Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/d334fd-8aed-4fd2-891c-7e453293c3ca/1/IYfub2XT1xu_NMv5b6qb7i7mLfM.roa
File:                     IYfub2XT1xu_NMv5b6qb7i7mLfM.roa (raw, json)
Hash identifier:          zYRv27jNHvtS+lqqRT1s6hm33WzY0pTavFIB+hxyzwI=
Subject key identifier:   21:87:EE:6F:65:D3:D7:1B:BF:34:CB:F9:6F:AA:9B:EE:2E:E6:2D:F3
Certificate issuer:       /CN=e0aaf8efa1f5aec6dd963c62cf53ada2551adb2a
Certificate serial:       018CCA2B4A99066AB1243EDEB58200B772D2
Authority key identifier: E0:AA:F8:EF:A1:F5:AE:C6:DD:96:3C:62:CF:53:AD:A2:55:1A:DB:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Kr476H1rsbdljxiz1OtolUa2yo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/d334fd-8aed-4fd2-891c-7e453293c3ca/1/IYfub2XT1xu_NMv5b6qb7i7mLfM.roa
Signing time:             Tue 02 Jan 2024 12:34:43 +0000
ROA not before:           Tue 02 Jan 2024 12:34:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213021
IP address blocks:        2001:67c:1104::/48 maxlen: 56

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/d334fd-8aed-4fd2-891c-7e453293c3ca/1/4Kr476H1rsbdljxiz1OtolUa2yo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/d334fd-8aed-4fd2-891c-7e453293c3ca/1/4Kr476H1rsbdljxiz1OtolUa2yo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Kr476H1rsbdljxiz1OtolUa2yo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:4a:99:06:6a:b1:24:3e:de:b5:82:00:b7:72:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0aaf8efa1f5aec6dd963c62cf53ada2551adb2a
        Validity
            Not Before: Jan  2 12:34:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2187ee6f65d3d71bbf34cbf96faa9bee2ee62df3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:f6:98:87:76:f0:4c:47:c0:0f:bc:39:59:dd:
                    16:0f:d1:c9:a5:ed:75:4d:d7:1f:6a:67:f0:22:70:
                    d1:1a:d3:be:f0:cd:2d:0f:00:fe:be:74:be:36:b7:
                    c5:a0:47:9f:8f:e6:b3:a5:94:5f:81:b7:90:a2:08:
                    b0:84:70:4e:87:1b:2a:e2:59:b0:1c:52:39:bd:7f:
                    37:6f:c2:9f:c4:df:f1:c7:b8:c0:60:ac:81:d1:af:
                    4c:8b:5b:ec:ff:3b:50:ae:d9:38:21:7c:ee:86:d3:
                    1f:82:7c:42:60:da:f3:3b:11:37:ea:87:e3:13:bc:
                    10:8e:2f:51:1c:57:c9:98:c8:90:61:43:3c:5e:20:
                    0b:d5:d3:f1:6c:b4:c6:e1:06:09:d4:3c:7f:0f:11:
                    75:9a:14:e4:b5:49:37:15:ba:e1:9e:cd:56:b4:1f:
                    3c:d1:0c:a6:c4:ff:4c:0d:e0:f6:a4:01:1f:a4:a3:
                    3c:98:4c:03:55:fa:ae:f8:3b:28:01:9a:3b:ff:e1:
                    0e:e2:bc:a2:56:36:32:76:c2:a9:3e:04:13:f5:4f:
                    c6:4e:75:c8:8c:37:ce:9d:3d:6e:93:b4:be:80:d4:
                    24:94:27:b1:4c:07:0d:1b:00:3f:92:21:9f:02:34:
                    f1:f7:c4:73:db:64:a2:c6:30:0e:fb:b6:d1:71:09:
                    05:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:87:EE:6F:65:D3:D7:1B:BF:34:CB:F9:6F:AA:9B:EE:2E:E6:2D:F3
            X509v3 Authority Key Identifier:
                keyid:E0:AA:F8:EF:A1:F5:AE:C6:DD:96:3C:62:CF:53:AD:A2:55:1A:DB:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Kr476H1rsbdljxiz1OtolUa2yo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/d334fd-8aed-4fd2-891c-7e453293c3ca/1/IYfub2XT1xu_NMv5b6qb7i7mLfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/d334fd-8aed-4fd2-891c-7e453293c3ca/1/4Kr476H1rsbdljxiz1OtolUa2yo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1104::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:06:91:4c:22:25:96:94:71:35:4b:bd:e1:84:7c:f4:99:dc:
         b9:32:75:34:d4:4c:32:55:40:3c:00:f4:e1:c5:9d:54:74:6f:
         0f:2f:5b:b7:a7:15:32:2f:57:97:69:22:c8:6f:59:7e:1f:ed:
         e2:23:71:d6:ec:78:20:4c:08:55:9e:f5:20:f6:28:ba:b9:e7:
         f2:81:16:8a:56:b1:ab:65:12:38:d6:d3:27:e3:e2:72:01:a5:
         78:3d:0f:43:16:d8:3c:74:6c:da:d9:2c:fc:53:cc:b5:65:7f:
         f4:de:d6:0d:9e:0e:6b:89:04:01:ba:5d:b8:21:9e:06:ad:9d:
         0d:e9:e4:0a:ee:60:ae:15:8a:82:2a:7d:5e:bb:00:04:e8:34:
         2a:38:44:1a:e6:aa:a2:ee:5d:2d:71:95:8e:05:04:7f:0b:66:
         ce:c8:75:20:44:68:80:bf:3c:0e:d8:ff:5b:01:3e:d9:9b:50:
         e3:9c:d1:63:b5:10:6e:ae:1f:1a:3f:62:bd:9a:a2:af:07:cf:
         39:8a:2a:10:13:1b:f0:15:9c:26:7e:32:3e:6e:96:93:64:16:
         91:80:3c:d0:5a:5b:65:62:25:d4:36:52:f7:fd:9f:ed:ac:03:
         6e:5d:67:67:56:9a:be:2c:09:43:0a:f4:c7:f1:a8:b2:10:96:
         b8:a2:fb:b7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKK0qZBmqxJD7etYIAt3LSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwYWFmOGVmYTFmNWFlYzZkZDk2M2M2MmNmNTNhZGEyNTUx
YWRiMmEwHhcNMjQwMTAyMTIzNDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTg3ZWU2ZjY1ZDNkNzFiYmYzNGNiZjk2ZmFhOWJlZTJlZTYyZGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgvaYh3bwTEfAD7w5Wd0WD9HJpe11
TdcfamfwInDRGtO+8M0tDwD+vnS+NrfFoEefj+azpZRfgbeQogiwhHBOhxsq4lmw
HFI5vX83b8KfxN/xx7jAYKyB0a9Mi1vs/ztQrtk4IXzuhtMfgnxCYNrzOxE36ofj
E7wQji9RHFfJmMiQYUM8XiAL1dPxbLTG4QYJ1Dx/DxF1mhTktUk3Fbrhns1WtB88
0QymxP9MDeD2pAEfpKM8mEwDVfqu+DsoAZo7/+EO4ryiVjYydsKpPgQT9U/GTnXI
jDfOnT1uk7S+gNQklCexTAcNGwA/kiGfAjTx98Rz22SixjAO+7bRcQkF1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCGH7m9l09cbvzTL+W+qm+4u5i3zMB8GA1UdIwQY
MBaAFOCq+O+h9a7G3ZY8Ys9TraJVGtsqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEtyNDc2SDFyc2JkbGp4aXoxT3RvbFVhMnlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9kMzM0ZmQtOGFlZC00ZmQyLTg5MWMt
N2U0NTMyOTNjM2NhLzEvSVlmdWIyWFQxeHVfTk12NWI2cWI3aTdtTGZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9kMzM0ZmQtOGFlZC00ZmQyLTg5MWMtN2U0NTMyOTNjM2Nh
LzEvNEtyNDc2SDFyc2JkbGp4aXoxT3RvbFVhMnlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBEE
MA0GCSqGSIb3DQEBCwUAA4IBAQAABpFMIiWWlHE1S73hhHz0mdy5MnU01EwyVUA8
APThxZ1UdG8PL1u3pxUyL1eXaSLIb1l+H+3iI3HW7HggTAhVnvUg9ii6uefygRaK
VrGrZRI41tMn4+JyAaV4PQ9DFtg8dGza2Sz8U8y1ZX/03tYNng5riQQBul24IZ4G
rZ0N6eQK7mCuFYqCKn1euwAE6DQqOEQa5qqi7l0tcZWOBQR/C2bOyHUgRGiAvzwO
2P9bAT7Zm1DjnNFjtRBurh8aP2K9mqKvB885iioQExvwFZwmfjI+bpaTZBaRgDzQ
WltlYiXUNlL3/Z/trANuXWdnVpq+LAlDCvTH8aiyEJa4ovu3
-----END CERTIFICATE-----