Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/f5fc76-5016-4968-829b-473045a93a05/1/d0l7MhvPMfAItope1CbYNF1_bMQ.roa
File:                     d0l7MhvPMfAItope1CbYNF1_bMQ.roa (raw, json)
Hash identifier:          HQBk3mHYK1odSOCpFer6sYv30K4VVLNhZdtGtQLU2/4=
Subject key identifier:   77:49:7B:32:1B:CF:31:F0:08:B6:8A:5E:D4:26:D8:34:5D:7F:6C:C4
Certificate issuer:       /CN=bcf5463680d14b64586b1d5b465663bcb577e693
Certificate serial:       018CC79368EA5BEB2E671573B9528BC08540
Authority key identifier: BC:F5:46:36:80:D1:4B:64:58:6B:1D:5B:46:56:63:BC:B5:77:E6:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vPVGNoDRS2RYax1bRlZjvLV35pM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/f5fc76-5016-4968-829b-473045a93a05/1/d0l7MhvPMfAItope1CbYNF1_bMQ.roa
Signing time:             Tue 02 Jan 2024 00:29:35 +0000
ROA not before:           Tue 02 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198463
IP address blocks:        2001:67c:2d04::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/f5fc76-5016-4968-829b-473045a93a05/1/vPVGNoDRS2RYax1bRlZjvLV35pM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/f5fc76-5016-4968-829b-473045a93a05/1/vPVGNoDRS2RYax1bRlZjvLV35pM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vPVGNoDRS2RYax1bRlZjvLV35pM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:68:ea:5b:eb:2e:67:15:73:b9:52:8b:c0:85:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcf5463680d14b64586b1d5b465663bcb577e693
        Validity
            Not Before: Jan  2 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77497b321bcf31f008b68a5ed426d8345d7f6cc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:dc:21:9b:42:98:c6:33:f1:03:ce:2d:fa:c0:
                    e4:8d:e2:35:f0:d3:d1:ef:e6:9d:00:04:c9:e8:5b:
                    d1:d1:b6:3f:74:40:41:16:e6:af:e2:ca:c7:2b:67:
                    d2:d4:e1:2b:67:57:de:05:d1:31:57:13:d7:fb:53:
                    d1:33:93:ac:16:ed:3f:8f:0d:dc:4c:bc:4c:7e:8d:
                    72:a6:82:4b:f2:76:ef:14:5a:f9:25:94:49:39:7d:
                    28:60:a9:43:48:02:68:2b:b8:a5:97:c0:a5:a9:db:
                    f6:26:f0:da:a1:c5:97:50:ce:3b:f5:74:89:5e:65:
                    d3:29:7a:fe:36:12:65:4d:15:33:b5:dc:b8:1d:fe:
                    5c:1e:51:32:21:28:da:e9:3f:63:47:62:7d:6b:df:
                    b1:e9:68:36:ba:eb:0e:87:ea:3e:7b:8f:fc:16:82:
                    de:f1:e5:80:9e:37:0a:a4:58:cf:1c:de:6a:47:6a:
                    10:bb:47:1e:30:a9:68:fc:94:83:e5:5d:29:aa:81:
                    1e:05:f7:50:6c:77:c7:a8:68:7a:8b:6c:4b:82:e9:
                    d7:1a:e8:71:8b:15:0a:81:26:92:27:3f:d6:1b:4f:
                    bf:6b:94:8a:8b:46:78:da:17:73:aa:6c:de:74:b4:
                    aa:0a:04:85:e0:2c:60:34:fe:0c:0e:3a:f4:5a:0f:
                    43:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:49:7B:32:1B:CF:31:F0:08:B6:8A:5E:D4:26:D8:34:5D:7F:6C:C4
            X509v3 Authority Key Identifier:
                keyid:BC:F5:46:36:80:D1:4B:64:58:6B:1D:5B:46:56:63:BC:B5:77:E6:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vPVGNoDRS2RYax1bRlZjvLV35pM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/f5fc76-5016-4968-829b-473045a93a05/1/d0l7MhvPMfAItope1CbYNF1_bMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/f5fc76-5016-4968-829b-473045a93a05/1/vPVGNoDRS2RYax1bRlZjvLV35pM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2d04::/48

    Signature Algorithm: sha256WithRSAEncryption
         b8:a8:43:b0:94:1f:de:ae:6c:d2:0e:dc:c6:52:d1:d6:e6:ef:
         8c:81:9a:e8:26:a8:85:63:d2:07:dc:5c:d7:ef:6c:a6:a6:01:
         50:2e:6f:1b:35:d0:4b:a8:21:08:01:77:2d:d6:35:6f:e4:d4:
         ec:77:ab:8f:69:ca:43:e0:f4:f6:d6:5c:0b:46:d4:99:1e:97:
         54:fa:13:09:c5:cd:30:5d:eb:bf:fb:3c:22:c3:98:5e:2d:1c:
         f0:ed:fc:c5:34:c7:25:74:78:55:c0:45:56:42:a2:6b:97:6d:
         2d:0f:22:6d:86:bb:a8:76:35:79:28:a9:75:0e:b2:eb:6e:e3:
         18:a3:0d:d9:a2:30:32:c9:4e:91:66:8e:d5:ac:44:2d:1d:1b:
         18:a2:34:ee:2a:fc:fe:27:80:3f:b5:e1:66:77:c0:7c:65:e7:
         95:57:bb:0e:b1:3b:2b:a6:96:e3:6b:79:db:48:f0:00:42:45:
         35:46:2a:0b:80:c9:aa:cc:ec:6b:b0:24:9f:25:7e:79:9c:19:
         e5:a6:91:74:d9:4b:7a:1d:25:77:89:22:14:b7:d8:7c:db:bd:
         90:25:dd:55:8a:e6:f8:a9:57:b4:13:50:09:81:8f:00:1c:79:
         b1:42:ba:65:18:4a:48:60:32:c8:e8:80:e4:b2:de:ad:97:35:
         64:02:a7:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHk2jqW+suZxVzuVKLwIVAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZjU0NjM2ODBkMTRiNjQ1ODZiMWQ1YjQ2NTY2M2JjYjU3
N2U2OTMwHhcNMjQwMTAyMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzQ5N2IzMjFiY2YzMWYwMDhiNjhhNWVkNDI2ZDgzNDVkN2Y2Y2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNwhm0KYxjPxA84t+sDkjeI18NPR
7+adAATJ6FvR0bY/dEBBFuav4srHK2fS1OErZ1feBdExVxPX+1PRM5OsFu0/jw3c
TLxMfo1ypoJL8nbvFFr5JZRJOX0oYKlDSAJoK7ill8Clqdv2JvDaocWXUM479XSJ
XmXTKXr+NhJlTRUztdy4Hf5cHlEyISja6T9jR2J9a9+x6Wg2uusOh+o+e4/8FoLe
8eWAnjcKpFjPHN5qR2oQu0ceMKlo/JSD5V0pqoEeBfdQbHfHqGh6i2xLgunXGuhx
ixUKgSaSJz/WG0+/a5SKi0Z42hdzqmzedLSqCgSF4CxgNP4MDjr0Wg9DAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHdJezIbzzHwCLaKXtQm2DRdf2zEMB8GA1UdIwQY
MBaAFLz1RjaA0UtkWGsdW0ZWY7y1d+aTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlBWR05vRFJTMlJZYXgxYlJsWmp2TFYzNXBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9mNWZjNzYtNTAxNi00OTY4LTgyOWIt
NDczMDQ1YTkzYTA1LzEvZDBsN01odlBNZkFJdG9wZTFDYllORjFfYk1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9mNWZjNzYtNTAxNi00OTY4LTgyOWItNDczMDQ1YTkzYTA1
LzEvdlBWR05vRFJTMlJZYXgxYlJsWmp2TFYzNXBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC0E
MA0GCSqGSIb3DQEBCwUAA4IBAQC4qEOwlB/ermzSDtzGUtHW5u+MgZroJqiFY9IH
3FzX72ympgFQLm8bNdBLqCEIAXct1jVv5NTsd6uPacpD4PT21lwLRtSZHpdU+hMJ
xc0wXeu/+zwiw5heLRzw7fzFNMcldHhVwEVWQqJrl20tDyJthruodjV5KKl1DrLr
buMYow3ZojAyyU6RZo7VrEQtHRsYojTuKvz+J4A/teFmd8B8ZeeVV7sOsTsrppbj
a3nbSPAAQkU1RioLgMmqzOxrsCSfJX55nBnlppF02Ut6HSV3iSIUt9h8272QJd1V
iub4qVe0E1AJgY8AHHmxQrplGEpIYDLI6IDkst6tlzVkAqfE
-----END CERTIFICATE-----