Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/53aca2-e888-421c-b59a-c958bf4f8991/1/NOp-ij4c37NRZGUFGYgMZER7LK0.roa
File:                     NOp-ij4c37NRZGUFGYgMZER7LK0.roa (raw, json)
Hash identifier:          19Wq5R4AmOjxnxT05wc7Fh6CrHyBy5nqiuZNO+Q/XJE=
Subject key identifier:   34:EA:7E:8A:3E:1C:DF:B3:51:64:65:05:19:88:0C:64:44:7B:2C:AD
Certificate issuer:       /CN=6a3a8b74ad4ed673797a9f6b7749c223456979d0
Certificate serial:       018CC6B88AE6B5583C25B82457F38335FF37
Authority key identifier: 6A:3A:8B:74:AD:4E:D6:73:79:7A:9F:6B:77:49:C2:23:45:69:79:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ajqLdK1O1nN5ep9rd0nCI0VpedA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/53aca2-e888-421c-b59a-c958bf4f8991/1/NOp-ij4c37NRZGUFGYgMZER7LK0.roa
Signing time:             Mon 01 Jan 2024 20:30:32 +0000
ROA not before:           Mon 01 Jan 2024 20:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210140
IP address blocks:        2001:67c:2e48::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/53aca2-e888-421c-b59a-c958bf4f8991/1/ajqLdK1O1nN5ep9rd0nCI0VpedA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/53aca2-e888-421c-b59a-c958bf4f8991/1/ajqLdK1O1nN5ep9rd0nCI0VpedA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ajqLdK1O1nN5ep9rd0nCI0VpedA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:8a:e6:b5:58:3c:25:b8:24:57:f3:83:35:ff:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a3a8b74ad4ed673797a9f6b7749c223456979d0
        Validity
            Not Before: Jan  1 20:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34ea7e8a3e1cdfb35164650519880c64447b2cad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:d2:15:fa:ed:81:0e:25:49:69:34:54:7f:d9:
                    73:5c:7c:80:76:3d:66:98:4c:39:8d:c6:eb:36:7b:
                    2f:02:95:3f:35:65:f3:ae:e4:56:40:11:03:ba:e3:
                    06:c4:85:d8:f7:97:64:5f:d3:ea:25:86:d1:00:2c:
                    a7:60:12:bb:f9:10:db:54:22:93:2f:81:70:21:30:
                    99:e4:e2:76:a7:04:10:02:28:a4:8b:dd:3a:08:0c:
                    32:7c:27:7c:b7:8c:38:8a:5a:81:ff:14:dc:ff:19:
                    4a:c5:8f:8d:80:42:13:a6:06:51:7f:40:ec:1c:0e:
                    6d:05:b0:e3:c3:7d:11:be:05:ea:b0:be:ac:28:99:
                    16:98:01:33:9e:9c:a8:13:62:3b:88:76:c8:1f:a1:
                    2d:9d:b4:61:41:82:93:4e:c1:d6:1a:9a:74:cc:8d:
                    3f:61:19:32:5b:5e:85:7d:7d:f1:2e:41:cc:92:8c:
                    76:18:84:60:67:4e:15:8b:d2:42:9e:df:d4:a5:7e:
                    b8:0a:a3:10:d0:aa:72:24:d2:58:95:1c:fe:f2:cf:
                    c7:a7:f0:24:f4:1f:d8:18:d3:7f:24:a3:dd:d7:73:
                    c4:90:57:61:ba:85:b0:a4:19:70:40:6f:e0:63:8b:
                    c4:8d:cd:98:d1:40:cb:76:f9:44:02:72:c4:cb:23:
                    af:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:EA:7E:8A:3E:1C:DF:B3:51:64:65:05:19:88:0C:64:44:7B:2C:AD
            X509v3 Authority Key Identifier:
                keyid:6A:3A:8B:74:AD:4E:D6:73:79:7A:9F:6B:77:49:C2:23:45:69:79:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ajqLdK1O1nN5ep9rd0nCI0VpedA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/53aca2-e888-421c-b59a-c958bf4f8991/1/NOp-ij4c37NRZGUFGYgMZER7LK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/53aca2-e888-421c-b59a-c958bf4f8991/1/ajqLdK1O1nN5ep9rd0nCI0VpedA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2e48::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:f9:e9:6c:bb:eb:06:06:35:bd:37:8c:5f:2a:9f:d1:c9:87:
         da:86:1c:5e:b3:65:00:48:06:a9:ce:e4:06:26:62:53:3a:e4:
         76:1e:e5:be:fb:8e:19:be:86:88:d3:05:fe:89:15:e0:68:e8:
         69:fe:e4:1b:7f:3f:d1:6f:41:96:a4:bb:ab:4d:5c:97:8d:54:
         10:30:43:b0:6d:7d:5a:b2:85:5d:89:29:4e:e1:d6:f8:aa:c1:
         5e:2e:28:d4:ae:04:66:3b:a2:aa:f4:8e:db:0e:99:a8:23:6c:
         94:ae:28:6d:66:d5:b7:2d:5b:fa:56:ce:dd:a8:dc:5c:4e:0e:
         4a:fe:df:fb:a3:63:05:14:19:24:1e:0c:a2:fc:3f:be:f5:5e:
         26:6b:7e:28:ce:65:b7:8f:71:e3:96:3e:99:58:30:a5:4d:da:
         cb:32:75:ac:9e:f1:0c:2c:28:d5:0d:e6:0f:95:60:2c:8b:a5:
         a7:4f:ae:a0:e8:08:5a:df:0c:8a:91:d3:44:0a:d0:89:ed:96:
         fb:2b:8a:c3:0e:44:76:19:1b:07:d5:35:4e:da:7b:bf:8a:5a:
         ca:54:ac:5a:41:18:74:be:30:4d:44:ee:fc:d8:31:6d:ef:8e:
         c9:79:1b:69:ee:3a:12:c8:ed:01:1e:9d:3d:a2:25:31:b7:14:
         c0:79:59:8e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuIrmtVg8JbgkV/ODNf83MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhM2E4Yjc0YWQ0ZWQ2NzM3OTdhOWY2Yjc3NDljMjIzNDU2
OTc5ZDAwHhcNMjQwMTAxMjAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGVhN2U4YTNlMWNkZmIzNTE2NDY1MDUxOTg4MGM2NDQ0N2IyY2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNIV+u2BDiVJaTRUf9lzXHyAdj1m
mEw5jcbrNnsvApU/NWXzruRWQBEDuuMGxIXY95dkX9PqJYbRACynYBK7+RDbVCKT
L4FwITCZ5OJ2pwQQAiiki906CAwyfCd8t4w4ilqB/xTc/xlKxY+NgEITpgZRf0Ds
HA5tBbDjw30RvgXqsL6sKJkWmAEznpyoE2I7iHbIH6EtnbRhQYKTTsHWGpp0zI0/
YRkyW16FfX3xLkHMkox2GIRgZ04Vi9JCnt/UpX64CqMQ0KpyJNJYlRz+8s/Hp/Ak
9B/YGNN/JKPd13PEkFdhuoWwpBlwQG/gY4vEjc2Y0UDLdvlEAnLEyyOv4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDTqfoo+HN+zUWRlBRmIDGREeyytMB8GA1UdIwQY
MBaAFGo6i3StTtZzeXqfa3dJwiNFaXnQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWpxTGRLMU8xbk41ZXA5cmQwbkNJMFZwZWRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81M2FjYTItZTg4OC00MjFjLWI1OWEt
Yzk1OGJmNGY4OTkxLzEvTk9wLWlqNGMzN05SWkdVRkdZZ01aRVI3TEswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81M2FjYTItZTg4OC00MjFjLWI1OWEtYzk1OGJmNGY4OTkx
LzEvYWpxTGRLMU8xbk41ZXA5cmQwbkNJMFZwZWRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC5I
MA0GCSqGSIb3DQEBCwUAA4IBAQAi+elsu+sGBjW9N4xfKp/RyYfahhxes2UASAap
zuQGJmJTOuR2HuW++44ZvoaI0wX+iRXgaOhp/uQbfz/Rb0GWpLurTVyXjVQQMEOw
bX1asoVdiSlO4db4qsFeLijUrgRmO6Kq9I7bDpmoI2yUrihtZtW3LVv6Vs7dqNxc
Tg5K/t/7o2MFFBkkHgyi/D++9V4ma34ozmW3j3Hjlj6ZWDClTdrLMnWsnvEMLCjV
DeYPlWAsi6WnT66g6Aha3wyKkdNECtCJ7Zb7K4rDDkR2GRsH1TVO2nu/ilrKVKxa
QRh0vjBNRO782DFt747JeRtp7joSyO0BHp09oiUxtxTAeVmO
-----END CERTIFICATE-----