Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/cdecd2-38d6-40cf-ab02-dab9dc6dc4c9/1/tkLuwytXMK4V7CGyT-5Zkm8ScBk.roa
File:                     tkLuwytXMK4V7CGyT-5Zkm8ScBk.roa (raw, json)
Hash identifier:          51QgqPVQGVnyakfyislI8zc6W+wC2Xo6iyr9ZgLXxqo=
Subject key identifier:   B6:42:EE:C3:2B:57:30:AE:15:EC:21:B2:4F:EE:59:92:6F:12:70:19
Certificate issuer:       /CN=81b65a230d6927dbac201097f949e2eaa2731220
Certificate serial:       018CC4939BC5303DDC5B154AC8832C23C203
Authority key identifier: 81:B6:5A:23:0D:69:27:DB:AC:20:10:97:F9:49:E2:EA:A2:73:12:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gbZaIw1pJ9usIBCX-Uni6qJzEiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/cdecd2-38d6-40cf-ab02-dab9dc6dc4c9/1/tkLuwytXMK4V7CGyT-5Zkm8ScBk.roa
Signing time:             Mon 01 Jan 2024 10:30:57 +0000
ROA not before:           Mon 01 Jan 2024 10:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203218
IP address blocks:        2001:67c:2d80::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/cdecd2-38d6-40cf-ab02-dab9dc6dc4c9/1/gbZaIw1pJ9usIBCX-Uni6qJzEiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/cdecd2-38d6-40cf-ab02-dab9dc6dc4c9/1/gbZaIw1pJ9usIBCX-Uni6qJzEiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gbZaIw1pJ9usIBCX-Uni6qJzEiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:50:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:9b:c5:30:3d:dc:5b:15:4a:c8:83:2c:23:c2:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81b65a230d6927dbac201097f949e2eaa2731220
        Validity
            Not Before: Jan  1 10:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b642eec32b5730ae15ec21b24fee59926f127019
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1e:91:9e:00:9a:9c:87:95:99:e1:a6:df:76:
                    68:69:b2:e6:be:84:c0:e6:57:b9:6b:e7:16:f7:51:
                    e5:48:97:3e:80:da:c1:86:d0:c8:a6:9e:6b:5e:58:
                    75:1e:ef:83:ec:c3:b8:52:c9:65:f5:dc:be:f2:8f:
                    53:07:55:3f:28:81:b1:1c:30:1e:c0:e9:33:de:66:
                    f2:eb:6f:5b:a5:41:c3:49:99:92:36:81:5f:08:74:
                    33:22:05:f7:0a:b2:45:e3:19:44:3f:ce:a4:ed:54:
                    e9:70:ec:db:e3:08:75:62:00:f9:aa:bd:e6:d4:12:
                    36:e6:4d:38:ba:84:4d:49:41:23:b2:e7:d2:72:8b:
                    31:77:48:7f:e1:5e:a0:33:fa:0e:d3:43:7e:31:b5:
                    ce:52:48:5a:5f:c4:ec:04:67:87:e2:35:e7:34:cc:
                    a5:ae:a0:d8:87:da:49:03:a5:e1:2f:1a:ba:15:9e:
                    35:08:f8:ff:24:62:51:53:f3:d2:64:7b:a8:2b:ed:
                    3c:de:ab:f1:e0:6e:d7:7e:0a:1f:4c:80:41:22:7d:
                    03:49:42:4c:54:0d:72:07:bf:c5:c8:6d:aa:9e:52:
                    49:8c:e1:af:25:a1:68:fe:23:b1:64:fd:db:c1:2f:
                    ef:51:29:e5:ea:79:ef:13:69:f0:71:a2:9e:9f:68:
                    3c:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:42:EE:C3:2B:57:30:AE:15:EC:21:B2:4F:EE:59:92:6F:12:70:19
            X509v3 Authority Key Identifier:
                keyid:81:B6:5A:23:0D:69:27:DB:AC:20:10:97:F9:49:E2:EA:A2:73:12:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gbZaIw1pJ9usIBCX-Uni6qJzEiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/cdecd2-38d6-40cf-ab02-dab9dc6dc4c9/1/tkLuwytXMK4V7CGyT-5Zkm8ScBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/cdecd2-38d6-40cf-ab02-dab9dc6dc4c9/1/gbZaIw1pJ9usIBCX-Uni6qJzEiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2d80::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:d2:cd:8d:ab:77:33:f7:e5:12:b0:b7:38:7e:12:6f:03:a9:
         c1:e8:25:e2:bb:9e:89:9a:72:20:7b:2e:7b:4e:70:62:fd:b2:
         e6:52:c6:31:cd:eb:fc:a8:99:9c:07:2b:22:ad:4c:cf:c4:52:
         45:ad:18:2b:07:91:e9:75:a1:bb:43:78:6b:48:ca:ad:a7:0d:
         08:5a:4a:03:f0:36:ba:41:7b:f7:7a:f4:07:8f:2f:d6:f2:3a:
         2c:54:ad:d9:53:bb:af:e8:2a:45:d7:30:7d:e8:93:89:11:96:
         c9:a0:18:0b:9b:10:3a:a2:0a:22:04:2b:89:48:0b:07:b5:a6:
         77:3d:67:4d:da:8b:94:df:d1:f2:42:8a:6c:96:8c:d2:8e:83:
         d8:c2:ff:36:84:a2:ae:56:c8:5b:4f:43:52:f2:72:66:b1:39:
         67:36:6c:5d:f4:48:97:ea:9d:e0:3e:f5:6c:65:2a:3a:7c:78:
         ca:16:4e:2a:eb:29:06:33:fd:f7:09:0f:ad:f1:92:39:d7:67:
         1e:5a:91:fd:bb:8c:12:00:67:30:ec:7c:5f:47:3a:ab:ad:e1:
         38:5d:77:a9:04:5f:26:37:37:6e:c1:f4:8b:10:99:14:e5:1e:
         3f:e8:82:af:8b:51:cc:71:a5:2b:7c:d1:76:1a:a7:5f:ec:36:
         6d:02:8e:a0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk5vFMD3cWxVKyIMsI8IDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYjY1YTIzMGQ2OTI3ZGJhYzIwMTA5N2Y5NDllMmVhYTI3
MzEyMjAwHhcNMjQwMTAxMTAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjQyZWVjMzJiNTczMGFlMTVlYzIxYjI0ZmVlNTk5MjZmMTI3MDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoB6RngCanIeVmeGm33ZoabLmvoTA
5le5a+cW91HlSJc+gNrBhtDIpp5rXlh1Hu+D7MO4Usll9dy+8o9TB1U/KIGxHDAe
wOkz3mby629bpUHDSZmSNoFfCHQzIgX3CrJF4xlEP86k7VTpcOzb4wh1YgD5qr3m
1BI25k04uoRNSUEjsufScosxd0h/4V6gM/oO00N+MbXOUkhaX8TsBGeH4jXnNMyl
rqDYh9pJA6XhLxq6FZ41CPj/JGJRU/PSZHuoK+083qvx4G7XfgofTIBBIn0DSUJM
VA1yB7/FyG2qnlJJjOGvJaFo/iOxZP3bwS/vUSnl6nnvE2nwcaKen2g8SwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLZC7sMrVzCuFewhsk/uWZJvEnAZMB8GA1UdIwQY
MBaAFIG2WiMNaSfbrCAQl/lJ4uqicxIgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2JaYUl3MXBKOXVzSUJDWC1Vbmk2cUp6RWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jZGVjZDItMzhkNi00MGNmLWFiMDIt
ZGFiOWRjNmRjNGM5LzEvdGtMdXd5dFhNSzRWN0NHeVQtNVprbThTY0JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jZGVjZDItMzhkNi00MGNmLWFiMDItZGFiOWRjNmRjNGM5
LzEvZ2JaYUl3MXBKOXVzSUJDWC1Vbmk2cUp6RWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC2A
MA0GCSqGSIb3DQEBCwUAA4IBAQA90s2Nq3cz9+USsLc4fhJvA6nB6CXiu56JmnIg
ey57TnBi/bLmUsYxzev8qJmcBysirUzPxFJFrRgrB5HpdaG7Q3hrSMqtpw0IWkoD
8Da6QXv3evQHjy/W8josVK3ZU7uv6CpF1zB96JOJEZbJoBgLmxA6ogoiBCuJSAsH
taZ3PWdN2ouU39HyQopslozSjoPYwv82hKKuVshbT0NS8nJmsTlnNmxd9EiX6p3g
PvVsZSo6fHjKFk4q6ykGM/33CQ+t8ZI512ceWpH9u4wSAGcw7HxfRzqrreE4XXep
BF8mNzduwfSLEJkU5R4/6IKvi1HMcaUrfNF2Gqdf7DZtAo6g
-----END CERTIFICATE-----