Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/a018a7-6b5c-4239-89b7-2a0247fbb6d5/1/o9Pj9_3Vvt7ZK-Kf-kWl7uKxHVQ.roa
File:                     o9Pj9_3Vvt7ZK-Kf-kWl7uKxHVQ.roa (raw, json)
Hash identifier:          EVEGUNZy1C7cisRnJgAlGG+LAmqp9NCr8LdboVHLrhE=
Subject key identifier:   A3:D3:E3:F7:FD:D5:BE:DE:D9:2B:E2:9F:FA:45:A5:EE:E2:B1:1D:54
Certificate issuer:       /CN=3964cdeee346116cb9641ba4800f55b9906dc3a5
Certificate serial:       018DC1387F6E6A08B35B82BFF1F02DBCE0EE
Authority key identifier: 39:64:CD:EE:E3:46:11:6C:B9:64:1B:A4:80:0F:55:B9:90:6D:C3:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OWTN7uNGEWy5ZBukgA9VuZBtw6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/a018a7-6b5c-4239-89b7-2a0247fbb6d5/1/o9Pj9_3Vvt7ZK-Kf-kWl7uKxHVQ.roa
Signing time:             Mon 19 Feb 2024 11:55:21 +0000
ROA not before:           Mon 19 Feb 2024 11:55:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215574
IP address blocks:        2001:67c:ddc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/a018a7-6b5c-4239-89b7-2a0247fbb6d5/1/OWTN7uNGEWy5ZBukgA9VuZBtw6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/a018a7-6b5c-4239-89b7-2a0247fbb6d5/1/OWTN7uNGEWy5ZBukgA9VuZBtw6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OWTN7uNGEWy5ZBukgA9VuZBtw6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:38:7f:6e:6a:08:b3:5b:82:bf:f1:f0:2d:bc:e0:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3964cdeee346116cb9641ba4800f55b9906dc3a5
        Validity
            Not Before: Feb 19 11:55:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3d3e3f7fdd5beded92be29ffa45a5eee2b11d54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ce:dc:a6:4f:9a:f6:60:1b:08:eb:a2:ef:64:
                    fa:2c:c7:f8:39:ff:cb:aa:b8:1f:18:28:84:45:61:
                    a4:25:63:a5:e9:2b:93:ba:06:f6:d7:a5:dc:e1:d8:
                    5a:c5:42:ed:61:a1:1e:10:49:d3:ba:f4:27:9b:3f:
                    5e:0a:51:be:10:d4:92:10:a8:9f:36:de:32:6b:83:
                    42:1a:c5:4f:59:3f:95:a7:1c:e2:70:ad:82:06:66:
                    17:4e:0d:0f:57:bd:fe:8e:9a:02:74:69:ad:be:f1:
                    40:96:86:35:92:4e:18:ec:fa:57:aa:6d:14:56:9b:
                    e5:4c:ba:09:f6:a3:b1:cd:9b:d6:38:85:17:a0:9a:
                    4d:57:ed:08:ad:8e:57:ed:fa:02:a0:12:dd:cd:50:
                    1e:19:ee:ff:9d:fa:14:79:4b:11:63:9b:ce:df:38:
                    2f:2f:fc:71:ef:4a:a7:a0:02:a1:41:b3:a5:6b:9e:
                    ad:83:e6:21:b2:91:ed:b4:7e:03:bc:4d:55:44:56:
                    d4:b5:24:d3:75:e9:3e:db:23:0d:49:46:13:d0:c1:
                    69:59:22:23:34:4a:31:4c:82:c4:e3:a4:79:6b:af:
                    4f:5f:d7:fd:12:b2:ac:b9:6c:0a:1c:a0:e7:f3:5d:
                    48:c5:6a:f1:de:8c:9d:8a:c9:ee:ba:b8:1f:26:ef:
                    c7:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:D3:E3:F7:FD:D5:BE:DE:D9:2B:E2:9F:FA:45:A5:EE:E2:B1:1D:54
            X509v3 Authority Key Identifier:
                keyid:39:64:CD:EE:E3:46:11:6C:B9:64:1B:A4:80:0F:55:B9:90:6D:C3:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OWTN7uNGEWy5ZBukgA9VuZBtw6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/a018a7-6b5c-4239-89b7-2a0247fbb6d5/1/o9Pj9_3Vvt7ZK-Kf-kWl7uKxHVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/a018a7-6b5c-4239-89b7-2a0247fbb6d5/1/OWTN7uNGEWy5ZBukgA9VuZBtw6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ddc::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:87:bd:da:ba:6e:59:21:f7:e4:3f:02:b6:32:9a:78:7e:e0:
         c6:1f:25:dc:d0:f8:00:2b:06:d7:43:a5:5d:b3:8f:52:7c:67:
         a6:94:01:2e:5f:d3:89:c0:16:98:73:d0:0e:0a:ec:30:4e:99:
         c6:e0:b4:d0:0c:7a:c1:2d:40:8e:98:b6:d9:53:25:38:09:ea:
         fe:a3:9d:7a:af:a8:cb:94:b8:04:7b:85:0b:01:58:0b:d7:16:
         c6:9c:fd:f8:5d:29:89:13:17:af:6b:2a:63:27:65:3c:c2:a1:
         a3:15:4d:ba:98:0c:c2:2d:27:3c:7b:73:d9:cb:e3:a9:de:43:
         11:44:c7:18:9d:51:64:26:67:95:48:8d:2e:fd:e7:f5:42:c6:
         08:dd:27:6b:53:e5:3e:d3:ca:e5:91:7e:54:88:64:1d:f0:13:
         65:36:bc:36:78:de:01:58:58:d4:c4:09:38:6d:7f:6b:94:80:
         e6:de:dc:f3:4a:9f:43:74:e0:12:c1:8e:16:1f:c4:56:33:bb:
         3c:6c:f6:d1:a9:9f:15:89:9b:15:cb:1b:62:08:a4:fe:36:4e:
         40:0e:21:38:3d:e8:52:bf:b2:5c:7b:c6:59:b0:ef:34:0d:f8:
         3a:74:2d:52:48:7f:61:42:1f:af:bd:0b:e3:ee:d2:36:19:6c:
         b5:e7:55:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3BOH9uagizW4K/8fAtvODuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NjRjZGVlZTM0NjExNmNiOTY0MWJhNDgwMGY1NWI5OTA2
ZGMzYTUwHhcNMjQwMjE5MTE1NTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2QzZTNmN2ZkZDViZWRlZDkyYmUyOWZmYTQ1YTVlZWUyYjExZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhc7cpk+a9mAbCOui72T6LMf4Of/L
qrgfGCiERWGkJWOl6SuTugb216Xc4dhaxULtYaEeEEnTuvQnmz9eClG+ENSSEKif
Nt4ya4NCGsVPWT+VpxzicK2CBmYXTg0PV73+jpoCdGmtvvFAloY1kk4Y7PpXqm0U
VpvlTLoJ9qOxzZvWOIUXoJpNV+0IrY5X7foCoBLdzVAeGe7/nfoUeUsRY5vO3zgv
L/xx70qnoAKhQbOla56tg+YhspHttH4DvE1VRFbUtSTTdek+2yMNSUYT0MFpWSIj
NEoxTILE46R5a69PX9f9ErKsuWwKHKDn811IxWrx3oydisnuurgfJu/HAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKPT4/f91b7e2Svin/pFpe7isR1UMB8GA1UdIwQY
MBaAFDlkze7jRhFsuWQbpIAPVbmQbcOlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1dUTjd1TkdFV3k1WkJ1a2dBOVZ1WkJ0dzZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9hMDE4YTctNmI1Yy00MjM5LTg5Yjct
MmEwMjQ3ZmJiNmQ1LzEvbzlQajlfM1Z2dDdaSy1LZi1rV2w3dUt4SFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9hMDE4YTctNmI1Yy00MjM5LTg5YjctMmEwMjQ3ZmJiNmQ1
LzEvT1dUTjd1TkdFV3k1WkJ1a2dBOVZ1WkJ0dzZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA3c
MA0GCSqGSIb3DQEBCwUAA4IBAQBeh73aum5ZIffkPwK2Mpp4fuDGHyXc0PgAKwbX
Q6Vds49SfGemlAEuX9OJwBaYc9AOCuwwTpnG4LTQDHrBLUCOmLbZUyU4Cer+o516
r6jLlLgEe4ULAVgL1xbGnP34XSmJExevaypjJ2U8wqGjFU26mAzCLSc8e3PZy+Op
3kMRRMcYnVFkJmeVSI0u/ef1QsYI3SdrU+U+08rlkX5UiGQd8BNlNrw2eN4BWFjU
xAk4bX9rlIDm3tzzSp9DdOASwY4WH8RWM7s8bPbRqZ8ViZsVyxtiCKT+Nk5ADiE4
PehSv7Jce8ZZsO80Dfg6dC1SSH9hQh+vvQvj7tI2GWy151WY
-----END CERTIFICATE-----