Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7f2c07-cef5-42f4-8f32-8631fbf5c620/1/4d7URlsPThpx94PAkh4Zmx5XDAs.roa
File:                     4d7URlsPThpx94PAkh4Zmx5XDAs.roa (raw, json)
Hash identifier:          nJlfuHBMRR+edrYrEC8KmpRmd+W9mcZnUoivhzhO7BY=
Subject key identifier:   E1:DE:D4:46:5B:0F:4E:1A:71:F7:83:C0:92:1E:19:9B:1E:57:0C:0B
Certificate issuer:       /CN=61b05789a4e824be8103de770dc25c593ef3fdca
Certificate serial:       018CC2DAF4B0EE026B036F2722158268E68F
Authority key identifier: 61:B0:57:89:A4:E8:24:BE:81:03:DE:77:0D:C2:5C:59:3E:F3:FD:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbBXiaToJL6BA953DcJcWT7z_co.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7f2c07-cef5-42f4-8f32-8631fbf5c620/1/4d7URlsPThpx94PAkh4Zmx5XDAs.roa
Signing time:             Mon 01 Jan 2024 02:29:38 +0000
ROA not before:           Mon 01 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211671
IP address blocks:        2001:67c:2978::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7f2c07-cef5-42f4-8f32-8631fbf5c620/1/YbBXiaToJL6BA953DcJcWT7z_co.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7f2c07-cef5-42f4-8f32-8631fbf5c620/1/YbBXiaToJL6BA953DcJcWT7z_co.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbBXiaToJL6BA953DcJcWT7z_co.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f4:b0:ee:02:6b:03:6f:27:22:15:82:68:e6:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b05789a4e824be8103de770dc25c593ef3fdca
        Validity
            Not Before: Jan  1 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1ded4465b0f4e1a71f783c0921e199b1e570c0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:df:1e:0a:de:ec:2c:33:90:16:dd:67:a2:36:
                    9b:37:5b:84:16:fc:eb:68:53:9d:42:fb:a0:2b:6f:
                    d9:b5:3c:cd:32:c8:3b:09:97:2c:22:e4:7f:3f:a7:
                    ff:93:4f:66:74:c7:5d:47:2c:bc:40:2f:2e:30:46:
                    17:8a:1e:7c:e3:67:3c:7f:4d:c1:13:37:6e:1d:6a:
                    b0:65:6d:a1:2e:74:91:a4:06:13:26:ff:26:d5:b6:
                    a3:2e:93:3a:02:30:6b:d2:8a:c0:a9:fa:19:20:60:
                    bc:47:a7:c2:8d:65:7c:d8:0c:d4:66:f7:84:cf:e0:
                    ca:36:c3:72:1c:ad:87:70:fd:4f:99:84:7e:ed:f5:
                    57:82:54:36:dc:a7:55:9c:de:3a:12:33:11:c4:a7:
                    f5:a6:ad:0e:cc:49:3b:6e:9a:75:d3:38:de:5b:38:
                    a9:a5:d6:66:d0:18:27:d0:be:86:99:c2:83:01:23:
                    bc:3e:6e:15:11:89:c4:18:c9:60:9d:d9:c2:eb:60:
                    28:c8:30:cb:fa:57:7b:a2:6a:ef:8f:5a:d3:bd:3d:
                    3d:78:bc:2d:4c:6c:42:9a:38:15:71:02:08:d4:c2:
                    0e:94:89:66:88:20:c4:5d:e1:d8:59:9e:62:d5:85:
                    ce:14:e2:4a:dd:e5:96:28:c2:02:91:f6:dd:a0:6b:
                    24:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:DE:D4:46:5B:0F:4E:1A:71:F7:83:C0:92:1E:19:9B:1E:57:0C:0B
            X509v3 Authority Key Identifier:
                keyid:61:B0:57:89:A4:E8:24:BE:81:03:DE:77:0D:C2:5C:59:3E:F3:FD:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbBXiaToJL6BA953DcJcWT7z_co.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7f2c07-cef5-42f4-8f32-8631fbf5c620/1/4d7URlsPThpx94PAkh4Zmx5XDAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7f2c07-cef5-42f4-8f32-8631fbf5c620/1/YbBXiaToJL6BA953DcJcWT7z_co.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2978::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:b0:a1:91:56:9a:85:0c:63:45:01:88:10:4a:e3:16:d0:25:
         b7:89:7c:70:db:32:20:9a:33:c8:06:9e:79:52:0c:ac:bd:e7:
         3c:04:38:15:ca:36:9e:68:9e:95:5e:a5:19:aa:05:5a:4c:fc:
         50:71:42:66:4b:b7:c1:2a:25:29:a6:07:aa:10:ea:e2:cd:aa:
         32:17:61:52:91:0e:12:96:5d:e7:dc:b8:f9:f1:3b:f9:b8:43:
         94:3d:4d:54:8f:4f:87:78:d8:cb:a3:c3:74:ff:d3:2a:3f:78:
         9f:bb:38:65:31:a2:b5:92:2c:99:89:f9:af:77:e0:a7:0d:c5:
         ec:a5:a5:a7:8c:28:7e:16:71:9e:f3:17:d9:70:7d:28:93:66:
         f9:48:6e:96:e3:21:24:82:ca:61:e0:1c:4d:d0:dd:1e:41:89:
         ec:c6:4a:a8:cf:c4:af:72:e5:aa:13:aa:21:df:0c:29:9c:cb:
         5b:97:09:7a:63:ac:6f:22:90:dc:44:e5:d9:1c:81:51:ce:ac:
         1c:99:9c:c9:c6:29:1b:4a:ce:d4:dc:c0:26:03:84:15:69:5a:
         54:e2:51:11:2c:5a:dd:29:5a:31:7e:3d:9c:7f:87:ce:42:ec:
         8f:f7:22:18:39:c5:30:62:2e:86:be:55:8f:ab:9f:8f:c4:62:
         f6:9e:b3:29
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2vSw7gJrA28nIhWCaOaPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjA1Nzg5YTRlODI0YmU4MTAzZGU3NzBkYzI1YzU5M2Vm
M2ZkY2EwHhcNMjQwMTAxMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWRlZDQ0NjViMGY0ZTFhNzFmNzgzYzA5MjFlMTk5YjFlNTcwYzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyN8eCt7sLDOQFt1nojabN1uEFvzr
aFOdQvugK2/ZtTzNMsg7CZcsIuR/P6f/k09mdMddRyy8QC8uMEYXih5842c8f03B
EzduHWqwZW2hLnSRpAYTJv8m1bajLpM6AjBr0orAqfoZIGC8R6fCjWV82AzUZveE
z+DKNsNyHK2HcP1PmYR+7fVXglQ23KdVnN46EjMRxKf1pq0OzEk7bpp10zjeWzip
pdZm0Bgn0L6GmcKDASO8Pm4VEYnEGMlgndnC62AoyDDL+ld7omrvj1rTvT09eLwt
TGxCmjgVcQII1MIOlIlmiCDEXeHYWZ5i1YXOFOJK3eWWKMICkfbdoGsktwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOHe1EZbD04acfeDwJIeGZseVwwLMB8GA1UdIwQY
MBaAFGGwV4mk6CS+gQPedw3CXFk+8/3KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJCWGlhVG9KTDZCQTk1M0RjSmNXVDd6X2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83ZjJjMDctY2VmNS00MmY0LThmMzIt
ODYzMWZiZjVjNjIwLzEvNGQ3VVJsc1BUaHB4OTRQQWtoNFpteDVYREFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83ZjJjMDctY2VmNS00MmY0LThmMzItODYzMWZiZjVjNjIw
LzEvWWJCWGlhVG9KTDZCQTk1M0RjSmNXVDd6X2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCl4
MA0GCSqGSIb3DQEBCwUAA4IBAQB4sKGRVpqFDGNFAYgQSuMW0CW3iXxw2zIgmjPI
Bp55Ugysvec8BDgVyjaeaJ6VXqUZqgVaTPxQcUJmS7fBKiUppgeqEOrizaoyF2FS
kQ4Sll3n3Lj58Tv5uEOUPU1Uj0+HeNjLo8N0/9MqP3ifuzhlMaK1kiyZifmvd+Cn
DcXspaWnjCh+FnGe8xfZcH0ok2b5SG6W4yEkgsph4BxN0N0eQYnsxkqoz8SvcuWq
E6oh3wwpnMtblwl6Y6xvIpDcROXZHIFRzqwcmZzJxikbSs7U3MAmA4QVaVpU4lER
LFrdKVoxfj2cf4fOQuyP9yIYOcUwYi6GvlWPq5+PxGL2nrMp
-----END CERTIFICATE-----