Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/d334fd-8aed-4fd2-891c-7e453293c3ca/1/fewY50b2CBb1mhqDVIsDNEtNeoY.roa
File:                     fewY50b2CBb1mhqDVIsDNEtNeoY.roa (raw, json)
Hash identifier:          JH9qj5/4RRo67UugApaPAlUt8GSdpdNmDyNetBj2jE8=
Subject key identifier:   7D:EC:18:E7:46:F6:08:16:F5:9A:1A:83:54:8B:03:34:4B:4D:7A:86
Certificate issuer:       /CN=e0aaf8efa1f5aec6dd963c62cf53ada2551adb2a
Certificate serial:       018CCA2B4A417EC0FCD489841137380A63DD
Authority key identifier: E0:AA:F8:EF:A1:F5:AE:C6:DD:96:3C:62:CF:53:AD:A2:55:1A:DB:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Kr476H1rsbdljxiz1OtolUa2yo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/d334fd-8aed-4fd2-891c-7e453293c3ca/1/fewY50b2CBb1mhqDVIsDNEtNeoY.roa
Signing time:             Tue 02 Jan 2024 12:34:43 +0000
ROA not before:           Tue 02 Jan 2024 12:34:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        2001:67c:1104::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/d334fd-8aed-4fd2-891c-7e453293c3ca/1/4Kr476H1rsbdljxiz1OtolUa2yo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/d334fd-8aed-4fd2-891c-7e453293c3ca/1/4Kr476H1rsbdljxiz1OtolUa2yo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Kr476H1rsbdljxiz1OtolUa2yo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:4a:41:7e:c0:fc:d4:89:84:11:37:38:0a:63:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0aaf8efa1f5aec6dd963c62cf53ada2551adb2a
        Validity
            Not Before: Jan  2 12:34:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7dec18e746f60816f59a1a83548b03344b4d7a86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e5:86:40:20:9b:4d:50:bd:45:99:46:94:1f:
                    50:ac:38:6b:79:3c:8d:64:27:ab:6f:7c:7e:17:d2:
                    4a:7d:2a:8a:a2:0b:54:a7:8a:cb:85:19:4a:da:ad:
                    7c:52:b0:58:a2:7b:10:68:dc:91:f5:8b:91:b6:2c:
                    b6:d6:c0:0c:f3:c3:36:f8:3f:73:38:72:be:e7:5a:
                    23:8b:36:1a:44:e3:63:d1:7b:76:27:60:8f:69:bf:
                    37:07:b3:b4:cc:99:73:a2:a4:63:31:4b:fd:15:99:
                    e0:45:36:2c:d8:59:0d:02:a4:07:5a:92:72:f8:0d:
                    c7:6a:d4:61:52:df:16:eb:86:16:1e:8f:94:71:e3:
                    ca:83:f8:a7:b3:ac:69:61:6d:d1:10:e9:de:64:ca:
                    70:40:7f:c0:3e:17:37:9f:73:98:16:06:9c:de:ba:
                    03:27:5f:42:88:c1:ae:ab:7b:5f:2e:af:68:1d:eb:
                    85:94:9d:d0:c2:8a:fc:03:08:c0:e9:56:7f:5b:69:
                    2e:ae:27:42:73:a5:83:1f:a7:f2:cd:fe:7d:7f:d0:
                    cf:c2:60:a1:ad:d0:bf:a7:a0:6f:0d:18:a5:9b:2d:
                    51:66:5f:e1:a8:d9:77:e5:c0:83:84:b4:8b:d1:8a:
                    d7:aa:80:ed:d7:d5:99:e9:c8:76:80:7d:7a:0f:fa:
                    12:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:EC:18:E7:46:F6:08:16:F5:9A:1A:83:54:8B:03:34:4B:4D:7A:86
            X509v3 Authority Key Identifier:
                keyid:E0:AA:F8:EF:A1:F5:AE:C6:DD:96:3C:62:CF:53:AD:A2:55:1A:DB:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Kr476H1rsbdljxiz1OtolUa2yo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/d334fd-8aed-4fd2-891c-7e453293c3ca/1/fewY50b2CBb1mhqDVIsDNEtNeoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/d334fd-8aed-4fd2-891c-7e453293c3ca/1/4Kr476H1rsbdljxiz1OtolUa2yo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1104::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:ad:18:92:c1:1c:92:16:1e:ad:85:c5:83:a5:6b:ae:cd:a6:
         2c:41:53:b3:6c:d6:9f:ae:84:ea:5c:3a:8d:76:c8:9b:32:ac:
         18:3a:70:9a:5d:6a:76:de:23:22:35:9b:2d:22:e9:63:a3:65:
         83:15:b5:47:2f:e0:2b:ed:eb:ff:85:63:b8:81:e3:f9:6c:28:
         eb:1a:10:55:b0:a0:cc:f1:02:d9:f8:83:81:a8:5b:06:f3:50:
         08:2a:4b:95:2c:5a:0d:59:c4:d5:75:f1:68:fe:1c:17:42:29:
         17:5d:e0:e3:97:80:05:96:e0:7c:c9:98:d4:24:eb:88:c4:62:
         a7:40:9e:8a:fe:ba:ab:e1:7b:00:ca:28:95:84:89:c5:d8:88:
         f5:76:30:73:4c:15:bd:cd:99:13:12:3e:e1:84:62:36:17:a8:
         1d:21:b9:2f:7e:cb:ee:11:ca:71:76:b8:98:48:ba:93:cc:7a:
         bb:f6:29:6e:37:b4:2c:e0:51:d3:2f:df:47:d6:18:d6:18:46:
         d3:07:02:5a:b6:b4:05:1c:0d:c6:62:d8:94:4c:6d:c7:2b:f0:
         e9:0a:47:ad:3e:cb:e4:66:96:1c:3b:90:94:5c:59:a8:72:7e:
         90:1c:8f:6b:91:a0:48:3f:07:9c:5f:a6:c8:1e:d1:af:4a:1c:
         61:5e:8d:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKK0pBfsD81ImEETc4CmPdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwYWFmOGVmYTFmNWFlYzZkZDk2M2M2MmNmNTNhZGEyNTUx
YWRiMmEwHhcNMjQwMTAyMTIzNDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGVjMThlNzQ2ZjYwODE2ZjU5YTFhODM1NDhiMDMzNDRiNGQ3YTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+WGQCCbTVC9RZlGlB9QrDhreTyN
ZCerb3x+F9JKfSqKogtUp4rLhRlK2q18UrBYonsQaNyR9YuRtiy21sAM88M2+D9z
OHK+51ojizYaRONj0Xt2J2CPab83B7O0zJlzoqRjMUv9FZngRTYs2FkNAqQHWpJy
+A3HatRhUt8W64YWHo+UcePKg/ins6xpYW3REOneZMpwQH/APhc3n3OYFgac3roD
J19CiMGuq3tfLq9oHeuFlJ3Qwor8AwjA6VZ/W2kuridCc6WDH6fyzf59f9DPwmCh
rdC/p6BvDRilmy1RZl/hqNl35cCDhLSL0YrXqoDt19WZ6ch2gH16D/oStQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH3sGOdG9ggW9Zoag1SLAzRLTXqGMB8GA1UdIwQY
MBaAFOCq+O+h9a7G3ZY8Ys9TraJVGtsqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEtyNDc2SDFyc2JkbGp4aXoxT3RvbFVhMnlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9kMzM0ZmQtOGFlZC00ZmQyLTg5MWMt
N2U0NTMyOTNjM2NhLzEvZmV3WTUwYjJDQmIxbWhxRFZJc0RORXROZW9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9kMzM0ZmQtOGFlZC00ZmQyLTg5MWMtN2U0NTMyOTNjM2Nh
LzEvNEtyNDc2SDFyc2JkbGp4aXoxT3RvbFVhMnlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBEE
MA0GCSqGSIb3DQEBCwUAA4IBAQBmrRiSwRySFh6thcWDpWuuzaYsQVOzbNafroTq
XDqNdsibMqwYOnCaXWp23iMiNZstIuljo2WDFbVHL+Ar7ev/hWO4geP5bCjrGhBV
sKDM8QLZ+IOBqFsG81AIKkuVLFoNWcTVdfFo/hwXQikXXeDjl4AFluB8yZjUJOuI
xGKnQJ6K/rqr4XsAyiiVhInF2Ij1djBzTBW9zZkTEj7hhGI2F6gdIbkvfsvuEcpx
driYSLqTzHq79iluN7Qs4FHTL99H1hjWGEbTBwJatrQFHA3GYtiUTG3HK/DpCket
PsvkZpYcO5CUXFmocn6QHI9rkaBIPwecX6bIHtGvShxhXo2k
-----END CERTIFICATE-----