Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/45df63-95f0-4254-8c9b-b223c72a5593/1/64vfCO4QFqKJ5KmJXi_HetaFXVc.roa
File:                     64vfCO4QFqKJ5KmJXi_HetaFXVc.roa (raw, json)
Hash identifier:          6ezupoKrftKHi8nkJOdbuFxPjzDU+lBEdzROrTkFqrs=
Subject key identifier:   EB:8B:DF:08:EE:10:16:A2:89:E4:A9:89:5E:2F:C7:7A:D6:85:5D:57
Certificate issuer:       /CN=5448b9d5b85171f7264238b27a0306c56cfb6b4f
Certificate serial:       018CC7260436E966738D746CDF6BCC41F959
Authority key identifier: 54:48:B9:D5:B8:51:71:F7:26:42:38:B2:7A:03:06:C5:6C:FB:6B:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VEi51bhRcfcmQjiyegMGxWz7a08.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/45df63-95f0-4254-8c9b-b223c72a5593/1/64vfCO4QFqKJ5KmJXi_HetaFXVc.roa
Signing time:             Mon 01 Jan 2024 22:30:06 +0000
ROA not before:           Mon 01 Jan 2024 22:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35332
IP address blocks:        2001:678:5b4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/45df63-95f0-4254-8c9b-b223c72a5593/1/VEi51bhRcfcmQjiyegMGxWz7a08.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/45df63-95f0-4254-8c9b-b223c72a5593/1/VEi51bhRcfcmQjiyegMGxWz7a08.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VEi51bhRcfcmQjiyegMGxWz7a08.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:04:36:e9:66:73:8d:74:6c:df:6b:cc:41:f9:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5448b9d5b85171f7264238b27a0306c56cfb6b4f
        Validity
            Not Before: Jan  1 22:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb8bdf08ee1016a289e4a9895e2fc77ad6855d57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:20:12:61:b0:e1:49:dd:0b:70:f7:86:bb:34:
                    ed:59:65:d7:33:05:c5:51:ad:f7:d7:2d:26:b2:fd:
                    10:a7:1a:68:2f:e3:fc:ab:d6:73:fd:6e:61:fc:a3:
                    f3:46:28:b5:ba:1c:f8:13:6b:b7:a8:d3:08:c7:4e:
                    cc:52:03:28:00:93:d9:7d:8b:a9:51:04:71:70:a9:
                    35:5e:14:73:15:8a:6f:01:f9:94:5c:e2:b4:82:b2:
                    0b:b9:3f:38:ba:50:8c:42:11:03:bb:ad:14:fb:96:
                    a6:b3:5b:ec:ad:81:ac:0e:83:ab:56:8a:b8:c4:5c:
                    e8:ce:2e:4d:e0:b2:0d:31:73:e9:c0:7f:c6:3d:db:
                    66:09:9b:c1:11:7e:ac:f7:67:5e:7e:de:25:88:68:
                    f2:e0:f1:a9:2d:5c:c6:36:1f:07:76:f0:48:56:60:
                    f8:0d:8c:0a:53:75:02:2b:76:f0:73:e7:ea:ee:1b:
                    87:bc:f9:d1:dc:3c:26:62:44:57:a2:bb:c1:00:f0:
                    37:e7:4c:f1:61:db:2d:f1:a2:a3:fe:b4:5a:79:fe:
                    fb:52:f7:29:5c:1e:b4:3e:14:d0:92:d1:8c:5f:a4:
                    09:a9:1c:7b:85:f7:46:86:e6:a2:f4:94:94:58:86:
                    17:3f:7b:5e:2f:00:d8:05:0f:50:ff:9c:1e:aa:47:
                    ab:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:8B:DF:08:EE:10:16:A2:89:E4:A9:89:5E:2F:C7:7A:D6:85:5D:57
            X509v3 Authority Key Identifier:
                keyid:54:48:B9:D5:B8:51:71:F7:26:42:38:B2:7A:03:06:C5:6C:FB:6B:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VEi51bhRcfcmQjiyegMGxWz7a08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/45df63-95f0-4254-8c9b-b223c72a5593/1/64vfCO4QFqKJ5KmJXi_HetaFXVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/45df63-95f0-4254-8c9b-b223c72a5593/1/VEi51bhRcfcmQjiyegMGxWz7a08.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:5b4::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:d8:99:34:98:5f:c7:a3:df:ec:f5:8c:84:15:bb:e0:16:0e:
         8b:18:66:8f:27:08:a0:83:36:30:08:fe:de:79:51:75:56:5b:
         eb:18:8a:94:a9:f7:86:22:76:fc:11:c9:d3:5b:ee:c1:63:38:
         3c:ea:b2:2f:0c:62:06:c8:f2:4a:49:8e:ee:0e:b2:3d:07:83:
         5a:18:10:e5:a4:ff:89:02:20:67:fb:08:bc:47:c2:98:5c:59:
         66:b1:87:52:bc:58:1a:df:cd:d1:ee:74:1c:ac:16:84:8e:b3:
         37:2a:bc:97:74:0a:5b:2b:f7:14:26:8e:2a:d1:0f:0b:62:19:
         f1:ec:6b:14:c8:09:2d:cc:13:bf:98:8d:93:5f:49:1a:f4:33:
         9e:17:cb:08:14:5f:7f:11:30:83:83:96:85:e6:14:90:96:89:
         d7:87:18:11:93:30:17:c3:f0:84:74:8f:ff:13:3a:dc:60:cd:
         0e:d5:c1:ee:b0:a5:1d:ca:45:09:6b:b4:0c:e8:c5:b9:d6:9a:
         de:d5:10:e6:82:d7:2c:a0:65:bf:36:ac:4e:0c:96:da:56:e8:
         7e:7c:f5:46:ea:26:ae:e8:d3:90:ad:a9:d6:45:95:06:6a:80:
         87:ca:18:fb:d3:37:08:d2:88:5e:02:5a:11:9d:28:d0:e1:ff:
         f0:f3:77:65
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJgQ26WZzjXRs32vMQflZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NDhiOWQ1Yjg1MTcxZjcyNjQyMzhiMjdhMDMwNmM1NmNm
YjZiNGYwHhcNMjQwMTAxMjIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjhiZGYwOGVlMTAxNmEyODllNGE5ODk1ZTJmYzc3YWQ2ODU1ZDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSASYbDhSd0LcPeGuzTtWWXXMwXF
Ua331y0msv0QpxpoL+P8q9Zz/W5h/KPzRii1uhz4E2u3qNMIx07MUgMoAJPZfYup
UQRxcKk1XhRzFYpvAfmUXOK0grILuT84ulCMQhEDu60U+5ams1vsrYGsDoOrVoq4
xFzozi5N4LINMXPpwH/GPdtmCZvBEX6s92deft4liGjy4PGpLVzGNh8HdvBIVmD4
DYwKU3UCK3bwc+fq7huHvPnR3DwmYkRXorvBAPA350zxYdst8aKj/rRaef77Uvcp
XB60PhTQktGMX6QJqRx7hfdGhuai9JSUWIYXP3teLwDYBQ9Q/5weqkeraQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOuL3wjuEBaiieSpiV4vx3rWhV1XMB8GA1UdIwQY
MBaAFFRIudW4UXH3JkI4snoDBsVs+2tPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkVpNTFiaFJjZmNtUWppeWVnTUd4V3o3YTA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi80NWRmNjMtOTVmMC00MjU0LThjOWIt
YjIyM2M3MmE1NTkzLzEvNjR2ZkNPNFFGcUtKNUttSlhpX0hldGFGWFZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi80NWRmNjMtOTVmMC00MjU0LThjOWItYjIyM2M3MmE1NTkz
LzEvVkVpNTFiaFJjZmNtUWppeWVnTUd4V3o3YTA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAW0
MA0GCSqGSIb3DQEBCwUAA4IBAQBZ2Jk0mF/Ho9/s9YyEFbvgFg6LGGaPJwiggzYw
CP7eeVF1VlvrGIqUqfeGInb8EcnTW+7BYzg86rIvDGIGyPJKSY7uDrI9B4NaGBDl
pP+JAiBn+wi8R8KYXFlmsYdSvFga383R7nQcrBaEjrM3KryXdApbK/cUJo4q0Q8L
Yhnx7GsUyAktzBO/mI2TX0ka9DOeF8sIFF9/ETCDg5aF5hSQlonXhxgRkzAXw/CE
dI//EzrcYM0O1cHusKUdykUJa7QM6MW51pre1RDmgtcsoGW/NqxODJbaVuh+fPVG
6iau6NOQranWRZUGaoCHyhj70zcI0oheAloRnSjQ4f/w83dl
-----END CERTIFICATE-----