Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/fea5c4-dde1-4548-a58b-8938e9556342/1/oAK4EX68VAQzJDki7vypFbAJmbw.roa
File:                     oAK4EX68VAQzJDki7vypFbAJmbw.roa (raw, json)
Hash identifier:          SjdCxXi3ZmhGkgZO2kvYduPap5qz+ovRwD6C7uB1YUg=
Subject key identifier:   A0:02:B8:11:7E:BC:54:04:33:24:39:22:EE:FC:A9:15:B0:09:99:BC
Certificate issuer:       /CN=a00995a87bf64dc4949b819dfe02f8a586aaa4de
Certificate serial:       018CC9BBF95B8264C4AEE052A73EFBA8E33F
Authority key identifier: A0:09:95:A8:7B:F6:4D:C4:94:9B:81:9D:FE:02:F8:A5:86:AA:A4:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oAmVqHv2TcSUm4Gd_gL4pYaqpN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/fea5c4-dde1-4548-a58b-8938e9556342/1/oAK4EX68VAQzJDki7vypFbAJmbw.roa
Signing time:             Tue 02 Jan 2024 10:33:08 +0000
ROA not before:           Tue 02 Jan 2024 10:33:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210731
IP address blocks:        2001:67c:89c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/fea5c4-dde1-4548-a58b-8938e9556342/1/oAmVqHv2TcSUm4Gd_gL4pYaqpN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/fea5c4-dde1-4548-a58b-8938e9556342/1/oAmVqHv2TcSUm4Gd_gL4pYaqpN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oAmVqHv2TcSUm4Gd_gL4pYaqpN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f9:5b:82:64:c4:ae:e0:52:a7:3e:fb:a8:e3:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a00995a87bf64dc4949b819dfe02f8a586aaa4de
        Validity
            Not Before: Jan  2 10:33:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a002b8117ebc540433243922eefca915b00999bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b4:18:65:84:6f:a4:95:f5:89:68:6c:62:db:
                    ac:0b:ed:62:19:91:e3:a8:ad:ed:74:ed:41:25:81:
                    f1:36:c5:11:7a:0d:a0:41:e7:0d:93:5a:cb:f9:9f:
                    8e:11:82:6b:29:ae:cd:b5:4b:fc:51:70:4b:74:69:
                    2a:6d:2a:09:40:4d:c1:e8:53:26:79:52:84:12:8f:
                    79:bc:57:f5:a4:ee:bf:3f:e5:aa:73:c9:c5:5f:69:
                    c2:63:94:99:71:02:56:70:7f:6d:b1:30:4f:b0:76:
                    42:ad:bf:9a:bd:c4:90:da:56:fc:6c:de:77:ff:c6:
                    33:72:2f:a5:e2:72:c3:a8:ac:da:a2:36:a1:a2:36:
                    11:8e:9c:ae:6b:cb:03:fb:58:f6:22:9d:3f:f5:f8:
                    d2:e7:8c:2e:d2:c3:0b:2b:4a:ce:d4:91:eb:ca:91:
                    15:49:f8:d7:a9:22:e2:08:94:64:17:73:b9:bc:17:
                    10:5e:90:79:a8:5a:bc:47:1a:b1:93:48:d7:dc:26:
                    99:72:79:d3:4d:f6:83:c4:e7:cc:e8:19:d8:b3:a4:
                    7b:c4:60:27:65:ab:e5:4b:27:1c:52:69:c8:a9:7e:
                    4f:27:cb:24:49:02:fe:f6:e0:38:bd:19:54:4b:2c:
                    56:d9:ed:31:63:05:4d:db:2e:7b:e2:c9:37:8e:36:
                    47:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:02:B8:11:7E:BC:54:04:33:24:39:22:EE:FC:A9:15:B0:09:99:BC
            X509v3 Authority Key Identifier:
                keyid:A0:09:95:A8:7B:F6:4D:C4:94:9B:81:9D:FE:02:F8:A5:86:AA:A4:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oAmVqHv2TcSUm4Gd_gL4pYaqpN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/fea5c4-dde1-4548-a58b-8938e9556342/1/oAK4EX68VAQzJDki7vypFbAJmbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/fea5c4-dde1-4548-a58b-8938e9556342/1/oAmVqHv2TcSUm4Gd_gL4pYaqpN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:89c::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:aa:d2:78:56:49:58:61:e4:02:63:9a:d9:ec:51:8f:3d:7e:
         26:48:42:b1:86:6c:65:ee:e5:04:a7:d1:62:e6:da:2e:51:27:
         89:7d:1a:67:6a:78:de:6e:ad:30:7f:5c:84:8c:df:fd:6e:1b:
         c0:cb:4d:07:d2:3a:63:53:f8:ca:3e:45:5f:21:87:49:92:5a:
         44:71:59:13:5d:23:fc:37:5c:ec:c3:9a:21:fa:1e:d0:1b:56:
         35:b8:c6:09:9a:6f:82:68:bb:ee:2e:00:55:28:cf:a0:35:17:
         d7:c7:da:d0:4b:9a:9c:3b:c7:1d:27:75:20:71:2e:cf:47:96:
         d9:e2:bc:ea:87:c4:8c:ee:b0:50:94:78:15:12:1d:ec:35:67:
         9c:59:e8:62:cc:66:2e:99:8a:58:20:41:69:79:84:48:f1:cc:
         3c:03:6b:8d:41:c4:69:9d:00:d0:84:14:a9:d1:23:ab:fe:81:
         e6:d6:76:d4:dd:e2:b1:4e:1b:ea:5f:95:d8:e3:4e:86:d6:8a:
         3c:f7:84:cd:dd:23:7c:cc:a1:50:e1:35:fc:f3:20:52:b4:b6:
         18:00:d8:c4:77:89:a2:ae:3f:e5:4e:fe:59:73:46:a5:26:f2:
         8d:e5:c0:af:52:13:17:b3:eb:5c:32:ca:2e:9c:bd:92:59:cb:
         2d:7b:1a:22
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJu/lbgmTEruBSpz77qOM/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMDk5NWE4N2JmNjRkYzQ5NDliODE5ZGZlMDJmOGE1ODZh
YWE0ZGUwHhcNMjQwMTAyMTAzMzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDAyYjgxMTdlYmM1NDA0MzMyNDM5MjJlZWZjYTkxNWIwMDk5OWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrQYZYRvpJX1iWhsYtusC+1iGZHj
qK3tdO1BJYHxNsUReg2gQecNk1rL+Z+OEYJrKa7NtUv8UXBLdGkqbSoJQE3B6FMm
eVKEEo95vFf1pO6/P+Wqc8nFX2nCY5SZcQJWcH9tsTBPsHZCrb+avcSQ2lb8bN53
/8Yzci+l4nLDqKzaojahojYRjpyua8sD+1j2Ip0/9fjS54wu0sMLK0rO1JHrypEV
SfjXqSLiCJRkF3O5vBcQXpB5qFq8Rxqxk0jX3CaZcnnTTfaDxOfM6BnYs6R7xGAn
ZavlSyccUmnIqX5PJ8skSQL+9uA4vRlUSyxW2e0xYwVN2y574sk3jjZHlQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKACuBF+vFQEMyQ5Iu78qRWwCZm8MB8GA1UdIwQY
MBaAFKAJlah79k3ElJuBnf4C+KWGqqTeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0FtVnFIdjJUY1NVbTRHZF9nTDRwWWFxcE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9mZWE1YzQtZGRlMS00NTQ4LWE1OGIt
ODkzOGU5NTU2MzQyLzEvb0FLNEVYNjhWQVF6SkRraTd2eXBGYkFKbWJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9mZWE1YzQtZGRlMS00NTQ4LWE1OGItODkzOGU5NTU2MzQy
LzEvb0FtVnFIdjJUY1NVbTRHZF9nTDRwWWFxcE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAic
MA0GCSqGSIb3DQEBCwUAA4IBAQAuqtJ4VklYYeQCY5rZ7FGPPX4mSEKxhmxl7uUE
p9Fi5touUSeJfRpnanjebq0wf1yEjN/9bhvAy00H0jpjU/jKPkVfIYdJklpEcVkT
XSP8N1zsw5oh+h7QG1Y1uMYJmm+CaLvuLgBVKM+gNRfXx9rQS5qcO8cdJ3UgcS7P
R5bZ4rzqh8SM7rBQlHgVEh3sNWecWehizGYumYpYIEFpeYRI8cw8A2uNQcRpnQDQ
hBSp0SOr/oHm1nbU3eKxThvqX5XY406G1oo894TN3SN8zKFQ4TX88yBStLYYANjE
d4mirj/lTv5Zc0alJvKN5cCvUhMXs+tcMsounL2SWcstexoi
-----END CERTIFICATE-----