Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/4bfdc5-08e5-49bc-8b23-4f6c351ca35a/1/1-EqfCxtazmRby047XACJ7EU02U8.roa
File:                     1-EqfCxtazmRby047XACJ7EU02U8.roa (raw, json)
Hash identifier:          hLYLurzuflJAyseGcrvIYBCJYwPr9M8v06pu6l5Uuow=
Subject key identifier:   F8:4A:9F:0B:1B:5A:CE:64:5B:CB:4E:3B:5C:00:89:EC:45:34:D9:4F
Certificate issuer:       /CN=7660143814c34d292c75abcdb45f81819534edc1
Certificate serial:       018CC9BBE77168DE1512C4183C7ED6CE54D2
Authority key identifier: 76:60:14:38:14:C3:4D:29:2C:75:AB:CD:B4:5F:81:81:95:34:ED:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dmAUOBTDTSksdavNtF-BgZU07cE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/4bfdc5-08e5-49bc-8b23-4f6c351ca35a/1/1-EqfCxtazmRby047XACJ7EU02U8.roa
Signing time:             Tue 02 Jan 2024 10:33:04 +0000
ROA not before:           Tue 02 Jan 2024 10:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29478
IP address blocks:        2001:67c:14c8::/47 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/4bfdc5-08e5-49bc-8b23-4f6c351ca35a/1/dmAUOBTDTSksdavNtF-BgZU07cE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/4bfdc5-08e5-49bc-8b23-4f6c351ca35a/1/dmAUOBTDTSksdavNtF-BgZU07cE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dmAUOBTDTSksdavNtF-BgZU07cE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:e7:71:68:de:15:12:c4:18:3c:7e:d6:ce:54:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7660143814c34d292c75abcdb45f81819534edc1
        Validity
            Not Before: Jan  2 10:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f84a9f0b1b5ace645bcb4e3b5c0089ec4534d94f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ab:8a:97:91:80:18:db:e6:ea:d6:8b:d2:5e:
                    80:99:94:88:87:1a:88:d3:e9:36:91:eb:0f:44:c7:
                    67:98:ae:5a:0f:3d:26:af:67:59:12:f9:59:4d:71:
                    34:c5:da:69:85:4c:14:c9:30:c4:ac:16:b5:ab:c8:
                    9d:5b:52:a5:db:96:ee:c7:f1:10:ca:fb:67:19:42:
                    2f:c1:da:6e:17:ba:86:13:ae:19:8a:79:4a:90:ea:
                    70:2e:d8:e7:33:50:77:ac:60:bd:fe:81:8b:db:73:
                    cd:ee:30:ce:a9:4c:c1:d3:d7:40:97:b8:70:c0:c5:
                    77:00:ac:34:36:ea:57:f7:a6:27:2f:88:59:22:a6:
                    7a:d5:2d:c6:3c:57:bf:45:81:5b:2c:ad:85:07:3f:
                    0c:5b:7a:d7:97:5b:17:00:bb:57:15:9e:6f:3f:55:
                    e6:e9:ac:2d:0b:1a:aa:66:cc:cd:3a:68:f6:b9:ba:
                    34:8b:08:75:e0:68:e2:92:d2:64:63:2d:ac:ce:75:
                    d2:81:af:c9:f9:bd:68:3a:38:48:47:b2:98:93:69:
                    01:b4:57:5a:59:0e:30:fe:16:4f:d9:9e:89:2e:a3:
                    77:4a:4b:6b:ad:6f:16:ed:44:7a:93:e0:d3:1d:85:
                    37:cc:a1:ba:1d:ab:72:30:55:80:6b:4b:b3:8f:e5:
                    10:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:4A:9F:0B:1B:5A:CE:64:5B:CB:4E:3B:5C:00:89:EC:45:34:D9:4F
            X509v3 Authority Key Identifier:
                keyid:76:60:14:38:14:C3:4D:29:2C:75:AB:CD:B4:5F:81:81:95:34:ED:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dmAUOBTDTSksdavNtF-BgZU07cE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/4bfdc5-08e5-49bc-8b23-4f6c351ca35a/1/1-EqfCxtazmRby047XACJ7EU02U8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/4bfdc5-08e5-49bc-8b23-4f6c351ca35a/1/dmAUOBTDTSksdavNtF-BgZU07cE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:14c8::/47

    Signature Algorithm: sha256WithRSAEncryption
         12:47:8e:a4:b4:bc:e0:ad:fe:40:bf:04:1b:2c:e7:ac:d6:cb:
         41:52:f0:ea:c0:4f:c4:7f:d2:3c:9f:08:26:2a:5d:e0:17:9b:
         3c:db:32:a7:bd:0a:2e:da:83:f9:ef:4e:dd:ca:cb:59:58:f2:
         bf:85:39:cb:5e:8f:81:70:86:16:12:70:9c:a3:db:e1:46:a8:
         13:d2:6f:03:a4:9c:e7:70:b5:18:c2:65:00:a8:b7:85:b1:9a:
         6c:a9:ba:c3:f3:89:23:ed:a9:00:a6:52:0d:f5:75:05:90:25:
         1c:de:dc:cd:56:12:96:5b:25:83:7b:40:01:5e:09:18:3c:86:
         e7:35:e2:a2:c7:06:e9:2c:4c:c1:75:54:b4:4f:00:7f:83:9d:
         03:14:ec:fb:ce:c4:ea:00:f9:da:33:03:fd:0c:23:5e:15:ab:
         23:e4:ad:89:d7:3b:54:29:a1:f4:c5:e1:bf:64:05:fc:3a:d0:
         c5:20:1e:bc:df:75:69:c6:e6:d0:c2:dc:33:1b:fd:47:91:bd:
         03:17:c7:f4:b4:27:d3:8f:d2:71:b5:73:0f:5e:c9:fd:81:3b:
         1d:8c:df:a3:34:e4:3b:ee:f0:ad:ec:fb:ee:86:ca:db:6b:4a:
         dc:3a:00:2a:12:69:10:f5:fa:f6:c1:df:ca:d6:91:55:65:e7:
         02:0e:0f:4f
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzJu+dxaN4VEsQYPH7WzlTSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NjAxNDM4MTRjMzRkMjkyYzc1YWJjZGI0NWY4MTgxOTUz
NGVkYzEwHhcNMjQwMTAyMTAzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODRhOWYwYjFiNWFjZTY0NWJjYjRlM2I1YzAwODllYzQ1MzRkOTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArquKl5GAGNvm6taL0l6AmZSIhxqI
0+k2kesPRMdnmK5aDz0mr2dZEvlZTXE0xdpphUwUyTDErBa1q8idW1Kl25bux/EQ
yvtnGUIvwdpuF7qGE64ZinlKkOpwLtjnM1B3rGC9/oGL23PN7jDOqUzB09dAl7hw
wMV3AKw0NupX96YnL4hZIqZ61S3GPFe/RYFbLK2FBz8MW3rXl1sXALtXFZ5vP1Xm
6awtCxqqZszNOmj2ubo0iwh14GjiktJkYy2sznXSga/J+b1oOjhIR7KYk2kBtFda
WQ4w/hZP2Z6JLqN3SktrrW8W7UR6k+DTHYU3zKG6HatyMFWAa0uzj+UQOQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPhKnwsbWs5kW8tOO1wAiexFNNlPMB8GA1UdIwQY
MBaAFHZgFDgUw00pLHWrzbRfgYGVNO3BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG1BVU9CVERUU2tzZGF2TnRGLUJnWlUwN2NFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC80YmZkYzUtMDhlNS00OWJjLThiMjMt
NGY2YzM1MWNhMzVhLzEvMS1FcWZDeHRhem1SYnkwNDdYQUNKN0VVMDJVOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGQvNGJmZGM1LTA4ZTUtNDliYy04YjIzLTRmNmMzNTFjYTM1
YS8xL2RtQVVPQlREVFNrc2Rhdk50Ri1CZ1pVMDdjRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHASABBnwU
yDANBgkqhkiG9w0BAQsFAAOCAQEAEkeOpLS84K3+QL8EGyznrNbLQVLw6sBPxH/S
PJ8IJipd4BebPNsyp70KLtqD+e9O3crLWVjyv4U5y16PgXCGFhJwnKPb4UaoE9Jv
A6Sc53C1GMJlAKi3hbGabKm6w/OJI+2pAKZSDfV1BZAlHN7czVYSllslg3tAAV4J
GDyG5zXioscG6SxMwXVUtE8Af4OdAxTs+87E6gD52jMD/QwjXhWrI+Stidc7VCmh
9MXhv2QF/DrQxSAevN91acbm0MLcMxv9R5G9AxfH9LQn04/ScbVzD17J/YE7HYzf
ozTkO+7wrez77obK22tK3DoAKhJpEPX69sHfytaRVWXnAg4PTw==
-----END CERTIFICATE-----