Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/ce4671-3f43-433f-8445-bd80475762d5/1/EWSUWJiX2MAQubE-qGo1ugtLUfo.roa
File:                     EWSUWJiX2MAQubE-qGo1ugtLUfo.roa (raw, json)
Hash identifier:          qcVZgHfgOntW86iZLy9cCK5l6fTdsYgg+VGXt1tuBX0=
Subject key identifier:   11:64:94:58:98:97:D8:C0:10:B9:B1:3E:A8:6A:35:BA:0B:4B:51:FA
Certificate issuer:       /CN=8fe502397dd6439c068bd053f28187dd77574578
Certificate serial:       018CC7274E5A884B0AE44F7C2F0650569B73
Authority key identifier: 8F:E5:02:39:7D:D6:43:9C:06:8B:D0:53:F2:81:87:DD:77:57:45:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j-UCOX3WQ5wGi9BT8oGH3XdXRXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/ce4671-3f43-433f-8445-bd80475762d5/1/EWSUWJiX2MAQubE-qGo1ugtLUfo.roa
Signing time:             Mon 01 Jan 2024 22:31:31 +0000
ROA not before:           Mon 01 Jan 2024 22:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13040
IP address blocks:        2001:67c:1b60::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/ce4671-3f43-433f-8445-bd80475762d5/1/j-UCOX3WQ5wGi9BT8oGH3XdXRXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/ce4671-3f43-433f-8445-bd80475762d5/1/j-UCOX3WQ5wGi9BT8oGH3XdXRXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j-UCOX3WQ5wGi9BT8oGH3XdXRXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4e:5a:88:4b:0a:e4:4f:7c:2f:06:50:56:9b:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fe502397dd6439c068bd053f28187dd77574578
        Validity
            Not Before: Jan  1 22:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=116494589897d8c010b9b13ea86a35ba0b4b51fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:de:06:48:ac:03:d4:93:e5:f1:34:72:aa:e1:
                    4b:31:fd:84:ff:f9:46:b1:ce:9d:b8:9e:22:16:cc:
                    57:ac:d1:b1:33:99:02:43:a6:8a:6e:7c:4a:5d:e4:
                    6f:e3:4a:53:d7:85:ec:79:bb:53:ce:20:0a:59:b7:
                    27:aa:c3:20:63:01:c6:0d:9c:20:14:9c:d0:13:e0:
                    f3:58:98:5e:27:22:48:ae:c7:7e:5a:6b:04:71:5b:
                    dc:73:e8:2d:95:0b:f5:40:05:9c:07:89:87:eb:97:
                    21:74:ec:43:f7:1a:25:cb:b0:91:93:b7:0f:e3:36:
                    6c:f2:75:7b:cb:a7:bb:9e:03:30:d4:29:47:b6:0b:
                    69:c6:6e:e5:a0:62:54:55:16:22:c5:f0:c4:e4:3a:
                    9d:97:4d:44:c4:56:2d:50:cc:df:b1:08:b0:27:34:
                    9d:56:f1:b8:83:8c:de:89:33:fb:88:d1:86:52:48:
                    3d:d7:5d:53:53:04:f8:9e:81:38:42:58:fc:7d:62:
                    c5:38:77:5d:62:c4:97:90:32:ba:6c:4e:42:32:57:
                    83:76:02:b5:8c:2c:ee:0a:e6:1a:15:16:b9:ec:dd:
                    10:8e:2a:dd:38:b1:00:02:6c:42:06:6e:0a:39:21:
                    0e:42:d3:07:48:6f:77:29:ec:a8:b1:fc:6f:c0:91:
                    4f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:64:94:58:98:97:D8:C0:10:B9:B1:3E:A8:6A:35:BA:0B:4B:51:FA
            X509v3 Authority Key Identifier:
                keyid:8F:E5:02:39:7D:D6:43:9C:06:8B:D0:53:F2:81:87:DD:77:57:45:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j-UCOX3WQ5wGi9BT8oGH3XdXRXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ce4671-3f43-433f-8445-bd80475762d5/1/EWSUWJiX2MAQubE-qGo1ugtLUfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ce4671-3f43-433f-8445-bd80475762d5/1/j-UCOX3WQ5wGi9BT8oGH3XdXRXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1b60::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:55:99:ef:a2:d4:aa:bb:e0:13:bf:5d:e6:f6:55:63:c7:85:
         3d:ec:c3:10:80:e3:04:0a:e0:6c:a6:09:dc:a2:99:cd:ad:7c:
         76:56:26:fd:9b:27:87:ed:5a:9d:e0:05:61:40:88:5a:7d:10:
         73:a2:65:a2:77:a5:ac:33:5d:bb:cb:63:5c:90:69:83:42:0b:
         30:f3:90:1e:d8:b8:0e:5f:ad:e2:b5:e9:23:b8:84:ed:ed:8b:
         c0:df:f9:fd:0f:f5:1f:de:dc:6a:1d:c2:a1:b1:c1:9b:9e:d2:
         48:b3:e4:58:df:92:3f:98:95:16:e8:bc:6d:c8:ce:2d:46:80:
         81:02:93:8d:0b:c3:97:84:eb:4a:11:1a:f3:f0:e3:e5:80:88:
         60:ec:12:f1:2f:af:7a:82:7a:37:d3:df:ee:7c:41:9b:94:e3:
         df:c7:4d:7f:ce:de:79:14:78:ee:2f:04:2d:37:f2:01:16:3b:
         4c:af:ab:a4:6c:94:a7:73:42:db:1a:a8:d4:3a:84:1b:fe:9f:
         3e:49:01:b6:d6:76:98:54:e9:79:a9:a4:36:75:38:0a:3c:76:
         77:25:61:5f:58:30:35:ca:ff:30:4c:82:78:93:9c:ed:10:65:
         56:b7:f6:70:c6:d0:33:c9:e3:8d:64:82:06:ca:d1:29:16:21:
         1f:ed:b2:e9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJ05aiEsK5E98LwZQVptzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmZTUwMjM5N2RkNjQzOWMwNjhiZDA1M2YyODE4N2RkNzc1
NzQ1NzgwHhcNMjQwMTAxMjIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTY0OTQ1ODk4OTdkOGMwMTBiOWIxM2VhODZhMzViYTBiNGI1MWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqd4GSKwD1JPl8TRyquFLMf2E//lG
sc6duJ4iFsxXrNGxM5kCQ6aKbnxKXeRv40pT14XsebtTziAKWbcnqsMgYwHGDZwg
FJzQE+DzWJheJyJIrsd+WmsEcVvcc+gtlQv1QAWcB4mH65chdOxD9xoly7CRk7cP
4zZs8nV7y6e7ngMw1ClHtgtpxm7loGJUVRYixfDE5Dqdl01ExFYtUMzfsQiwJzSd
VvG4g4zeiTP7iNGGUkg9111TUwT4noE4Qlj8fWLFOHddYsSXkDK6bE5CMleDdgK1
jCzuCuYaFRa57N0QjirdOLEAAmxCBm4KOSEOQtMHSG93KeyosfxvwJFPoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBFklFiYl9jAELmxPqhqNboLS1H6MB8GA1UdIwQY
MBaAFI/lAjl91kOcBovQU/KBh913V0V4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvai1VQ09YM1dRNXdHaTlCVDhvR0gzWGRYUlhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9jZTQ2NzEtM2Y0My00MzNmLTg0NDUt
YmQ4MDQ3NTc2MmQ1LzEvRVdTVVdKaVgyTUFRdWJFLXFHbzF1Z3RMVWZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9jZTQ2NzEtM2Y0My00MzNmLTg0NDUtYmQ4MDQ3NTc2MmQ1
LzEvai1VQ09YM1dRNXdHaTlCVDhvR0gzWGRYUlhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBtg
MA0GCSqGSIb3DQEBCwUAA4IBAQBuVZnvotSqu+ATv13m9lVjx4U97MMQgOMECuBs
pgncopnNrXx2Vib9myeH7Vqd4AVhQIhafRBzomWid6WsM127y2NckGmDQgsw85Ae
2LgOX63itekjuITt7YvA3/n9D/Uf3txqHcKhscGbntJIs+RY35I/mJUW6LxtyM4t
RoCBApONC8OXhOtKERrz8OPlgIhg7BLxL696gno309/ufEGblOPfx01/zt55FHju
LwQtN/IBFjtMr6ukbJSnc0LbGqjUOoQb/p8+SQG21naYVOl5qaQ2dTgKPHZ3JWFf
WDA1yv8wTIJ4k5ztEGVWt/ZwxtAzyeONZIIGytEpFiEf7bLp
-----END CERTIFICATE-----