Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/9a8786-09f4-4b60-867a-c8b2df23d519/1/ljfA7TgjIJjSBtVrLzQl2lF6bww.roa
File:                     ljfA7TgjIJjSBtVrLzQl2lF6bww.roa (raw, json)
Hash identifier:          SwHEW0LcfAikIODnBDIVIaEm9KlqIweRWbsGnKtV6Po=
Subject key identifier:   96:37:C0:ED:38:23:20:98:D2:06:D5:6B:2F:34:25:DA:51:7A:6F:0C
Certificate issuer:       /CN=6ed4aa38c0b591d4a6b3e585685c6d43880dac78
Certificate serial:       01933569DAE8A4A756DC2CA9A5A57E636C55
Authority key identifier: 6E:D4:AA:38:C0:B5:91:D4:A6:B3:E5:85:68:5C:6D:43:88:0D:AC:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/btSqOMC1kdSms-WFaFxtQ4gNrHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/9a8786-09f4-4b60-867a-c8b2df23d519/1/ljfA7TgjIJjSBtVrLzQl2lF6bww.roa
Signing time:             Sat 16 Nov 2024 14:39:10 +0000
ROA not before:           Sat 16 Nov 2024 14:39:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213959
IP address blocks:        2001:67c:f54::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/9a8786-09f4-4b60-867a-c8b2df23d519/1/btSqOMC1kdSms-WFaFxtQ4gNrHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/9a8786-09f4-4b60-867a-c8b2df23d519/1/btSqOMC1kdSms-WFaFxtQ4gNrHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/btSqOMC1kdSms-WFaFxtQ4gNrHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:35:69:da:e8:a4:a7:56:dc:2c:a9:a5:a5:7e:63:6c:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed4aa38c0b591d4a6b3e585685c6d43880dac78
        Validity
            Not Before: Nov 16 14:39:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9637c0ed38232098d206d56b2f3425da517a6f0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:89:57:33:d2:ae:77:cb:51:f1:79:88:e4:21:
                    da:9d:b3:e5:ba:0f:b8:59:bc:55:70:a1:75:a8:73:
                    4a:1a:d3:7d:e9:02:56:8f:87:cf:d9:f0:73:47:fb:
                    47:96:d6:95:df:7c:60:ef:f0:04:e1:c6:3c:7e:39:
                    9f:55:86:eb:50:6d:1e:8d:53:23:e1:b6:da:ac:33:
                    c9:54:c0:5f:f2:73:6e:0c:0b:1c:26:71:fb:e4:b6:
                    cf:e0:02:68:0a:c3:3f:c1:e5:f0:03:c1:a1:a5:74:
                    87:b3:6e:d8:b7:e3:2d:87:7e:3a:b8:12:8e:89:68:
                    53:0e:3c:3c:81:83:3e:35:c8:ae:b6:2c:4e:a3:09:
                    13:ab:8a:1b:c5:d3:c4:84:c8:fd:bd:e5:b3:f8:ce:
                    b1:cf:d0:4f:9f:57:61:f6:a5:13:3e:71:08:6c:6f:
                    af:80:5f:08:ca:b4:62:e5:ec:1b:a7:df:9c:7e:f1:
                    7a:12:26:ab:34:f1:3c:b8:7f:26:03:c4:1c:18:d8:
                    ca:64:d3:05:c3:b9:0c:d5:4d:74:74:8f:25:0d:8f:
                    e0:5c:59:84:da:d4:df:69:1c:74:4a:8f:37:d8:54:
                    39:3d:36:77:5a:c2:fb:31:57:02:af:ff:9a:71:9c:
                    18:e2:13:57:07:42:0f:73:27:a9:20:22:1a:00:cb:
                    8d:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:37:C0:ED:38:23:20:98:D2:06:D5:6B:2F:34:25:DA:51:7A:6F:0C
            X509v3 Authority Key Identifier:
                keyid:6E:D4:AA:38:C0:B5:91:D4:A6:B3:E5:85:68:5C:6D:43:88:0D:AC:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/btSqOMC1kdSms-WFaFxtQ4gNrHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/9a8786-09f4-4b60-867a-c8b2df23d519/1/ljfA7TgjIJjSBtVrLzQl2lF6bww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/9a8786-09f4-4b60-867a-c8b2df23d519/1/btSqOMC1kdSms-WFaFxtQ4gNrHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:f54::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:e6:0b:eb:13:ca:19:af:5d:80:e0:ad:1c:2b:c8:88:b5:c5:
         4a:e2:1b:6b:58:17:a0:83:49:20:2b:99:04:43:ed:b5:c5:a2:
         7a:5b:8f:de:1c:3b:8b:ef:8e:26:dd:e5:dc:2e:b5:2f:cf:26:
         45:dc:b6:14:f8:26:3e:9b:85:ee:29:37:ae:96:63:f0:d9:96:
         61:5a:eb:27:4d:32:93:e4:11:f8:0d:56:37:43:9d:d9:15:01:
         e0:1a:ab:5a:dd:46:e6:6f:d7:37:1a:d4:ca:0b:53:83:cf:8d:
         eb:f3:b7:a7:08:93:77:6e:17:dc:d0:47:63:2d:4e:84:b0:84:
         af:98:8e:b4:0f:fe:28:93:39:4a:81:e2:aa:19:56:03:3c:d2:
         7d:3a:d9:60:3c:04:1a:24:73:f1:20:a2:39:f4:a0:e6:d0:4f:
         51:c3:83:0c:c0:13:6d:46:79:03:34:1f:8f:59:31:b9:d0:e3:
         5c:86:e1:1c:82:44:60:0d:12:e6:f8:f3:72:be:87:e9:63:a8:
         aa:84:64:a0:3a:6d:54:08:88:db:5d:75:02:88:ad:79:c0:c6:
         10:c4:64:86:a2:b3:ae:93:94:4f:fe:02:e7:f5:5a:8d:66:48:
         44:da:33:a8:6a:71:e9:42:56:b1:16:0e:0d:27:49:f6:80:57:
         3d:c4:4e:d2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZM1adropKdW3CyppaV+Y2xVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZDRhYTM4YzBiNTkxZDRhNmIzZTU4NTY4NWM2ZDQzODgw
ZGFjNzgwHhcNMjQxMTE2MTQzOTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjM3YzBlZDM4MjMyMDk4ZDIwNmQ1NmIyZjM0MjVkYTUxN2E2ZjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54lXM9Kud8tR8XmI5CHanbPlug+4
WbxVcKF1qHNKGtN96QJWj4fP2fBzR/tHltaV33xg7/AE4cY8fjmfVYbrUG0ejVMj
4bbarDPJVMBf8nNuDAscJnH75LbP4AJoCsM/weXwA8GhpXSHs27Yt+Mth346uBKO
iWhTDjw8gYM+NciutixOowkTq4obxdPEhMj9veWz+M6xz9BPn1dh9qUTPnEIbG+v
gF8IyrRi5ewbp9+cfvF6EiarNPE8uH8mA8QcGNjKZNMFw7kM1U10dI8lDY/gXFmE
2tTfaRx0So832FQ5PTZ3WsL7MVcCr/+acZwY4hNXB0IPcyepICIaAMuNFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJY3wO04IyCY0gbVay80JdpRem8MMB8GA1UdIwQY
MBaAFG7UqjjAtZHUprPlhWhcbUOIDax4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnRTcU9NQzFrZFNtcy1XRmFGeHRRNGdOckhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85YTg3ODYtMDlmNC00YjYwLTg2N2Et
YzhiMmRmMjNkNTE5LzEvbGpmQTdUZ2pJSmpTQnRWckx6UWwybEY2Ynd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85YTg3ODYtMDlmNC00YjYwLTg2N2EtYzhiMmRmMjNkNTE5
LzEvYnRTcU9NQzFrZFNtcy1XRmFGeHRRNGdOckhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA9U
MA0GCSqGSIb3DQEBCwUAA4IBAQCT5gvrE8oZr12A4K0cK8iItcVK4htrWBegg0kg
K5kEQ+21xaJ6W4/eHDuL744m3eXcLrUvzyZF3LYU+CY+m4XuKTeulmPw2ZZhWusn
TTKT5BH4DVY3Q53ZFQHgGqta3Ubmb9c3GtTKC1ODz43r87enCJN3bhfc0EdjLU6E
sISvmI60D/4okzlKgeKqGVYDPNJ9OtlgPAQaJHPxIKI59KDm0E9Rw4MMwBNtRnkD
NB+PWTG50ONchuEcgkRgDRLm+PNyvofpY6iqhGSgOm1UCIjbXXUCiK15wMYQxGSG
orOuk5RP/gLn9VqNZkhE2jOoanHpQlaxFg4NJ0n2gFc9xE7S
-----END CERTIFICATE-----