Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/ac9481-6fca-4240-9ed1-c277d3716bd9/1/wQFez0LKDAPjRwxrRSaqWHtD46w.roa
File:                     wQFez0LKDAPjRwxrRSaqWHtD46w.roa (raw, json)
Hash identifier:          +D4ARYHn/X0pnb62Az8hThbCDhOfR0lfConDL4zFW/w=
Subject key identifier:   C1:01:5E:CF:42:CA:0C:03:E3:47:0C:6B:45:26:AA:58:7B:43:E3:AC
Certificate issuer:       /CN=70675f6a57797c5ca96c3fb45e531bd32783016c
Certificate serial:       018CC7258E491EFEFD529B38DC4D8D1BCE75
Authority key identifier: 70:67:5F:6A:57:79:7C:5C:A9:6C:3F:B4:5E:53:1B:D3:27:83:01:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cGdfald5fFypbD-0XlMb0yeDAWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/ac9481-6fca-4240-9ed1-c277d3716bd9/1/wQFez0LKDAPjRwxrRSaqWHtD46w.roa
Signing time:             Mon 01 Jan 2024 22:29:36 +0000
ROA not before:           Mon 01 Jan 2024 22:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198903
IP address blocks:        2001:67c:65c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/ac9481-6fca-4240-9ed1-c277d3716bd9/1/cGdfald5fFypbD-0XlMb0yeDAWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/ac9481-6fca-4240-9ed1-c277d3716bd9/1/cGdfald5fFypbD-0XlMb0yeDAWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cGdfald5fFypbD-0XlMb0yeDAWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:8e:49:1e:fe:fd:52:9b:38:dc:4d:8d:1b:ce:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70675f6a57797c5ca96c3fb45e531bd32783016c
        Validity
            Not Before: Jan  1 22:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1015ecf42ca0c03e3470c6b4526aa587b43e3ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:8a:79:c6:88:5f:56:5b:d0:5a:7b:76:0b:6f:
                    51:ef:e1:ad:fd:96:7d:43:ac:c3:d9:e6:e7:e5:b3:
                    75:9e:8e:1e:76:31:95:07:f6:ba:9b:34:ff:eb:cc:
                    ca:d4:5e:6a:23:e0:0a:95:ee:79:5e:e0:b8:17:64:
                    3c:e5:43:95:e3:89:8f:92:5f:0c:11:67:24:8f:7f:
                    26:8a:26:e3:90:01:b5:66:44:bd:ef:e6:23:57:de:
                    9d:cc:d1:57:a6:11:67:5b:d7:58:8e:9c:f2:3f:cb:
                    0e:ce:75:84:53:d1:12:52:f4:10:58:10:30:1b:73:
                    e2:ef:13:9d:16:1b:7f:9f:7d:66:2b:07:7c:8b:1a:
                    11:5f:11:25:3b:7e:e7:84:78:5d:a9:2b:34:96:cf:
                    22:03:87:1d:27:1a:b5:94:12:87:93:36:ba:e6:f9:
                    62:59:f7:a3:c2:57:9b:3b:b6:5a:83:c7:81:0a:95:
                    3d:2d:7f:8a:35:2d:2a:70:2b:9f:1f:c6:6f:59:08:
                    88:d9:1e:b2:04:d8:2a:82:5e:3a:b2:31:a3:3e:67:
                    d4:ec:ba:f9:77:ed:bd:5c:67:21:71:25:6c:7c:ca:
                    41:9b:62:25:75:d2:67:46:71:62:45:84:f1:1b:cf:
                    1a:20:81:02:a8:fa:23:12:bd:cd:ec:74:ab:78:d2:
                    e2:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:01:5E:CF:42:CA:0C:03:E3:47:0C:6B:45:26:AA:58:7B:43:E3:AC
            X509v3 Authority Key Identifier:
                keyid:70:67:5F:6A:57:79:7C:5C:A9:6C:3F:B4:5E:53:1B:D3:27:83:01:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cGdfald5fFypbD-0XlMb0yeDAWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/ac9481-6fca-4240-9ed1-c277d3716bd9/1/wQFez0LKDAPjRwxrRSaqWHtD46w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/ac9481-6fca-4240-9ed1-c277d3716bd9/1/cGdfald5fFypbD-0XlMb0yeDAWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:65c::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:e6:72:9e:93:2a:40:ce:98:d1:67:ac:72:e3:d4:76:62:26:
         f3:a9:29:f4:30:e5:1c:0c:43:97:81:14:9d:b0:b0:27:cc:08:
         d2:aa:b7:0c:ff:42:7a:83:70:af:3c:49:58:85:09:84:89:f0:
         be:1c:28:34:9e:80:b9:f4:20:34:17:e5:0c:8e:e5:bf:e0:b5:
         c5:63:67:3f:2c:e2:a5:db:bf:a1:0d:4b:55:93:27:20:43:f7:
         e4:e5:7d:f3:7d:e3:0c:81:4b:0a:6f:0b:14:dd:a7:e8:e6:5f:
         b9:2b:7f:be:2a:c5:3d:d8:3c:4b:cc:d3:9b:32:39:ca:7a:83:
         f8:1c:7b:ca:3f:0b:0d:81:5d:d3:39:10:14:de:2e:33:e4:b8:
         15:24:99:8d:8f:b2:52:b9:ec:aa:17:8e:69:6e:c5:d9:7f:57:
         1e:3d:26:c4:1e:7d:6d:7a:1a:fa:34:7b:c4:9e:44:cc:a3:ea:
         e0:06:0b:64:dc:2e:bc:9f:8f:aa:34:c5:25:91:2c:09:a9:36:
         97:4e:c5:6e:11:44:01:19:58:2a:c4:a4:a3:b4:8b:8c:47:18:
         17:56:5e:ab:61:d0:27:9a:3d:88:d1:fb:a3:97:f8:fe:79:4f:
         ce:63:52:5d:3b:5b:ab:a1:75:17:26:b2:8c:fb:e8:78:a7:72:
         89:6e:23:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJY5JHv79Ups43E2NG851MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNjc1ZjZhNTc3OTdjNWNhOTZjM2ZiNDVlNTMxYmQzMjc4
MzAxNmMwHhcNMjQwMTAxMjIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTAxNWVjZjQyY2EwYzAzZTM0NzBjNmI0NTI2YWE1ODdiNDNlM2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3op5xohfVlvQWnt2C29R7+Gt/ZZ9
Q6zD2ebn5bN1no4edjGVB/a6mzT/68zK1F5qI+AKle55XuC4F2Q85UOV44mPkl8M
EWckj38miibjkAG1ZkS97+YjV96dzNFXphFnW9dYjpzyP8sOznWEU9ESUvQQWBAw
G3Pi7xOdFht/n31mKwd8ixoRXxElO37nhHhdqSs0ls8iA4cdJxq1lBKHkza65vli
WfejwlebO7Zag8eBCpU9LX+KNS0qcCufH8ZvWQiI2R6yBNgqgl46sjGjPmfU7Lr5
d+29XGchcSVsfMpBm2IlddJnRnFiRYTxG88aIIECqPojEr3N7HSreNLi0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMEBXs9CygwD40cMa0Umqlh7Q+OsMB8GA1UdIwQY
MBaAFHBnX2pXeXxcqWw/tF5TG9MngwFsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0dkZmFsZDVmRnlwYkQtMFhsTWIweWVEQVd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9hYzk0ODEtNmZjYS00MjQwLTllZDEt
YzI3N2QzNzE2YmQ5LzEvd1FGZXowTEtEQVBqUnd4clJTYXFXSHRENDZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9hYzk0ODEtNmZjYS00MjQwLTllZDEtYzI3N2QzNzE2YmQ5
LzEvY0dkZmFsZDVmRnlwYkQtMFhsTWIweWVEQVd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAZc
MA0GCSqGSIb3DQEBCwUAA4IBAQAS5nKekypAzpjRZ6xy49R2YibzqSn0MOUcDEOX
gRSdsLAnzAjSqrcM/0J6g3CvPElYhQmEifC+HCg0noC59CA0F+UMjuW/4LXFY2c/
LOKl27+hDUtVkycgQ/fk5X3zfeMMgUsKbwsU3afo5l+5K3++KsU92DxLzNObMjnK
eoP4HHvKPwsNgV3TORAU3i4z5LgVJJmNj7JSueyqF45pbsXZf1cePSbEHn1tehr6
NHvEnkTMo+rgBgtk3C68n4+qNMUlkSwJqTaXTsVuEUQBGVgqxKSjtIuMRxgXVl6r
YdAnmj2I0fujl/j+eU/OY1JdO1uroXUXJrKM++h4p3KJbiNC
-----END CERTIFICATE-----