Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/xuOMcKlqzho2OSl8oSkZHbu3lds.roa
File:                     xuOMcKlqzho2OSl8oSkZHbu3lds.roa (raw, json)
Hash identifier:          FHBhnHUJ/nJFWcYPeO/S2I0CZjEkcP14v0AIoekokFw=
Subject key identifier:   C6:E3:8C:70:A9:6A:CE:1A:36:39:29:7C:A1:29:19:1D:BB:B7:95:DB
Certificate issuer:       /CN=5c40454a1b176795f021575347794bd9f04427ac
Certificate serial:       01901279DBEFBABD1629D5AE147BD0BA5426
Authority key identifier: 5C:40:45:4A:1B:17:67:95:F0:21:57:53:47:79:4B:D9:F0:44:27:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/xuOMcKlqzho2OSl8oSkZHbu3lds.roa
Signing time:             Thu 13 Jun 2024 16:41:34 +0000
ROA not before:           Thu 13 Jun 2024 16:41:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214740
IP address blocks:        2001:67c:ebc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:12:79:db:ef:ba:bd:16:29:d5:ae:14:7b:d0:ba:54:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c40454a1b176795f021575347794bd9f04427ac
        Validity
            Not Before: Jun 13 16:41:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6e38c70a96ace1a3639297ca129191dbbb795db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:7f:6d:01:ad:f3:eb:51:ac:0a:6e:6a:39:d3:
                    f8:9e:84:90:c2:7a:ef:aa:92:99:89:7b:6f:a4:1d:
                    f0:5b:13:4d:b0:47:d7:f7:aa:bd:9f:20:3d:2a:81:
                    11:ce:7f:d8:25:00:d0:06:dc:21:75:2f:e0:e7:5f:
                    04:71:75:15:42:00:12:e0:d2:b2:e8:02:6a:10:c4:
                    89:1d:70:49:3d:4a:92:1f:26:c4:c7:98:77:7f:bb:
                    6d:a7:77:dd:1f:93:cd:bd:75:18:e3:b8:ba:77:d3:
                    08:ae:ec:ac:64:f7:c9:c5:a9:a5:66:f3:8b:10:3c:
                    63:89:49:f0:1c:0d:45:85:ee:d0:15:a5:10:9e:ca:
                    47:3e:e2:43:c3:61:89:75:ea:7b:c9:ad:8c:1a:a5:
                    94:50:4d:a5:da:e9:b1:96:98:cd:a6:5b:c0:44:11:
                    76:7d:fc:42:86:b2:b6:48:01:b2:16:e9:13:3f:86:
                    35:c4:b9:bb:dd:10:e2:a9:26:36:a9:5b:6a:b4:25:
                    8c:15:f4:ff:d2:7d:f6:bb:4a:f8:6f:09:56:62:b3:
                    21:04:e3:91:f8:15:3e:f5:42:eb:cb:b8:98:5d:98:
                    52:7e:41:1a:54:d3:cd:9d:5d:35:2c:bd:cb:95:bd:
                    a6:51:78:09:92:dd:94:79:b9:ef:eb:dd:30:bd:5c:
                    72:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:E3:8C:70:A9:6A:CE:1A:36:39:29:7C:A1:29:19:1D:BB:B7:95:DB
            X509v3 Authority Key Identifier:
                keyid:5C:40:45:4A:1B:17:67:95:F0:21:57:53:47:79:4B:D9:F0:44:27:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/xuOMcKlqzho2OSl8oSkZHbu3lds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ebc::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:99:fb:de:f2:fe:2e:2c:ea:b4:22:57:3f:94:82:ac:5b:8e:
         80:5c:fc:d5:e4:70:15:b6:cf:ea:22:4e:84:df:bb:8e:e1:f9:
         44:e2:f9:7f:d8:70:ee:1b:38:10:fb:4a:ec:82:5e:9b:46:6d:
         a2:0e:5a:4a:05:b3:73:a4:7a:e5:9e:b8:d4:03:0b:98:8f:9a:
         28:65:11:37:75:d5:fe:4c:cd:af:be:59:50:88:59:fb:7f:38:
         3e:86:1c:cb:c0:73:46:f6:c1:c9:46:b3:46:f0:aa:e9:65:79:
         70:5f:a0:3f:84:55:de:f9:c6:a3:c8:27:df:c6:36:00:f7:7e:
         c8:c9:26:16:a4:d1:50:fa:72:e9:44:08:c7:f0:e5:52:9d:7b:
         d3:57:c6:86:b5:fb:3b:f2:8e:0a:12:c2:94:a2:93:23:1c:9d:
         00:21:f3:fa:8f:5f:31:1a:07:d4:28:2b:7f:58:36:05:35:5d:
         a3:b5:b1:70:09:76:0e:90:81:6d:06:01:9c:7d:f4:a0:0e:7b:
         4f:17:c9:f6:3d:c7:2a:ec:7c:08:f9:2d:76:4a:c9:cf:c4:26:
         e4:25:5e:d3:fc:21:9d:8e:ff:f8:28:37:9b:81:83:d5:ac:6f:
         e9:3a:4a:92:83:08:c3:1c:b1:df:f5:af:cd:be:1a:c4:b1:42:
         ba:9f:5d:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZASedvvur0WKdWuFHvQulQmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNDA0NTRhMWIxNzY3OTVmMDIxNTc1MzQ3Nzk0YmQ5ZjA0
NDI3YWMwHhcNMjQwNjEzMTY0MTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmUzOGM3MGE5NmFjZTFhMzYzOTI5N2NhMTI5MTkxZGJiYjc5NWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzn9tAa3z61GsCm5qOdP4noSQwnrv
qpKZiXtvpB3wWxNNsEfX96q9nyA9KoERzn/YJQDQBtwhdS/g518EcXUVQgAS4NKy
6AJqEMSJHXBJPUqSHybEx5h3f7ttp3fdH5PNvXUY47i6d9MIruysZPfJxamlZvOL
EDxjiUnwHA1Fhe7QFaUQnspHPuJDw2GJdep7ya2MGqWUUE2l2umxlpjNplvARBF2
ffxChrK2SAGyFukTP4Y1xLm73RDiqSY2qVtqtCWMFfT/0n32u0r4bwlWYrMhBOOR
+BU+9ULry7iYXZhSfkEaVNPNnV01LL3Llb2mUXgJkt2Uebnv690wvVxypwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMbjjHCpas4aNjkpfKEpGR27t5XbMB8GA1UdIwQY
MBaAFFxARUobF2eV8CFXU0d5S9nwRCesMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEVCRlNoc1haNVh3SVZkVFIzbEwyZkJFSjZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8zYzM2N2EtMWY5Yi00YzkyLTg5Nzgt
Y2EwNDQ4ZTdmM2EzLzEveHVPTWNLbHF6aG8yT1NsOG9Ta1pIYnUzbGRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8zYzM2N2EtMWY5Yi00YzkyLTg5NzgtY2EwNDQ4ZTdmM2Ez
LzEvWEVCRlNoc1haNVh3SVZkVFIzbEwyZkJFSjZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA68
MA0GCSqGSIb3DQEBCwUAA4IBAQCPmfve8v4uLOq0Ilc/lIKsW46AXPzV5HAVts/q
Ik6E37uO4flE4vl/2HDuGzgQ+0rsgl6bRm2iDlpKBbNzpHrlnrjUAwuYj5ooZRE3
ddX+TM2vvllQiFn7fzg+hhzLwHNG9sHJRrNG8KrpZXlwX6A/hFXe+cajyCffxjYA
937IySYWpNFQ+nLpRAjH8OVSnXvTV8aGtfs78o4KEsKUopMjHJ0AIfP6j18xGgfU
KCt/WDYFNV2jtbFwCXYOkIFtBgGcffSgDntPF8n2Pccq7HwI+S12SsnPxCbkJV7T
/CGdjv/4KDebgYPVrG/pOkqSgwjDHLHf9a/NvhrEsUK6n12z
-----END CERTIFICATE-----