Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/DeWbMk4m-8MrAtYfkM3QTnAj9js.roa
File:                     DeWbMk4m-8MrAtYfkM3QTnAj9js.roa (raw, json)
Hash identifier:          kj8fhkIQJDHBcH4bws3yRyeh6fAzRCeWRhMs7TtwO9I=
Subject key identifier:   0D:E5:9B:32:4E:26:FB:C3:2B:02:D6:1F:90:CD:D0:4E:70:23:F6:3B
Certificate issuer:       /CN=5f0fd90d987297cb5dd4e07be840d280d1e2cc4a
Certificate serial:       018CC4922FCD22343FC4DB22AF1C30D20C2C
Authority key identifier: 5F:0F:D9:0D:98:72:97:CB:5D:D4:E0:7B:E8:40:D2:80:D1:E2:CC:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xw_ZDZhyl8td1OB76EDSgNHizEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/DeWbMk4m-8MrAtYfkM3QTnAj9js.roa
Signing time:             Mon 01 Jan 2024 10:29:24 +0000
ROA not before:           Mon 01 Jan 2024 10:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58057
IP address blocks:        2001:67c:bd4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/Xw_ZDZhyl8td1OB76EDSgNHizEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/Xw_ZDZhyl8td1OB76EDSgNHizEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xw_ZDZhyl8td1OB76EDSgNHizEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:2f:cd:22:34:3f:c4:db:22:af:1c:30:d2:0c:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f0fd90d987297cb5dd4e07be840d280d1e2cc4a
        Validity
            Not Before: Jan  1 10:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0de59b324e26fbc32b02d61f90cdd04e7023f63b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:32:21:d1:5b:1b:67:17:7c:f1:1a:7c:9c:db:
                    b4:4b:ef:d9:f8:ec:47:20:c2:65:b2:56:da:61:88:
                    66:f2:34:0a:34:f8:5e:83:28:43:c1:0a:87:28:2d:
                    e8:f8:18:9b:d1:3b:56:7f:39:48:ec:b3:4b:c7:67:
                    54:fe:da:24:14:54:11:41:08:00:41:79:12:a6:f9:
                    0d:59:78:69:17:76:86:4a:61:52:05:6c:e4:42:45:
                    c3:a6:57:7d:7b:23:5b:27:5a:b1:6a:90:db:3b:81:
                    04:29:a1:ee:76:2f:7a:92:14:f2:06:97:97:68:3c:
                    ae:43:2a:2f:2e:3b:67:af:46:91:a6:3e:18:3e:a0:
                    2f:75:b8:e8:cc:1e:1e:fd:a8:79:b3:db:1c:f1:3e:
                    2c:ce:2a:a3:2b:0d:47:b2:4f:c6:28:f5:5f:cd:28:
                    22:e7:3c:e3:f8:44:38:70:66:f7:0e:5c:51:02:c1:
                    1d:a0:1f:2e:ef:6d:09:a7:a2:50:29:4f:a3:d9:1c:
                    12:d3:ac:cd:1f:67:85:9f:61:81:4b:d1:ea:f3:cb:
                    9c:61:55:fd:c0:85:c4:8c:71:06:dd:c2:a7:94:17:
                    45:cd:4d:a2:a9:69:0d:04:bf:82:80:a7:26:9d:5a:
                    4e:bd:57:f0:36:b6:5e:65:cb:a0:9f:b1:c8:d8:64:
                    b7:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:E5:9B:32:4E:26:FB:C3:2B:02:D6:1F:90:CD:D0:4E:70:23:F6:3B
            X509v3 Authority Key Identifier:
                keyid:5F:0F:D9:0D:98:72:97:CB:5D:D4:E0:7B:E8:40:D2:80:D1:E2:CC:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xw_ZDZhyl8td1OB76EDSgNHizEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/DeWbMk4m-8MrAtYfkM3QTnAj9js.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/Xw_ZDZhyl8td1OB76EDSgNHizEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:bd4::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:47:9a:3b:7d:9d:31:2c:46:29:d5:85:e7:1f:f1:52:72:34:
         8b:59:db:06:f9:4c:c9:1b:7c:07:dd:28:6f:71:50:dc:1a:f9:
         85:8c:6f:5f:88:17:df:25:24:39:36:11:fa:d7:ad:6c:7d:8a:
         28:b5:79:be:19:18:be:04:ee:ef:c3:a7:8c:d9:fb:71:fa:ed:
         f1:21:b5:75:aa:85:42:2d:7d:ad:8a:04:32:34:27:e2:f5:6a:
         70:f8:c8:64:41:24:12:08:cd:30:aa:8c:9c:c6:60:35:00:e3:
         1a:3d:64:d8:8d:44:b1:e8:15:61:bf:88:5d:47:37:ab:55:23:
         94:21:f4:91:27:29:82:f4:fd:98:e8:f5:ce:18:56:94:69:b1:
         6f:33:4c:3d:37:c6:60:dc:92:d7:18:68:8c:36:c0:0c:6b:2c:
         e9:dd:92:8b:fb:ec:27:59:11:1e:1b:a3:7f:9c:6a:1a:19:de:
         2f:4c:39:34:19:f4:39:e4:07:2f:4c:e4:d2:ce:92:0e:b0:22:
         4c:d7:3d:a0:78:ff:28:c0:a1:ed:80:e2:f3:4c:0d:b9:e8:5f:
         a9:33:13:60:0b:09:07:0e:2f:95:04:fa:a6:8c:e0:7f:49:33:
         2e:46:07:6e:f9:37:47:b4:e6:c9:e9:ca:04:8d:38:57:2e:73:
         7c:41:a6:b4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEki/NIjQ/xNsirxww0gwsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMGZkOTBkOTg3Mjk3Y2I1ZGQ0ZTA3YmU4NDBkMjgwZDFl
MmNjNGEwHhcNMjQwMTAxMTAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGU1OWIzMjRlMjZmYmMzMmIwMmQ2MWY5MGNkZDA0ZTcwMjNmNjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4DIh0VsbZxd88Rp8nNu0S+/Z+OxH
IMJlslbaYYhm8jQKNPhegyhDwQqHKC3o+Bib0TtWfzlI7LNLx2dU/tokFFQRQQgA
QXkSpvkNWXhpF3aGSmFSBWzkQkXDpld9eyNbJ1qxapDbO4EEKaHudi96khTyBpeX
aDyuQyovLjtnr0aRpj4YPqAvdbjozB4e/ah5s9sc8T4sziqjKw1Hsk/GKPVfzSgi
5zzj+EQ4cGb3DlxRAsEdoB8u720Jp6JQKU+j2RwS06zNH2eFn2GBS9Hq88ucYVX9
wIXEjHEG3cKnlBdFzU2iqWkNBL+CgKcmnVpOvVfwNrZeZcugn7HI2GS3YQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA3lmzJOJvvDKwLWH5DN0E5wI/Y7MB8GA1UdIwQY
MBaAFF8P2Q2YcpfLXdTge+hA0oDR4sxKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHdfWkRaaHlsOHRkMU9CNzZFRFNnTkhpekVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mNjZjYTktM2JkYy00Mjk0LWFkNjIt
N2JjZWZhOWY1OWU4LzEvRGVXYk1rNG0tOE1yQXRZZmtNM1FUbkFqOWpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mNjZjYTktM2JkYy00Mjk0LWFkNjItN2JjZWZhOWY1OWU4
LzEvWHdfWkRaaHlsOHRkMU9CNzZFRFNnTkhpekVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAvU
MA0GCSqGSIb3DQEBCwUAA4IBAQASR5o7fZ0xLEYp1YXnH/FScjSLWdsG+UzJG3wH
3ShvcVDcGvmFjG9fiBffJSQ5NhH6161sfYootXm+GRi+BO7vw6eM2ftx+u3xIbV1
qoVCLX2tigQyNCfi9Wpw+MhkQSQSCM0wqoycxmA1AOMaPWTYjUSx6BVhv4hdRzer
VSOUIfSRJymC9P2Y6PXOGFaUabFvM0w9N8Zg3JLXGGiMNsAMayzp3ZKL++wnWREe
G6N/nGoaGd4vTDk0GfQ55AcvTOTSzpIOsCJM1z2geP8owKHtgOLzTA256F+pMxNg
CwkHDi+VBPqmjOB/STMuRgdu+TdHtObJ6coEjThXLnN8Qaa0
-----END CERTIFICATE-----