Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/ce4671-3f43-433f-8445-bd80475762d5/1/gMULOubFLE1zJi0rMg32uHnZqCc.roa
File:                     gMULOubFLE1zJi0rMg32uHnZqCc.roa (raw, json)
Hash identifier:          /wj2BLXMxaW2bHG7pTwC6aLckJJ+DGWw6dwVOt+QePs=
Subject key identifier:   80:C5:0B:3A:E6:C5:2C:4D:73:26:2D:2B:32:0D:F6:B8:79:D9:A8:27
Certificate issuer:       /CN=8fe502397dd6439c068bd053f28187dd77574578
Certificate serial:       019422FB8874CD2F137E33A47C15EC0560FB
Authority key identifier: 8F:E5:02:39:7D:D6:43:9C:06:8B:D0:53:F2:81:87:DD:77:57:45:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j-UCOX3WQ5wGi9BT8oGH3XdXRXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/ce4671-3f43-433f-8445-bd80475762d5/1/gMULOubFLE1zJi0rMg32uHnZqCc.roa
Signing time:             Wed 01 Jan 2025 17:48:17 +0000
ROA not before:           Wed 01 Jan 2025 17:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13040
IP address blocks:        2001:67c:1b60::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/ce4671-3f43-433f-8445-bd80475762d5/1/j-UCOX3WQ5wGi9BT8oGH3XdXRXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/ce4671-3f43-433f-8445-bd80475762d5/1/j-UCOX3WQ5wGi9BT8oGH3XdXRXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j-UCOX3WQ5wGi9BT8oGH3XdXRXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:88:74:cd:2f:13:7e:33:a4:7c:15:ec:05:60:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fe502397dd6439c068bd053f28187dd77574578
        Validity
            Not Before: Jan  1 17:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80c50b3ae6c52c4d73262d2b320df6b879d9a827
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:40:ae:65:0b:08:61:b5:50:e3:71:7e:88:60:
                    ff:b5:0f:4d:20:3d:ff:41:c4:17:98:11:47:69:c4:
                    3c:da:06:a0:50:7e:1a:78:81:49:a0:25:f3:86:c3:
                    00:f8:00:4e:8f:8c:d7:2a:0e:00:35:ae:85:6f:f5:
                    7d:9b:ef:0c:38:e4:f0:f7:78:13:fd:a7:40:37:3c:
                    48:17:ad:e7:b7:be:ea:1f:00:3c:dd:6b:39:ed:ce:
                    6a:ce:64:d0:ba:c2:05:33:9d:b4:29:b5:ee:d0:af:
                    dd:33:63:1e:73:de:32:a5:14:c6:b3:ad:21:29:35:
                    22:d6:26:dc:e9:e3:52:a3:8e:89:d0:11:4f:34:7f:
                    e8:ab:9c:48:7f:66:da:de:89:60:96:95:2d:2e:69:
                    80:63:b6:27:c4:06:2f:71:3f:8f:9b:98:53:86:ec:
                    b0:88:71:e2:98:6e:74:0e:69:95:1b:90:66:43:5d:
                    0d:37:28:17:11:7b:44:3e:f0:7f:97:0b:7e:8f:6b:
                    22:49:a3:9b:c2:ee:5e:27:b1:f9:ce:7b:b9:3c:10:
                    62:74:fc:1e:7d:67:9c:2e:26:a3:73:75:e5:0c:54:
                    50:68:e3:a3:f0:ca:5b:ea:c3:66:ab:4c:19:1e:0f:
                    58:f8:08:37:9b:f1:dc:3a:ff:52:88:ee:1d:90:2d:
                    a5:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:C5:0B:3A:E6:C5:2C:4D:73:26:2D:2B:32:0D:F6:B8:79:D9:A8:27
            X509v3 Authority Key Identifier:
                keyid:8F:E5:02:39:7D:D6:43:9C:06:8B:D0:53:F2:81:87:DD:77:57:45:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j-UCOX3WQ5wGi9BT8oGH3XdXRXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ce4671-3f43-433f-8445-bd80475762d5/1/gMULOubFLE1zJi0rMg32uHnZqCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ce4671-3f43-433f-8445-bd80475762d5/1/j-UCOX3WQ5wGi9BT8oGH3XdXRXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1b60::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:2f:27:66:20:11:78:68:45:9f:a1:c1:b6:b4:1f:3a:eb:4f:
         6f:79:99:af:78:9b:5d:97:d5:a1:99:29:9e:69:15:21:47:2e:
         41:71:96:32:f6:1a:8a:63:03:33:83:b2:13:91:7a:9b:27:1e:
         44:d7:bd:c5:0c:d7:13:75:42:b0:07:3e:6e:a4:98:89:30:c3:
         4e:4e:14:18:84:66:8f:9a:e1:f5:48:90:11:16:54:9a:8c:73:
         e3:22:43:79:a1:f3:91:66:4d:69:cc:cc:9e:7e:a0:60:fc:c6:
         82:95:8d:9b:c4:22:a0:ca:89:c7:4f:5e:ac:95:0b:ae:fc:e2:
         4b:96:c9:0a:19:1f:f4:bb:d8:91:21:27:70:c0:52:df:5c:50:
         b5:20:c9:cc:b7:c1:11:3a:48:13:d7:38:d4:f3:03:a8:a9:06:
         f1:53:54:50:43:8c:c6:8b:74:be:6f:f7:8c:51:14:b5:e1:13:
         7c:93:17:74:8f:e2:36:6d:a1:32:22:b0:02:02:bd:e1:32:a9:
         e5:c7:bc:e5:c2:dd:78:c9:11:dc:31:2d:d3:7b:f5:33:ce:3a:
         ee:4b:a8:95:24:bd:ba:ac:56:77:a9:6e:55:9f:5f:83:0b:15:
         2a:f2:20:57:a9:b2:93:3c:3b:97:c6:ac:10:d8:96:23:e9:7b:
         6b:a6:4a:e1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+4h0zS8TfjOkfBXsBWD7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmZTUwMjM5N2RkNjQzOWMwNjhiZDA1M2YyODE4N2RkNzc1
NzQ1NzgwHhcNMjUwMTAxMTc0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGM1MGIzYWU2YzUyYzRkNzMyNjJkMmIzMjBkZjZiODc5ZDlhODI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00CuZQsIYbVQ43F+iGD/tQ9NID3/
QcQXmBFHacQ82gagUH4aeIFJoCXzhsMA+ABOj4zXKg4ANa6Fb/V9m+8MOOTw93gT
/adANzxIF63nt77qHwA83Ws57c5qzmTQusIFM520KbXu0K/dM2Mec94ypRTGs60h
KTUi1ibc6eNSo46J0BFPNH/oq5xIf2ba3olglpUtLmmAY7YnxAYvcT+Pm5hThuyw
iHHimG50DmmVG5BmQ10NNygXEXtEPvB/lwt+j2siSaObwu5eJ7H5znu5PBBidPwe
fWecLiajc3XlDFRQaOOj8Mpb6sNmq0wZHg9Y+Ag3m/HcOv9SiO4dkC2ljwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIDFCzrmxSxNcyYtKzIN9rh52agnMB8GA1UdIwQY
MBaAFI/lAjl91kOcBovQU/KBh913V0V4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvai1VQ09YM1dRNXdHaTlCVDhvR0gzWGRYUlhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9jZTQ2NzEtM2Y0My00MzNmLTg0NDUt
YmQ4MDQ3NTc2MmQ1LzEvZ01VTE91YkZMRTF6Smkwck1nMzJ1SG5acUNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9jZTQ2NzEtM2Y0My00MzNmLTg0NDUtYmQ4MDQ3NTc2MmQ1
LzEvai1VQ09YM1dRNXdHaTlCVDhvR0gzWGRYUlhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBtg
MA0GCSqGSIb3DQEBCwUAA4IBAQAELydmIBF4aEWfocG2tB86609veZmveJtdl9Wh
mSmeaRUhRy5BcZYy9hqKYwMzg7ITkXqbJx5E173FDNcTdUKwBz5upJiJMMNOThQY
hGaPmuH1SJARFlSajHPjIkN5ofORZk1pzMyefqBg/MaClY2bxCKgyonHT16slQuu
/OJLlskKGR/0u9iRISdwwFLfXFC1IMnMt8EROkgT1zjU8wOoqQbxU1RQQ4zGi3S+
b/eMURS14RN8kxd0j+I2baEyIrACAr3hMqnlx7zlwt14yRHcMS3Te/UzzjruS6iV
JL26rFZ3qW5Vn1+DCxUq8iBXqbKTPDuXxqwQ2JYj6Xtrpkrh
-----END CERTIFICATE-----