Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/09274f-baeb-461e-bca7-ab01c5f2ed7d/1/G5jFnlnUM6inR1GQTviGdGRZu5I.roa
File:                     G5jFnlnUM6inR1GQTviGdGRZu5I.roa (raw, json)
Hash identifier:          S1g1TNYQIVrKWsAaNQmqNrlAkV3hLvfw7WTTCwzfyds=
Subject key identifier:   1B:98:C5:9E:59:D4:33:A8:A7:47:51:90:4E:F8:86:74:64:59:BB:92
Certificate issuer:       /CN=54e73f21fecf8f8c505892f7064de1a0a4cf8e7f
Certificate serial:       018CC8DF82ABC4F2C0DA8E1451859101E7B4
Authority key identifier: 54:E7:3F:21:FE:CF:8F:8C:50:58:92:F7:06:4D:E1:A0:A4:CF:8E:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VOc_If7Pj4xQWJL3Bk3hoKTPjn8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/09274f-baeb-461e-bca7-ab01c5f2ed7d/1/G5jFnlnUM6inR1GQTviGdGRZu5I.roa
Signing time:             Tue 02 Jan 2024 06:32:20 +0000
ROA not before:           Tue 02 Jan 2024 06:32:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62430
IP address blocks:        2001:67c:9ec::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/09274f-baeb-461e-bca7-ab01c5f2ed7d/1/VOc_If7Pj4xQWJL3Bk3hoKTPjn8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/09274f-baeb-461e-bca7-ab01c5f2ed7d/1/VOc_If7Pj4xQWJL3Bk3hoKTPjn8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VOc_If7Pj4xQWJL3Bk3hoKTPjn8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 18:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:82:ab:c4:f2:c0:da:8e:14:51:85:91:01:e7:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54e73f21fecf8f8c505892f7064de1a0a4cf8e7f
        Validity
            Not Before: Jan  2 06:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b98c59e59d433a8a74751904ef886746459bb92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:15:1f:c6:96:46:e4:3e:96:e6:77:f1:da:75:
                    9f:d0:84:c6:81:8b:73:bb:63:b4:ee:ba:d3:44:24:
                    dc:4c:64:32:7f:ac:f4:5b:5d:69:9c:b6:19:77:fd:
                    39:f5:aa:d5:78:a7:a3:d9:d4:52:96:c7:12:01:5e:
                    32:91:52:ed:43:11:0c:a3:bc:48:8f:68:96:8e:cb:
                    61:17:ee:f1:6d:73:08:10:55:d2:6d:90:a9:22:6e:
                    1a:91:ef:48:23:43:b8:15:78:c7:23:95:93:d3:c7:
                    67:3c:b0:8a:49:fe:98:99:6b:1c:bc:b2:36:66:ee:
                    76:81:91:83:a9:55:82:35:03:39:2e:4a:b0:28:e6:
                    8f:96:58:cc:f3:9d:e2:9d:9d:f4:9a:df:5e:5f:66:
                    b4:a4:02:2f:46:98:7d:7d:df:36:41:56:7e:5f:8a:
                    f2:b7:bf:74:41:41:5a:3e:1d:ba:cc:52:2c:5d:a9:
                    7d:bd:4c:aa:c1:f5:48:bf:bd:9c:a8:5c:aa:c0:7e:
                    47:b1:c5:d4:c4:9f:8c:23:d7:14:85:5e:4e:9a:a8:
                    51:2e:0f:30:bf:4b:12:7b:f0:2c:90:10:92:60:a1:
                    f3:40:51:0d:88:b6:16:52:f9:63:62:bc:ae:e4:1d:
                    72:57:76:42:ca:11:7c:da:7d:cf:b8:de:8a:29:ab:
                    75:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:98:C5:9E:59:D4:33:A8:A7:47:51:90:4E:F8:86:74:64:59:BB:92
            X509v3 Authority Key Identifier:
                keyid:54:E7:3F:21:FE:CF:8F:8C:50:58:92:F7:06:4D:E1:A0:A4:CF:8E:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VOc_If7Pj4xQWJL3Bk3hoKTPjn8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/09274f-baeb-461e-bca7-ab01c5f2ed7d/1/G5jFnlnUM6inR1GQTviGdGRZu5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/09274f-baeb-461e-bca7-ab01c5f2ed7d/1/VOc_If7Pj4xQWJL3Bk3hoKTPjn8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:9ec::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:33:75:40:c8:5e:4f:c1:bb:7d:02:3c:4b:8a:95:69:3d:10:
         05:4d:04:c4:de:c4:3c:36:e5:12:22:66:6b:ba:67:bf:e4:63:
         fe:9f:bd:d8:78:41:85:50:ae:45:69:08:58:37:33:33:b2:b6:
         5a:18:91:b3:6d:ef:f7:85:c8:49:3c:7f:22:82:64:fe:ee:04:
         59:eb:49:8d:2b:37:1f:0b:ec:28:33:6c:f0:e2:56:6f:bd:05:
         39:38:85:83:ac:92:0a:1f:37:e6:ac:d8:7e:5e:26:e1:84:80:
         53:62:73:cc:96:e3:e9:c3:e3:82:44:5c:2c:2d:68:91:8b:3c:
         62:3f:8c:88:50:ef:70:ea:ef:d7:72:6e:f8:4d:37:76:f9:7c:
         35:ab:c1:56:7b:ad:f9:62:18:e4:af:27:26:b4:8e:73:a6:51:
         2d:fc:51:5c:02:0c:cc:a2:d8:e0:fa:2e:8f:dd:6f:7d:e8:05:
         bf:fa:b7:c4:e8:55:bb:39:b1:69:96:34:bf:c8:d0:80:c6:e6:
         d3:9f:bf:9e:66:8a:d2:9b:9f:1c:41:d2:b6:d2:f3:b7:03:0c:
         7c:a9:8c:62:a4:0b:92:1d:b9:4c:59:3d:f0:fb:a8:20:28:f2:
         7a:28:5c:c6:8e:5f:ce:32:4e:14:97:f9:d8:d5:8f:7e:dc:f4:
         e5:81:0a:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI34KrxPLA2o4UUYWRAee0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0ZTczZjIxZmVjZjhmOGM1MDU4OTJmNzA2NGRlMWEwYTRj
ZjhlN2YwHhcNMjQwMTAyMDYzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjk4YzU5ZTU5ZDQzM2E4YTc0NzUxOTA0ZWY4ODY3NDY0NTliYjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRUfxpZG5D6W5nfx2nWf0ITGgYtz
u2O07rrTRCTcTGQyf6z0W11pnLYZd/059arVeKej2dRSlscSAV4ykVLtQxEMo7xI
j2iWjsthF+7xbXMIEFXSbZCpIm4ake9II0O4FXjHI5WT08dnPLCKSf6YmWscvLI2
Zu52gZGDqVWCNQM5LkqwKOaPlljM853inZ30mt9eX2a0pAIvRph9fd82QVZ+X4ry
t790QUFaPh26zFIsXal9vUyqwfVIv72cqFyqwH5HscXUxJ+MI9cUhV5OmqhRLg8w
v0sSe/AskBCSYKHzQFENiLYWUvljYryu5B1yV3ZCyhF82n3PuN6KKat1ZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBuYxZ5Z1DOop0dRkE74hnRkWbuSMB8GA1UdIwQY
MBaAFFTnPyH+z4+MUFiS9wZN4aCkz45/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk9jX0lmN1BqNHhRV0pMM0JrM2hvS1RQam44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8wOTI3NGYtYmFlYi00NjFlLWJjYTct
YWIwMWM1ZjJlZDdkLzEvRzVqRm5sblVNNmluUjFHUVR2aUdkR1JadTVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8wOTI3NGYtYmFlYi00NjFlLWJjYTctYWIwMWM1ZjJlZDdk
LzEvVk9jX0lmN1BqNHhRV0pMM0JrM2hvS1RQam44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAns
MA0GCSqGSIb3DQEBCwUAA4IBAQBqM3VAyF5Pwbt9AjxLipVpPRAFTQTE3sQ8NuUS
ImZrume/5GP+n73YeEGFUK5FaQhYNzMzsrZaGJGzbe/3hchJPH8igmT+7gRZ60mN
KzcfC+woM2zw4lZvvQU5OIWDrJIKHzfmrNh+XibhhIBTYnPMluPpw+OCRFwsLWiR
izxiP4yIUO9w6u/Xcm74TTd2+Xw1q8FWe635YhjkrycmtI5zplEt/FFcAgzMotjg
+i6P3W996AW/+rfE6FW7ObFpljS/yNCAxubTn7+eZorSm58cQdK20vO3Awx8qYxi
pAuSHblMWT3w+6ggKPJ6KFzGjl/OMk4Ul/nY1Y9+3PTlgQrQ
-----END CERTIFICATE-----