Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/5b5b3e-b043-4933-a096-503c766b78b3/1/Hk5zO95KQySZrEYrsXEeYR3N9Is.roa
File:                     Hk5zO95KQySZrEYrsXEeYR3N9Is.roa (raw, json)
Hash identifier:          aXXUFtmzgypeCr3mgOIjfdI/Rlrbm5ExAchvP8gsq70=
Subject key identifier:   1E:4E:73:3B:DE:4A:43:24:99:AC:46:2B:B1:71:1E:61:1D:CD:F4:8B
Certificate issuer:       /CN=6615e50f43013c356da097e34d465f2abc494e9d
Certificate serial:       018CC2DB15E49ABEF8D5AA3348B292E7C849
Authority key identifier: 66:15:E5:0F:43:01:3C:35:6D:A0:97:E3:4D:46:5F:2A:BC:49:4E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZhXlD0MBPDVtoJfjTUZfKrxJTp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/5b5b3e-b043-4933-a096-503c766b78b3/1/Hk5zO95KQySZrEYrsXEeYR3N9Is.roa
Signing time:             Mon 01 Jan 2024 02:29:47 +0000
ROA not before:           Mon 01 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     65535
IP address blocks:        2001:67c:2b5c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/5b5b3e-b043-4933-a096-503c766b78b3/1/ZhXlD0MBPDVtoJfjTUZfKrxJTp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/5b5b3e-b043-4933-a096-503c766b78b3/1/ZhXlD0MBPDVtoJfjTUZfKrxJTp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZhXlD0MBPDVtoJfjTUZfKrxJTp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:15:e4:9a:be:f8:d5:aa:33:48:b2:92:e7:c8:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6615e50f43013c356da097e34d465f2abc494e9d
        Validity
            Not Before: Jan  1 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e4e733bde4a432499ac462bb1711e611dcdf48b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:f2:92:7e:de:55:c7:99:c3:20:fd:08:d6:49:
                    bb:5f:f8:16:c2:5f:d3:ad:cb:5f:91:69:1e:79:a1:
                    6c:d2:b1:8b:8b:90:a0:58:31:f5:92:62:f0:ee:5a:
                    53:68:6d:0e:d8:c6:83:1d:15:98:84:cd:6a:9f:40:
                    2f:33:fc:bc:b4:fd:fe:53:6f:54:49:62:02:df:7a:
                    20:94:1f:0e:a8:19:fc:06:ab:60:b3:2d:a6:a2:95:
                    3c:80:e9:a0:a5:f3:1d:d4:e3:d8:ae:29:2b:a2:d9:
                    04:45:51:48:25:2e:a3:10:4d:b2:0e:80:a6:5a:4a:
                    30:dd:89:aa:ce:bc:f3:6b:fa:e2:a5:c8:53:0f:b4:
                    3e:00:0e:5c:f5:e7:57:00:f2:d3:90:05:67:d1:56:
                    5a:a1:8d:63:ce:5d:cd:70:32:5f:a8:10:dd:e5:83:
                    f4:df:42:9e:f7:a0:e2:58:02:16:1f:85:84:b0:da:
                    88:1e:d3:38:7b:04:8b:a3:38:28:94:1b:f2:91:8e:
                    01:05:46:34:71:55:40:67:4d:6c:fc:cd:0e:50:63:
                    8a:8e:ba:3b:c4:5d:1a:c3:5f:81:09:16:cd:8f:57:
                    a6:07:2d:8d:23:15:76:40:b6:d5:07:21:9f:8e:af:
                    7f:9b:be:f3:33:0c:3f:f5:53:87:0b:54:32:75:9a:
                    a1:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:4E:73:3B:DE:4A:43:24:99:AC:46:2B:B1:71:1E:61:1D:CD:F4:8B
            X509v3 Authority Key Identifier:
                keyid:66:15:E5:0F:43:01:3C:35:6D:A0:97:E3:4D:46:5F:2A:BC:49:4E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZhXlD0MBPDVtoJfjTUZfKrxJTp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/5b5b3e-b043-4933-a096-503c766b78b3/1/Hk5zO95KQySZrEYrsXEeYR3N9Is.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/5b5b3e-b043-4933-a096-503c766b78b3/1/ZhXlD0MBPDVtoJfjTUZfKrxJTp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2b5c::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:f6:38:6b:33:e7:30:71:47:f2:65:85:02:fd:b3:80:63:4e:
         39:18:62:c5:81:9a:00:d8:f0:e8:ea:15:f7:0b:40:05:22:ca:
         7d:ce:7f:50:70:a1:dd:f2:e8:7a:99:d6:a8:16:c2:32:84:8e:
         24:c5:99:65:d7:3f:c7:76:82:b2:57:5d:ec:03:90:60:ff:ce:
         2f:7e:e6:c4:6c:51:4e:ea:10:5a:11:0e:0e:18:22:fe:e7:06:
         86:c3:33:c8:ee:bd:48:86:6e:69:66:68:d6:e3:e1:06:68:57:
         69:64:9c:f7:96:ae:ad:30:be:ac:7f:50:83:d5:67:d4:b0:e9:
         4b:b6:49:3d:d6:09:e9:7f:14:41:eb:f6:13:f7:be:25:a8:5c:
         c1:13:bf:97:57:63:40:26:7e:ec:96:ad:85:6e:71:fd:f2:95:
         8d:f4:83:cb:a4:8c:28:49:49:3b:54:52:19:e8:75:65:76:22:
         5c:c0:6d:bd:ed:a8:f6:0c:69:01:8e:f9:fb:9f:05:ce:9a:b8:
         6f:a3:2f:bf:bf:01:59:76:85:77:bf:43:94:0a:a1:ff:9d:d0:
         26:9b:2d:2f:b9:94:68:ea:db:5b:9b:91:27:01:94:5a:7f:77:
         4f:e0:85:2c:28:b6:72:be:7a:e6:bc:45:3c:e9:91:6d:36:f1:
         b4:5b:ae:a3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2xXkmr741aozSLKS58hJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MTVlNTBmNDMwMTNjMzU2ZGEwOTdlMzRkNDY1ZjJhYmM0
OTRlOWQwHhcNMjQwMTAxMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTRlNzMzYmRlNGE0MzI0OTlhYzQ2MmJiMTcxMWU2MTFkY2RmNDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4/KSft5Vx5nDIP0I1km7X/gWwl/T
rctfkWkeeaFs0rGLi5CgWDH1kmLw7lpTaG0O2MaDHRWYhM1qn0AvM/y8tP3+U29U
SWIC33oglB8OqBn8Bqtgsy2mopU8gOmgpfMd1OPYrikrotkERVFIJS6jEE2yDoCm
Wkow3Ymqzrzza/ripchTD7Q+AA5c9edXAPLTkAVn0VZaoY1jzl3NcDJfqBDd5YP0
30Ke96DiWAIWH4WEsNqIHtM4ewSLozgolBvykY4BBUY0cVVAZ01s/M0OUGOKjro7
xF0aw1+BCRbNj1emBy2NIxV2QLbVByGfjq9/m77zMww/9VOHC1QydZqh5wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB5OczveSkMkmaxGK7FxHmEdzfSLMB8GA1UdIwQY
MBaAFGYV5Q9DATw1baCX401GXyq8SU6dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmhYbEQwTUJQRFZ0b0pmalRVWmZLcnhKVHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS81YjViM2UtYjA0My00OTMzLWEwOTYt
NTAzYzc2NmI3OGIzLzEvSGs1ek85NUtReVNackVZcnNYRWVZUjNOOUlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS81YjViM2UtYjA0My00OTMzLWEwOTYtNTAzYzc2NmI3OGIz
LzEvWmhYbEQwTUJQRFZ0b0pmalRVWmZLcnhKVHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCtc
MA0GCSqGSIb3DQEBCwUAA4IBAQB79jhrM+cwcUfyZYUC/bOAY045GGLFgZoA2PDo
6hX3C0AFIsp9zn9QcKHd8uh6mdaoFsIyhI4kxZll1z/HdoKyV13sA5Bg/84vfubE
bFFO6hBaEQ4OGCL+5waGwzPI7r1Ihm5pZmjW4+EGaFdpZJz3lq6tML6sf1CD1WfU
sOlLtkk91gnpfxRB6/YT974lqFzBE7+XV2NAJn7slq2FbnH98pWN9IPLpIwoSUk7
VFIZ6HVldiJcwG297aj2DGkBjvn7nwXOmrhvoy+/vwFZdoV3v0OUCqH/ndAmmy0v
uZRo6ttbm5EnAZRaf3dP4IUsKLZyvnrmvEU86ZFtNvG0W66j
-----END CERTIFICATE-----