Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/8b5d2a-4bc4-406f-97d5-ba3947c9b22b/1/YI0Zob-2lWY9ulUqxy-D1HjBST4.roa
File:                     YI0Zob-2lWY9ulUqxy-D1HjBST4.roa (raw, json)
Hash identifier:          IcoBeMr/TtXwAimt9iRtVkJBOjdvdhaObkeUvM6HcJE=
Subject key identifier:   60:8D:19:A1:BF:B6:95:66:3D:BA:55:2A:C7:2F:83:D4:78:C1:49:3E
Certificate issuer:       /CN=b58522dac6bcde8c481333599132a16200e6a5be
Certificate serial:       018CC34943F16692BD896F66E725B5004F15
Authority key identifier: B5:85:22:DA:C6:BC:DE:8C:48:13:33:59:91:32:A1:62:00:E6:A5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tYUi2sa83oxIEzNZkTKhYgDmpb4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/8b5d2a-4bc4-406f-97d5-ba3947c9b22b/1/YI0Zob-2lWY9ulUqxy-D1HjBST4.roa
Signing time:             Mon 01 Jan 2024 04:30:07 +0000
ROA not before:           Mon 01 Jan 2024 04:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49825
IP address blocks:        2001:67c:12d4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/8b5d2a-4bc4-406f-97d5-ba3947c9b22b/1/tYUi2sa83oxIEzNZkTKhYgDmpb4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/8b5d2a-4bc4-406f-97d5-ba3947c9b22b/1/tYUi2sa83oxIEzNZkTKhYgDmpb4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tYUi2sa83oxIEzNZkTKhYgDmpb4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:43:f1:66:92:bd:89:6f:66:e7:25:b5:00:4f:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b58522dac6bcde8c481333599132a16200e6a5be
        Validity
            Not Before: Jan  1 04:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=608d19a1bfb695663dba552ac72f83d478c1493e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:03:b5:7f:08:34:b4:f9:d0:a5:6e:86:2e:f6:
                    40:a6:f4:89:16:e4:05:ac:f7:6c:bb:8c:51:6e:ed:
                    34:42:09:29:78:b2:90:47:2f:fb:92:d5:25:61:8d:
                    2f:e3:b9:6c:e0:6c:09:fd:73:7c:32:19:79:b7:2e:
                    1b:86:7a:35:e6:9d:1c:34:15:87:d6:23:f0:62:a0:
                    1d:cc:02:1d:8a:14:52:25:9c:2e:fe:c2:f6:93:04:
                    7d:6f:06:b1:56:73:e5:1d:7b:c4:24:c0:bb:d0:3b:
                    b8:e9:f8:63:17:f7:e4:92:6c:1b:82:a0:80:a5:57:
                    a0:c6:98:8d:63:1b:64:b0:63:2d:45:b8:9e:6c:35:
                    10:6d:60:fd:c1:de:fd:28:0c:c0:b5:29:87:8a:a8:
                    ee:5b:91:a0:72:69:48:ab:57:12:dd:5f:54:55:7a:
                    db:80:30:8e:00:d0:68:ef:8e:eb:90:bc:1f:4e:b4:
                    c2:30:e9:3b:28:64:51:6f:e8:30:0f:bb:da:b3:ae:
                    ba:88:36:b8:87:b5:91:43:c7:37:07:72:5d:b5:b7:
                    57:b5:89:2e:4e:e7:ef:df:6a:72:88:db:b8:9a:83:
                    71:04:fc:e0:cd:f9:ea:39:f4:ef:2f:0e:94:05:3d:
                    8f:6e:66:af:18:55:43:c9:ee:93:74:67:63:fd:49:
                    80:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:8D:19:A1:BF:B6:95:66:3D:BA:55:2A:C7:2F:83:D4:78:C1:49:3E
            X509v3 Authority Key Identifier:
                keyid:B5:85:22:DA:C6:BC:DE:8C:48:13:33:59:91:32:A1:62:00:E6:A5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tYUi2sa83oxIEzNZkTKhYgDmpb4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8b5d2a-4bc4-406f-97d5-ba3947c9b22b/1/YI0Zob-2lWY9ulUqxy-D1HjBST4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8b5d2a-4bc4-406f-97d5-ba3947c9b22b/1/tYUi2sa83oxIEzNZkTKhYgDmpb4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:12d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:dc:4e:f3:e2:d3:b0:a1:c0:39:b7:9f:88:5e:cc:ab:5b:e3:
         3d:3b:23:18:71:ec:96:7f:d0:c0:3c:ba:6b:b3:3b:25:60:1f:
         45:12:18:a7:03:33:4e:19:7e:0e:a0:bb:d5:fd:df:ca:4f:8f:
         aa:98:0b:8a:83:4f:81:e9:a1:b2:5b:3f:98:db:53:d6:cd:86:
         c3:30:60:7d:d8:30:9f:3e:75:52:c0:64:90:17:12:04:fd:ec:
         fd:55:a4:8b:e2:32:b2:66:65:3a:2a:46:5a:bf:40:e9:03:3e:
         db:ad:a9:ec:b9:dc:c5:ce:7d:42:ee:8d:f9:55:25:4d:4f:f6:
         2c:4b:04:22:5c:6c:5e:88:43:00:34:c2:b6:20:6e:7c:31:23:
         43:ef:86:30:99:a5:23:a9:16:02:60:c5:3b:7b:21:64:0a:a0:
         96:e3:6c:6c:7e:a3:1c:37:b9:23:d2:2c:0d:0f:98:7d:87:8e:
         f8:ad:b0:a5:77:01:f5:cc:ae:d4:3b:59:c4:1e:88:4b:e0:a4:
         aa:72:3d:7f:58:ab:e3:49:f0:04:dd:d9:f8:54:3c:1f:77:ff:
         ff:5a:61:b0:5f:38:e3:e5:1c:97:25:8f:50:7b:fc:ba:4e:10:
         84:7c:ac:df:73:2f:72:0f:65:b7:91:33:6c:9d:6f:27:db:12:
         0f:04:5b:aa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSUPxZpK9iW9m5yW1AE8VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1ODUyMmRhYzZiY2RlOGM0ODEzMzM1OTkxMzJhMTYyMDBl
NmE1YmUwHhcNMjQwMTAxMDQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDhkMTlhMWJmYjY5NTY2M2RiYTU1MmFjNzJmODNkNDc4YzE0OTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9gO1fwg0tPnQpW6GLvZApvSJFuQF
rPdsu4xRbu00QgkpeLKQRy/7ktUlYY0v47ls4GwJ/XN8Mhl5ty4bhno15p0cNBWH
1iPwYqAdzAIdihRSJZwu/sL2kwR9bwaxVnPlHXvEJMC70Du46fhjF/fkkmwbgqCA
pVegxpiNYxtksGMtRbiebDUQbWD9wd79KAzAtSmHiqjuW5GgcmlIq1cS3V9UVXrb
gDCOANBo747rkLwfTrTCMOk7KGRRb+gwD7vas666iDa4h7WRQ8c3B3JdtbdXtYku
Tufv32pyiNu4moNxBPzgzfnqOfTvLw6UBT2PbmavGFVDye6TdGdj/UmAJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGCNGaG/tpVmPbpVKscvg9R4wUk+MB8GA1UdIwQY
MBaAFLWFItrGvN6MSBMzWZEyoWIA5qW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFlVaTJzYTgzb3hJRXpOWmtUS2hZZ0RtcGI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC84YjVkMmEtNGJjNC00MDZmLTk3ZDUt
YmEzOTQ3YzliMjJiLzEvWUkwWm9iLTJsV1k5dWxVcXh5LUQxSGpCU1Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC84YjVkMmEtNGJjNC00MDZmLTk3ZDUtYmEzOTQ3YzliMjJi
LzEvdFlVaTJzYTgzb3hJRXpOWmtUS2hZZ0RtcGI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBLU
MA0GCSqGSIb3DQEBCwUAA4IBAQAg3E7z4tOwocA5t5+IXsyrW+M9OyMYceyWf9DA
PLprszslYB9FEhinAzNOGX4OoLvV/d/KT4+qmAuKg0+B6aGyWz+Y21PWzYbDMGB9
2DCfPnVSwGSQFxIE/ez9VaSL4jKyZmU6KkZav0DpAz7bransudzFzn1C7o35VSVN
T/YsSwQiXGxeiEMANMK2IG58MSND74YwmaUjqRYCYMU7eyFkCqCW42xsfqMcN7kj
0iwND5h9h474rbCldwH1zK7UO1nEHohL4KSqcj1/WKvjSfAE3dn4VDwfd///WmGw
Xzjj5RyXJY9Qe/y6ThCEfKzfcy9yD2W3kTNsnW8n2xIPBFuq
-----END CERTIFICATE-----