Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/ab3d97-cd82-426c-b74a-e0c1dfde824a/1/XTozRMhly3IvXhoRW_g50hTRKj0.roa
File:                     XTozRMhly3IvXhoRW_g50hTRKj0.roa (raw, json)
Hash identifier:          l/cBNXGXfrSY5YuPlMadO2F6GArICwMLuVhHYHtnimY=
Subject key identifier:   5D:3A:33:44:C8:65:CB:72:2F:5E:1A:11:5B:F8:39:D2:14:D1:2A:3D
Certificate issuer:       /CN=8242fe64f4172eebb0c96af7e50b62a5077afe0a
Certificate serial:       018D41D9212683A91F6B8D3A6EDC34151F4F
Authority key identifier: 82:42:FE:64:F4:17:2E:EB:B0:C9:6A:F7:E5:0B:62:A5:07:7A:FE:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gkL-ZPQXLuuwyWr35QtipQd6_go.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/ab3d97-cd82-426c-b74a-e0c1dfde824a/1/XTozRMhly3IvXhoRW_g50hTRKj0.roa
Signing time:             Thu 25 Jan 2024 18:19:25 +0000
ROA not before:           Thu 25 Jan 2024 18:19:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41720
IP address blocks:        2001:67c:2f14::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/ab3d97-cd82-426c-b74a-e0c1dfde824a/1/gkL-ZPQXLuuwyWr35QtipQd6_go.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/ab3d97-cd82-426c-b74a-e0c1dfde824a/1/gkL-ZPQXLuuwyWr35QtipQd6_go.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gkL-ZPQXLuuwyWr35QtipQd6_go.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:41:d9:21:26:83:a9:1f:6b:8d:3a:6e:dc:34:15:1f:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8242fe64f4172eebb0c96af7e50b62a5077afe0a
        Validity
            Not Before: Jan 25 18:19:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d3a3344c865cb722f5e1a115bf839d214d12a3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:14:ad:3e:93:bc:c4:f6:24:f8:44:d0:4f:07:
                    fa:0a:2c:75:12:25:3b:cf:eb:03:db:6e:69:b5:d4:
                    01:a3:86:1e:1d:17:59:b7:93:ed:db:81:1c:00:c9:
                    29:a4:b8:32:ca:24:fd:14:07:80:e4:92:50:b8:60:
                    82:07:9a:eb:45:f0:01:90:4f:dd:cd:0c:80:45:fb:
                    97:19:fc:52:d8:78:c2:c8:ba:52:87:75:92:86:c4:
                    15:08:be:78:0c:7e:a6:e4:1b:e3:61:3e:da:59:e0:
                    bc:ba:2f:00:44:9c:2f:c8:8b:f8:57:65:f1:62:bf:
                    19:57:09:56:a8:f1:e5:bf:0d:72:10:39:ea:f1:83:
                    ac:b3:f5:04:1a:31:19:d5:d0:63:eb:75:99:c4:1d:
                    b8:75:e5:76:c9:d2:06:6b:df:ce:3e:48:95:a5:ff:
                    7f:63:a5:75:59:ea:dd:64:3e:b7:84:e1:32:58:5d:
                    ea:da:c7:0c:95:26:a0:83:04:fb:17:59:76:07:38:
                    90:92:7c:9f:1c:5b:a8:58:00:99:0f:39:77:17:e9:
                    7e:8f:2e:94:4f:c7:d5:99:1b:f8:15:d6:ef:85:c9:
                    94:8c:a3:97:29:d7:1e:36:9d:eb:95:7d:17:4a:b9:
                    15:cf:a9:16:6f:42:43:ad:d6:84:c9:e0:f2:58:9d:
                    5f:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:3A:33:44:C8:65:CB:72:2F:5E:1A:11:5B:F8:39:D2:14:D1:2A:3D
            X509v3 Authority Key Identifier:
                keyid:82:42:FE:64:F4:17:2E:EB:B0:C9:6A:F7:E5:0B:62:A5:07:7A:FE:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gkL-ZPQXLuuwyWr35QtipQd6_go.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/ab3d97-cd82-426c-b74a-e0c1dfde824a/1/XTozRMhly3IvXhoRW_g50hTRKj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/ab3d97-cd82-426c-b74a-e0c1dfde824a/1/gkL-ZPQXLuuwyWr35QtipQd6_go.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2f14::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:54:c7:3e:15:72:da:d3:d3:a9:52:24:54:45:13:45:f0:21:
         69:18:9a:36:c7:bf:55:95:1c:0b:c1:56:15:d4:7c:7c:09:7c:
         78:f3:56:f2:1f:fc:7f:bd:9c:66:e4:22:0f:61:24:e8:b8:d7:
         dd:c2:ff:7c:51:21:ca:d5:39:e7:50:2d:d2:51:5e:54:3e:0c:
         97:4d:27:8d:ef:08:6d:4c:a3:46:60:6d:b3:36:26:a3:f7:03:
         01:e5:80:24:c4:6a:82:35:3d:57:2b:53:e2:8f:c7:c1:9b:9f:
         dc:18:40:0e:8c:62:79:ef:5e:7d:7a:91:e4:c0:ce:4c:70:c1:
         1d:73:b8:f1:8a:5b:a4:dc:0a:27:3e:db:7f:df:16:b4:7e:f4:
         49:d8:af:60:81:b1:46:ab:a2:ed:fe:1f:06:49:05:10:65:97:
         a2:a9:09:16:3f:00:85:d8:12:40:52:4b:09:d1:60:c3:be:0c:
         b5:eb:39:7b:59:a1:44:d0:ce:a6:2a:24:db:37:83:8d:25:1d:
         45:72:d0:72:d4:91:27:2b:c6:a9:65:3f:31:f0:22:c2:58:5f:
         6b:7a:6a:54:18:be:d3:9c:54:05:69:c5:bf:f2:fe:dc:d7:c0:
         a8:90:62:85:c7:35:66:ba:c2:40:a9:34:ea:5b:66:92:49:a3:
         f2:d0:01:76
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1B2SEmg6kfa406btw0FR9PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNDJmZTY0ZjQxNzJlZWJiMGM5NmFmN2U1MGI2MmE1MDc3
YWZlMGEwHhcNMjQwMTI1MTgxOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDNhMzM0NGM4NjVjYjcyMmY1ZTFhMTE1YmY4MzlkMjE0ZDEyYTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihStPpO8xPYk+ETQTwf6Cix1EiU7
z+sD225ptdQBo4YeHRdZt5Pt24EcAMkppLgyyiT9FAeA5JJQuGCCB5rrRfABkE/d
zQyARfuXGfxS2HjCyLpSh3WShsQVCL54DH6m5BvjYT7aWeC8ui8ARJwvyIv4V2Xx
Yr8ZVwlWqPHlvw1yEDnq8YOss/UEGjEZ1dBj63WZxB24deV2ydIGa9/OPkiVpf9/
Y6V1WerdZD63hOEyWF3q2scMlSaggwT7F1l2BziQknyfHFuoWACZDzl3F+l+jy6U
T8fVmRv4FdbvhcmUjKOXKdceNp3rlX0XSrkVz6kWb0JDrdaEyeDyWJ1fiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF06M0TIZctyL14aEVv4OdIU0So9MB8GA1UdIwQY
MBaAFIJC/mT0Fy7rsMlq9+ULYqUHev4KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2tMLVpQUVhMdXV3eVdyMzVRdGlwUWQ2X2dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9hYjNkOTctY2Q4Mi00MjZjLWI3NGEt
ZTBjMWRmZGU4MjRhLzEvWFRvelJNaGx5M0l2WGhvUldfZzUwaFRSS2owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9hYjNkOTctY2Q4Mi00MjZjLWI3NGEtZTBjMWRmZGU4MjRh
LzEvZ2tMLVpQUVhMdXV3eVdyMzVRdGlwUWQ2X2dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC8U
MA0GCSqGSIb3DQEBCwUAA4IBAQBBVMc+FXLa09OpUiRURRNF8CFpGJo2x79VlRwL
wVYV1Hx8CXx481byH/x/vZxm5CIPYSTouNfdwv98USHK1TnnUC3SUV5UPgyXTSeN
7whtTKNGYG2zNiaj9wMB5YAkxGqCNT1XK1Pij8fBm5/cGEAOjGJ57159epHkwM5M
cMEdc7jxiluk3AonPtt/3xa0fvRJ2K9ggbFGq6Lt/h8GSQUQZZeiqQkWPwCF2BJA
UksJ0WDDvgy16zl7WaFE0M6mKiTbN4ONJR1FctBy1JEnK8apZT8x8CLCWF9rempU
GL7TnFQFacW/8v7c18CokGKFxzVmusJAqTTqW2aSSaPy0AF2
-----END CERTIFICATE-----