Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/BRoBNYlg3978YCx_e-5I8FnmWaM.roa
File:                     BRoBNYlg3978YCx_e-5I8FnmWaM.roa (raw, json)
Hash identifier:          HEeK0l2r34NrM0OcIvolOBxnZ1zdiKkQt11Sl65JE+Y=
Subject key identifier:   05:1A:01:35:89:60:DF:DE:FC:60:2C:7F:7B:EE:48:F0:59:E6:59:A3
Certificate issuer:       /CN=5f0fd90d987297cb5dd4e07be840d280d1e2cc4a
Certificate serial:       018CC49230689B2844ED513C7F7DC442989F
Authority key identifier: 5F:0F:D9:0D:98:72:97:CB:5D:D4:E0:7B:E8:40:D2:80:D1:E2:CC:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xw_ZDZhyl8td1OB76EDSgNHizEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/BRoBNYlg3978YCx_e-5I8FnmWaM.roa
Signing time:             Mon 01 Jan 2024 10:29:24 +0000
ROA not before:           Mon 01 Jan 2024 10:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60802
IP address blocks:        2001:67c:bcc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/Xw_ZDZhyl8td1OB76EDSgNHizEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/Xw_ZDZhyl8td1OB76EDSgNHizEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xw_ZDZhyl8td1OB76EDSgNHizEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:30:68:9b:28:44:ed:51:3c:7f:7d:c4:42:98:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f0fd90d987297cb5dd4e07be840d280d1e2cc4a
        Validity
            Not Before: Jan  1 10:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=051a01358960dfdefc602c7f7bee48f059e659a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:77:f4:f4:b8:7a:a8:f1:c9:c4:d2:7d:84:2d:
                    ac:20:96:53:99:69:60:15:b5:31:26:ab:a9:e0:31:
                    62:8f:c9:4b:1c:30:78:77:b7:02:f5:c1:00:af:fb:
                    ee:0f:20:76:4a:98:58:f8:07:3f:6f:77:db:46:15:
                    78:a3:6d:d8:a4:dc:63:20:0b:85:f7:e0:ca:b4:6c:
                    f6:e1:ad:dd:15:e2:a0:2f:f6:a5:88:9b:fc:c7:ea:
                    b2:6a:5d:5f:67:5f:c8:95:ae:b5:38:10:0a:af:e0:
                    ea:88:0b:4e:8d:fb:13:cf:d3:7a:a4:13:3d:75:79:
                    8b:3f:1a:8b:d0:e6:7b:22:4d:82:0a:2e:9d:e1:95:
                    b0:3b:e0:10:d1:f5:b7:a7:71:b6:c6:fa:48:79:13:
                    eb:06:ba:fa:de:c9:f9:6a:b7:b0:4c:0e:c0:a4:f9:
                    3d:70:c3:89:2e:e1:af:c0:54:d9:5e:4e:b8:f6:7f:
                    38:b6:d5:da:68:5b:e9:ae:ce:1f:ce:e3:c9:62:12:
                    b5:ad:af:cc:7d:a6:f7:4d:96:08:ac:4d:e7:4a:36:
                    97:7f:ea:af:cf:a8:29:61:15:4d:fa:ef:ea:d5:96:
                    9b:34:c6:52:63:3b:4d:c0:a3:79:d4:61:b5:df:46:
                    23:6b:97:d4:81:2b:c5:20:09:c6:92:2b:ac:33:71:
                    f3:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:1A:01:35:89:60:DF:DE:FC:60:2C:7F:7B:EE:48:F0:59:E6:59:A3
            X509v3 Authority Key Identifier:
                keyid:5F:0F:D9:0D:98:72:97:CB:5D:D4:E0:7B:E8:40:D2:80:D1:E2:CC:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xw_ZDZhyl8td1OB76EDSgNHizEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/BRoBNYlg3978YCx_e-5I8FnmWaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/Xw_ZDZhyl8td1OB76EDSgNHizEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:bcc::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:ea:32:1f:59:db:7a:cd:5e:25:12:b4:7b:75:9f:f0:b3:db:
         2b:a7:1d:21:7a:47:ee:62:10:73:4d:04:04:99:ee:ae:a0:c7:
         4f:98:fd:ab:0c:66:ee:7a:40:6b:1b:86:a1:bf:6d:f2:a4:d4:
         69:d3:47:31:60:88:f8:04:b9:1a:89:93:47:65:c8:2e:91:67:
         37:9a:35:27:0c:0c:da:b3:73:06:93:2f:24:09:9c:bf:da:6f:
         ed:97:66:50:bf:26:3a:39:c2:71:e0:d4:db:53:41:96:45:c9:
         43:58:71:b7:bb:49:04:7a:c3:8e:3a:e8:d9:30:5a:75:26:e6:
         d7:56:f1:b9:c5:83:5f:92:14:78:25:18:70:95:95:df:7a:8a:
         6c:89:28:21:51:2d:10:19:48:93:06:5a:0f:c8:7b:e5:dd:17:
         1e:51:90:99:05:5c:7b:01:d0:7f:6b:f2:68:bb:e8:42:59:b2:
         41:4d:af:a8:02:a5:8c:94:c8:a1:62:00:0b:f7:8b:90:6a:4c:
         2b:0b:a0:ec:71:fb:f8:5f:bb:2f:ec:e4:22:9b:4d:5b:e9:37:
         7c:ec:c7:38:f9:b9:96:20:54:48:03:c3:80:bd:49:dd:5f:7e:
         0b:83:ce:7e:0f:98:d1:29:9d:d7:58:95:24:f3:63:52:1e:03:
         77:df:7f:38
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkjBomyhE7VE8f33EQpifMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMGZkOTBkOTg3Mjk3Y2I1ZGQ0ZTA3YmU4NDBkMjgwZDFl
MmNjNGEwHhcNMjQwMTAxMTAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTFhMDEzNTg5NjBkZmRlZmM2MDJjN2Y3YmVlNDhmMDU5ZTY1OWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3f09Lh6qPHJxNJ9hC2sIJZTmWlg
FbUxJqup4DFij8lLHDB4d7cC9cEAr/vuDyB2SphY+Ac/b3fbRhV4o23YpNxjIAuF
9+DKtGz24a3dFeKgL/aliJv8x+qyal1fZ1/Ila61OBAKr+DqiAtOjfsTz9N6pBM9
dXmLPxqL0OZ7Ik2CCi6d4ZWwO+AQ0fW3p3G2xvpIeRPrBrr63sn5arewTA7ApPk9
cMOJLuGvwFTZXk649n84ttXaaFvprs4fzuPJYhK1ra/Mfab3TZYIrE3nSjaXf+qv
z6gpYRVN+u/q1ZabNMZSYztNwKN51GG130Yja5fUgSvFIAnGkiusM3HzyQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAUaATWJYN/e/GAsf3vuSPBZ5lmjMB8GA1UdIwQY
MBaAFF8P2Q2YcpfLXdTge+hA0oDR4sxKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHdfWkRaaHlsOHRkMU9CNzZFRFNnTkhpekVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mNjZjYTktM2JkYy00Mjk0LWFkNjIt
N2JjZWZhOWY1OWU4LzEvQlJvQk5ZbGczOTc4WUN4X2UtNUk4Rm5tV2FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mNjZjYTktM2JkYy00Mjk0LWFkNjItN2JjZWZhOWY1OWU4
LzEvWHdfWkRaaHlsOHRkMU9CNzZFRFNnTkhpekVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAvM
MA0GCSqGSIb3DQEBCwUAA4IBAQAm6jIfWdt6zV4lErR7dZ/ws9srpx0hekfuYhBz
TQQEme6uoMdPmP2rDGbuekBrG4ahv23ypNRp00cxYIj4BLkaiZNHZcgukWc3mjUn
DAzas3MGky8kCZy/2m/tl2ZQvyY6OcJx4NTbU0GWRclDWHG3u0kEesOOOujZMFp1
JubXVvG5xYNfkhR4JRhwlZXfeopsiSghUS0QGUiTBloPyHvl3RceUZCZBVx7AdB/
a/Jou+hCWbJBTa+oAqWMlMihYgAL94uQakwrC6Dscfv4X7sv7OQim01b6Td87Mc4
+bmWIFRIA8OAvUndX34Lg85+D5jRKZ3XWJUk82NSHgN33384
-----END CERTIFICATE-----