Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/8eabcd-e6e9-4f43-ba6c-da2312b65a50/1/ZSguOQ29iusegtu3UPX686hWFJw.roa
File:                     ZSguOQ29iusegtu3UPX686hWFJw.roa (raw, json)
Hash identifier:          Jhi5tvbdctOG18dXfGpOxqXCNK+iV2/3TaQMVBtHXbE=
Subject key identifier:   65:28:2E:39:0D:BD:8A:EB:1E:82:DB:B7:50:F5:FA:F3:A8:56:14:9C
Certificate issuer:       /CN=6c5e330cfa26fd44d4294fcdbddfbd89510c6a48
Certificate serial:       018CC5DC37E18F64C51D30E06D19A3C27246
Authority key identifier: 6C:5E:33:0C:FA:26:FD:44:D4:29:4F:CD:BD:DF:BD:89:51:0C:6A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bF4zDPom_UTUKU_Nvd-9iVEMakg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/8eabcd-e6e9-4f43-ba6c-da2312b65a50/1/ZSguOQ29iusegtu3UPX686hWFJw.roa
Signing time:             Mon 01 Jan 2024 16:29:52 +0000
ROA not before:           Mon 01 Jan 2024 16:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57964
IP address blocks:        2001:67c:830::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/8eabcd-e6e9-4f43-ba6c-da2312b65a50/1/bF4zDPom_UTUKU_Nvd-9iVEMakg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/8eabcd-e6e9-4f43-ba6c-da2312b65a50/1/bF4zDPom_UTUKU_Nvd-9iVEMakg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bF4zDPom_UTUKU_Nvd-9iVEMakg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 10:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:37:e1:8f:64:c5:1d:30:e0:6d:19:a3:c2:72:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c5e330cfa26fd44d4294fcdbddfbd89510c6a48
        Validity
            Not Before: Jan  1 16:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65282e390dbd8aeb1e82dbb750f5faf3a856149c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a7:22:a3:28:10:15:c9:04:f3:e6:5a:01:3a:
                    08:2c:5c:ae:b7:d0:b5:38:29:48:40:af:8d:38:62:
                    30:9d:d9:8e:8c:b8:8a:bb:90:e1:ce:b2:12:ae:03:
                    6d:5c:21:e1:d0:44:ed:6a:a1:dd:a4:da:37:a3:44:
                    05:4c:f1:be:ee:f1:e8:a6:e3:ae:1a:42:36:c1:9e:
                    c5:65:3a:5e:93:dd:97:f6:ac:03:af:ad:f5:a3:d3:
                    b2:75:12:77:6d:31:38:c3:00:f9:37:0e:48:85:c1:
                    a6:89:74:11:96:66:7d:28:c9:8d:d1:d3:e3:4e:b8:
                    82:5d:5f:4d:fc:c6:d8:56:49:0a:c5:c2:88:37:20:
                    a2:41:14:77:06:cf:fa:18:48:5f:88:ee:b9:6e:e4:
                    fc:c9:2e:3f:c2:c1:16:ca:4f:c0:50:93:bf:46:28:
                    a6:bb:97:76:d8:a4:fe:df:3f:6e:d7:b6:25:fd:d9:
                    c9:ca:70:64:51:79:d0:c3:7c:26:cc:07:b2:b2:4b:
                    bd:39:e0:f7:5c:a4:0e:4c:7b:2b:80:fb:55:bd:12:
                    ca:64:28:84:ee:e2:15:6d:80:b2:e4:f7:80:c6:a3:
                    fe:63:c2:5d:b4:1f:7e:13:51:10:e1:3d:6b:c4:27:
                    81:96:a6:59:d0:93:e5:af:be:39:87:ff:5c:1d:1e:
                    75:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:28:2E:39:0D:BD:8A:EB:1E:82:DB:B7:50:F5:FA:F3:A8:56:14:9C
            X509v3 Authority Key Identifier:
                keyid:6C:5E:33:0C:FA:26:FD:44:D4:29:4F:CD:BD:DF:BD:89:51:0C:6A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bF4zDPom_UTUKU_Nvd-9iVEMakg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/8eabcd-e6e9-4f43-ba6c-da2312b65a50/1/ZSguOQ29iusegtu3UPX686hWFJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/8eabcd-e6e9-4f43-ba6c-da2312b65a50/1/bF4zDPom_UTUKU_Nvd-9iVEMakg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:830::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:29:4a:22:f4:14:89:c8:3e:b4:36:1a:ce:b1:31:a5:d1:5c:
         3d:5b:f1:b4:6b:96:19:76:33:76:04:1a:7d:86:81:d5:c8:6e:
         04:40:5a:5b:ac:34:0d:47:4c:a6:02:2f:2e:d2:7f:9b:66:32:
         34:42:6e:70:0b:6d:94:fd:ed:8e:87:6b:a6:8e:b1:88:bf:ef:
         dc:b0:84:2a:9d:23:cf:88:e4:75:5c:c9:b2:b3:71:e5:7c:a2:
         31:16:56:51:82:d7:1b:4b:a1:0f:3b:0a:e0:c4:53:14:70:9f:
         b6:2d:92:f5:f7:52:a0:19:27:93:93:75:3f:0b:83:ee:ed:5f:
         5b:cf:d0:bc:c6:75:46:f2:83:f6:5b:9e:71:90:3a:e7:30:f4:
         43:44:ed:14:60:fd:61:1d:35:e5:b3:a5:96:a1:20:71:67:52:
         45:0b:42:61:11:b5:0d:05:b9:7e:1f:c1:36:34:23:3e:67:0a:
         73:cb:d5:4f:8e:48:ee:d9:68:af:e9:ef:25:9a:22:13:29:b9:
         6d:59:94:23:cd:b7:76:a7:d7:78:3c:19:23:3a:f8:22:18:b6:
         42:8b:b9:0f:f8:06:c7:66:db:b3:31:a0:3d:54:10:f2:9f:b6:
         09:1b:0e:5b:2d:55:03:1a:73:23:6d:18:a1:d5:16:5e:5b:f8:
         f9:eb:67:d6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3Dfhj2TFHTDgbRmjwnJGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjNWUzMzBjZmEyNmZkNDRkNDI5NGZjZGJkZGZiZDg5NTEw
YzZhNDgwHhcNMjQwMTAxMTYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTI4MmUzOTBkYmQ4YWViMWU4MmRiYjc1MGY1ZmFmM2E4NTYxNDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKcioygQFckE8+ZaAToILFyut9C1
OClIQK+NOGIwndmOjLiKu5DhzrISrgNtXCHh0ETtaqHdpNo3o0QFTPG+7vHopuOu
GkI2wZ7FZTpek92X9qwDr631o9OydRJ3bTE4wwD5Nw5IhcGmiXQRlmZ9KMmN0dPj
TriCXV9N/MbYVkkKxcKINyCiQRR3Bs/6GEhfiO65buT8yS4/wsEWyk/AUJO/Riim
u5d22KT+3z9u17Yl/dnJynBkUXnQw3wmzAeysku9OeD3XKQOTHsrgPtVvRLKZCiE
7uIVbYCy5PeAxqP+Y8JdtB9+E1EQ4T1rxCeBlqZZ0JPlr745h/9cHR51MQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGUoLjkNvYrrHoLbt1D1+vOoVhScMB8GA1UdIwQY
MBaAFGxeMwz6Jv1E1ClPzb3fvYlRDGpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkY0ekRQb21fVVRVS1VfTnZkLTlpVkVNYWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi84ZWFiY2QtZTZlOS00ZjQzLWJhNmMt
ZGEyMzEyYjY1YTUwLzEvWlNndU9RMjlpdXNlZ3R1M1VQWDY4NmhXRkp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi84ZWFiY2QtZTZlOS00ZjQzLWJhNmMtZGEyMzEyYjY1YTUw
LzEvYkY0ekRQb21fVVRVS1VfTnZkLTlpVkVNYWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAgw
MA0GCSqGSIb3DQEBCwUAA4IBAQBEKUoi9BSJyD60NhrOsTGl0Vw9W/G0a5YZdjN2
BBp9hoHVyG4EQFpbrDQNR0ymAi8u0n+bZjI0Qm5wC22U/e2Oh2umjrGIv+/csIQq
nSPPiOR1XMmys3HlfKIxFlZRgtcbS6EPOwrgxFMUcJ+2LZL191KgGSeTk3U/C4Pu
7V9bz9C8xnVG8oP2W55xkDrnMPRDRO0UYP1hHTXls6WWoSBxZ1JFC0JhEbUNBbl+
H8E2NCM+Zwpzy9VPjkju2Wiv6e8lmiITKbltWZQjzbd2p9d4PBkjOvgiGLZCi7kP
+AbHZtuzMaA9VBDyn7YJGw5bLVUDGnMjbRih1RZeW/j562fW
-----END CERTIFICATE-----