Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/524e5b-a8ae-45ab-bbd9-4491845dcd47/1/0F4Iz2bBZpzI7P8viD6JfDopoA8.roa
File:                     0F4Iz2bBZpzI7P8viD6JfDopoA8.roa (raw, json)
Hash identifier:          axu5M+9YwSxSfnQqY4kxm7IUlN4wLDEb2hGebzksNlw=
Subject key identifier:   D0:5E:08:CF:66:C1:66:9C:C8:EC:FF:2F:88:3E:89:7C:3A:29:A0:0F
Certificate issuer:       /CN=03485fbdb0b1a04d52e81dcdb95858916a1ddae4
Certificate serial:       018CC80142720D0955475DA2CED534A34A36
Authority key identifier: 03:48:5F:BD:B0:B1:A0:4D:52:E8:1D:CD:B9:58:58:91:6A:1D:DA:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A0hfvbCxoE1S6B3NuVhYkWod2uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/524e5b-a8ae-45ab-bbd9-4491845dcd47/1/0F4Iz2bBZpzI7P8viD6JfDopoA8.roa
Signing time:             Tue 02 Jan 2024 02:29:34 +0000
ROA not before:           Tue 02 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211879
IP address blocks:        2001:67c:1b50::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/524e5b-a8ae-45ab-bbd9-4491845dcd47/1/A0hfvbCxoE1S6B3NuVhYkWod2uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/524e5b-a8ae-45ab-bbd9-4491845dcd47/1/A0hfvbCxoE1S6B3NuVhYkWod2uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A0hfvbCxoE1S6B3NuVhYkWod2uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:42:72:0d:09:55:47:5d:a2:ce:d5:34:a3:4a:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03485fbdb0b1a04d52e81dcdb95858916a1ddae4
        Validity
            Not Before: Jan  2 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d05e08cf66c1669cc8ecff2f883e897c3a29a00f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:2a:35:e9:d7:26:5a:d4:7a:18:d7:40:9d:e2:
                    c9:31:88:2d:77:cd:54:58:40:a1:2b:0d:64:6e:77:
                    73:65:1e:17:ae:e5:ff:3e:1e:cb:c6:8f:fa:04:5d:
                    49:35:ee:07:2c:ec:38:a9:37:6a:ec:18:c9:44:ed:
                    db:27:07:bd:fb:23:28:12:30:5c:32:cd:e2:18:fe:
                    cd:1b:ff:17:b3:bf:75:06:ec:1c:39:b2:28:59:5a:
                    1b:89:2a:5a:d5:3b:81:55:e8:d1:fe:01:f0:3f:b0:
                    eb:8f:06:32:a0:10:33:1d:92:50:ca:99:e3:51:5f:
                    85:a7:32:3b:a5:5d:a0:1d:39:2d:2e:40:60:30:38:
                    25:3f:ab:92:54:0f:b6:8a:20:73:5f:e1:66:9f:8e:
                    2d:06:af:7a:98:67:f9:02:83:1c:51:e3:3e:ce:42:
                    7c:36:3a:dc:c0:7a:4b:17:a7:f6:17:91:b4:05:ce:
                    59:f5:a4:89:b9:f7:1b:1c:ca:67:f6:42:ee:0f:94:
                    9b:e9:7c:50:4e:dd:0b:c4:37:fa:81:87:c2:aa:2f:
                    3a:18:94:b2:c3:c9:84:ff:d9:1b:f0:43:85:1e:6a:
                    c2:ae:e3:3f:c0:6b:36:ed:35:66:c6:ff:01:db:82:
                    aa:aa:42:26:ab:db:cd:21:90:12:99:6c:fb:13:52:
                    bb:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:5E:08:CF:66:C1:66:9C:C8:EC:FF:2F:88:3E:89:7C:3A:29:A0:0F
            X509v3 Authority Key Identifier:
                keyid:03:48:5F:BD:B0:B1:A0:4D:52:E8:1D:CD:B9:58:58:91:6A:1D:DA:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A0hfvbCxoE1S6B3NuVhYkWod2uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/524e5b-a8ae-45ab-bbd9-4491845dcd47/1/0F4Iz2bBZpzI7P8viD6JfDopoA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/524e5b-a8ae-45ab-bbd9-4491845dcd47/1/A0hfvbCxoE1S6B3NuVhYkWod2uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1b50::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:74:8e:3b:26:5d:2a:ea:4c:cd:dc:6d:fb:51:28:8f:c2:21:
         49:0e:5e:a6:dd:32:54:ed:50:21:2e:72:13:11:c5:f3:f9:ca:
         a8:de:0e:8d:95:16:2c:84:05:55:c1:5b:7e:96:a8:03:b3:1f:
         58:81:b1:3b:c8:cf:d8:58:96:78:77:a3:23:eb:48:4f:f1:7a:
         49:e0:b3:bc:90:ba:80:1f:72:01:78:af:82:ad:ee:71:f2:86:
         47:26:58:4b:47:35:32:17:dd:ca:7c:31:fa:27:b5:dd:ab:d1:
         21:68:e0:c7:3d:ed:d3:9c:7b:06:46:35:87:9e:cc:80:e2:3d:
         b6:6c:4c:89:63:aa:b3:95:a6:24:ac:bf:5a:eb:4a:aa:75:e4:
         31:dc:27:fa:b7:94:be:4b:f7:c9:53:39:99:46:ff:63:f1:06:
         cf:af:0d:1a:8d:5a:a1:02:18:b9:5c:0f:d3:c5:7b:8e:d4:09:
         9b:77:07:d6:b6:48:75:bd:a9:bc:57:b7:78:23:72:7b:84:d6:
         a6:20:cc:a2:0f:e4:35:83:bf:4b:82:84:b8:70:79:e9:6d:59:
         09:a5:e3:fd:52:80:aa:37:5a:b4:be:e2:a2:7b:96:e5:54:9c:
         fe:9f:91:47:e5:b6:99:a3:51:04:05:39:de:d8:30:73:c7:0b:
         d9:f9:1f:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAUJyDQlVR12iztU0o0o2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzNDg1ZmJkYjBiMWEwNGQ1MmU4MWRjZGI5NTg1ODkxNmEx
ZGRhZTQwHhcNMjQwMTAyMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDVlMDhjZjY2YzE2NjljYzhlY2ZmMmY4ODNlODk3YzNhMjlhMDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCo16dcmWtR6GNdAneLJMYgtd81U
WEChKw1kbndzZR4XruX/Ph7Lxo/6BF1JNe4HLOw4qTdq7BjJRO3bJwe9+yMoEjBc
Ms3iGP7NG/8Xs791BuwcObIoWVobiSpa1TuBVejR/gHwP7DrjwYyoBAzHZJQypnj
UV+FpzI7pV2gHTktLkBgMDglP6uSVA+2iiBzX+Fmn44tBq96mGf5AoMcUeM+zkJ8
NjrcwHpLF6f2F5G0Bc5Z9aSJufcbHMpn9kLuD5Sb6XxQTt0LxDf6gYfCqi86GJSy
w8mE/9kb8EOFHmrCruM/wGs27TVmxv8B24KqqkImq9vNIZASmWz7E1K7ZQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNBeCM9mwWacyOz/L4g+iXw6KaAPMB8GA1UdIwQY
MBaAFANIX72wsaBNUugdzblYWJFqHdrkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTBoZnZiQ3hvRTFTNkIzTnVWaFlrV29kMnVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS81MjRlNWItYThhZS00NWFiLWJiZDkt
NDQ5MTg0NWRjZDQ3LzEvMEY0SXoyYkJacHpJN1A4dmlENkpmRG9wb0E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS81MjRlNWItYThhZS00NWFiLWJiZDktNDQ5MTg0NWRjZDQ3
LzEvQTBoZnZiQ3hvRTFTNkIzTnVWaFlrV29kMnVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBtQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBbdI47Jl0q6kzN3G37USiPwiFJDl6m3TJU7VAh
LnITEcXz+cqo3g6NlRYshAVVwVt+lqgDsx9YgbE7yM/YWJZ4d6Mj60hP8XpJ4LO8
kLqAH3IBeK+Cre5x8oZHJlhLRzUyF93KfDH6J7Xdq9EhaODHPe3TnHsGRjWHnsyA
4j22bEyJY6qzlaYkrL9a60qqdeQx3Cf6t5S+S/fJUzmZRv9j8QbPrw0ajVqhAhi5
XA/TxXuO1AmbdwfWtkh1vam8V7d4I3J7hNamIMyiD+Q1g79LgoS4cHnpbVkJpeP9
UoCqN1q0vuKie5blVJz+n5FH5baZo1EEBTne2DBzxwvZ+R+P
-----END CERTIFICATE-----