Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/acffd6-dc1e-4e0d-8d25-ce22d5eab82f/1/W13hr5Iirbn7VqV4W5Fbmlor1H4.roa
File:                     W13hr5Iirbn7VqV4W5Fbmlor1H4.roa (raw, json)
Hash identifier:          TllEhSSUdcH9TnyJmvkoBUd0bpn68LcwahroC3DDT9k=
Subject key identifier:   5B:5D:E1:AF:92:22:AD:B9:FB:56:A5:78:5B:91:5B:9A:5A:2B:D4:7E
Certificate issuer:       /CN=27df042824273fcff3f093d0f9b1dec6960bae6a
Certificate serial:       018CC6B79C881F9C4C85C972983238F930D1
Authority key identifier: 27:DF:04:28:24:27:3F:CF:F3:F0:93:D0:F9:B1:DE:C6:96:0B:AE:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J98EKCQnP8_z8JPQ-bHexpYLrmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/acffd6-dc1e-4e0d-8d25-ce22d5eab82f/1/W13hr5Iirbn7VqV4W5Fbmlor1H4.roa
Signing time:             Mon 01 Jan 2024 20:29:31 +0000
ROA not before:           Mon 01 Jan 2024 20:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     65533
IP address blocks:        2001:718:ffff::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/acffd6-dc1e-4e0d-8d25-ce22d5eab82f/1/J98EKCQnP8_z8JPQ-bHexpYLrmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/acffd6-dc1e-4e0d-8d25-ce22d5eab82f/1/J98EKCQnP8_z8JPQ-bHexpYLrmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J98EKCQnP8_z8JPQ-bHexpYLrmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:9c:88:1f:9c:4c:85:c9:72:98:32:38:f9:30:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27df042824273fcff3f093d0f9b1dec6960bae6a
        Validity
            Not Before: Jan  1 20:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b5de1af9222adb9fb56a5785b915b9a5a2bd47e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:65:21:02:21:17:5f:1f:ff:ce:5a:9a:8f:58:
                    46:c7:db:3e:07:c0:13:59:a4:54:0e:7b:59:84:1f:
                    0c:bd:f8:04:04:dc:b1:54:89:b7:f9:c7:f4:ec:70:
                    72:e9:39:d7:a6:c5:02:4a:88:06:ac:43:07:52:6a:
                    ad:f8:a1:9c:aa:1e:a0:fc:8a:da:78:4d:13:ab:9f:
                    a1:22:50:72:e0:4a:14:c9:a8:3d:1d:8a:9b:23:55:
                    ff:b4:24:81:d5:b6:75:0f:18:7d:19:d0:e6:fe:fd:
                    d0:c3:17:61:aa:a0:d0:ca:1f:b7:c8:bc:33:8a:de:
                    79:cd:ff:51:5c:80:2d:a7:d7:ac:fd:48:2d:ca:45:
                    be:74:f7:9e:f1:cd:f4:72:f9:c6:8d:39:72:c1:f5:
                    f5:b7:fa:08:94:49:50:59:99:58:15:f6:e1:b4:43:
                    18:8f:b4:e1:21:6c:60:e1:e7:3a:f8:0a:e9:fe:01:
                    6d:1a:aa:c8:40:34:1d:f1:23:55:3c:14:60:10:9c:
                    2d:36:7f:75:32:dd:4c:42:cb:bf:9e:1e:27:cd:8a:
                    53:82:45:f7:7c:7f:e7:76:a0:00:87:07:06:00:12:
                    1c:11:84:71:79:ba:73:02:a6:ee:97:50:84:57:85:
                    08:be:e5:96:ad:81:c8:f6:30:92:ba:8b:37:ab:28:
                    7e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:5D:E1:AF:92:22:AD:B9:FB:56:A5:78:5B:91:5B:9A:5A:2B:D4:7E
            X509v3 Authority Key Identifier:
                keyid:27:DF:04:28:24:27:3F:CF:F3:F0:93:D0:F9:B1:DE:C6:96:0B:AE:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J98EKCQnP8_z8JPQ-bHexpYLrmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/acffd6-dc1e-4e0d-8d25-ce22d5eab82f/1/W13hr5Iirbn7VqV4W5Fbmlor1H4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/acffd6-dc1e-4e0d-8d25-ce22d5eab82f/1/J98EKCQnP8_z8JPQ-bHexpYLrmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:718:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:5b:bc:e7:60:cb:44:4b:20:09:dd:f6:4f:64:fa:95:37:31:
         bd:c0:5e:d1:15:69:18:1a:48:05:ed:23:99:0d:0c:2b:75:00:
         e9:1d:9c:7b:9f:30:28:74:c8:fb:79:3b:b4:0c:a1:b2:af:c2:
         31:c7:96:b4:08:30:a5:86:66:e3:df:d8:59:b6:20:ea:65:0c:
         96:2f:0f:7f:3e:12:8d:b8:6b:d1:a5:bf:fe:73:cd:28:c3:f4:
         23:48:24:d8:73:1f:fb:09:52:62:c4:8e:e2:cf:20:d2:07:7f:
         ff:fd:41:ad:ac:63:87:24:6b:24:02:2c:eb:4c:8a:26:91:94:
         72:d1:95:53:ff:3c:97:da:f2:f1:97:85:f3:91:93:82:be:52:
         50:d1:07:15:cc:95:6f:12:a5:4d:1e:19:3a:1f:6f:4b:30:98:
         da:ae:be:3b:f6:6e:24:ba:dc:ea:80:c5:bc:42:90:a4:37:34:
         4d:78:69:7d:8e:27:02:8e:95:a4:26:fb:a5:2a:18:9b:0e:2b:
         aa:7e:a9:d6:47:ac:fe:a6:04:36:77:1c:f9:5f:e6:84:1e:c2:
         c3:02:7b:4e:17:b2:6d:14:e4:7b:55:1e:2a:b6:95:24:e4:1d:
         8c:89:10:c9:dc:75:ba:79:a4:db:ec:3e:38:b1:fe:f7:6b:84:
         4e:58:03:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGt5yIH5xMhclymDI4+TDRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZGYwNDI4MjQyNzNmY2ZmM2YwOTNkMGY5YjFkZWM2OTYw
YmFlNmEwHhcNMjQwMTAxMjAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjVkZTFhZjkyMjJhZGI5ZmI1NmE1Nzg1YjkxNWI5YTVhMmJkNDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2UhAiEXXx//zlqaj1hGx9s+B8AT
WaRUDntZhB8MvfgEBNyxVIm3+cf07HBy6TnXpsUCSogGrEMHUmqt+KGcqh6g/Ira
eE0Tq5+hIlBy4EoUyag9HYqbI1X/tCSB1bZ1Dxh9GdDm/v3QwxdhqqDQyh+3yLwz
it55zf9RXIAtp9es/UgtykW+dPee8c30cvnGjTlywfX1t/oIlElQWZlYFfbhtEMY
j7ThIWxg4ec6+Arp/gFtGqrIQDQd8SNVPBRgEJwtNn91Mt1MQsu/nh4nzYpTgkX3
fH/ndqAAhwcGABIcEYRxebpzAqbul1CEV4UIvuWWrYHI9jCSuos3qyh+ywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFtd4a+SIq25+1aleFuRW5paK9R+MB8GA1UdIwQY
MBaAFCffBCgkJz/P8/CT0Pmx3saWC65qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjk4RUtDUW5QOF96OEpQUS1iSGV4cFlMcm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9hY2ZmZDYtZGMxZS00ZTBkLThkMjUt
Y2UyMmQ1ZWFiODJmLzEvVzEzaHI1SWlyYm43VnFWNFc1RmJtbG9yMUg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9hY2ZmZDYtZGMxZS00ZTBkLThkMjUtY2UyMmQ1ZWFiODJm
LzEvSjk4RUtDUW5QOF96OEpQUS1iSGV4cFlMcm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEHGP//
MA0GCSqGSIb3DQEBCwUAA4IBAQBUW7znYMtESyAJ3fZPZPqVNzG9wF7RFWkYGkgF
7SOZDQwrdQDpHZx7nzAodMj7eTu0DKGyr8Ixx5a0CDClhmbj39hZtiDqZQyWLw9/
PhKNuGvRpb/+c80ow/QjSCTYcx/7CVJixI7izyDSB3///UGtrGOHJGskAizrTIom
kZRy0ZVT/zyX2vLxl4XzkZOCvlJQ0QcVzJVvEqVNHhk6H29LMJjarr479m4kutzq
gMW8QpCkNzRNeGl9jicCjpWkJvulKhibDiuqfqnWR6z+pgQ2dxz5X+aEHsLDAntO
F7JtFOR7VR4qtpUk5B2MiRDJ3HW6eaTb7D44sf73a4ROWAOf
-----END CERTIFICATE-----