Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/a155c9-13e2-4b28-b682-47ea3f874355/1/_V7NTMgzNfPhsHNhp-PEZlkKWGk.roa
File:                     _V7NTMgzNfPhsHNhp-PEZlkKWGk.roa (raw, json)
Hash identifier:          sWfdtkwSFJw8iXpJCLpXtjDP4k7x3+LdmsInZkcxJEI=
Subject key identifier:   FD:5E:CD:4C:C8:33:35:F3:E1:B0:73:61:A7:E3:C4:66:59:0A:58:69
Certificate issuer:       /CN=1024e66d7cba77b977685559c2481bb9044c5b75
Certificate serial:       018CC64B31569F83FE1F9F8B5EB268C68499
Authority key identifier: 10:24:E6:6D:7C:BA:77:B9:77:68:55:59:C2:48:1B:B9:04:4C:5B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ECTmbXy6d7l3aFVZwkgbuQRMW3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/a155c9-13e2-4b28-b682-47ea3f874355/1/_V7NTMgzNfPhsHNhp-PEZlkKWGk.roa
Signing time:             Mon 01 Jan 2024 18:31:05 +0000
ROA not before:           Mon 01 Jan 2024 18:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203881
IP address blocks:        2001:67c:2ea4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/a155c9-13e2-4b28-b682-47ea3f874355/1/ECTmbXy6d7l3aFVZwkgbuQRMW3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/a155c9-13e2-4b28-b682-47ea3f874355/1/ECTmbXy6d7l3aFVZwkgbuQRMW3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ECTmbXy6d7l3aFVZwkgbuQRMW3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:31:56:9f:83:fe:1f:9f:8b:5e:b2:68:c6:84:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1024e66d7cba77b977685559c2481bb9044c5b75
        Validity
            Not Before: Jan  1 18:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd5ecd4cc83335f3e1b07361a7e3c466590a5869
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:1f:9e:9f:f0:99:b4:1c:31:5c:e3:dc:21:31:
                    a1:a7:1f:89:46:3b:97:4e:a5:ba:38:e4:d9:01:3a:
                    20:73:57:58:9f:a2:96:1a:53:26:44:28:d3:50:31:
                    76:bf:c6:ba:75:82:c1:70:2a:0a:d3:4c:f4:0a:d1:
                    12:1c:d2:a2:b7:23:9b:74:6c:83:c1:b7:ed:d6:aa:
                    3f:e3:4e:99:1f:6f:a5:fc:8b:b5:01:52:93:5b:10:
                    8b:9c:3f:33:b3:2d:2f:db:0f:ad:93:ca:b2:8f:f0:
                    ec:41:fd:78:22:f0:f4:01:dd:c0:a3:da:03:d9:8a:
                    f7:d0:05:67:f5:3b:32:fd:4f:47:00:01:66:0f:fa:
                    8a:73:46:e3:79:c4:95:19:74:28:49:27:79:28:0b:
                    38:21:e4:b8:6b:42:ad:8d:1d:9b:86:c1:5d:88:63:
                    d3:58:2c:09:5f:ee:d9:22:75:89:d7:52:9c:af:11:
                    a4:18:13:fd:cc:14:6a:7b:f0:42:c8:ef:f8:bc:39:
                    94:15:cd:c3:fd:49:00:f2:99:f7:85:99:a7:97:1f:
                    e2:ec:a7:32:75:76:04:6d:a4:3d:c0:43:58:db:e5:
                    f4:f5:1e:64:e4:f4:80:ae:11:8f:20:64:08:68:92:
                    40:87:bb:7e:3d:43:d5:13:b5:d1:d9:8a:9c:8d:c2:
                    7d:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:5E:CD:4C:C8:33:35:F3:E1:B0:73:61:A7:E3:C4:66:59:0A:58:69
            X509v3 Authority Key Identifier:
                keyid:10:24:E6:6D:7C:BA:77:B9:77:68:55:59:C2:48:1B:B9:04:4C:5B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ECTmbXy6d7l3aFVZwkgbuQRMW3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/a155c9-13e2-4b28-b682-47ea3f874355/1/_V7NTMgzNfPhsHNhp-PEZlkKWGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/a155c9-13e2-4b28-b682-47ea3f874355/1/ECTmbXy6d7l3aFVZwkgbuQRMW3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2ea4::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:1c:a5:90:85:61:a0:6a:6d:47:1d:c6:a4:a6:94:bb:61:e9:
         10:30:9b:fa:fb:88:01:0a:21:d9:24:46:71:3d:44:a4:bc:5c:
         6a:31:e0:6e:ed:79:d5:7e:34:4d:23:8a:d1:35:40:e8:df:ff:
         cf:49:93:48:31:fe:6a:f8:aa:3d:75:18:8d:c8:bd:b1:6d:e6:
         09:0d:33:3b:39:ef:98:99:d4:8f:0e:65:09:37:f2:70:d4:7a:
         c4:46:bd:80:a3:3f:27:50:ce:c1:d1:11:10:ab:1d:b1:f0:0f:
         97:c1:5a:9e:f8:51:7a:28:a9:9d:e3:14:08:42:89:d6:9f:68:
         8e:16:e5:da:39:fb:5b:d3:f7:a5:e4:86:96:58:01:d3:f8:ed:
         95:17:e1:8b:2e:50:69:4e:73:3e:e2:17:72:ac:18:44:c3:04:
         44:85:c2:97:25:ae:bc:57:a0:23:4c:48:69:a6:83:f0:9d:01:
         b3:f9:66:72:42:cd:4b:9a:9f:43:84:6b:ed:30:65:32:7d:e4:
         ca:d1:ba:d9:c3:be:1f:29:66:6e:1b:5e:04:f5:96:5b:fa:e8:
         d6:ce:90:25:d0:a5:d5:1b:39:41:58:6e:2e:41:b5:7e:15:6a:
         47:50:a1:8d:7e:96:7f:ef:9e:f1:d3:6d:d2:60:1d:d6:6c:23:
         c0:aa:a3:d2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSzFWn4P+H5+LXrJoxoSZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwMjRlNjZkN2NiYTc3Yjk3NzY4NTU1OWMyNDgxYmI5MDQ0
YzViNzUwHhcNMjQwMTAxMTgzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDVlY2Q0Y2M4MzMzNWYzZTFiMDczNjFhN2UzYzQ2NjU5MGE1ODY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqh+en/CZtBwxXOPcITGhpx+JRjuX
TqW6OOTZATogc1dYn6KWGlMmRCjTUDF2v8a6dYLBcCoK00z0CtESHNKityObdGyD
wbft1qo/406ZH2+l/Iu1AVKTWxCLnD8zsy0v2w+tk8qyj/DsQf14IvD0Ad3Ao9oD
2Yr30AVn9Tsy/U9HAAFmD/qKc0bjecSVGXQoSSd5KAs4IeS4a0KtjR2bhsFdiGPT
WCwJX+7ZInWJ11KcrxGkGBP9zBRqe/BCyO/4vDmUFc3D/UkA8pn3hZmnlx/i7Kcy
dXYEbaQ9wENY2+X09R5k5PSArhGPIGQIaJJAh7t+PUPVE7XR2YqcjcJ9jwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP1ezUzIMzXz4bBzYafjxGZZClhpMB8GA1UdIwQY
MBaAFBAk5m18une5d2hVWcJIG7kETFt1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUNUbWJYeTZkN2wzYUZWWndrZ2J1UVJNVzNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9hMTU1YzktMTNlMi00YjI4LWI2ODIt
NDdlYTNmODc0MzU1LzEvX1Y3TlRNZ3pOZlBoc0hOaHAtUEVabGtLV0drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9hMTU1YzktMTNlMi00YjI4LWI2ODItNDdlYTNmODc0MzU1
LzEvRUNUbWJYeTZkN2wzYUZWWndrZ2J1UVJNVzNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC6k
MA0GCSqGSIb3DQEBCwUAA4IBAQAuHKWQhWGgam1HHcakppS7YekQMJv6+4gBCiHZ
JEZxPUSkvFxqMeBu7XnVfjRNI4rRNUDo3//PSZNIMf5q+Ko9dRiNyL2xbeYJDTM7
Oe+YmdSPDmUJN/Jw1HrERr2Aoz8nUM7B0REQqx2x8A+XwVqe+FF6KKmd4xQIQonW
n2iOFuXaOftb0/el5IaWWAHT+O2VF+GLLlBpTnM+4hdyrBhEwwREhcKXJa68V6Aj
TEhppoPwnQGz+WZyQs1Lmp9DhGvtMGUyfeTK0brZw74fKWZuG14E9ZZb+ujWzpAl
0KXVGzlBWG4uQbV+FWpHUKGNfpZ/757x023SYB3WbCPAqqPS
-----END CERTIFICATE-----