Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/2d35a9-e802-415c-ba56-7b7b5d4f58fb/1/5kOy_l6Qjql-AtRvCMDi2Ok4zCs.roa
File:                     5kOy_l6Qjql-AtRvCMDi2Ok4zCs.roa (raw, json)
Hash identifier:          /5JSSEqUsVoBcFcajib4rpe50kfYT8byCtP58qiN/y8=
Subject key identifier:   E6:43:B2:FE:5E:90:8E:A9:7E:02:D4:6F:08:C0:E2:D8:E9:38:CC:2B
Certificate issuer:       /CN=5729626fa91313d56e4d7645572ff58061fd4f8c
Certificate serial:       018CC2DACC0FDB4F18E28C319F714BFCF743
Authority key identifier: 57:29:62:6F:A9:13:13:D5:6E:4D:76:45:57:2F:F5:80:61:FD:4F:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vylib6kTE9VuTXZFVy_1gGH9T4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/2d35a9-e802-415c-ba56-7b7b5d4f58fb/1/5kOy_l6Qjql-AtRvCMDi2Ok4zCs.roa
Signing time:             Mon 01 Jan 2024 02:29:28 +0000
ROA not before:           Mon 01 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24956
IP address blocks:        2001:67c:1978::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/2d35a9-e802-415c-ba56-7b7b5d4f58fb/1/Vylib6kTE9VuTXZFVy_1gGH9T4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/2d35a9-e802-415c-ba56-7b7b5d4f58fb/1/Vylib6kTE9VuTXZFVy_1gGH9T4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vylib6kTE9VuTXZFVy_1gGH9T4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:cc:0f:db:4f:18:e2:8c:31:9f:71:4b:fc:f7:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5729626fa91313d56e4d7645572ff58061fd4f8c
        Validity
            Not Before: Jan  1 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e643b2fe5e908ea97e02d46f08c0e2d8e938cc2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:a0:ca:06:c3:b4:04:05:20:ce:1f:f2:b0:87:
                    6a:3b:27:08:b4:0c:eb:63:7f:df:89:4e:ff:00:b8:
                    25:b6:ea:ee:5b:86:01:1d:4d:a7:7b:73:ee:22:76:
                    6b:34:9e:09:2f:c6:d4:51:e7:10:dc:cf:e4:43:8c:
                    9a:e0:b9:c4:72:da:f1:e4:fb:61:4a:74:17:0f:a7:
                    1e:a3:e0:81:a7:6d:e9:7e:75:00:66:a8:6f:90:ca:
                    05:bd:d5:34:4f:a0:c2:62:47:2a:fb:e9:27:87:3a:
                    a9:5f:61:29:c2:d7:bc:e2:e1:9d:b6:7b:15:2c:de:
                    7f:ba:0f:aa:a5:85:53:ed:29:47:08:03:97:e8:fc:
                    8f:3a:db:77:9c:58:65:be:d5:86:4e:98:91:c8:85:
                    34:ce:f5:6f:2f:31:d9:da:de:8d:12:6f:e8:d0:96:
                    62:85:b3:2c:f3:3e:0f:51:05:9a:15:6f:73:50:4d:
                    ff:10:e1:4b:6b:28:8b:b7:e0:38:33:04:c0:5c:7f:
                    52:7d:bd:12:02:d9:b1:ba:27:c4:ed:d5:93:12:5c:
                    e6:07:d6:61:96:1e:33:70:a7:a1:14:fb:66:70:48:
                    04:fd:77:22:0c:5c:fa:db:be:fc:57:c2:dc:54:47:
                    2a:01:30:ea:97:66:f3:0c:86:7b:66:bb:13:2e:92:
                    b6:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:43:B2:FE:5E:90:8E:A9:7E:02:D4:6F:08:C0:E2:D8:E9:38:CC:2B
            X509v3 Authority Key Identifier:
                keyid:57:29:62:6F:A9:13:13:D5:6E:4D:76:45:57:2F:F5:80:61:FD:4F:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vylib6kTE9VuTXZFVy_1gGH9T4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/2d35a9-e802-415c-ba56-7b7b5d4f58fb/1/5kOy_l6Qjql-AtRvCMDi2Ok4zCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/2d35a9-e802-415c-ba56-7b7b5d4f58fb/1/Vylib6kTE9VuTXZFVy_1gGH9T4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1978::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:87:ad:b4:03:1d:a1:8b:d4:ac:70:4d:83:db:6f:e0:9d:5b:
         01:0c:34:95:0b:87:18:88:53:6a:c1:e4:be:d9:ee:1c:b4:58:
         30:e4:26:c5:b6:24:dc:c2:1a:44:77:33:2c:5a:60:0b:ff:f5:
         f1:65:53:1a:94:89:2e:3d:2f:46:e0:0e:b7:87:3d:73:45:9f:
         6d:fa:56:67:f0:fe:bd:19:aa:d7:d5:58:8f:89:a2:66:df:b8:
         df:74:dc:27:dc:72:8f:f8:9d:36:b7:cc:ba:75:87:08:06:92:
         b2:11:f2:04:96:ca:7e:fb:67:22:da:ec:9b:a8:1f:9d:2e:bb:
         e0:26:d2:34:e3:58:6d:59:12:51:12:9c:14:ba:fe:23:e4:06:
         1e:c7:74:f0:66:2b:1d:87:2c:7f:2b:0c:cd:ae:b9:2a:a1:e7:
         82:09:5d:24:2f:d1:91:cc:e9:7f:bd:f2:f9:bd:81:e6:40:36:
         70:3c:d6:b9:89:e9:5b:11:09:6a:99:eb:40:5a:92:2d:eb:77:
         f5:23:22:0b:57:6c:41:db:63:85:77:44:9b:e5:8b:4b:76:2b:
         0f:e0:b5:24:2b:7f:02:c9:1a:76:f9:1d:9f:35:ca:71:9d:73:
         23:12:d7:d9:22:ff:af:4b:83:36:d9:f0:e2:35:68:ab:70:95:
         d2:f3:fe:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2swP208Y4owxn3FL/PdDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3Mjk2MjZmYTkxMzEzZDU2ZTRkNzY0NTU3MmZmNTgwNjFm
ZDRmOGMwHhcNMjQwMTAxMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjQzYjJmZTVlOTA4ZWE5N2UwMmQ0NmYwOGMwZTJkOGU5MzhjYzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKDKBsO0BAUgzh/ysIdqOycItAzr
Y3/fiU7/ALglturuW4YBHU2ne3PuInZrNJ4JL8bUUecQ3M/kQ4ya4LnEctrx5Pth
SnQXD6ceo+CBp23pfnUAZqhvkMoFvdU0T6DCYkcq++knhzqpX2Epwte84uGdtnsV
LN5/ug+qpYVT7SlHCAOX6PyPOtt3nFhlvtWGTpiRyIU0zvVvLzHZ2t6NEm/o0JZi
hbMs8z4PUQWaFW9zUE3/EOFLayiLt+A4MwTAXH9Sfb0SAtmxuifE7dWTElzmB9Zh
lh4zcKehFPtmcEgE/XciDFz62778V8LcVEcqATDql2bzDIZ7ZrsTLpK2mwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOZDsv5ekI6pfgLUbwjA4tjpOMwrMB8GA1UdIwQY
MBaAFFcpYm+pExPVbk12RVcv9YBh/U+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnlsaWI2a1RFOVZ1VFhaRlZ5XzFnR0g5VDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8yZDM1YTktZTgwMi00MTVjLWJhNTYt
N2I3YjVkNGY1OGZiLzEvNWtPeV9sNlFqcWwtQXRSdkNNRGkyT2s0ekNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8yZDM1YTktZTgwMi00MTVjLWJhNTYtN2I3YjVkNGY1OGZi
LzEvVnlsaWI2a1RFOVZ1VFhaRlZ5XzFnR0g5VDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBl4
MA0GCSqGSIb3DQEBCwUAA4IBAQA6h620Ax2hi9SscE2D22/gnVsBDDSVC4cYiFNq
weS+2e4ctFgw5CbFtiTcwhpEdzMsWmAL//XxZVMalIkuPS9G4A63hz1zRZ9t+lZn
8P69GarX1ViPiaJm37jfdNwn3HKP+J02t8y6dYcIBpKyEfIElsp++2ci2uybqB+d
LrvgJtI041htWRJREpwUuv4j5AYex3TwZisdhyx/KwzNrrkqoeeCCV0kL9GRzOl/
vfL5vYHmQDZwPNa5ielbEQlqmetAWpIt63f1IyILV2xB22OFd0Sb5YtLdisP4LUk
K38CyRp2+R2fNcpxnXMjEtfZIv+vS4M22fDiNWircJXS8/4z
-----END CERTIFICATE-----