Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/853ee3-3a4f-4d95-9bdb-b03c2fbdc644/1/Gt2cEG-tFDrtK2upS2H1OP162uY.roa
File:                     Gt2cEG-tFDrtK2upS2H1OP162uY.roa (raw, json)
Hash identifier:          HtvVTRsZuyR6lgzT639dXE1Y3Ex3BICQBMm53dXEgGE=
Subject key identifier:   1A:DD:9C:10:6F:AD:14:3A:ED:2B:6B:A9:4B:61:F5:38:FD:7A:DA:E6
Certificate issuer:       /CN=ee0739d0528dcb4fce578d11f7ec34b0e37452cf
Certificate serial:       018CC4936B09738601AF7C7A212DBA247A55
Authority key identifier: EE:07:39:D0:52:8D:CB:4F:CE:57:8D:11:F7:EC:34:B0:E3:74:52:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7gc50FKNy0_OV40R9-w0sON0Us8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/853ee3-3a4f-4d95-9bdb-b03c2fbdc644/1/Gt2cEG-tFDrtK2upS2H1OP162uY.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212024
IP address blocks:        2001:67c:17fc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/853ee3-3a4f-4d95-9bdb-b03c2fbdc644/1/7gc50FKNy0_OV40R9-w0sON0Us8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/853ee3-3a4f-4d95-9bdb-b03c2fbdc644/1/7gc50FKNy0_OV40R9-w0sON0Us8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7gc50FKNy0_OV40R9-w0sON0Us8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6b:09:73:86:01:af:7c:7a:21:2d:ba:24:7a:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee0739d0528dcb4fce578d11f7ec34b0e37452cf
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1add9c106fad143aed2b6ba94b61f538fd7adae6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:c4:a9:62:db:ff:52:87:bb:6d:c8:e1:48:a8:
                    3c:64:9f:c6:b0:fe:31:43:c2:11:ab:1e:a4:0b:c5:
                    3e:16:50:19:75:7c:bb:06:a7:6b:9f:57:9f:06:0d:
                    83:cb:5e:59:8b:e2:9e:f4:f6:f7:7b:5f:51:f5:12:
                    c9:33:6e:ee:d7:c4:07:95:b9:4c:b3:a2:5c:10:86:
                    25:75:e5:e9:af:ca:ce:4e:ba:06:ad:cd:55:f7:af:
                    d6:25:fc:cc:9e:d3:9d:46:f1:d7:f3:4a:16:5d:87:
                    7a:49:0a:fc:6b:92:78:97:89:d1:da:5d:e6:28:46:
                    fb:fc:59:67:0a:c6:70:eb:8f:43:65:ae:b4:f8:5e:
                    c6:51:f9:80:3c:47:59:76:5d:ce:f1:fb:80:a6:c4:
                    2a:79:46:e3:80:ab:46:0a:fb:f2:cd:bc:4f:a8:da:
                    18:e9:39:de:a0:62:0d:36:f5:d0:a0:12:ce:91:14:
                    6b:be:22:f9:4c:8a:49:23:6b:26:52:e4:3a:60:06:
                    77:c4:be:61:4f:64:2e:d7:a2:0f:59:ec:9c:4a:22:
                    7a:20:71:4f:f2:a6:3e:34:5d:ce:56:89:06:54:96:
                    31:04:fe:4d:8f:2a:ee:f1:58:7a:f0:04:0c:1c:83:
                    77:48:44:89:2d:61:e2:73:0c:9c:cd:55:c1:ac:f1:
                    61:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:DD:9C:10:6F:AD:14:3A:ED:2B:6B:A9:4B:61:F5:38:FD:7A:DA:E6
            X509v3 Authority Key Identifier:
                keyid:EE:07:39:D0:52:8D:CB:4F:CE:57:8D:11:F7:EC:34:B0:E3:74:52:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7gc50FKNy0_OV40R9-w0sON0Us8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/853ee3-3a4f-4d95-9bdb-b03c2fbdc644/1/Gt2cEG-tFDrtK2upS2H1OP162uY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/853ee3-3a4f-4d95-9bdb-b03c2fbdc644/1/7gc50FKNy0_OV40R9-w0sON0Us8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:17fc::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:e7:2a:5c:9c:1c:e7:35:8e:c1:c2:be:e6:c1:9e:f8:ae:0b:
         f9:e3:3a:52:3c:83:d6:2f:4b:87:68:11:a4:f2:1e:0b:9c:dd:
         4b:55:9d:79:22:0b:a6:93:7f:c9:53:6f:58:2a:06:83:ae:37:
         31:77:76:b1:e5:4b:bc:4d:b3:c8:fd:9e:d6:e2:40:fa:aa:4d:
         14:6a:73:2e:a0:8a:83:de:bf:9e:43:0a:bc:95:89:bc:69:9b:
         84:2d:7f:c8:d4:e0:6f:53:06:b4:9b:89:88:23:98:5d:8c:b1:
         d6:a6:7a:4b:a3:91:1e:0a:87:d4:97:45:c5:d6:53:2e:e1:48:
         de:28:e6:68:28:b1:a6:fe:76:d3:d2:59:07:6d:3e:89:e9:9d:
         0d:08:b2:dc:b7:aa:fb:64:61:4f:26:fa:c5:49:0e:59:0f:2f:
         28:64:6e:8f:86:0e:b2:b1:f8:15:86:f2:9b:ae:ca:ca:45:97:
         75:f5:2b:ac:7a:4a:a1:3f:e2:d7:77:c6:c9:b7:2c:41:99:20:
         5b:34:82:d2:44:d4:f6:98:86:13:6e:18:3e:f1:55:40:9d:d5:
         8a:ba:cb:2c:aa:41:1a:dc:32:75:fa:23:d3:77:cb:72:75:71:
         e1:f4:fb:06:43:4d:8a:9a:63:72:f4:9c:ae:96:97:32:b5:9e:
         02:6e:6f:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk2sJc4YBr3x6IS26JHpVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMDczOWQwNTI4ZGNiNGZjZTU3OGQxMWY3ZWMzNGIwZTM3
NDUyY2YwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWRkOWMxMDZmYWQxNDNhZWQyYjZiYTk0YjYxZjUzOGZkN2FkYWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgsSpYtv/Uoe7bcjhSKg8ZJ/GsP4x
Q8IRqx6kC8U+FlAZdXy7Bqdrn1efBg2Dy15Zi+Ke9Pb3e19R9RLJM27u18QHlblM
s6JcEIYldeXpr8rOTroGrc1V96/WJfzMntOdRvHX80oWXYd6SQr8a5J4l4nR2l3m
KEb7/FlnCsZw649DZa60+F7GUfmAPEdZdl3O8fuApsQqeUbjgKtGCvvyzbxPqNoY
6TneoGINNvXQoBLOkRRrviL5TIpJI2smUuQ6YAZ3xL5hT2Qu16IPWeycSiJ6IHFP
8qY+NF3OVokGVJYxBP5Njyru8Vh68AQMHIN3SESJLWHicwyczVXBrPFhOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBrdnBBvrRQ67StrqUth9Tj9etrmMB8GA1UdIwQY
MBaAFO4HOdBSjctPzleNEffsNLDjdFLPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2djNTBGS055MF9PVjQwUjktdzBzT04wVXM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni84NTNlZTMtM2E0Zi00ZDk1LTliZGIt
YjAzYzJmYmRjNjQ0LzEvR3QyY0VHLXRGRHJ0SzJ1cFMySDFPUDE2MnVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni84NTNlZTMtM2E0Zi00ZDk1LTliZGItYjAzYzJmYmRjNjQ0
LzEvN2djNTBGS055MF9PVjQwUjktdzBzT04wVXM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBf8
MA0GCSqGSIb3DQEBCwUAA4IBAQCV5ypcnBznNY7Bwr7mwZ74rgv54zpSPIPWL0uH
aBGk8h4LnN1LVZ15Igumk3/JU29YKgaDrjcxd3ax5Uu8TbPI/Z7W4kD6qk0UanMu
oIqD3r+eQwq8lYm8aZuELX/I1OBvUwa0m4mII5hdjLHWpnpLo5EeCofUl0XF1lMu
4UjeKOZoKLGm/nbT0lkHbT6J6Z0NCLLct6r7ZGFPJvrFSQ5ZDy8oZG6Phg6ysfgV
hvKbrsrKRZd19SusekqhP+LXd8bJtyxBmSBbNILSRNT2mIYTbhg+8VVAndWKusss
qkEa3DJ1+iPTd8tydXHh9PsGQ02KmmNy9JyulpcytZ4Cbm/w
-----END CERTIFICATE-----