Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/Df_Wrwl0EWfmIgSqq2pNE1Hf55I.roa
File:                     Df_Wrwl0EWfmIgSqq2pNE1Hf55I.roa (raw, json)
Hash identifier:          DulUJO9uCGUVDubiJv2b8Ej9vS6foGmmLNwOIsM1UKE=
Subject key identifier:   0D:FF:D6:AF:09:74:11:67:E6:22:04:AA:AB:6A:4D:13:51:DF:E7:92
Certificate issuer:       /CN=efdc48d9ab10f0e42a3dc67fbd0f4cb8e44cab69
Certificate serial:       018CCA2A62A9A8175C473F2E8CC23F8944A8
Authority key identifier: EF:DC:48:D9:AB:10:F0:E4:2A:3D:C6:7F:BD:0F:4C:B8:E4:4C:AB:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/79xI2asQ8OQqPcZ_vQ9MuORMq2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/Df_Wrwl0EWfmIgSqq2pNE1Hf55I.roa
Signing time:             Tue 02 Jan 2024 12:33:44 +0000
ROA not before:           Tue 02 Jan 2024 12:33:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50629
IP address blocks:        2001:67c:708::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/79xI2asQ8OQqPcZ_vQ9MuORMq2k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/79xI2asQ8OQqPcZ_vQ9MuORMq2k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/79xI2asQ8OQqPcZ_vQ9MuORMq2k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:62:a9:a8:17:5c:47:3f:2e:8c:c2:3f:89:44:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efdc48d9ab10f0e42a3dc67fbd0f4cb8e44cab69
        Validity
            Not Before: Jan  2 12:33:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dffd6af09741167e62204aaab6a4d1351dfe792
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a3:67:97:2a:d2:15:58:ea:21:46:ab:76:3c:
                    af:ad:92:1e:f9:bc:cf:b6:5d:60:92:09:30:a0:6c:
                    6a:f6:ca:c9:52:77:42:7d:e8:6c:85:20:ea:b9:1d:
                    c5:c6:85:40:42:d3:78:8c:30:d7:1c:dd:12:7a:4b:
                    c2:52:0c:55:5d:47:83:74:42:81:32:aa:ea:02:8e:
                    91:22:21:ec:52:bb:19:69:40:4e:e6:0e:8a:82:e3:
                    9f:7d:73:75:17:df:9d:3a:ae:b0:b8:e4:a1:2f:42:
                    ac:bf:04:97:d8:d6:50:10:30:e2:8c:8f:7e:80:01:
                    e5:19:9e:32:b9:20:d9:55:7f:99:45:e0:69:ee:47:
                    cf:da:2e:dc:20:55:33:9e:ce:f3:fd:bc:85:8f:41:
                    94:8b:ef:07:2b:00:eb:84:3c:b5:b3:5c:71:d8:81:
                    95:2c:33:9e:fd:de:7e:1e:59:3b:be:4c:5b:39:f7:
                    68:71:f9:b3:a6:d3:0b:9c:a4:e7:9a:7f:d0:7d:c7:
                    fb:18:2e:f2:db:33:7e:eb:c6:9e:67:59:e0:2e:e9:
                    5b:77:83:7b:b0:cc:e9:8b:88:d7:dc:a5:58:b0:d8:
                    a0:86:0a:dd:14:9f:48:a4:5f:6a:a1:c8:7e:2f:d3:
                    ae:70:f5:85:d1:1c:e3:a2:87:96:73:37:e0:22:3b:
                    8d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:FF:D6:AF:09:74:11:67:E6:22:04:AA:AB:6A:4D:13:51:DF:E7:92
            X509v3 Authority Key Identifier:
                keyid:EF:DC:48:D9:AB:10:F0:E4:2A:3D:C6:7F:BD:0F:4C:B8:E4:4C:AB:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/79xI2asQ8OQqPcZ_vQ9MuORMq2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/Df_Wrwl0EWfmIgSqq2pNE1Hf55I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/404feb-a8bc-4c54-90ac-0660c16efcce/1/79xI2asQ8OQqPcZ_vQ9MuORMq2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:708::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:60:74:ac:8d:3e:32:6f:f4:78:82:1c:e7:20:36:63:53:6e:
         1b:08:b5:4c:83:fd:14:64:05:0b:44:51:44:39:44:0e:c2:2b:
         62:ec:90:09:1f:b3:c2:05:95:a4:5d:99:74:2d:11:1b:c5:a2:
         e7:dd:bc:f2:db:f7:19:bc:cd:91:e4:af:e4:59:0e:fb:27:74:
         8a:21:76:7e:ad:b0:66:cc:3e:aa:ec:de:24:5e:00:32:e8:b2:
         e4:e0:05:87:40:ea:bd:48:55:5e:52:ef:65:f5:f6:1a:d1:c3:
         22:75:d3:39:6c:3d:9f:9f:76:89:78:94:87:84:67:ac:4c:c5:
         b2:23:fb:dc:75:d5:d7:b9:07:3d:d8:99:32:e2:f1:dd:55:83:
         29:5d:ef:c3:9c:4c:c2:3a:4f:fa:e5:ca:fe:c0:99:2e:df:a0:
         e3:07:76:91:86:9f:18:e0:a1:dd:e7:68:c5:0d:f7:78:73:4d:
         a8:a8:e7:9a:d8:66:8c:ef:18:93:e2:85:1e:79:7b:75:29:a5:
         c6:26:e4:29:db:2f:98:1c:36:e2:0b:96:6d:3b:53:15:a7:78:
         63:21:1e:94:5a:ad:84:10:1e:b1:aa:de:39:95:ec:42:34:05:
         30:d7:b5:c2:e1:5b:af:25:e7:10:c7:4a:52:3a:33:a6:c6:21:
         ca:1a:6f:21
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKmKpqBdcRz8ujMI/iUSoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmZGM0OGQ5YWIxMGYwZTQyYTNkYzY3ZmJkMGY0Y2I4ZTQ0
Y2FiNjkwHhcNMjQwMTAyMTIzMzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGZmZDZhZjA5NzQxMTY3ZTYyMjA0YWFhYjZhNGQxMzUxZGZlNzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKNnlyrSFVjqIUardjyvrZIe+bzP
tl1gkgkwoGxq9srJUndCfehshSDquR3FxoVAQtN4jDDXHN0SekvCUgxVXUeDdEKB
MqrqAo6RIiHsUrsZaUBO5g6KguOffXN1F9+dOq6wuOShL0KsvwSX2NZQEDDijI9+
gAHlGZ4yuSDZVX+ZReBp7kfP2i7cIFUzns7z/byFj0GUi+8HKwDrhDy1s1xx2IGV
LDOe/d5+Hlk7vkxbOfdocfmzptMLnKTnmn/Qfcf7GC7y2zN+68aeZ1ngLulbd4N7
sMzpi4jX3KVYsNighgrdFJ9IpF9qoch+L9OucPWF0RzjooeWczfgIjuN5wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA3/1q8JdBFn5iIEqqtqTRNR3+eSMB8GA1UdIwQY
MBaAFO/cSNmrEPDkKj3Gf70PTLjkTKtpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzl4STJhc1E4T1FxUGNaX3ZROU11T1JNcTJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS80MDRmZWItYThiYy00YzU0LTkwYWMt
MDY2MGMxNmVmY2NlLzEvRGZfV3J3bDBFV2ZtSWdTcXEycE5FMUhmNTVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS80MDRmZWItYThiYy00YzU0LTkwYWMtMDY2MGMxNmVmY2Nl
LzEvNzl4STJhc1E4T1FxUGNaX3ZROU11T1JNcTJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAcI
MA0GCSqGSIb3DQEBCwUAA4IBAQCeYHSsjT4yb/R4ghznIDZjU24bCLVMg/0UZAUL
RFFEOUQOwiti7JAJH7PCBZWkXZl0LREbxaLn3bzy2/cZvM2R5K/kWQ77J3SKIXZ+
rbBmzD6q7N4kXgAy6LLk4AWHQOq9SFVeUu9l9fYa0cMiddM5bD2fn3aJeJSHhGes
TMWyI/vcddXXuQc92Jky4vHdVYMpXe/DnEzCOk/65cr+wJku36DjB3aRhp8Y4KHd
52jFDfd4c02oqOea2GaM7xiT4oUeeXt1KaXGJuQp2y+YHDbiC5ZtO1MVp3hjIR6U
Wq2EEB6xqt45lexCNAUw17XC4VuvJecQx0pSOjOmxiHKGm8h
-----END CERTIFICATE-----