Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/b458ee-f6a5-4e2c-8118-de6644c3daed/1/yVXAmYoU4OGfTqQC-n06CgXEL-c.roa
File:                     yVXAmYoU4OGfTqQC-n06CgXEL-c.roa (raw, json)
Hash identifier:          NAT5O7UpjPhoX4xWC9GmksHm1RGlv/YhUn/BVEZhYGE=
Subject key identifier:   C9:55:C0:99:8A:14:E0:E1:9F:4E:A4:02:FA:7D:3A:0A:05:C4:2F:E7
Certificate issuer:       /CN=22b27ab0d55f8ae0dda86fdef1c35724e1885e4f
Certificate serial:       018DAEFA64752D495C0B27089AC60D350604
Authority key identifier: 22:B2:7A:B0:D5:5F:8A:E0:DD:A8:6F:DE:F1:C3:57:24:E1:88:5E:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IrJ6sNVfiuDdqG_e8cNXJOGIXk8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/b458ee-f6a5-4e2c-8118-de6644c3daed/1/yVXAmYoU4OGfTqQC-n06CgXEL-c.roa
Signing time:             Thu 15 Feb 2024 22:54:21 +0000
ROA not before:           Thu 15 Feb 2024 22:54:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215494
IP address blocks:        2001:67c:df0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/b458ee-f6a5-4e2c-8118-de6644c3daed/1/IrJ6sNVfiuDdqG_e8cNXJOGIXk8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/b458ee-f6a5-4e2c-8118-de6644c3daed/1/IrJ6sNVfiuDdqG_e8cNXJOGIXk8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IrJ6sNVfiuDdqG_e8cNXJOGIXk8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ae:fa:64:75:2d:49:5c:0b:27:08:9a:c6:0d:35:06:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22b27ab0d55f8ae0dda86fdef1c35724e1885e4f
        Validity
            Not Before: Feb 15 22:54:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c955c0998a14e0e19f4ea402fa7d3a0a05c42fe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:57:8e:31:9b:f5:29:09:2c:78:f3:46:ff:5a:
                    5f:64:33:61:b6:0b:4b:8d:85:f9:de:ae:70:cb:bf:
                    fd:24:67:28:fb:18:dc:a1:9b:d8:1c:15:ca:7a:07:
                    14:fa:59:78:06:81:65:45:d7:1f:da:f8:0d:e5:4f:
                    7c:27:de:7b:65:32:49:93:f2:e4:7c:05:b8:74:24:
                    f9:a1:e3:17:1a:27:bc:17:b5:22:ba:54:8f:b4:82:
                    b7:22:9d:4a:a4:21:93:72:59:92:fc:ee:a7:ef:0c:
                    a1:0e:28:c3:35:36:5b:d9:a2:ae:4f:5a:3a:46:fa:
                    54:9d:b9:23:86:ff:e3:1e:3f:f3:3d:20:97:7c:fe:
                    25:be:ef:d7:64:00:f3:9a:23:4c:c8:ac:c1:77:17:
                    aa:53:aa:3a:06:42:4e:8a:38:9a:69:11:85:c6:95:
                    95:26:d7:ed:b9:d7:d6:d6:3c:56:e0:b0:f3:a4:bd:
                    0c:5b:be:8b:48:5b:3a:a1:b5:42:2e:f8:49:da:5a:
                    7d:fb:e0:91:26:4c:7d:bc:e0:ff:53:33:e7:5f:7b:
                    d2:34:ef:10:9a:3e:f6:a6:34:8b:9f:1e:d1:f3:ea:
                    a3:40:bc:fd:28:da:84:5c:26:c3:fa:6b:09:0b:e5:
                    20:d9:d8:93:2e:90:5e:3b:18:d1:a4:bb:47:3e:a4:
                    78:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:55:C0:99:8A:14:E0:E1:9F:4E:A4:02:FA:7D:3A:0A:05:C4:2F:E7
            X509v3 Authority Key Identifier:
                keyid:22:B2:7A:B0:D5:5F:8A:E0:DD:A8:6F:DE:F1:C3:57:24:E1:88:5E:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IrJ6sNVfiuDdqG_e8cNXJOGIXk8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b458ee-f6a5-4e2c-8118-de6644c3daed/1/yVXAmYoU4OGfTqQC-n06CgXEL-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b458ee-f6a5-4e2c-8118-de6644c3daed/1/IrJ6sNVfiuDdqG_e8cNXJOGIXk8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:df0::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:b6:7d:fc:68:b4:40:e3:1a:fe:11:ba:f6:53:b4:fb:14:fa:
         64:b5:f3:f2:23:f7:e8:9c:c2:93:9f:c6:1f:72:3e:43:78:9d:
         c1:2d:89:c2:00:1e:aa:a6:11:94:6b:b4:bb:d4:44:2b:3f:ed:
         ac:53:1c:b8:d5:7d:0d:e2:07:68:1f:61:b7:ca:13:23:cf:c0:
         2d:eb:02:03:18:0a:61:80:ec:21:ab:72:19:06:01:29:34:64:
         05:7c:f8:48:34:2c:0a:15:52:e4:32:84:79:54:d5:47:83:a7:
         76:32:08:ea:2a:79:6d:32:65:0e:1f:0a:61:6d:a2:84:c1:e1:
         44:b0:3a:d2:03:63:03:ba:26:52:f6:07:6e:0a:7d:1a:78:bb:
         1d:37:8a:92:94:15:87:b2:2e:54:dc:3f:17:af:ff:9d:ee:ab:
         c6:9d:99:f5:e6:57:d8:b9:bc:d1:06:2c:ff:4f:94:49:22:f8:
         7d:cc:3d:16:08:7e:44:b9:ff:46:37:50:f3:31:f4:da:4c:55:
         5f:49:9f:b9:ed:78:3d:d9:fa:65:e1:ab:37:4c:cc:95:44:67:
         4c:51:e7:42:53:de:f5:aa:99:f2:21:3b:bc:fa:14:a7:2b:61:
         47:67:b5:43:8a:b0:34:d4:34:eb:d0:2f:8b:73:a3:e3:d7:8c:
         e0:c1:30:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2u+mR1LUlcCycImsYNNQYEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYjI3YWIwZDU1ZjhhZTBkZGE4NmZkZWYxYzM1NzI0ZTE4
ODVlNGYwHhcNMjQwMjE1MjI1NDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTU1YzA5OThhMTRlMGUxOWY0ZWE0MDJmYTdkM2EwYTA1YzQyZmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1eOMZv1KQksePNG/1pfZDNhtgtL
jYX53q5wy7/9JGco+xjcoZvYHBXKegcU+ll4BoFlRdcf2vgN5U98J957ZTJJk/Lk
fAW4dCT5oeMXGie8F7UiulSPtIK3Ip1KpCGTclmS/O6n7wyhDijDNTZb2aKuT1o6
RvpUnbkjhv/jHj/zPSCXfP4lvu/XZADzmiNMyKzBdxeqU6o6BkJOijiaaRGFxpWV
JtftudfW1jxW4LDzpL0MW76LSFs6obVCLvhJ2lp9++CRJkx9vOD/UzPnX3vSNO8Q
mj72pjSLnx7R8+qjQLz9KNqEXCbD+msJC+Ug2diTLpBeOxjRpLtHPqR4BwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMlVwJmKFODhn06kAvp9OgoFxC/nMB8GA1UdIwQY
MBaAFCKyerDVX4rg3ahv3vHDVyThiF5PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXJKNnNOVmZpdURkcUdfZThjTlhKT0dJWGs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9iNDU4ZWUtZjZhNS00ZTJjLTgxMTgt
ZGU2NjQ0YzNkYWVkLzEveVZYQW1Zb1U0T0dmVHFRQy1uMDZDZ1hFTC1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9iNDU4ZWUtZjZhNS00ZTJjLTgxMTgtZGU2NjQ0YzNkYWVk
LzEvSXJKNnNOVmZpdURkcUdfZThjTlhKT0dJWGs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA3w
MA0GCSqGSIb3DQEBCwUAA4IBAQBztn38aLRA4xr+Ebr2U7T7FPpktfPyI/fonMKT
n8Yfcj5DeJ3BLYnCAB6qphGUa7S71EQrP+2sUxy41X0N4gdoH2G3yhMjz8At6wID
GAphgOwhq3IZBgEpNGQFfPhINCwKFVLkMoR5VNVHg6d2MgjqKnltMmUOHwphbaKE
weFEsDrSA2MDuiZS9gduCn0aeLsdN4qSlBWHsi5U3D8Xr/+d7qvGnZn15lfYubzR
Biz/T5RJIvh9zD0WCH5Euf9GN1DzMfTaTFVfSZ+57Xg92fpl4as3TMyVRGdMUedC
U971qpnyITu8+hSnK2FHZ7VDirA01DTr0C+Lc6Pj14zgwTAO
-----END CERTIFICATE-----