Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/e6b77f-40e6-4c93-ac32-3db961703ea9/1/l2vetfdcm2TxIJ9lNARZxYqMXqw.roa
File:                     l2vetfdcm2TxIJ9lNARZxYqMXqw.roa (raw, json)
Hash identifier:          z2j8MgdHfH7+wJ0kHF9rfwY2ox2wv9C1wPQGpUoW45E=
Subject key identifier:   97:6B:DE:B5:F7:5C:9B:64:F1:20:9F:65:34:04:59:C5:8A:8C:5E:AC
Certificate issuer:       /CN=b2ccda1c5487cb938d57ea61cc2d62d31070db51
Certificate serial:       018CC8DD9E52C55A6343161DFF50E5FCFBD9
Authority key identifier: B2:CC:DA:1C:54:87:CB:93:8D:57:EA:61:CC:2D:62:D3:10:70:DB:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sszaHFSHy5ONV-phzC1i0xBw21E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/e6b77f-40e6-4c93-ac32-3db961703ea9/1/l2vetfdcm2TxIJ9lNARZxYqMXqw.roa
Signing time:             Tue 02 Jan 2024 06:30:16 +0000
ROA not before:           Tue 02 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204186
IP address blocks:        2001:67c:a38::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/e6b77f-40e6-4c93-ac32-3db961703ea9/1/sszaHFSHy5ONV-phzC1i0xBw21E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/e6b77f-40e6-4c93-ac32-3db961703ea9/1/sszaHFSHy5ONV-phzC1i0xBw21E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sszaHFSHy5ONV-phzC1i0xBw21E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 18:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:9e:52:c5:5a:63:43:16:1d:ff:50:e5:fc:fb:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2ccda1c5487cb938d57ea61cc2d62d31070db51
        Validity
            Not Before: Jan  2 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=976bdeb5f75c9b64f1209f65340459c58a8c5eac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:0b:76:32:c5:55:a6:7d:c1:04:13:dc:18:5b:
                    f2:69:33:91:54:88:27:31:a4:db:9d:f0:ac:7f:bb:
                    02:e3:c4:6f:58:48:9b:b5:33:0b:20:fb:aa:5c:24:
                    f7:e2:2a:bc:9f:c6:5d:e3:3d:56:3c:8f:05:3e:88:
                    ae:4d:c6:59:ac:c7:5d:bb:b2:ea:6e:a9:7b:d7:1a:
                    06:5a:48:bd:84:5d:45:c9:9d:48:27:1c:6d:65:a3:
                    cb:e6:6a:f5:af:bc:5a:28:98:f7:e0:27:2e:f4:13:
                    45:60:3b:8f:29:25:59:e8:7b:65:43:58:ed:b2:67:
                    81:b5:93:bc:2d:aa:98:77:76:d4:7e:ba:76:3b:32:
                    89:15:3d:5a:1f:c5:15:d3:84:ef:c1:77:91:31:c3:
                    e9:55:b9:07:65:3f:4b:bc:c2:73:ad:c4:2b:96:a1:
                    45:38:4d:b2:0f:b3:e1:09:56:75:02:4c:b8:72:16:
                    f9:e8:75:37:12:dc:ca:c5:78:98:7c:bd:20:d1:ad:
                    f3:d4:42:3c:21:93:ce:a9:a3:37:75:a8:4f:d7:47:
                    05:00:f1:4f:a6:1d:84:30:c5:bc:38:a1:92:c6:91:
                    ae:a4:ee:ff:af:fc:95:8b:3d:96:d8:25:43:51:a2:
                    5b:9f:33:04:7e:19:0f:65:9c:00:e8:fd:ed:00:c4:
                    58:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:6B:DE:B5:F7:5C:9B:64:F1:20:9F:65:34:04:59:C5:8A:8C:5E:AC
            X509v3 Authority Key Identifier:
                keyid:B2:CC:DA:1C:54:87:CB:93:8D:57:EA:61:CC:2D:62:D3:10:70:DB:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sszaHFSHy5ONV-phzC1i0xBw21E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/e6b77f-40e6-4c93-ac32-3db961703ea9/1/l2vetfdcm2TxIJ9lNARZxYqMXqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/e6b77f-40e6-4c93-ac32-3db961703ea9/1/sszaHFSHy5ONV-phzC1i0xBw21E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a38::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:7a:7e:b6:f3:c6:55:f5:aa:e8:49:c7:25:9e:af:97:67:f5:
         b4:87:9f:1c:f0:05:29:a6:29:b5:56:d0:f0:4e:8f:07:27:ed:
         8f:ca:1e:93:b2:9b:fc:ac:ab:58:79:57:fd:bf:7a:ae:b2:de:
         ba:4e:96:28:94:20:c3:3d:e6:8f:f8:10:c2:fb:fe:aa:fd:52:
         96:b2:a5:1c:25:0c:45:77:a7:b9:39:00:12:92:a5:bc:fc:e6:
         86:5e:8d:03:b2:c3:42:09:58:b7:73:ce:db:24:32:70:8c:f9:
         79:f9:7a:9f:1f:36:66:e8:da:93:34:9b:2d:74:ac:be:7e:c7:
         c6:de:ae:c6:c9:ab:9a:0b:5a:4f:a8:81:ee:4e:10:39:e7:6a:
         3f:66:f4:9e:7c:9c:cb:dd:2e:eb:9e:eb:5a:27:8e:2b:10:61:
         74:6a:c0:01:68:76:9b:20:eb:58:0d:c8:a1:e4:1d:33:ae:51:
         d1:a5:71:45:b0:20:39:65:3c:57:64:d2:b3:d7:66:64:a3:28:
         6c:ea:44:f0:df:40:5b:b7:95:9d:77:8b:26:3e:1e:53:58:55:
         b7:3e:86:18:ca:53:21:06:ae:fe:b6:46:98:77:1a:18:bf:b8:
         55:54:b6:d1:6e:76:f3:67:09:17:8f:94:84:72:eb:5d:7e:9c:
         9d:a5:32:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3Z5SxVpjQxYd/1Dl/PvZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyY2NkYTFjNTQ4N2NiOTM4ZDU3ZWE2MWNjMmQ2MmQzMTA3
MGRiNTEwHhcNMjQwMTAyMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzZiZGViNWY3NWM5YjY0ZjEyMDlmNjUzNDA0NTljNThhOGM1ZWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgAt2MsVVpn3BBBPcGFvyaTORVIgn
MaTbnfCsf7sC48RvWEibtTMLIPuqXCT34iq8n8Zd4z1WPI8FPoiuTcZZrMddu7Lq
bql71xoGWki9hF1FyZ1IJxxtZaPL5mr1r7xaKJj34Ccu9BNFYDuPKSVZ6HtlQ1jt
smeBtZO8LaqYd3bUfrp2OzKJFT1aH8UV04TvwXeRMcPpVbkHZT9LvMJzrcQrlqFF
OE2yD7PhCVZ1Aky4chb56HU3EtzKxXiYfL0g0a3z1EI8IZPOqaM3dahP10cFAPFP
ph2EMMW8OKGSxpGupO7/r/yViz2W2CVDUaJbnzMEfhkPZZwA6P3tAMRY0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJdr3rX3XJtk8SCfZTQEWcWKjF6sMB8GA1UdIwQY
MBaAFLLM2hxUh8uTjVfqYcwtYtMQcNtRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3N6YUhGU0h5NU9OVi1waHpDMWkweEJ3MjFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9lNmI3N2YtNDBlNi00YzkzLWFjMzIt
M2RiOTYxNzAzZWE5LzEvbDJ2ZXRmZGNtMlR4SUo5bE5BUlp4WXFNWHF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9lNmI3N2YtNDBlNi00YzkzLWFjMzItM2RiOTYxNzAzZWE5
LzEvc3N6YUhGU0h5NU9OVi1waHpDMWkweEJ3MjFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAo4
MA0GCSqGSIb3DQEBCwUAA4IBAQAZen6288ZV9aroScclnq+XZ/W0h58c8AUppim1
VtDwTo8HJ+2Pyh6Tspv8rKtYeVf9v3qust66TpYolCDDPeaP+BDC+/6q/VKWsqUc
JQxFd6e5OQASkqW8/OaGXo0DssNCCVi3c87bJDJwjPl5+XqfHzZm6NqTNJstdKy+
fsfG3q7GyauaC1pPqIHuThA552o/ZvSefJzL3S7rnutaJ44rEGF0asABaHabIOtY
Dcih5B0zrlHRpXFFsCA5ZTxXZNKz12Zkoyhs6kTw30Bbt5Wdd4smPh5TWFW3PoYY
ylMhBq7+tkaYdxoYv7hVVLbRbnbzZwkXj5SEcutdfpydpTKH
-----END CERTIFICATE-----