Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/b61ac2-6e27-4d4e-ab9e-f380bf0fdd84/1/1-mENJWZp8Scajh1NC4xMCHYMlaU.roa
File:                     1-mENJWZp8Scajh1NC4xMCHYMlaU.roa (raw, json)
Hash identifier:          xRFCe5VZURJzPv3l52Bp8ccoLfTZ/jqLTH/NDNcP4jA=
Subject key identifier:   FA:61:0D:25:66:69:F1:27:1A:8E:1D:4D:0B:8C:4C:08:76:0C:95:A5
Certificate issuer:       /CN=10ab57ab0e96518679114cbf0ee8af54bbfda5f5
Certificate serial:       018CC64B57A1AF5C4E8A933E5B0F517A8F72
Authority key identifier: 10:AB:57:AB:0E:96:51:86:79:11:4C:BF:0E:E8:AF:54:BB:FD:A5:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EKtXqw6WUYZ5EUy_DuivVLv9pfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/b61ac2-6e27-4d4e-ab9e-f380bf0fdd84/1/1-mENJWZp8Scajh1NC4xMCHYMlaU.roa
Signing time:             Mon 01 Jan 2024 18:31:15 +0000
ROA not before:           Mon 01 Jan 2024 18:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198053
IP address blocks:        2001:67c:768::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/b61ac2-6e27-4d4e-ab9e-f380bf0fdd84/1/EKtXqw6WUYZ5EUy_DuivVLv9pfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/b61ac2-6e27-4d4e-ab9e-f380bf0fdd84/1/EKtXqw6WUYZ5EUy_DuivVLv9pfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EKtXqw6WUYZ5EUy_DuivVLv9pfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:57:a1:af:5c:4e:8a:93:3e:5b:0f:51:7a:8f:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10ab57ab0e96518679114cbf0ee8af54bbfda5f5
        Validity
            Not Before: Jan  1 18:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa610d256669f1271a8e1d4d0b8c4c08760c95a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c1:63:c1:60:e6:c8:03:ec:f4:ff:3a:47:3b:
                    3a:13:18:c8:e0:d4:c8:2e:69:14:1a:b0:d6:60:14:
                    8b:0f:0f:c7:43:4a:14:ca:71:f6:95:e4:d2:9e:fd:
                    78:46:9a:d0:77:d9:c7:57:1b:a7:5a:cb:47:b5:70:
                    37:c7:f2:3b:4e:70:c5:55:7a:70:67:4d:29:dd:de:
                    ab:aa:8d:b6:fe:c1:66:d7:21:9b:75:b1:32:58:ea:
                    f2:15:ca:ec:eb:fc:2a:b3:30:2f:87:67:c2:dc:92:
                    8b:61:4e:2a:9c:74:19:7a:45:fd:7e:c2:b6:42:30:
                    2b:66:f7:84:79:78:9c:70:3b:08:65:79:da:58:a5:
                    f9:af:27:5b:68:a2:3a:f4:0a:72:37:87:d8:2b:55:
                    1d:08:e5:db:61:33:1e:98:f8:f9:fb:1c:e6:72:dd:
                    10:6b:11:96:44:46:21:f2:2a:9c:ab:9d:0a:ce:09:
                    e0:8b:d6:70:1f:6e:a8:7f:d2:26:67:42:4d:cb:bc:
                    e0:c5:dc:2c:98:f8:6c:20:6c:93:75:4b:b5:5f:a3:
                    29:e7:0b:10:4f:87:8e:b6:2f:83:db:50:bd:89:52:
                    c5:84:7a:7f:76:8c:0b:81:24:6a:f9:b7:83:58:24:
                    81:2b:59:7f:e3:25:bb:d6:7c:61:da:ff:44:f0:1c:
                    03:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:61:0D:25:66:69:F1:27:1A:8E:1D:4D:0B:8C:4C:08:76:0C:95:A5
            X509v3 Authority Key Identifier:
                keyid:10:AB:57:AB:0E:96:51:86:79:11:4C:BF:0E:E8:AF:54:BB:FD:A5:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EKtXqw6WUYZ5EUy_DuivVLv9pfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b61ac2-6e27-4d4e-ab9e-f380bf0fdd84/1/1-mENJWZp8Scajh1NC4xMCHYMlaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b61ac2-6e27-4d4e-ab9e-f380bf0fdd84/1/EKtXqw6WUYZ5EUy_DuivVLv9pfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:768::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:aa:f6:d0:0c:f3:aa:dc:9b:f1:59:b1:b2:82:a6:bb:34:44:
         54:99:6b:a8:12:50:80:96:c7:c8:7d:44:a6:c6:76:35:a4:e8:
         fe:cf:cf:30:56:b4:0d:2c:d7:04:9c:fa:4c:50:30:98:0e:9f:
         8e:e5:5a:fd:fb:db:aa:3b:45:45:b4:c6:ba:d5:0a:11:4f:a3:
         e0:39:92:ad:e5:8d:cb:2a:ba:bb:bd:88:b4:1a:91:e6:52:36:
         10:24:72:d1:cf:d2:f7:d3:1c:bc:9f:da:46:27:d4:aa:f8:c5:
         23:7e:67:bc:98:0d:97:85:da:00:3f:54:db:05:19:8c:76:c7:
         3e:d7:c3:16:15:cd:c9:60:68:c4:09:e0:51:be:25:1d:06:04:
         59:01:0b:a3:6a:29:22:cd:7c:13:f9:eb:28:47:d7:17:67:81:
         6a:e6:af:eb:45:75:e3:9b:0d:a3:da:e6:79:59:e6:3f:b8:df:
         2c:3f:76:0a:8e:a2:eb:7f:ad:c7:ba:c8:c7:11:ed:ac:37:33:
         5a:65:32:5a:06:53:8c:83:08:f3:5e:85:86:c6:fc:c4:fb:6c:
         1e:9b:cf:0d:db:64:c4:f6:32:61:38:15:b1:72:ca:c5:2b:fe:
         58:e6:27:ab:06:35:37:d0:ef:48:77:a5:31:31:51:98:1d:78:
         ae:36:d5:8a
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzGS1ehr1xOipM+Ww9Reo9yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwYWI1N2FiMGU5NjUxODY3OTExNGNiZjBlZThhZjU0YmJm
ZGE1ZjUwHhcNMjQwMTAxMTgzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTYxMGQyNTY2NjlmMTI3MWE4ZTFkNGQwYjhjNGMwODc2MGM5NWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8FjwWDmyAPs9P86Rzs6ExjI4NTI
LmkUGrDWYBSLDw/HQ0oUynH2leTSnv14RprQd9nHVxunWstHtXA3x/I7TnDFVXpw
Z00p3d6rqo22/sFm1yGbdbEyWOryFcrs6/wqszAvh2fC3JKLYU4qnHQZekX9fsK2
QjArZveEeXiccDsIZXnaWKX5rydbaKI69ApyN4fYK1UdCOXbYTMemPj5+xzmct0Q
axGWREYh8iqcq50Kzgngi9ZwH26of9ImZ0JNy7zgxdwsmPhsIGyTdUu1X6Mp5wsQ
T4eOti+D21C9iVLFhHp/dowLgSRq+beDWCSBK1l/4yW71nxh2v9E8BwDsQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPphDSVmafEnGo4dTQuMTAh2DJWlMB8GA1UdIwQY
MBaAFBCrV6sOllGGeRFMvw7or1S7/aX1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUt0WHF3NldVWVo1RVV5X0R1aXZWTHY5cGZVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9iNjFhYzItNmUyNy00ZDRlLWFiOWUt
ZjM4MGJmMGZkZDg0LzEvMS1tRU5KV1pwOFNjYWpoMU5DNHhNQ0hZTWxhVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGYvYjYxYWMyLTZlMjctNGQ0ZS1hYjllLWYzODBiZjBmZGQ4
NC8xL0VLdFhxdzZXVVlaNUVVeV9EdWl2Vkx2OXBmVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBnwH
aDANBgkqhkiG9w0BAQsFAAOCAQEAYKr20Azzqtyb8VmxsoKmuzREVJlrqBJQgJbH
yH1EpsZ2NaTo/s/PMFa0DSzXBJz6TFAwmA6fjuVa/fvbqjtFRbTGutUKEU+j4DmS
reWNyyq6u72ItBqR5lI2ECRy0c/S99McvJ/aRifUqvjFI35nvJgNl4XaAD9U2wUZ
jHbHPtfDFhXNyWBoxAngUb4lHQYEWQELo2opIs18E/nrKEfXF2eBauav60V145sN
o9rmeVnmP7jfLD92Co6i63+tx7rIxxHtrDczWmUyWgZTjIMI816Fhsb8xPtsHpvP
DdtkxPYyYTgVsXLKxSv+WOYnqwY1N9DvSHelMTFRmB14rjbVig==
-----END CERTIFICATE-----