Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/ddaf47-4e6d-4994-877b-2a89df1af16a/1/uBxSYdLlrVVHCrzYzBx942IWui8.roa
File:                     uBxSYdLlrVVHCrzYzBx942IWui8.roa (raw, json)
Hash identifier:          TY7S4lZ4y5kO+H6Pc8+dyYg0dU0DgYMGvA5tYosNbxk=
Subject key identifier:   B8:1C:52:61:D2:E5:AD:55:47:0A:BC:D8:CC:1C:7D:E3:62:16:BA:2F
Certificate issuer:       /CN=d2134c7288a0c17a33b8b5fe8c58066b4442f183
Certificate serial:       01903458D15E4469D1E52619A633422CEA26
Authority key identifier: D2:13:4C:72:88:A0:C1:7A:33:B8:B5:FE:8C:58:06:6B:44:42:F1:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0hNMcoigwXozuLX-jFgGa0RC8YM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/ddaf47-4e6d-4994-877b-2a89df1af16a/1/uBxSYdLlrVVHCrzYzBx942IWui8.roa
Signing time:             Thu 20 Jun 2024 06:32:34 +0000
ROA not before:           Thu 20 Jun 2024 06:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214712
IP address blocks:        2001:67c:6e4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/ddaf47-4e6d-4994-877b-2a89df1af16a/1/0hNMcoigwXozuLX-jFgGa0RC8YM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/ddaf47-4e6d-4994-877b-2a89df1af16a/1/0hNMcoigwXozuLX-jFgGa0RC8YM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0hNMcoigwXozuLX-jFgGa0RC8YM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:34:58:d1:5e:44:69:d1:e5:26:19:a6:33:42:2c:ea:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2134c7288a0c17a33b8b5fe8c58066b4442f183
        Validity
            Not Before: Jun 20 06:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b81c5261d2e5ad55470abcd8cc1c7de36216ba2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:8e:ac:e2:5f:4c:3a:fb:86:17:30:da:44:a8:
                    7f:7e:31:21:f7:c7:63:31:7d:49:7c:be:11:5f:37:
                    c2:f4:51:56:72:da:6e:51:bd:12:78:75:19:89:72:
                    2d:e9:b1:bd:16:17:34:f0:6e:67:c1:f9:a3:d3:b4:
                    5d:9c:94:ae:75:85:4e:8e:98:1e:48:8e:ea:f9:ae:
                    b8:0a:7d:4a:72:c4:b1:a3:28:17:0e:75:d5:0f:47:
                    b6:54:71:0c:61:f8:31:9f:8c:46:88:b8:49:12:61:
                    fe:0f:ec:5b:db:1c:54:05:a7:ee:98:fc:05:92:12:
                    63:47:f6:b1:d1:4d:b1:b9:8f:ea:5c:6f:ad:c4:0a:
                    16:a6:ac:20:6b:7f:c4:43:56:6a:c0:0f:88:eb:f4:
                    02:ad:4b:d0:23:26:cd:e8:a2:34:3e:d0:4f:13:a9:
                    1f:b2:1a:fc:91:e1:c5:0f:42:cb:61:d4:da:de:c3:
                    76:da:4d:4a:e3:9b:8a:31:7e:79:f6:27:27:5c:0c:
                    80:de:69:3f:c7:ed:b0:e1:ce:7b:37:96:b2:bb:64:
                    6e:67:89:b1:17:de:5a:b5:27:5b:fd:b1:b0:96:39:
                    ba:ea:ac:42:8c:01:4f:33:27:11:e1:c1:97:d4:a8:
                    b2:6f:b5:7c:5d:ee:08:57:e5:8a:da:c2:19:cf:9a:
                    69:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:1C:52:61:D2:E5:AD:55:47:0A:BC:D8:CC:1C:7D:E3:62:16:BA:2F
            X509v3 Authority Key Identifier:
                keyid:D2:13:4C:72:88:A0:C1:7A:33:B8:B5:FE:8C:58:06:6B:44:42:F1:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0hNMcoigwXozuLX-jFgGa0RC8YM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/ddaf47-4e6d-4994-877b-2a89df1af16a/1/uBxSYdLlrVVHCrzYzBx942IWui8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/ddaf47-4e6d-4994-877b-2a89df1af16a/1/0hNMcoigwXozuLX-jFgGa0RC8YM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:6e4::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:b9:fa:7e:74:1a:1b:07:e2:85:3d:a9:ad:5a:5f:8f:65:b8:
         1a:3e:6a:fc:60:34:36:f5:54:9d:92:86:8f:3f:ab:cc:6f:c3:
         30:da:e4:1d:2b:61:a9:3d:c1:60:0d:12:a3:fc:3e:1f:ef:40:
         56:45:86:b2:fa:16:3b:fe:28:e6:f6:02:67:fa:0c:30:97:b3:
         29:4d:e6:e2:09:4d:37:d2:47:5c:0a:73:76:ac:81:03:6b:e3:
         d9:58:dc:3a:76:94:ef:e6:a0:69:ff:df:d8:8f:48:09:51:e1:
         04:1a:d4:6f:77:4a:5f:44:29:82:c5:39:2c:09:b9:4a:15:02:
         b0:ed:ee:5f:33:80:9c:7b:a8:49:e6:e0:52:bd:68:9c:36:c1:
         85:73:e5:0e:92:c2:dd:c3:7e:be:9f:00:a9:5f:f8:86:24:d7:
         c9:8d:57:9a:da:e5:dd:dd:8e:a2:16:58:1d:9e:3b:02:04:ed:
         90:63:6a:7b:af:2c:60:c6:5b:5b:11:f6:bb:1d:77:5a:d4:94:
         d5:f0:05:d1:46:75:dc:62:b2:09:81:a7:8e:eb:0a:e8:c6:29:
         f8:70:62:be:e4:eb:a4:17:92:79:7a:61:5e:bf:66:3b:e7:6e:
         ee:ce:f1:aa:03:6d:bc:57:ce:a5:77:bd:5f:ed:8b:19:28:eb:
         9e:f7:2d:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZA0WNFeRGnR5SYZpjNCLOomMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTM0YzcyODhhMGMxN2EzM2I4YjVmZThjNTgwNjZiNDQ0
MmYxODMwHhcNMjQwNjIwMDYzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODFjNTI2MWQyZTVhZDU1NDcwYWJjZDhjYzFjN2RlMzYyMTZiYTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjY6s4l9MOvuGFzDaRKh/fjEh98dj
MX1JfL4RXzfC9FFWctpuUb0SeHUZiXIt6bG9Fhc08G5nwfmj07RdnJSudYVOjpge
SI7q+a64Cn1KcsSxoygXDnXVD0e2VHEMYfgxn4xGiLhJEmH+D+xb2xxUBafumPwF
khJjR/ax0U2xuY/qXG+txAoWpqwga3/EQ1ZqwA+I6/QCrUvQIybN6KI0PtBPE6kf
shr8keHFD0LLYdTa3sN22k1K45uKMX559icnXAyA3mk/x+2w4c57N5ayu2RuZ4mx
F95atSdb/bGwljm66qxCjAFPMycR4cGX1Kiyb7V8Xe4IV+WK2sIZz5ppwwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLgcUmHS5a1VRwq82MwcfeNiFrovMB8GA1UdIwQY
MBaAFNITTHKIoMF6M7i1/oxYBmtEQvGDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhOTWNvaWd3WG96dUxYLWpGZ0dhMFJDOFlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9kZGFmNDctNGU2ZC00OTk0LTg3N2It
MmE4OWRmMWFmMTZhLzEvdUJ4U1lkTGxyVlZIQ3J6WXpCeDk0MklXdWk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9kZGFmNDctNGU2ZC00OTk0LTg3N2ItMmE4OWRmMWFmMTZh
LzEvMGhOTWNvaWd3WG96dUxYLWpGZ0dhMFJDOFlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAbk
MA0GCSqGSIb3DQEBCwUAA4IBAQBNufp+dBobB+KFPamtWl+PZbgaPmr8YDQ29VSd
koaPP6vMb8Mw2uQdK2GpPcFgDRKj/D4f70BWRYay+hY7/ijm9gJn+gwwl7MpTebi
CU030kdcCnN2rIEDa+PZWNw6dpTv5qBp/9/Yj0gJUeEEGtRvd0pfRCmCxTksCblK
FQKw7e5fM4Cce6hJ5uBSvWicNsGFc+UOksLdw36+nwCpX/iGJNfJjVea2uXd3Y6i
FlgdnjsCBO2QY2p7ryxgxltbEfa7HXda1JTV8AXRRnXcYrIJgaeO6wroxin4cGK+
5OukF5J5emFev2Y7527uzvGqA228V86ld71f7YsZKOue9y2H
-----END CERTIFICATE-----