Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/d9d3c9-f194-4b26-8f10-ff6a9cde6335/1/ovojrokxTJInSB_VS-y5J67XqCc.roa
File:                     ovojrokxTJInSB_VS-y5J67XqCc.roa (raw, json)
Hash identifier:          yi0QhNgSoYrr9Cl/UY10Vo8G1b9n6XAJqZ5fvKc3QN4=
Subject key identifier:   A2:FA:23:AE:89:31:4C:92:27:48:1F:D5:4B:EC:B9:27:AE:D7:A8:27
Certificate issuer:       /CN=b5c4787b80ab4801ab62b1bdbfb28e06d30cdf6a
Certificate serial:       018FE25318AA1A63DD6065230C7B871396F7
Authority key identifier: B5:C4:78:7B:80:AB:48:01:AB:62:B1:BD:BF:B2:8E:06:D3:0C:DF:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tcR4e4CrSAGrYrG9v7KOBtMM32o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/d9d3c9-f194-4b26-8f10-ff6a9cde6335/1/ovojrokxTJInSB_VS-y5J67XqCc.roa
Signing time:             Tue 04 Jun 2024 08:17:27 +0000
ROA not before:           Tue 04 Jun 2024 08:17:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214784
IP address blocks:        2001:67c:2fa4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/d9d3c9-f194-4b26-8f10-ff6a9cde6335/1/tcR4e4CrSAGrYrG9v7KOBtMM32o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/d9d3c9-f194-4b26-8f10-ff6a9cde6335/1/tcR4e4CrSAGrYrG9v7KOBtMM32o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tcR4e4CrSAGrYrG9v7KOBtMM32o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e2:53:18:aa:1a:63:dd:60:65:23:0c:7b:87:13:96:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5c4787b80ab4801ab62b1bdbfb28e06d30cdf6a
        Validity
            Not Before: Jun  4 08:17:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2fa23ae89314c9227481fd54becb927aed7a827
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:0f:93:49:33:9d:76:52:59:9b:ee:e8:b4:c9:
                    69:98:fe:a9:f2:22:97:d9:e8:d2:e7:77:c6:df:d7:
                    d0:a0:91:81:61:bb:d3:95:92:ac:bc:c4:de:5c:79:
                    2e:1c:ab:77:ba:92:2b:81:b9:6d:f2:3a:39:e0:14:
                    34:7d:0e:80:e5:d0:ce:02:f3:4a:8f:6e:34:4d:5b:
                    03:d1:f1:91:1b:56:e3:0f:bc:9a:8b:ca:23:67:36:
                    8a:65:34:e4:e9:b0:38:a7:42:ba:30:46:1b:c5:20:
                    f7:89:ce:ae:98:00:a6:d7:a5:27:71:3b:3d:8a:0d:
                    7c:7f:65:41:62:48:eb:12:f8:a3:c2:56:f6:78:dc:
                    16:3a:62:78:58:2d:97:96:4a:9f:7f:ef:2a:b5:67:
                    84:e3:f9:94:27:ff:3f:30:b9:30:d5:e2:f9:c8:23:
                    e1:17:eb:9f:1e:ce:6b:dd:dd:cc:b1:33:a1:35:0f:
                    b6:a5:c5:3d:f5:cf:c3:8c:43:06:81:3a:8d:c8:71:
                    74:bf:9e:0c:05:18:ff:bf:b0:c6:3d:1e:18:64:95:
                    69:44:96:31:01:62:25:be:67:65:41:aa:0d:49:fb:
                    18:31:bd:02:25:9c:53:d0:4d:fc:91:86:55:da:f4:
                    3a:58:29:b0:a7:f7:cb:ab:78:ae:4c:2e:fe:2b:7a:
                    d3:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:FA:23:AE:89:31:4C:92:27:48:1F:D5:4B:EC:B9:27:AE:D7:A8:27
            X509v3 Authority Key Identifier:
                keyid:B5:C4:78:7B:80:AB:48:01:AB:62:B1:BD:BF:B2:8E:06:D3:0C:DF:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tcR4e4CrSAGrYrG9v7KOBtMM32o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d9d3c9-f194-4b26-8f10-ff6a9cde6335/1/ovojrokxTJInSB_VS-y5J67XqCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d9d3c9-f194-4b26-8f10-ff6a9cde6335/1/tcR4e4CrSAGrYrG9v7KOBtMM32o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2fa4::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:48:a6:80:1e:c4:f9:75:0d:e8:9e:17:5f:ee:df:9e:84:ec:
         98:07:35:bd:3f:d3:f3:c9:43:fe:21:06:2a:f7:9b:d7:b7:26:
         a1:ea:a0:e8:4d:ed:12:a2:fb:be:ac:fe:b9:23:cb:44:65:20:
         e4:d9:f8:56:a3:d7:53:c2:d8:87:64:c0:06:8c:b8:06:8d:8b:
         7e:0c:87:77:ac:eb:71:c7:ef:d2:5b:89:7a:51:37:6e:ac:7a:
         24:32:57:80:74:cb:a2:34:7e:6d:68:4b:84:cd:78:1b:90:08:
         a9:b9:06:36:a9:3c:36:50:31:e4:3a:9d:99:54:20:a0:b7:50:
         fb:c7:c0:15:7d:a7:fe:e9:fc:37:21:2f:bd:e7:64:e0:71:b3:
         a5:53:7a:a1:b9:9b:e6:5a:c7:13:09:f4:d9:62:35:d4:9e:da:
         23:7f:14:f2:a9:59:56:13:36:6e:37:3e:70:9e:79:de:35:a9:
         78:51:22:c2:e7:69:a0:c0:04:83:06:5a:f0:74:78:c0:19:9e:
         68:61:4a:61:42:92:0e:31:08:a7:0e:01:0f:26:90:81:ab:2e:
         28:de:48:79:ff:f8:2a:b8:a9:ad:16:57:70:08:23:99:6e:d2:
         d2:3e:0a:b7:eb:bd:93:0d:b1:ce:74:4d:61:b7:83:8c:b4:16:
         eb:b7:ce:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY/iUxiqGmPdYGUjDHuHE5b3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1YzQ3ODdiODBhYjQ4MDFhYjYyYjFiZGJmYjI4ZTA2ZDMw
Y2RmNmEwHhcNMjQwNjA0MDgxNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmZhMjNhZTg5MzE0YzkyMjc0ODFmZDU0YmVjYjkyN2FlZDdhODI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQ+TSTOddlJZm+7otMlpmP6p8iKX
2ejS53fG39fQoJGBYbvTlZKsvMTeXHkuHKt3upIrgblt8jo54BQ0fQ6A5dDOAvNK
j240TVsD0fGRG1bjD7yai8ojZzaKZTTk6bA4p0K6MEYbxSD3ic6umACm16UncTs9
ig18f2VBYkjrEvijwlb2eNwWOmJ4WC2Xlkqff+8qtWeE4/mUJ/8/MLkw1eL5yCPh
F+ufHs5r3d3MsTOhNQ+2pcU99c/DjEMGgTqNyHF0v54MBRj/v7DGPR4YZJVpRJYx
AWIlvmdlQaoNSfsYMb0CJZxT0E38kYZV2vQ6WCmwp/fLq3iuTC7+K3rTFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKL6I66JMUySJ0gf1UvsuSeu16gnMB8GA1UdIwQY
MBaAFLXEeHuAq0gBq2Kxvb+yjgbTDN9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGNSNGU0Q3JTQUdyWXJHOXY3S09CdE1NMzJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9kOWQzYzktZjE5NC00YjI2LThmMTAt
ZmY2YTljZGU2MzM1LzEvb3ZvanJva3hUSkluU0JfVlMteTVKNjdYcUNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9kOWQzYzktZjE5NC00YjI2LThmMTAtZmY2YTljZGU2MzM1
LzEvdGNSNGU0Q3JTQUdyWXJHOXY3S09CdE1NMzJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC+k
MA0GCSqGSIb3DQEBCwUAA4IBAQBQSKaAHsT5dQ3onhdf7t+ehOyYBzW9P9PzyUP+
IQYq95vXtyah6qDoTe0Sovu+rP65I8tEZSDk2fhWo9dTwtiHZMAGjLgGjYt+DId3
rOtxx+/SW4l6UTdurHokMleAdMuiNH5taEuEzXgbkAipuQY2qTw2UDHkOp2ZVCCg
t1D7x8AVfaf+6fw3IS+952TgcbOlU3qhuZvmWscTCfTZYjXUntojfxTyqVlWEzZu
Nz5wnnneNal4USLC52mgwASDBlrwdHjAGZ5oYUphQpIOMQinDgEPJpCBqy4o3kh5
//gquKmtFldwCCOZbtLSPgq3672TDbHOdE1ht4OMtBbrt87b
-----END CERTIFICATE-----