Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/2b9e29-d568-4d53-b128-488792388e5b/1/sVOAnij5FxoE_QE40guDN5y7gCE.roa
File:                     sVOAnij5FxoE_QE40guDN5y7gCE.roa (raw, json)
Hash identifier:          qSm/sWJPZhex17utMHK+EgbsoNrwSauw9oDtEMxWk6I=
Subject key identifier:   B1:53:80:9E:28:F9:17:1A:04:FD:01:38:D2:0B:83:37:9C:BB:80:21
Certificate issuer:       /CN=77d2d928423104e5c3480e21b4a3ed1498b2a27e
Certificate serial:       018CCA2BA99EDF84D0F65F3FBF62639050F3
Authority key identifier: 77:D2:D9:28:42:31:04:E5:C3:48:0E:21:B4:A3:ED:14:98:B2:A2:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d9LZKEIxBOXDSA4htKPtFJiyon4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/2b9e29-d568-4d53-b128-488792388e5b/1/sVOAnij5FxoE_QE40guDN5y7gCE.roa
Signing time:             Tue 02 Jan 2024 12:35:08 +0000
ROA not before:           Tue 02 Jan 2024 12:35:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56837
IP address blocks:        2001:67c:1808::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/2b9e29-d568-4d53-b128-488792388e5b/1/d9LZKEIxBOXDSA4htKPtFJiyon4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/2b9e29-d568-4d53-b128-488792388e5b/1/d9LZKEIxBOXDSA4htKPtFJiyon4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d9LZKEIxBOXDSA4htKPtFJiyon4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:a9:9e:df:84:d0:f6:5f:3f:bf:62:63:90:50:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77d2d928423104e5c3480e21b4a3ed1498b2a27e
        Validity
            Not Before: Jan  2 12:35:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b153809e28f9171a04fd0138d20b83379cbb8021
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ab:c6:9b:bb:aa:6d:d8:64:37:c8:8a:fd:de:
                    e0:ad:b7:66:e5:94:ac:91:eb:ea:40:6f:f4:fe:7f:
                    ba:23:91:99:a0:ec:ff:73:ea:14:59:60:cf:b0:14:
                    4d:dd:ad:1d:47:80:ad:81:80:06:23:86:30:fd:e2:
                    d8:61:a9:6f:59:ce:cd:f8:11:8b:d7:50:7e:b0:e9:
                    4e:aa:d2:56:ad:e3:59:d2:c7:58:83:66:f1:4e:04:
                    29:99:bf:0f:a3:f9:f0:68:57:86:fe:25:49:f7:61:
                    8f:ae:0b:d3:7b:75:c9:ea:0f:b7:4e:d6:04:81:7b:
                    d4:ab:9b:cb:5c:be:62:35:70:e2:23:d0:cc:3d:e7:
                    e0:97:e9:c3:b7:32:e5:e4:b7:93:1a:e8:f0:6a:39:
                    76:9e:b6:78:43:c4:55:51:8e:f5:93:d6:74:f2:55:
                    32:5d:dc:85:75:c6:d9:88:44:e6:bb:d3:b6:cc:0b:
                    f2:39:5f:f3:c6:f5:ae:a6:6e:48:43:54:10:4a:f4:
                    8e:65:f4:18:31:54:ea:08:b3:8b:94:6b:24:d5:9f:
                    f0:33:95:75:5a:94:e6:d2:88:3f:30:d1:bd:23:95:
                    1d:ad:a3:53:94:02:05:19:71:83:72:1a:11:c0:af:
                    d9:01:d3:2f:8e:e2:4e:00:42:ef:4d:d8:0c:46:56:
                    17:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:53:80:9E:28:F9:17:1A:04:FD:01:38:D2:0B:83:37:9C:BB:80:21
            X509v3 Authority Key Identifier:
                keyid:77:D2:D9:28:42:31:04:E5:C3:48:0E:21:B4:A3:ED:14:98:B2:A2:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9LZKEIxBOXDSA4htKPtFJiyon4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/2b9e29-d568-4d53-b128-488792388e5b/1/sVOAnij5FxoE_QE40guDN5y7gCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/2b9e29-d568-4d53-b128-488792388e5b/1/d9LZKEIxBOXDSA4htKPtFJiyon4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1808::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:f4:80:27:a9:0a:29:13:83:a0:f2:4b:c9:f6:4d:f6:fd:9d:
         21:e8:a4:08:c9:cc:cf:fe:60:2e:f2:16:e6:15:a6:ec:41:f0:
         86:d2:e6:76:50:4d:72:d1:08:09:88:bd:7c:ff:4b:40:eb:08:
         22:4c:5f:6d:cd:91:8e:98:27:a3:bb:3d:78:39:5b:5a:7a:17:
         1b:64:c5:eb:ed:87:05:0b:80:e3:00:a4:91:0f:f4:81:8b:56:
         c9:3b:40:3a:34:fa:c0:35:e5:3b:42:69:c7:c4:46:f2:e3:a5:
         79:65:1c:5a:f6:23:2d:ff:ef:02:47:6f:ea:9c:61:8b:aa:e4:
         a6:e4:13:66:ce:4c:c3:1c:c5:de:1b:e5:2e:d8:71:a5:c4:36:
         3b:bb:d6:6a:14:a9:7d:76:46:d0:2c:42:4d:7f:9e:d6:ea:0b:
         a3:ea:10:bf:35:34:80:30:82:e0:7f:f4:ca:13:20:ee:85:2f:
         7b:8e:db:75:69:41:6c:a0:39:ad:93:1f:58:bb:e6:ca:55:fc:
         ad:6c:61:93:e9:4e:80:29:ad:51:03:cf:96:0d:24:c8:40:da:
         98:6e:6b:6c:5f:de:de:b8:16:1b:3b:d8:4f:59:6b:a3:7a:fc:
         56:05:76:cb:24:93:72:f9:81:19:76:ae:b8:48:b7:7c:8c:20:
         d8:97:2c:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKK6me34TQ9l8/v2JjkFDzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZDJkOTI4NDIzMTA0ZTVjMzQ4MGUyMWI0YTNlZDE0OThi
MmEyN2UwHhcNMjQwMTAyMTIzNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTUzODA5ZTI4ZjkxNzFhMDRmZDAxMzhkMjBiODMzNzljYmI4MDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlavGm7uqbdhkN8iK/d7grbdm5ZSs
kevqQG/0/n+6I5GZoOz/c+oUWWDPsBRN3a0dR4CtgYAGI4Yw/eLYYalvWc7N+BGL
11B+sOlOqtJWreNZ0sdYg2bxTgQpmb8Po/nwaFeG/iVJ92GPrgvTe3XJ6g+3TtYE
gXvUq5vLXL5iNXDiI9DMPefgl+nDtzLl5LeTGujwajl2nrZ4Q8RVUY71k9Z08lUy
XdyFdcbZiETmu9O2zAvyOV/zxvWupm5IQ1QQSvSOZfQYMVTqCLOLlGsk1Z/wM5V1
WpTm0og/MNG9I5UdraNTlAIFGXGDchoRwK/ZAdMvjuJOAELvTdgMRlYXfQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLFTgJ4o+RcaBP0BONILgzecu4AhMB8GA1UdIwQY
MBaAFHfS2ShCMQTlw0gOIbSj7RSYsqJ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDlMWktFSXhCT1hEU0E0aHRLUHRGSml5b240LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8yYjllMjktZDU2OC00ZDUzLWIxMjgt
NDg4NzkyMzg4ZTViLzEvc1ZPQW5pajVGeG9FX1FFNDBndURONXk3Z0NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8yYjllMjktZDU2OC00ZDUzLWIxMjgtNDg4NzkyMzg4ZTVi
LzEvZDlMWktFSXhCT1hEU0E0aHRLUHRGSml5b240LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBgI
MA0GCSqGSIb3DQEBCwUAA4IBAQAa9IAnqQopE4Og8kvJ9k32/Z0h6KQIyczP/mAu
8hbmFabsQfCG0uZ2UE1y0QgJiL18/0tA6wgiTF9tzZGOmCejuz14OVtaehcbZMXr
7YcFC4DjAKSRD/SBi1bJO0A6NPrANeU7QmnHxEby46V5ZRxa9iMt/+8CR2/qnGGL
quSm5BNmzkzDHMXeG+Uu2HGlxDY7u9ZqFKl9dkbQLEJNf57W6guj6hC/NTSAMILg
f/TKEyDuhS97jtt1aUFsoDmtkx9Yu+bKVfytbGGT6U6AKa1RA8+WDSTIQNqYbmts
X97euBYbO9hPWWujevxWBXbLJJNy+YEZdq64SLd8jCDYlyzb
-----END CERTIFICATE-----