Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/544c39-0ef7-41ab-b156-5626b54d1a21/1/tmZl69Ww_n8QEtrGfA-N6yF37m0.roa
File:                     tmZl69Ww_n8QEtrGfA-N6yF37m0.roa (raw, json)
Hash identifier:          dk+2IFiWf3b64RIyi+P3hEkDw5ZJUp8M9LMGdl6JnWA=
Subject key identifier:   B6:66:65:EB:D5:B0:FE:7F:10:12:DA:C6:7C:0F:8D:EB:21:77:EE:6D
Certificate issuer:       /CN=67f51a25d2f3922524a6a69b1d7d61cd3cc2a8da
Certificate serial:       018CC5DC9714496630CEB5D8362F576D2745
Authority key identifier: 67:F5:1A:25:D2:F3:92:25:24:A6:A6:9B:1D:7D:61:CD:3C:C2:A8:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_UaJdLzkiUkpqabHX1hzTzCqNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/544c39-0ef7-41ab-b156-5626b54d1a21/1/tmZl69Ww_n8QEtrGfA-N6yF37m0.roa
Signing time:             Mon 01 Jan 2024 16:30:17 +0000
ROA not before:           Mon 01 Jan 2024 16:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     553
IP address blocks:        141.62.0.0/16 maxlen: 17

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/544c39-0ef7-41ab-b156-5626b54d1a21/1/Z_UaJdLzkiUkpqabHX1hzTzCqNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/544c39-0ef7-41ab-b156-5626b54d1a21/1/Z_UaJdLzkiUkpqabHX1hzTzCqNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_UaJdLzkiUkpqabHX1hzTzCqNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:97:14:49:66:30:ce:b5:d8:36:2f:57:6d:27:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f51a25d2f3922524a6a69b1d7d61cd3cc2a8da
        Validity
            Not Before: Jan  1 16:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b66665ebd5b0fe7f1012dac67c0f8deb2177ee6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:16:c7:81:0c:d9:f8:18:32:64:d3:98:ef:81:
                    70:9a:df:85:b9:20:4c:0e:c7:62:1b:64:2d:c5:79:
                    ad:91:59:4d:88:7f:e0:d2:37:c8:f6:b6:44:82:46:
                    43:48:02:73:90:73:8b:71:b6:70:f9:a6:3b:2b:18:
                    04:32:1b:21:dd:bd:fb:bf:82:9b:ef:2c:fc:33:85:
                    d3:53:bf:a0:5c:66:3b:53:07:ac:91:cb:55:75:26:
                    6c:cf:7c:55:e7:16:65:1f:00:38:99:46:8b:51:14:
                    98:c7:b5:dd:19:3a:f1:cb:6c:cc:82:4b:f5:8f:09:
                    fe:87:db:90:b7:51:ff:b4:b5:01:13:6f:0b:8e:93:
                    b8:54:b9:90:fd:3e:14:19:af:97:e4:5e:b9:cb:37:
                    3a:e2:22:3a:fa:f9:77:8a:9c:73:29:98:3f:31:15:
                    df:22:11:cb:a8:fc:a6:1a:54:bd:50:2b:2d:3a:c5:
                    9f:6d:5c:4c:5a:c1:1c:fb:48:1f:05:1d:ed:b6:50:
                    d8:8c:e4:0f:9b:87:f6:e5:dc:6a:3a:d1:bf:23:0a:
                    ba:ed:0a:6b:d1:1b:3c:3b:f1:f3:77:88:09:56:66:
                    90:a7:52:c9:8c:5f:38:11:39:12:0a:cc:4f:c7:94:
                    c1:5c:35:3e:9d:c4:3c:ad:90:69:e7:e7:78:61:8e:
                    3c:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:66:65:EB:D5:B0:FE:7F:10:12:DA:C6:7C:0F:8D:EB:21:77:EE:6D
            X509v3 Authority Key Identifier:
                keyid:67:F5:1A:25:D2:F3:92:25:24:A6:A6:9B:1D:7D:61:CD:3C:C2:A8:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_UaJdLzkiUkpqabHX1hzTzCqNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/544c39-0ef7-41ab-b156-5626b54d1a21/1/tmZl69Ww_n8QEtrGfA-N6yF37m0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/544c39-0ef7-41ab-b156-5626b54d1a21/1/Z_UaJdLzkiUkpqabHX1hzTzCqNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.62.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         39:f4:fb:d8:aa:45:f4:fa:cd:34:8d:9f:69:84:65:66:82:e8:
         14:aa:4a:58:5f:67:32:97:b5:3c:06:cf:21:c0:ad:1c:3c:ee:
         a8:cb:e7:ec:8a:85:2d:65:92:70:2c:e2:6a:59:59:8a:13:45:
         0d:51:74:39:97:63:3f:9f:63:d2:94:81:09:4c:c5:6d:82:ad:
         de:d6:39:d2:30:04:24:b9:29:5e:76:68:93:fd:30:66:b6:42:
         5b:a7:7d:37:41:fc:8b:90:5b:31:dd:1e:45:c9:dd:b3:8e:80:
         3b:13:4c:d6:41:3c:f7:12:79:3b:42:7a:21:bd:1d:03:f5:71:
         e7:80:bf:70:f3:af:2b:58:08:8d:be:2b:93:bc:2d:86:02:78:
         c8:56:ee:cc:ac:0a:8b:60:7b:6e:49:94:5c:e6:2e:29:b5:31:
         4d:58:fc:31:ac:7e:95:6e:0b:b8:07:05:05:12:5c:f4:de:b6:
         cc:1d:44:eb:61:06:37:d2:fd:12:de:fb:f1:bc:a6:b9:a0:7b:
         f5:fd:4a:e2:4a:b2:56:90:5a:cd:81:1a:09:3d:a4:8f:2a:eb:
         cc:54:af:c0:09:c3:e9:9f:3a:a0:b9:8c:78:10:08:bf:0c:28:
         28:b8:51:f6:f5:7c:98:b1:da:fc:d8:33:a9:b2:7f:89:50:d6:
         c8:ab:cb:67
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzF3JcUSWYwzrXYNi9XbSdFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjUxYTI1ZDJmMzkyMjUyNGE2YTY5YjFkN2Q2MWNkM2Nj
MmE4ZGEwHhcNMjQwMTAxMTYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjY2NjVlYmQ1YjBmZTdmMTAxMmRhYzY3YzBmOGRlYjIxNzdlZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxbHgQzZ+BgyZNOY74Fwmt+FuSBM
DsdiG2QtxXmtkVlNiH/g0jfI9rZEgkZDSAJzkHOLcbZw+aY7KxgEMhsh3b37v4Kb
7yz8M4XTU7+gXGY7UweskctVdSZsz3xV5xZlHwA4mUaLURSYx7XdGTrxy2zMgkv1
jwn+h9uQt1H/tLUBE28LjpO4VLmQ/T4UGa+X5F65yzc64iI6+vl3ipxzKZg/MRXf
IhHLqPymGlS9UCstOsWfbVxMWsEc+0gfBR3ttlDYjOQPm4f25dxqOtG/Iwq67Qpr
0Rs8O/Hzd4gJVmaQp1LJjF84ETkSCsxPx5TBXDU+ncQ8rZBp5+d4YY48rQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLZmZevVsP5/EBLaxnwPjeshd+5tMB8GA1UdIwQY
MBaAFGf1GiXS85IlJKammx19Yc08wqjaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9VYUpkTHpraVVrcHFhYkhYMWh6VHpDcU5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy81NDRjMzktMGVmNy00MWFiLWIxNTYt
NTYyNmI1NGQxYTIxLzEvdG1abDY5V3dfbjhRRXRyR2ZBLU42eUYzN20wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy81NDRjMzktMGVmNy00MWFiLWIxNTYtNTYyNmI1NGQxYTIx
LzEvWl9VYUpkTHpraVVrcHFhYkhYMWh6VHpDcU5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjT4wDQYJ
KoZIhvcNAQELBQADggEBADn0+9iqRfT6zTSNn2mEZWaC6BSqSlhfZzKXtTwGzyHA
rRw87qjL5+yKhS1lknAs4mpZWYoTRQ1RdDmXYz+fY9KUgQlMxW2Crd7WOdIwBCS5
KV52aJP9MGa2QlunfTdB/IuQWzHdHkXJ3bOOgDsTTNZBPPcSeTtCeiG9HQP1ceeA
v3DzrytYCI2+K5O8LYYCeMhW7sysCotge25JlFzmLim1MU1Y/DGsfpVuC7gHBQUS
XPTetswdROthBjfS/RLe+/G8prmge/X9SuJKslaQWs2BGgk9pI8q68xUr8AJw+mf
OqC5jHgQCL8MKCi4Ufb1fJix2vzYM6myf4lQ1siry2c=
-----END CERTIFICATE-----