-f7c501418e56/1/gEH-6hI_ywfocqjLS92at7jaL88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gEH-6hI_ywfocqjLS92at7jaL88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 04:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:33:52:a9:d8:14:3a:53:1e:da:b8:7d:8d:16:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8041feea123fcb07e872a8cb4bdd9ab7b8da2fcf
        Validity
            Not Before: Jan  1 13:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5094d57bfb7437e3365f4395db34b73cc0a038d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:30:5d:1e:a6:85:82:81:d2:4d:28:5c:5c:d2:
                    ef:5b:8c:e3:7b:a7:86:b7:5d:91:85:9a:79:13:fa:
                    2d:13:37:30:18:74:e6:da:a9:44:7c:e3:b6:fa:25:
                    88:81:7a:80:21:ad:71:38:94:9c:78:2e:d8:af:79:
                    6a:85:d1:d4:7b:6f:13:95:08:4d:e1:bd:67:ba:85:
                    82:5b:4d:1b:15:0f:30:e1:ef:a2:1e:d8:41:bc:3e:
                    ff:6c:9a:00:28:98:a2:b7:6a:cd:0d:be:70:55:dc:
                    99:22:6c:fa:3b:2c:7a:1f:43:00:cc:e6:a7:aa:85:
                    e9:f9:1b:5e:19:36:4c:9a:9f:81:cd:5b:85:08:39:
                    2c:82:66:8a:a2:70:fb:7e:61:c6:13:bb:1e:f4:12:
                    30:0a:1c:c2:0d:86:e4:7a:a8:60:cb:21:63:0e:df:
                    6c:63:69:85:57:96:c7:06:0d:bc:0f:e4:ba:ea:a2:
                    7f:bc:89:fc:40:13:a8:57:ce:b0:4a:59:fb:5b:e1:
                    fd:91:7b:60:5a:b2:84:03:f7:42:f4:ca:bd:ff:62:
                    c1:f6:c6:65:34:d0:e7:53:30:32:9d:08:43:a3:ac:
                    84:1a:c0:4e:85:0a:8e:a9:df:a9:1b:68:e1:bf:d7:
                    2e:02:fb:d1:dd:cb:78:e9:fb:1a:d5:b0:fa:11:2e:
                    76:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:09:4D:57:BF:B7:43:7E:33:65:F4:39:5D:B3:4B:73:CC:0A:03:8D
            X509v3 Authority Key Identifier:
                keyid:80:41:FE:EA:12:3F:CB:07:E8:72:A8:CB:4B:DD:9A:B7:B8:DA:2F:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gEH-6hI_ywfocqjLS92at7jaL88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/d317ca-3961-4fe0-bde8-f7c501418e56/1/5QlNV7-3Q34zZfQ5XbNLc8wKA40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/d317ca-3961-4fe0-bde8-f7c501418e56/1/gEH-6hI_ywfocqjLS92at7jaL88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b50::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:84:ed:a3:1d:8b:46:de:e5:be:80:bb:c8:94:f1:4a:81:a4:
         97:f9:20:ba:d8:1c:af:c7:44:ce:a7:55:e3:26:78:71:05:e3:
         b1:0c:aa:8b:c6:a3:ce:b8:83:4c:f4:90:b8:e7:d8:b8:f1:ea:
         78:f0:3e:b4:1b:90:3d:28:6b:04:1b:fc:a5:08:61:d2:35:a6:
         14:a7:6c:90:69:b2:67:26:f9:75:64:ce:fe:e8:74:b7:3a:cd:
         10:00:26:92:fb:77:5b:29:c3:04:10:58:cf:d3:41:e3:16:c2:
         bf:c6:15:4c:a3:94:b1:47:d1:7f:34:7c:62:01:2c:1a:8f:45:
         36:8a:59:1d:d2:93:56:31:55:a4:26:c0:e3:2b:2c:24:50:89:
         a1:f2:c2:2d:14:91:ff:68:9f:06:9e:36:3c:72:1e:34:64:79:
         7f:8e:1b:08:dc:57:5c:7f:28:d9:0d:d3:45:92:0f:93:9a:c3:
         57:76:62:6f:02:c0:22:4a:59:76:1c:da:78:af:83:f0:ff:c1:
         cf:bb:23:ed:e7:0f:5b:02:37:3d:af:52:4c:48:0c:1a:29:7c:
         a1:4e:e7:cc:aa:7a:f0:82:f8:f8:1b:7c:40:53:69:16:69:7d:
         3d:a1:8b:bd:a7:4b:74:fb:94:2b:c7:98:16:b2:bb:54:91:2f:
         7e:52:5d:0f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiIDNSqdgUOlMe2rh9jRbPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNDFmZWVhMTIzZmNiMDdlODcyYThjYjRiZGQ5YWI3Yjhk
YTJmY2YwHhcNMjUwMTAxMTM0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTA5NGQ1N2JmYjc0MzdlMzM2NWY0Mzk1ZGIzNGI3M2NjMGEwMzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTBdHqaFgoHSTShcXNLvW4zje6eG
t12RhZp5E/otEzcwGHTm2qlEfOO2+iWIgXqAIa1xOJSceC7Yr3lqhdHUe28TlQhN
4b1nuoWCW00bFQ8w4e+iHthBvD7/bJoAKJiit2rNDb5wVdyZImz6Oyx6H0MAzOan
qoXp+RteGTZMmp+BzVuFCDksgmaKonD7fmHGE7se9BIwChzCDYbkeqhgyyFjDt9s
Y2mFV5bHBg28D+S66qJ/vIn8QBOoV86wSln7W+H9kXtgWrKEA/dC9Mq9/2LB9sZl
NNDnUzAynQhDo6yEGsBOhQqOqd+pG2jhv9cuAvvR3ct46fsa1bD6ES52+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOUJTVe/t0N+M2X0OV2zS3PMCgONMB8GA1UdIwQY
MBaAFIBB/uoSP8sH6HKoy0vdmre42i/PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0VILTZoSV95d2ZvY3FqTFM5MmF0N2phTDg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9kMzE3Y2EtMzk2MS00ZmUwLWJkZTgt
ZjdjNTAxNDE4ZTU2LzEvNVFsTlY3LTNRMzR6WmZRNVhiTkxjOHdLQTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9kMzE3Y2EtMzk2MS00ZmUwLWJkZTgtZjdjNTAxNDE4ZTU2
LzEvZ0VILTZoSV95d2ZvY3FqTFM5MmF0N2phTDg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAtQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBPhO2jHYtG3uW+gLvIlPFKgaSX+SC62Byvx0TO
p1XjJnhxBeOxDKqLxqPOuINM9JC459i48ep48D60G5A9KGsEG/ylCGHSNaYUp2yQ
abJnJvl1ZM7+6HS3Os0QACaS+3dbKcMEEFjP00HjFsK/xhVMo5SxR9F/NHxiASwa
j0U2ilkd0pNWMVWkJsDjKywkUImh8sItFJH/aJ8GnjY8ch40ZHl/jhsI3FdcfyjZ
DdNFkg+TmsNXdmJvAsAiSll2HNp4r4Pw/8HPuyPt5w9bAjc9r1JMSAwaKXyhTufM
qnrwgvj4G3xAU2kWaX09oYu9p0t0+5Qrx5gWsrtUkS9+Ul0P
-----END CERTIFICATE-----