Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/961f64-837c-4811-aa42-58f215bca53a/1/M7_6H0HvN9UksOXQT_NeZBTUuqs.roa
File:                     M7_6H0HvN9UksOXQT_NeZBTUuqs.roa (raw, json)
Hash identifier:          oDABDrj4rhjsFPgyzsKq2DnlweE1eVwQla+tt4X8Yz0=
Subject key identifier:   33:BF:FA:1F:41:EF:37:D5:24:B0:E5:D0:4F:F3:5E:64:14:D4:BA:AB
Certificate issuer:       /CN=4e340187c0fce5fff037ced9a6508243e404da71
Certificate serial:       018CC64B08DFA1A4490615DD4C13C8698DC6
Authority key identifier: 4E:34:01:87:C0:FC:E5:FF:F0:37:CE:D9:A6:50:82:43:E4:04:DA:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TjQBh8D85f_wN87ZplCCQ-QE2nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/961f64-837c-4811-aa42-58f215bca53a/1/M7_6H0HvN9UksOXQT_NeZBTUuqs.roa
Signing time:             Mon 01 Jan 2024 18:30:55 +0000
ROA not before:           Mon 01 Jan 2024 18:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199392
IP address blocks:        2001:67c:c28::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/961f64-837c-4811-aa42-58f215bca53a/1/TjQBh8D85f_wN87ZplCCQ-QE2nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/961f64-837c-4811-aa42-58f215bca53a/1/TjQBh8D85f_wN87ZplCCQ-QE2nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TjQBh8D85f_wN87ZplCCQ-QE2nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:08:df:a1:a4:49:06:15:dd:4c:13:c8:69:8d:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e340187c0fce5fff037ced9a6508243e404da71
        Validity
            Not Before: Jan  1 18:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33bffa1f41ef37d524b0e5d04ff35e6414d4baab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:6b:cf:ee:ae:2b:77:b9:0d:cc:4d:5e:1e:7e:
                    d3:29:75:10:3e:0d:eb:4e:b7:b8:27:d9:45:8d:3e:
                    f1:59:d6:2a:72:f5:59:01:6d:1e:ba:8e:33:d3:32:
                    0e:06:c2:4b:e5:b7:9e:08:75:8c:dd:f1:d8:16:3e:
                    94:1b:0a:97:0f:1c:de:ae:a9:76:04:01:0d:05:14:
                    30:93:6c:08:46:8f:cd:1a:51:41:a2:5e:92:bc:7b:
                    f4:5c:28:3b:c5:ca:d8:59:e5:da:77:ec:29:e9:03:
                    8b:b3:81:83:dd:9d:75:95:2c:36:5f:04:d7:0a:cd:
                    7c:33:92:56:f9:35:eb:55:e8:c6:f7:a1:6e:e4:05:
                    c6:9f:23:f2:f9:97:eb:7d:4f:77:32:1c:57:66:ec:
                    1f:9f:eb:26:3c:05:d2:27:6e:61:72:b3:5a:1e:7e:
                    67:6a:30:f1:19:d7:1a:95:15:13:19:33:02:6c:4e:
                    34:ce:22:37:30:56:d5:e0:7a:25:3b:46:48:3f:e8:
                    98:60:b4:0e:8d:2f:85:95:30:7b:2c:24:05:55:18:
                    40:7a:4e:40:17:0f:82:0a:39:70:67:73:96:36:b3:
                    75:c3:c3:e1:00:d0:06:94:c8:ea:f8:31:ac:f1:1d:
                    80:0e:2f:62:bb:c4:8d:69:88:8c:c8:b1:af:64:d5:
                    bd:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:BF:FA:1F:41:EF:37:D5:24:B0:E5:D0:4F:F3:5E:64:14:D4:BA:AB
            X509v3 Authority Key Identifier:
                keyid:4E:34:01:87:C0:FC:E5:FF:F0:37:CE:D9:A6:50:82:43:E4:04:DA:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TjQBh8D85f_wN87ZplCCQ-QE2nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/961f64-837c-4811-aa42-58f215bca53a/1/M7_6H0HvN9UksOXQT_NeZBTUuqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/961f64-837c-4811-aa42-58f215bca53a/1/TjQBh8D85f_wN87ZplCCQ-QE2nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c28::/48

    Signature Algorithm: sha256WithRSAEncryption
         be:3f:db:fb:4d:ef:69:90:98:3f:9c:3c:1f:66:6d:b1:cb:39:
         ab:02:8a:da:7e:a0:b8:2e:e8:44:eb:5c:44:49:9f:a1:89:b6:
         c1:2c:f0:15:58:0a:bb:a1:b3:aa:46:5f:ea:6f:1b:20:17:b6:
         5f:63:83:07:e2:e9:3c:85:67:d2:63:e0:b5:42:1b:82:97:45:
         0c:32:e9:97:a4:6b:a3:dd:da:33:b7:51:ff:d4:1c:3d:8b:96:
         00:b3:b4:63:6b:ad:54:bc:90:40:64:6b:33:86:98:e9:4e:1e:
         1c:0d:ea:86:eb:c2:c4:4c:c7:f0:a6:15:44:45:65:f5:c8:53:
         fb:6d:b8:b0:2e:3e:45:fc:1b:3b:23:70:29:3e:ab:09:34:a5:
         0c:75:23:03:ff:d6:85:71:f8:46:73:99:6e:0b:a4:b3:9c:43:
         4a:7c:1e:75:4b:de:a7:db:76:d9:8f:de:10:0b:c2:c0:e0:63:
         51:14:9c:21:10:6b:36:5d:e6:08:cc:d3:16:4b:a5:75:93:b3:
         18:a2:54:96:d8:65:3d:ef:4e:43:53:db:4f:79:b6:47:92:aa:
         c4:8e:2c:69:3f:fe:13:49:44:61:36:64:09:01:b1:c3:8f:ab:
         73:98:6b:d5:5d:ba:48:37:fa:82:3c:70:6f:a1:92:57:82:1d:
         69:8d:ec:6f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSwjfoaRJBhXdTBPIaY3GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlMzQwMTg3YzBmY2U1ZmZmMDM3Y2VkOWE2NTA4MjQzZTQw
NGRhNzEwHhcNMjQwMTAxMTgzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2JmZmExZjQxZWYzN2Q1MjRiMGU1ZDA0ZmYzNWU2NDE0ZDRiYWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2vP7q4rd7kNzE1eHn7TKXUQPg3r
Tre4J9lFjT7xWdYqcvVZAW0euo4z0zIOBsJL5beeCHWM3fHYFj6UGwqXDxzerql2
BAENBRQwk2wIRo/NGlFBol6SvHv0XCg7xcrYWeXad+wp6QOLs4GD3Z11lSw2XwTX
Cs18M5JW+TXrVejG96Fu5AXGnyPy+ZfrfU93MhxXZuwfn+smPAXSJ25hcrNaHn5n
ajDxGdcalRUTGTMCbE40ziI3MFbV4HolO0ZIP+iYYLQOjS+FlTB7LCQFVRhAek5A
Fw+CCjlwZ3OWNrN1w8PhANAGlMjq+DGs8R2ADi9iu8SNaYiMyLGvZNW9pQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDO/+h9B7zfVJLDl0E/zXmQU1LqrMB8GA1UdIwQY
MBaAFE40AYfA/OX/8DfO2aZQgkPkBNpxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGpRQmg4RDg1Zl93Tjg3WnBsQ0NRLVFFMm5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC85NjFmNjQtODM3Yy00ODExLWFhNDIt
NThmMjE1YmNhNTNhLzEvTTdfNkgwSHZOOVVrc09YUVRfTmVaQlRVdXFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC85NjFmNjQtODM3Yy00ODExLWFhNDItNThmMjE1YmNhNTNh
LzEvVGpRQmg4RDg1Zl93Tjg3WnBsQ0NRLVFFMm5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAwo
MA0GCSqGSIb3DQEBCwUAA4IBAQC+P9v7Te9pkJg/nDwfZm2xyzmrAorafqC4LuhE
61xESZ+hibbBLPAVWAq7obOqRl/qbxsgF7ZfY4MH4uk8hWfSY+C1QhuCl0UMMumX
pGuj3dozt1H/1Bw9i5YAs7Rja61UvJBAZGszhpjpTh4cDeqG68LETMfwphVERWX1
yFP7bbiwLj5F/Bs7I3ApPqsJNKUMdSMD/9aFcfhGc5luC6SznENKfB51S96n23bZ
j94QC8LA4GNRFJwhEGs2XeYIzNMWS6V1k7MYolSW2GU9705DU9tPebZHkqrEjixp
P/4TSURhNmQJAbHDj6tzmGvVXbpIN/qCPHBvoZJXgh1pjexv
-----END CERTIFICATE-----