Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/8ec96d-d61c-46ac-bf54-65135cf2f815/1/d3tSTilexIW7SVMjXQynX84z4RE.roa
File:                     d3tSTilexIW7SVMjXQynX84z4RE.roa (raw, json)
Hash identifier:          VUOc6Xp9N6t43PWd1fkDDgcZkgFTTM+CTNIQDIowLqU=
Subject key identifier:   77:7B:52:4E:29:5E:C4:85:BB:49:53:23:5D:0C:A7:5F:CE:33:E1:11
Certificate issuer:       /CN=529231b247bff65b4c6341907ecd5eaba7f9ca92
Certificate serial:       018CC9BC32757561BFAC0A3B2887F5FC2FF4
Authority key identifier: 52:92:31:B2:47:BF:F6:5B:4C:63:41:90:7E:CD:5E:AB:A7:F9:CA:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UpIxske_9ltMY0GQfs1eq6f5ypI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/8ec96d-d61c-46ac-bf54-65135cf2f815/1/d3tSTilexIW7SVMjXQynX84z4RE.roa
Signing time:             Tue 02 Jan 2024 10:33:23 +0000
ROA not before:           Tue 02 Jan 2024 10:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200479
IP address blocks:        2001:67c:2344::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/8ec96d-d61c-46ac-bf54-65135cf2f815/1/UpIxske_9ltMY0GQfs1eq6f5ypI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/8ec96d-d61c-46ac-bf54-65135cf2f815/1/UpIxske_9ltMY0GQfs1eq6f5ypI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UpIxske_9ltMY0GQfs1eq6f5ypI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 13:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:32:75:75:61:bf:ac:0a:3b:28:87:f5:fc:2f:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=529231b247bff65b4c6341907ecd5eaba7f9ca92
        Validity
            Not Before: Jan  2 10:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=777b524e295ec485bb4953235d0ca75fce33e111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:fd:58:42:da:d4:25:42:cb:d5:1b:a7:7b:bc:
                    78:59:a7:35:ad:0c:10:dc:c4:bf:d8:84:93:a6:cb:
                    95:de:12:e0:0d:cc:0c:7e:43:fd:84:6b:3a:96:ec:
                    6d:db:c8:89:bb:f4:5d:71:43:bb:3b:96:73:99:6a:
                    38:9b:14:9e:6c:fe:55:df:8b:f2:1b:8f:3d:38:3e:
                    80:23:77:6a:42:54:b1:cd:d5:3f:f6:86:7d:12:cb:
                    de:d9:a9:de:c4:a4:ca:87:35:a6:f0:09:0f:a2:1a:
                    c1:4e:e0:39:14:55:7a:b9:43:03:7a:ef:b6:1d:df:
                    5e:03:d4:4f:65:2b:6b:c6:ff:ce:87:87:27:e1:a0:
                    8d:f1:6d:b0:e4:d0:e2:19:6b:cf:bb:07:e7:4b:d1:
                    ea:fe:fc:0a:41:1e:af:d7:73:62:1c:e9:f8:23:20:
                    44:2e:a9:c9:26:f9:d2:5c:ce:72:ba:a1:2d:62:dc:
                    64:fa:15:5c:d4:2c:d0:28:1c:fb:66:76:5c:ec:db:
                    f4:df:bf:c2:16:31:db:68:cd:5a:d2:a0:98:43:ee:
                    74:b6:4d:48:36:09:9a:42:04:39:e8:bc:79:e0:15:
                    07:7b:93:d8:61:06:80:a9:f2:fd:1a:13:3a:f5:e6:
                    69:6b:30:e6:09:3b:7b:cb:e3:c9:14:10:9c:8c:7a:
                    44:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:7B:52:4E:29:5E:C4:85:BB:49:53:23:5D:0C:A7:5F:CE:33:E1:11
            X509v3 Authority Key Identifier:
                keyid:52:92:31:B2:47:BF:F6:5B:4C:63:41:90:7E:CD:5E:AB:A7:F9:CA:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpIxske_9ltMY0GQfs1eq6f5ypI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/8ec96d-d61c-46ac-bf54-65135cf2f815/1/d3tSTilexIW7SVMjXQynX84z4RE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/8ec96d-d61c-46ac-bf54-65135cf2f815/1/UpIxske_9ltMY0GQfs1eq6f5ypI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2344::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:2d:20:6f:26:6e:d0:90:a0:5c:af:ab:a0:6e:49:d4:1d:d6:
         2b:18:17:51:7c:3a:4b:a9:01:9e:01:cf:ea:17:52:0d:fa:35:
         cf:c9:fd:c2:94:fa:06:c4:6b:c4:9c:8e:bb:b5:b7:8d:0b:8e:
         f5:c3:c2:cb:3d:e7:55:2c:74:ec:02:9c:dc:a6:92:52:44:30:
         52:93:e3:2d:ed:4b:83:d0:a5:d6:e5:0a:d1:1a:52:16:dc:6b:
         ba:81:fd:be:92:5e:96:45:bc:7d:10:45:af:0d:fa:43:7e:b4:
         13:ca:b9:a2:46:e0:4d:d6:98:42:17:7b:c1:86:7c:29:d7:6a:
         09:f9:b0:f5:a3:d2:19:28:3c:89:38:41:d3:c3:fe:33:17:5b:
         9e:93:c0:02:7c:c7:00:5b:15:40:f4:dc:e3:16:e6:18:00:fa:
         d1:85:05:22:17:24:04:51:8a:3a:ff:ef:19:ca:b9:68:68:34:
         da:b5:9b:9f:e5:84:d4:af:b3:3c:d7:72:0e:ca:32:3a:a4:d7:
         b8:75:c0:ee:4a:8e:f5:03:35:16:27:bf:c3:d6:29:ff:e0:92:
         1c:e0:18:bd:12:b9:5c:62:c8:40:b5:c0:06:9f:8e:32:d1:a2:
         70:76:a8:19:ec:a5:42:9e:b8:50:05:5c:8e:60:fe:f2:a5:64:
         6e:8a:14:53
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvDJ1dWG/rAo7KIf1/C/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOTIzMWIyNDdiZmY2NWI0YzYzNDE5MDdlY2Q1ZWFiYTdm
OWNhOTIwHhcNMjQwMTAyMTAzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzdiNTI0ZTI5NWVjNDg1YmI0OTUzMjM1ZDBjYTc1ZmNlMzNlMTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArv1YQtrUJULL1Rune7x4Wac1rQwQ
3MS/2ISTpsuV3hLgDcwMfkP9hGs6luxt28iJu/RdcUO7O5ZzmWo4mxSebP5V34vy
G489OD6AI3dqQlSxzdU/9oZ9Esve2anexKTKhzWm8AkPohrBTuA5FFV6uUMDeu+2
Hd9eA9RPZStrxv/Oh4cn4aCN8W2w5NDiGWvPuwfnS9Hq/vwKQR6v13NiHOn4IyBE
LqnJJvnSXM5yuqEtYtxk+hVc1CzQKBz7ZnZc7Nv037/CFjHbaM1a0qCYQ+50tk1I
NgmaQgQ56Lx54BUHe5PYYQaAqfL9GhM69eZpazDmCTt7y+PJFBCcjHpEbwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHd7Uk4pXsSFu0lTI10Mp1/OM+ERMB8GA1UdIwQY
MBaAFFKSMbJHv/ZbTGNBkH7NXqun+cqSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXBJeHNrZV85bHRNWTBHUWZzMWVxNmY1eXBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi84ZWM5NmQtZDYxYy00NmFjLWJmNTQt
NjUxMzVjZjJmODE1LzEvZDN0U1RpbGV4SVc3U1ZNalhReW5YODR6NFJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi84ZWM5NmQtZDYxYy00NmFjLWJmNTQtNjUxMzVjZjJmODE1
LzEvVXBJeHNrZV85bHRNWTBHUWZzMWVxNmY1eXBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCNE
MA0GCSqGSIb3DQEBCwUAA4IBAQBMLSBvJm7QkKBcr6ugbknUHdYrGBdRfDpLqQGe
Ac/qF1IN+jXPyf3ClPoGxGvEnI67tbeNC471w8LLPedVLHTsApzcppJSRDBSk+Mt
7UuD0KXW5QrRGlIW3Gu6gf2+kl6WRbx9EEWvDfpDfrQTyrmiRuBN1phCF3vBhnwp
12oJ+bD1o9IZKDyJOEHTw/4zF1uek8ACfMcAWxVA9NzjFuYYAPrRhQUiFyQEUYo6
/+8ZyrloaDTatZuf5YTUr7M813IOyjI6pNe4dcDuSo71AzUWJ7/D1in/4JIc4Bi9
ErlcYshAtcAGn44y0aJwdqgZ7KVCnrhQBVyOYP7ypWRuihRT
-----END CERTIFICATE-----