Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/7309a9-46c8-4240-afef-840881a4d30d/1/uvL7dg0BjeWgWuNnl9vh-Q_UURM.roa
File:                     uvL7dg0BjeWgWuNnl9vh-Q_UURM.roa (raw, json)
Hash identifier:          EufGNLB3yONUXdzkMTuPov051BHi8wfEIhY8XESl4ks=
Subject key identifier:   BA:F2:FB:76:0D:01:8D:E5:A0:5A:E3:67:97:DB:E1:F9:0F:D4:51:13
Certificate issuer:       /CN=76ce637d47b78004d0ccfae371e6818768ac3fa5
Certificate serial:       018CC79436C0611350F58BF799BC741A2FC9
Authority key identifier: 76:CE:63:7D:47:B7:80:04:D0:CC:FA:E3:71:E6:81:87:68:AC:3F:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ds5jfUe3gATQzPrjceaBh2isP6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/7309a9-46c8-4240-afef-840881a4d30d/1/uvL7dg0BjeWgWuNnl9vh-Q_UURM.roa
Signing time:             Tue 02 Jan 2024 00:30:28 +0000
ROA not before:           Tue 02 Jan 2024 00:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15440
IP address blocks:        2001:67c:2ffc::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/7309a9-46c8-4240-afef-840881a4d30d/1/ds5jfUe3gATQzPrjceaBh2isP6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/7309a9-46c8-4240-afef-840881a4d30d/1/ds5jfUe3gATQzPrjceaBh2isP6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ds5jfUe3gATQzPrjceaBh2isP6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 Nov 2024 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:36:c0:61:13:50:f5:8b:f7:99:bc:74:1a:2f:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76ce637d47b78004d0ccfae371e6818768ac3fa5
        Validity
            Not Before: Jan  2 00:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=baf2fb760d018de5a05ae36797dbe1f90fd45113
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:45:cc:8f:4b:55:4b:20:b7:79:1f:50:10:1d:
                    de:c8:91:72:20:af:e7:bf:2e:9d:a6:c7:78:b1:8c:
                    f9:b6:a0:e2:1a:54:e5:ef:bd:7f:21:e7:64:39:9c:
                    98:64:e7:cd:4d:f4:a0:76:ef:97:3e:ae:4b:aa:67:
                    bf:79:4d:bc:d3:fe:2d:07:1f:58:1d:25:3b:01:79:
                    c4:6f:37:69:67:54:3c:5b:b5:35:51:2c:87:cb:6f:
                    2c:cb:b1:ae:ba:c3:db:aa:d6:e5:0d:b9:6a:7d:b4:
                    c8:df:f3:05:14:04:65:64:8e:39:d7:54:31:b0:f3:
                    f8:c2:ae:11:16:0b:53:f7:7d:94:56:77:43:8a:4d:
                    bc:fa:e6:dc:b5:b4:33:31:38:da:4f:0b:88:57:c3:
                    af:96:f7:7f:5d:64:40:05:5f:10:e1:6d:6a:73:8f:
                    01:c2:f9:0c:09:25:dc:d1:c3:cc:0d:9d:45:98:47:
                    91:bd:37:00:38:a7:9c:d8:b8:11:b3:9b:60:c7:24:
                    10:62:8a:66:b4:3d:45:6c:69:84:b0:0b:68:52:84:
                    d3:fa:c2:28:3b:36:49:62:68:57:d2:7f:a0:51:cd:
                    1d:59:a9:75:55:f2:57:62:71:5c:6a:52:f4:54:b2:
                    ff:ff:c0:be:aa:a7:98:83:17:29:f7:4d:07:94:b5:
                    95:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:F2:FB:76:0D:01:8D:E5:A0:5A:E3:67:97:DB:E1:F9:0F:D4:51:13
            X509v3 Authority Key Identifier:
                keyid:76:CE:63:7D:47:B7:80:04:D0:CC:FA:E3:71:E6:81:87:68:AC:3F:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ds5jfUe3gATQzPrjceaBh2isP6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/7309a9-46c8-4240-afef-840881a4d30d/1/uvL7dg0BjeWgWuNnl9vh-Q_UURM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/7309a9-46c8-4240-afef-840881a4d30d/1/ds5jfUe3gATQzPrjceaBh2isP6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2ffc::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:2e:9b:8f:34:c2:a8:f8:af:9a:35:ff:a9:09:f0:7d:f9:ce:
         d7:89:b4:67:d5:34:c0:56:fe:f3:6f:66:f6:84:b9:db:01:b9:
         be:07:c3:58:65:aa:cd:33:72:ac:47:b5:7b:e0:b9:1b:fb:c3:
         60:10:bc:ea:33:f9:0c:21:c2:64:c1:d4:57:8f:b8:ee:d1:57:
         9a:97:79:fd:ff:b4:c0:eb:74:61:f5:c2:86:b7:6f:84:59:6c:
         90:82:02:6e:26:fa:36:db:e0:8e:6a:7a:1f:74:d5:c3:61:a8:
         dc:75:77:35:a1:cb:73:2c:4b:b8:5e:42:27:a3:da:67:64:ba:
         8c:2d:33:90:e3:b9:fc:d1:e2:09:0f:b4:45:11:37:fd:97:0c:
         bd:b5:f7:e1:fc:95:0f:ff:bb:51:ab:47:a3:fb:e3:a8:84:76:
         c1:65:ed:34:4e:0a:7c:3a:a8:6a:9f:8b:c4:0c:63:69:9f:1e:
         4a:11:e6:84:9d:6e:39:e7:e5:10:5a:c4:36:6e:64:1f:bd:1f:
         9e:5e:87:f4:a1:cf:a5:0c:f9:30:cf:48:66:9c:97:c8:15:52:
         dd:ef:4f:f5:72:c4:e5:b2:bd:e2:f2:37:b1:5a:36:bd:94:e3:
         08:6e:e9:06:2d:8a:c1:6a:0c:f1:7d:21:f0:21:44:ca:aa:5c:
         a1:25:0b:59
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlDbAYRNQ9Yv3mbx0Gi/JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2Y2U2MzdkNDdiNzgwMDRkMGNjZmFlMzcxZTY4MTg3Njhh
YzNmYTUwHhcNMjQwMTAyMDAzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWYyZmI3NjBkMDE4ZGU1YTA1YWUzNjc5N2RiZTFmOTBmZDQ1MTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkXMj0tVSyC3eR9QEB3eyJFyIK/n
vy6dpsd4sYz5tqDiGlTl771/IedkOZyYZOfNTfSgdu+XPq5Lqme/eU280/4tBx9Y
HSU7AXnEbzdpZ1Q8W7U1USyHy28sy7GuusPbqtblDblqfbTI3/MFFARlZI4511Qx
sPP4wq4RFgtT932UVndDik28+ubctbQzMTjaTwuIV8Ovlvd/XWRABV8Q4W1qc48B
wvkMCSXc0cPMDZ1FmEeRvTcAOKec2LgRs5tgxyQQYopmtD1FbGmEsAtoUoTT+sIo
OzZJYmhX0n+gUc0dWal1VfJXYnFcalL0VLL//8C+qqeYgxcp900HlLWVYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLry+3YNAY3loFrjZ5fb4fkP1FETMB8GA1UdIwQY
MBaAFHbOY31Ht4AE0Mz643HmgYdorD+lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHM1amZVZTNnQVRRelByamNlYUJoMmlzUDZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS83MzA5YTktNDZjOC00MjQwLWFmZWYt
ODQwODgxYTRkMzBkLzEvdXZMN2RnMEJqZVdnV3VObmw5dmgtUV9VVVJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS83MzA5YTktNDZjOC00MjQwLWFmZWYtODQwODgxYTRkMzBk
LzEvZHM1amZVZTNnQVRRelByamNlYUJoMmlzUDZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC/8
MA0GCSqGSIb3DQEBCwUAA4IBAQBeLpuPNMKo+K+aNf+pCfB9+c7XibRn1TTAVv7z
b2b2hLnbAbm+B8NYZarNM3KsR7V74Lkb+8NgELzqM/kMIcJkwdRXj7ju0Veal3n9
/7TA63Rh9cKGt2+EWWyQggJuJvo22+COanofdNXDYajcdXc1octzLEu4XkIno9pn
ZLqMLTOQ47n80eIJD7RFETf9lwy9tffh/JUP/7tRq0ej++OohHbBZe00Tgp8Oqhq
n4vEDGNpnx5KEeaEnW455+UQWsQ2bmQfvR+eXof0oc+lDPkwz0hmnJfIFVLd70/1
csTlsr3i8jexWja9lOMIbukGLYrBagzxfSHwIUTKqlyhJQtZ
-----END CERTIFICATE-----