Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/4ee734-efe8-41a1-80df-16afba987b06/1/kcjDtJPy5EM5G8_3UsoJZYtrR4o.roa
File:                     kcjDtJPy5EM5G8_3UsoJZYtrR4o.roa (raw, json)
Hash identifier:          GX48a21Jh8MgumoipKA2/jUj9OT38O6M3KgqCrBkBJA=
Subject key identifier:   91:C8:C3:B4:93:F2:E4:43:39:1B:CF:F7:52:CA:09:65:8B:6B:47:8A
Certificate issuer:       /CN=96448e840d272a3e3159192d1df11f100e506f6a
Certificate serial:       018CC4253F58365818E7DDE7574E642034F2
Authority key identifier: 96:44:8E:84:0D:27:2A:3E:31:59:19:2D:1D:F1:1F:10:0E:50:6F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lkSOhA0nKj4xWRktHfEfEA5Qb2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/4ee734-efe8-41a1-80df-16afba987b06/1/kcjDtJPy5EM5G8_3UsoJZYtrR4o.roa
Signing time:             Mon 01 Jan 2024 08:30:24 +0000
ROA not before:           Mon 01 Jan 2024 08:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216021
IP address blocks:        2001:67c:634::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/4ee734-efe8-41a1-80df-16afba987b06/1/lkSOhA0nKj4xWRktHfEfEA5Qb2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/4ee734-efe8-41a1-80df-16afba987b06/1/lkSOhA0nKj4xWRktHfEfEA5Qb2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lkSOhA0nKj4xWRktHfEfEA5Qb2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3f:58:36:58:18:e7:dd:e7:57:4e:64:20:34:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96448e840d272a3e3159192d1df11f100e506f6a
        Validity
            Not Before: Jan  1 08:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91c8c3b493f2e443391bcff752ca09658b6b478a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f3:92:bc:84:a6:ef:89:dd:75:27:15:48:9e:
                    cb:d3:3a:e1:24:bf:c1:be:31:25:db:b3:59:ec:e3:
                    ef:d6:6c:83:c6:3e:b0:87:5d:44:66:38:d3:0b:92:
                    e6:c4:90:87:d3:c5:ee:4b:94:2f:aa:81:55:c6:c6:
                    09:87:87:11:4f:2d:04:87:a0:6c:08:c6:f5:52:03:
                    71:8a:d5:6a:bc:a0:a5:78:93:fc:09:80:9f:5f:67:
                    10:56:f7:83:e1:15:a9:2b:09:f8:a0:09:dd:db:44:
                    44:ad:8e:9e:de:8a:95:cc:f1:8a:ea:44:33:e3:f2:
                    64:ab:29:e4:14:d0:3a:30:ac:a2:38:ab:8c:7f:e4:
                    44:2d:72:06:96:9a:60:af:84:db:48:43:ac:28:4e:
                    8f:1c:0d:d7:71:64:23:b9:49:37:1f:81:a8:4f:ab:
                    51:5e:c5:0f:70:21:83:43:91:25:de:14:fe:bc:ae:
                    ab:fb:51:04:67:18:47:e2:12:6b:87:c3:4d:4f:53:
                    d7:01:e1:bf:d8:c9:87:1c:96:ca:58:2d:e9:f8:1c:
                    6b:5e:61:dd:37:f7:a6:2f:52:fd:7f:7c:f1:d6:bc:
                    84:52:a6:63:f9:4d:89:c0:7e:42:9c:56:c8:28:5c:
                    c7:c6:ff:74:45:67:4e:23:a9:db:eb:11:ff:7c:ca:
                    b9:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:C8:C3:B4:93:F2:E4:43:39:1B:CF:F7:52:CA:09:65:8B:6B:47:8A
            X509v3 Authority Key Identifier:
                keyid:96:44:8E:84:0D:27:2A:3E:31:59:19:2D:1D:F1:1F:10:0E:50:6F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lkSOhA0nKj4xWRktHfEfEA5Qb2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/4ee734-efe8-41a1-80df-16afba987b06/1/kcjDtJPy5EM5G8_3UsoJZYtrR4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/4ee734-efe8-41a1-80df-16afba987b06/1/lkSOhA0nKj4xWRktHfEfEA5Qb2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:634::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:cb:d3:21:80:ee:dc:fb:e0:df:90:c8:f1:6d:b1:d9:98:39:
         a0:3f:d9:89:e4:c1:c8:18:65:87:9c:e5:8a:36:af:4c:b8:db:
         79:f7:40:3a:c1:b5:92:6a:ff:50:5a:3e:71:f4:02:d7:a1:25:
         bf:7a:56:86:ed:e0:bb:55:7a:6f:26:be:c9:eb:69:c5:e5:83:
         a6:0e:f0:d8:cc:79:18:1e:38:2f:07:97:67:6f:20:c1:2b:bd:
         39:0d:77:d0:e9:5b:16:39:ad:f2:c4:cd:1b:c4:bb:d0:80:18:
         04:a3:9c:b4:f9:ce:bc:d9:f3:05:9d:76:9e:4d:2c:18:33:3a:
         ed:8b:3b:2a:95:86:a2:79:00:69:24:6a:b0:d2:1b:e0:ae:a5:
         03:68:4c:df:ce:fc:a0:6b:1a:92:68:6d:4f:a8:f3:2e:b6:3f:
         54:61:08:f2:ad:56:11:27:9e:db:18:64:25:f3:2f:7f:98:18:
         8f:6f:16:29:b4:b6:45:c1:84:c4:c9:a7:54:0f:05:b2:81:3c:
         a7:06:2f:ab:c8:3d:28:70:22:f3:d7:c2:76:1c:6f:ab:40:cc:
         c6:d5:8a:f0:82:45:c0:31:09:cb:8d:9f:63:7d:24:09:f6:63:
         73:b8:9b:cc:db:02:b5:41:a8:9a:66:bd:03:05:7f:58:36:1e:
         2a:2c:bd:7a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJT9YNlgY593nV05kIDTyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2NDQ4ZTg0MGQyNzJhM2UzMTU5MTkyZDFkZjExZjEwMGU1
MDZmNmEwHhcNMjQwMTAxMDgzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWM4YzNiNDkzZjJlNDQzMzkxYmNmZjc1MmNhMDk2NThiNmI0NzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fOSvISm74nddScVSJ7L0zrhJL/B
vjEl27NZ7OPv1myDxj6wh11EZjjTC5LmxJCH08XuS5QvqoFVxsYJh4cRTy0Eh6Bs
CMb1UgNxitVqvKCleJP8CYCfX2cQVveD4RWpKwn4oAnd20RErY6e3oqVzPGK6kQz
4/JkqynkFNA6MKyiOKuMf+RELXIGlppgr4TbSEOsKE6PHA3XcWQjuUk3H4GoT6tR
XsUPcCGDQ5El3hT+vK6r+1EEZxhH4hJrh8NNT1PXAeG/2MmHHJbKWC3p+BxrXmHd
N/emL1L9f3zx1ryEUqZj+U2JwH5CnFbIKFzHxv90RWdOI6nb6xH/fMq5UwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJHIw7ST8uRDORvP91LKCWWLa0eKMB8GA1UdIwQY
MBaAFJZEjoQNJyo+MVkZLR3xHxAOUG9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGtTT2hBMG5LajR4V1JrdEhmRWZFQTVRYjJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy80ZWU3MzQtZWZlOC00MWExLTgwZGYt
MTZhZmJhOTg3YjA2LzEva2NqRHRKUHk1RU01RzhfM1Vzb0paWXRyUjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy80ZWU3MzQtZWZlOC00MWExLTgwZGYtMTZhZmJhOTg3YjA2
LzEvbGtTT2hBMG5LajR4V1JrdEhmRWZFQTVRYjJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAY0
MA0GCSqGSIb3DQEBCwUAA4IBAQCAy9MhgO7c++DfkMjxbbHZmDmgP9mJ5MHIGGWH
nOWKNq9MuNt590A6wbWSav9QWj5x9ALXoSW/elaG7eC7VXpvJr7J62nF5YOmDvDY
zHkYHjgvB5dnbyDBK705DXfQ6VsWOa3yxM0bxLvQgBgEo5y0+c682fMFnXaeTSwY
MzrtizsqlYaieQBpJGqw0hvgrqUDaEzfzvygaxqSaG1PqPMutj9UYQjyrVYRJ57b
GGQl8y9/mBiPbxYptLZFwYTEyadUDwWygTynBi+ryD0ocCLz18J2HG+rQMzG1Yrw
gkXAMQnLjZ9jfSQJ9mNzuJvM2wK1QaiaZr0DBX9YNh4qLL16
-----END CERTIFICATE-----