Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/cf130d-efd4-4dfb-a1a3-a2bf0a18cddc/1/M4YvO4Idz4-LmPuWAK8EGgMQlsM.roa
File:                     M4YvO4Idz4-LmPuWAK8EGgMQlsM.roa (raw, json)
Hash identifier:          auvxcmWEcpUt1PjGwX9VstJWCw30RmkccT+v94/+8C0=
Subject key identifier:   33:86:2F:3B:82:1D:CF:8F:8B:98:FB:96:00:AF:04:1A:03:10:96:C3
Certificate issuer:       /CN=8b93e567af198a94e1fcf05fe0fe7c921095a84a
Certificate serial:       018CC42555A29CC57ECC2B9145CC39B29FCA
Authority key identifier: 8B:93:E5:67:AF:19:8A:94:E1:FC:F0:5F:E0:FE:7C:92:10:95:A8:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i5PlZ68ZipTh_PBf4P58khCVqEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/cf130d-efd4-4dfb-a1a3-a2bf0a18cddc/1/M4YvO4Idz4-LmPuWAK8EGgMQlsM.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58010
IP address blocks:        2001:67c:1bf4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/cf130d-efd4-4dfb-a1a3-a2bf0a18cddc/1/i5PlZ68ZipTh_PBf4P58khCVqEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/cf130d-efd4-4dfb-a1a3-a2bf0a18cddc/1/i5PlZ68ZipTh_PBf4P58khCVqEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i5PlZ68ZipTh_PBf4P58khCVqEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:55:a2:9c:c5:7e:cc:2b:91:45:cc:39:b2:9f:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b93e567af198a94e1fcf05fe0fe7c921095a84a
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33862f3b821dcf8f8b98fb9600af041a031096c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:b9:50:eb:89:51:f0:00:06:56:46:63:99:e7:
                    72:9f:47:2b:eb:c7:ab:98:e7:b9:c4:5b:f4:da:48:
                    5d:43:ce:1e:f6:3e:b1:6c:24:bd:59:aa:c7:6c:ce:
                    31:f5:15:26:ba:05:29:78:bb:4c:20:07:71:49:cf:
                    a6:ec:f0:84:f1:b3:3f:d1:8d:ea:22:83:2f:71:ed:
                    ac:a3:1c:91:82:3d:30:38:44:51:6c:69:9a:e1:7b:
                    07:97:2b:e4:2f:b0:a7:3f:e4:cf:e3:6b:44:7d:cc:
                    f3:f0:be:e6:cc:eb:d8:86:1d:16:c3:8a:6a:d2:6f:
                    f3:46:20:f6:5c:63:13:94:fe:b3:82:8a:24:12:dd:
                    d9:74:1e:b7:6d:1e:99:f7:0f:35:2f:e9:85:80:fc:
                    7e:d7:7f:8b:18:be:77:6f:02:d2:e3:db:b0:b4:92:
                    be:de:28:65:6c:85:51:39:3d:d7:0a:55:b3:f1:10:
                    e8:18:16:6c:6c:45:81:bc:f3:cb:4a:4b:22:35:48:
                    22:a5:2a:e6:35:31:0d:13:d0:18:b0:6b:c1:07:dd:
                    42:18:06:30:09:86:5b:17:fb:64:4d:f8:47:54:11:
                    a1:5a:e6:3c:5d:08:ae:a0:dc:dd:62:25:59:93:48:
                    5d:72:e0:73:e6:de:65:ad:fc:42:11:6e:b3:90:e5:
                    1c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:86:2F:3B:82:1D:CF:8F:8B:98:FB:96:00:AF:04:1A:03:10:96:C3
            X509v3 Authority Key Identifier:
                keyid:8B:93:E5:67:AF:19:8A:94:E1:FC:F0:5F:E0:FE:7C:92:10:95:A8:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i5PlZ68ZipTh_PBf4P58khCVqEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/cf130d-efd4-4dfb-a1a3-a2bf0a18cddc/1/M4YvO4Idz4-LmPuWAK8EGgMQlsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/cf130d-efd4-4dfb-a1a3-a2bf0a18cddc/1/i5PlZ68ZipTh_PBf4P58khCVqEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1bf4::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:fc:97:c1:ad:d9:3f:25:e8:51:66:b4:ce:15:dd:1e:68:75:
         ef:11:90:70:6a:c3:e1:47:75:db:90:22:a8:84:65:7c:6f:2c:
         b8:ba:30:e1:df:14:9b:d6:68:db:49:d9:24:59:1b:d7:f2:a2:
         af:bb:7b:d8:f4:05:14:6e:9f:67:26:17:82:95:5a:ea:22:0e:
         08:ab:47:41:cd:ba:fc:5e:e6:f9:b9:b7:d1:c9:f9:68:3e:02:
         81:37:16:bd:07:5a:e9:68:12:b0:24:1b:a3:c1:a6:a2:b6:11:
         15:d3:ed:5e:6a:b1:03:17:e4:21:b1:67:0b:7a:1c:fe:4b:3f:
         27:30:52:18:98:e7:6e:51:26:bb:a2:b9:24:8d:f5:28:75:72:
         4a:19:89:52:a4:27:ca:ee:8e:c9:43:2e:7e:90:66:4b:3b:97:
         32:96:ef:9f:86:aa:e5:f3:de:30:35:9a:ca:ed:4f:9e:96:39:
         aa:46:2e:a1:8d:06:26:03:5d:eb:35:ac:fa:f3:fd:16:32:a9:
         fc:0f:66:6e:55:51:e6:52:ba:2a:4a:f8:39:f6:b4:e3:ba:78:
         bb:ef:1d:99:43:c3:b8:c2:72:63:53:f7:30:eb:ac:53:a6:43:
         6c:83:73:09:48:a0:21:b8:35:3d:b7:6e:4b:a1:20:0b:57:b8:
         83:b3:60:03
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJVWinMV+zCuRRcw5sp/KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiOTNlNTY3YWYxOThhOTRlMWZjZjA1ZmUwZmU3YzkyMTA5
NWE4NGEwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzg2MmYzYjgyMWRjZjhmOGI5OGZiOTYwMGFmMDQxYTAzMTA5NmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+blQ64lR8AAGVkZjmedyn0cr68er
mOe5xFv02khdQ84e9j6xbCS9WarHbM4x9RUmugUpeLtMIAdxSc+m7PCE8bM/0Y3q
IoMvce2soxyRgj0wOERRbGma4XsHlyvkL7CnP+TP42tEfczz8L7mzOvYhh0Ww4pq
0m/zRiD2XGMTlP6zgookEt3ZdB63bR6Z9w81L+mFgPx+13+LGL53bwLS49uwtJK+
3ihlbIVROT3XClWz8RDoGBZsbEWBvPPLSksiNUgipSrmNTENE9AYsGvBB91CGAYw
CYZbF/tkTfhHVBGhWuY8XQiuoNzdYiVZk0hdcuBz5t5lrfxCEW6zkOUcOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDOGLzuCHc+Pi5j7lgCvBBoDEJbDMB8GA1UdIwQY
MBaAFIuT5WevGYqU4fzwX+D+fJIQlahKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTVQbFo2OFppcFRoX1BCZjRQNThraENWcUVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9jZjEzMGQtZWZkNC00ZGZiLWExYTMt
YTJiZjBhMThjZGRjLzEvTTRZdk80SWR6NC1MbVB1V0FLOEVHZ01RbHNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9jZjEzMGQtZWZkNC00ZGZiLWExYTMtYTJiZjBhMThjZGRj
LzEvaTVQbFo2OFppcFRoX1BCZjRQNThraENWcUVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBv0
MA0GCSqGSIb3DQEBCwUAA4IBAQAW/JfBrdk/JehRZrTOFd0eaHXvEZBwasPhR3Xb
kCKohGV8byy4ujDh3xSb1mjbSdkkWRvX8qKvu3vY9AUUbp9nJheClVrqIg4Iq0dB
zbr8Xub5ubfRyfloPgKBNxa9B1rpaBKwJBujwaaithEV0+1earEDF+QhsWcLehz+
Sz8nMFIYmOduUSa7orkkjfUodXJKGYlSpCfK7o7JQy5+kGZLO5cylu+fhqrl894w
NZrK7U+eljmqRi6hjQYmA13rNaz68/0WMqn8D2ZuVVHmUroqSvg59rTjuni77x2Z
Q8O4wnJjU/cw66xTpkNsg3MJSKAhuDU9t25LoSALV7iDs2AD
-----END CERTIFICATE-----