Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/91402e-ed28-4a21-84e2-e4d64dca67ac/1/1-LQTI-rnfNlpZG1Cxm7OTRsUPnA.roa
File:                     1-LQTI-rnfNlpZG1Cxm7OTRsUPnA.roa (raw, json)
Hash identifier:          zzlyMmpSzjs3KTIFEAomAJoBbSJB1D+DoHudQuvZ610=
Subject key identifier:   F8:B4:13:23:EA:E7:7C:D9:69:64:6D:42:C6:6E:CE:4D:1B:14:3E:70
Certificate issuer:       /CN=e316c03cfaffe134c7beda4886ab8b09cf45fbc4
Certificate serial:       018CC56E08D08CD62ACDF2D1EF7C8C6CF1E2
Authority key identifier: E3:16:C0:3C:FA:FF:E1:34:C7:BE:DA:48:86:AB:8B:09:CF:45:FB:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4xbAPPr_4TTHvtpIhquLCc9F-8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/91402e-ed28-4a21-84e2-e4d64dca67ac/1/1-LQTI-rnfNlpZG1Cxm7OTRsUPnA.roa
Signing time:             Mon 01 Jan 2024 14:29:31 +0000
ROA not before:           Mon 01 Jan 2024 14:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199789
IP address blocks:        2001:67c:29a4::/48 maxlen: 48
                          2001:67c:b98::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/91402e-ed28-4a21-84e2-e4d64dca67ac/1/4xbAPPr_4TTHvtpIhquLCc9F-8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/91402e-ed28-4a21-84e2-e4d64dca67ac/1/4xbAPPr_4TTHvtpIhquLCc9F-8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4xbAPPr_4TTHvtpIhquLCc9F-8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:08:d0:8c:d6:2a:cd:f2:d1:ef:7c:8c:6c:f1:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e316c03cfaffe134c7beda4886ab8b09cf45fbc4
        Validity
            Not Before: Jan  1 14:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8b41323eae77cd969646d42c66ece4d1b143e70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:58:5c:50:cc:36:24:69:79:78:ea:71:dc:1e:
                    65:eb:c2:c7:74:ba:e5:4e:d9:99:71:86:ad:6e:7a:
                    41:4b:75:c0:ca:92:0e:32:1f:2e:d6:ed:5b:d2:c8:
                    fe:3b:35:60:12:c2:0a:6b:15:af:65:0c:3d:74:e5:
                    91:63:f8:10:c9:3f:44:19:4a:c2:64:86:25:71:21:
                    42:3f:0d:c9:57:9b:ea:fc:d0:7b:12:7c:19:4d:8e:
                    c1:7d:6e:37:91:e6:29:ac:84:19:77:7a:ed:1e:8f:
                    e8:10:12:3e:15:d2:dc:2c:79:56:b9:d8:7f:c5:83:
                    aa:65:02:b6:4b:84:94:01:72:2c:54:49:c0:d7:b7:
                    14:f1:6d:af:e4:9d:c8:09:d2:76:b6:61:28:eb:e9:
                    e8:2d:ea:d9:57:2b:99:9c:69:87:4d:8f:72:65:01:
                    d6:9a:0b:0b:44:9b:d2:54:e5:94:26:cc:57:da:7e:
                    ec:37:04:3c:f0:c8:49:7e:05:04:18:73:37:98:ff:
                    6d:65:2c:2a:75:f1:d9:53:17:86:d3:f6:ab:4e:90:
                    21:e9:3d:b6:51:78:16:8b:46:8d:48:6e:f5:2e:7c:
                    1d:a8:26:7f:96:8d:e0:66:af:c2:39:b1:43:ff:8c:
                    cd:3e:a4:3d:0f:fb:85:a6:cf:a4:46:25:c7:e7:f5:
                    b6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:B4:13:23:EA:E7:7C:D9:69:64:6D:42:C6:6E:CE:4D:1B:14:3E:70
            X509v3 Authority Key Identifier:
                keyid:E3:16:C0:3C:FA:FF:E1:34:C7:BE:DA:48:86:AB:8B:09:CF:45:FB:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4xbAPPr_4TTHvtpIhquLCc9F-8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/91402e-ed28-4a21-84e2-e4d64dca67ac/1/1-LQTI-rnfNlpZG1Cxm7OTRsUPnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/91402e-ed28-4a21-84e2-e4d64dca67ac/1/4xbAPPr_4TTHvtpIhquLCc9F-8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b98::/48
                  2001:67c:29a4::/48

    Signature Algorithm: sha256WithRSAEncryption
         c2:4b:70:2b:af:a9:2d:17:05:60:dc:2d:c7:83:42:85:e1:ee:
         46:dc:f9:b1:be:f8:0d:09:b6:f0:71:61:8d:54:45:94:e4:7f:
         ea:71:a3:4f:b0:f1:40:cd:31:98:a7:82:42:a8:02:0a:cb:e8:
         2a:76:1e:cf:3f:a4:13:fa:6c:cd:e9:81:d1:d5:0f:cd:35:e2:
         85:b2:13:a1:5b:a3:24:02:88:df:7c:67:a7:ad:ea:46:6d:69:
         00:ba:96:d4:5d:df:d6:0a:9f:2a:22:43:bd:f7:be:7a:60:29:
         01:d8:f4:b1:6e:9b:4e:1e:02:bf:78:14:08:e6:df:55:53:5b:
         6b:09:e6:d3:d9:4a:c0:5a:ad:16:64:36:bd:4d:c4:63:0a:16:
         68:f9:0b:a9:05:f0:21:80:c5:66:d5:62:fe:1d:0c:84:41:6d:
         e1:38:db:d6:e6:5f:ad:70:58:ac:07:60:98:6d:59:9c:70:f3:
         00:fd:67:14:6e:01:78:33:8f:c2:88:ef:67:0b:31:73:8a:57:
         f3:ec:c7:0b:a8:18:60:d1:9e:f2:2e:0d:aa:42:af:8d:56:79:
         de:62:1c:c3:73:43:47:2c:a4:7b:f7:7c:0d:f5:b2:45:c1:31:
         d7:87:b0:0e:9e:53:1f:2f:51:f5:d2:30:53:40:88:bf:49:57:
         9e:71:de:9a
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYzFbgjQjNYqzfLR73yMbPHiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMTZjMDNjZmFmZmUxMzRjN2JlZGE0ODg2YWI4YjA5Y2Y0
NWZiYzQwHhcNMjQwMTAxMTQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGI0MTMyM2VhZTc3Y2Q5Njk2NDZkNDJjNjZlY2U0ZDFiMTQzZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFhcUMw2JGl5eOpx3B5l68LHdLrl
TtmZcYatbnpBS3XAypIOMh8u1u1b0sj+OzVgEsIKaxWvZQw9dOWRY/gQyT9EGUrC
ZIYlcSFCPw3JV5vq/NB7EnwZTY7BfW43keYprIQZd3rtHo/oEBI+FdLcLHlWudh/
xYOqZQK2S4SUAXIsVEnA17cU8W2v5J3ICdJ2tmEo6+noLerZVyuZnGmHTY9yZQHW
mgsLRJvSVOWUJsxX2n7sNwQ88MhJfgUEGHM3mP9tZSwqdfHZUxeG0/arTpAh6T22
UXgWi0aNSG71LnwdqCZ/lo3gZq/CObFD/4zNPqQ9D/uFps+kRiXH5/W2VwIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFPi0EyPq53zZaWRtQsZuzk0bFD5wMB8GA1UdIwQY
MBaAFOMWwDz6/+E0x77aSIariwnPRfvEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHhiQVBQcl80VFRIdnRwSWhxdUxDYzlGLThRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My85MTQwMmUtZWQyOC00YTIxLTg0ZTIt
ZTRkNjRkY2E2N2FjLzEvMS1MUVRJLXJuZk5scFpHMUN4bTdPVFJzVVBuQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjMvOTE0MDJlLWVkMjgtNGEyMS04NGUyLWU0ZDY0ZGNhNjdh
Yy8xLzR4YkFQUHJfNFRUSHZ0cElocXVMQ2M5Ri04US5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAIwEgMHACABBnwL
mAMHACABBnwppDANBgkqhkiG9w0BAQsFAAOCAQEAwktwK6+pLRcFYNwtx4NCheHu
Rtz5sb74DQm28HFhjVRFlOR/6nGjT7DxQM0xmKeCQqgCCsvoKnYezz+kE/pszemB
0dUPzTXihbIToVujJAKI33xnp63qRm1pALqW1F3f1gqfKiJDvfe+emApAdj0sW6b
Th4Cv3gUCObfVVNbawnm09lKwFqtFmQ2vU3EYwoWaPkLqQXwIYDFZtVi/h0MhEFt
4Tjb1uZfrXBYrAdgmG1ZnHDzAP1nFG4BeDOPwojvZwsxc4pX8+zHC6gYYNGe8i4N
qkKvjVZ53mIcw3NDRyyke/d8DfWyRcEx14ewDp5THy9R9dIwU0CIv0lXnnHemg==
-----END CERTIFICATE-----