Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/060cea-e920-40de-90da-8d49ebcae9b3/1/C5PK4Ga1J4eM_PlL4iXyti7PUGQ.roa
File:                     C5PK4Ga1J4eM_PlL4iXyti7PUGQ.roa (raw, json)
Hash identifier:          murrn21WpnEtRaHZqaCXNmy46KUwbO4f0bujUGowI64=
Subject key identifier:   0B:93:CA:E0:66:B5:27:87:8C:FC:F9:4B:E2:25:F2:B6:2E:CF:50:64
Certificate issuer:       /CN=e6049cf87dd8f1fd4c8024b5a6c9ea94f17b6fbd
Certificate serial:       018CC801B1E74AA1536BE7EBD09D107317ED
Authority key identifier: E6:04:9C:F8:7D:D8:F1:FD:4C:80:24:B5:A6:C9:EA:94:F1:7B:6F:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5gSc-H3Y8f1MgCS1psnqlPF7b70.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/060cea-e920-40de-90da-8d49ebcae9b3/1/C5PK4Ga1J4eM_PlL4iXyti7PUGQ.roa
Signing time:             Tue 02 Jan 2024 02:30:03 +0000
ROA not before:           Tue 02 Jan 2024 02:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12502
IP address blocks:        2001:67c:684::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/060cea-e920-40de-90da-8d49ebcae9b3/1/5gSc-H3Y8f1MgCS1psnqlPF7b70.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/060cea-e920-40de-90da-8d49ebcae9b3/1/5gSc-H3Y8f1MgCS1psnqlPF7b70.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5gSc-H3Y8f1MgCS1psnqlPF7b70.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:b1:e7:4a:a1:53:6b:e7:eb:d0:9d:10:73:17:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6049cf87dd8f1fd4c8024b5a6c9ea94f17b6fbd
        Validity
            Not Before: Jan  2 02:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b93cae066b527878cfcf94be225f2b62ecf5064
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:76:38:7f:89:da:b4:a1:98:56:12:69:da:ae:
                    99:36:85:2d:a2:fa:e0:7a:f2:19:40:15:ed:07:b7:
                    1e:27:d3:23:8c:b5:77:1e:66:cb:b8:8a:9c:84:79:
                    11:02:b1:db:7b:e3:dd:b5:15:13:c3:8e:b8:c4:08:
                    96:0c:e5:ca:4a:e7:b6:85:7f:ec:1a:2e:ef:ed:b8:
                    71:3f:e9:df:f5:17:80:4d:1b:8c:6c:33:70:ac:6d:
                    de:12:f9:dc:90:43:fc:82:71:b7:9b:e1:0c:8e:0b:
                    ba:f2:4d:d1:d1:d7:ed:55:82:09:43:75:ee:72:7d:
                    46:66:bf:0e:14:26:07:f2:f1:20:9d:e6:2d:3c:d2:
                    0d:66:f2:00:55:1e:39:df:a4:29:c4:46:62:82:16:
                    91:35:8e:0b:06:f7:f0:25:4e:1b:42:3e:03:3b:e1:
                    cc:78:ce:28:d6:62:4c:84:b1:17:83:0b:ac:fd:8f:
                    df:87:ed:62:08:0c:67:f2:df:02:89:8a:bf:19:83:
                    c5:72:72:0c:08:2a:6a:7f:50:33:16:11:9e:95:ec:
                    de:a9:28:87:ed:26:0f:9c:e8:b3:91:5a:1e:f4:2a:
                    3f:8f:9e:0c:11:4f:9c:7f:f9:f4:44:de:55:a0:3e:
                    e5:0a:b2:9c:72:1d:12:8e:39:16:f5:89:59:11:af:
                    9d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:93:CA:E0:66:B5:27:87:8C:FC:F9:4B:E2:25:F2:B6:2E:CF:50:64
            X509v3 Authority Key Identifier:
                keyid:E6:04:9C:F8:7D:D8:F1:FD:4C:80:24:B5:A6:C9:EA:94:F1:7B:6F:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5gSc-H3Y8f1MgCS1psnqlPF7b70.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/060cea-e920-40de-90da-8d49ebcae9b3/1/C5PK4Ga1J4eM_PlL4iXyti7PUGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/060cea-e920-40de-90da-8d49ebcae9b3/1/5gSc-H3Y8f1MgCS1psnqlPF7b70.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:684::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:62:7a:29:14:dc:03:6a:aa:fb:0f:50:a0:57:58:4a:c3:dd:
         d7:b9:a5:40:13:88:ef:35:a5:70:86:07:01:6f:57:e7:92:95:
         58:cf:af:24:1d:c2:7c:e5:c4:ed:66:5f:b6:18:f0:bf:d4:ac:
         5c:29:6f:dd:8d:a6:16:0d:eb:54:db:54:94:72:10:ea:b2:33:
         e1:2b:ea:a4:f8:09:88:12:f0:e3:c8:c0:20:a3:97:b2:fc:62:
         da:ce:fe:8d:cb:97:82:db:e1:a1:7b:02:0f:b9:3e:7a:c4:b5:
         02:c3:df:63:b2:cc:fa:92:c7:4a:eb:3b:8b:66:11:cf:96:b7:
         3e:de:c7:e1:a0:bc:f4:d2:9a:57:7a:6c:d7:86:56:b7:9f:d6:
         e2:5d:60:c8:ce:01:83:a1:ea:6b:ea:a5:77:6f:2e:8d:31:0a:
         56:21:ff:85:2c:e1:a3:45:4e:f6:bd:57:ea:e6:9a:87:99:ee:
         36:2c:84:38:3f:e5:42:aa:ea:9e:5d:12:c6:6b:b3:95:bc:4a:
         d7:f0:d5:62:10:9c:6f:5e:eb:65:88:2c:a6:ca:ed:97:e7:31:
         02:08:60:1f:1b:5b:62:c1:c6:ee:0c:4b:ea:f4:77:13:b3:c2:
         ef:43:1c:d6:ed:1f:22:6c:84:71:19:a2:71:f5:b4:1a:be:11:
         22:59:f1:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAbHnSqFTa+fr0J0QcxftMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MDQ5Y2Y4N2RkOGYxZmQ0YzgwMjRiNWE2YzllYTk0ZjE3
YjZmYmQwHhcNMjQwMTAyMDIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjkzY2FlMDY2YjUyNzg3OGNmY2Y5NGJlMjI1ZjJiNjJlY2Y1MDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXY4f4natKGYVhJp2q6ZNoUtovrg
evIZQBXtB7ceJ9MjjLV3HmbLuIqchHkRArHbe+PdtRUTw464xAiWDOXKSue2hX/s
Gi7v7bhxP+nf9ReATRuMbDNwrG3eEvnckEP8gnG3m+EMjgu68k3R0dftVYIJQ3Xu
cn1GZr8OFCYH8vEgneYtPNINZvIAVR4536QpxEZighaRNY4LBvfwJU4bQj4DO+HM
eM4o1mJMhLEXgwus/Y/fh+1iCAxn8t8CiYq/GYPFcnIMCCpqf1AzFhGelezeqSiH
7SYPnOizkVoe9Co/j54MEU+cf/n0RN5VoD7lCrKcch0SjjkW9YlZEa+dPQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAuTyuBmtSeHjPz5S+Il8rYuz1BkMB8GA1UdIwQY
MBaAFOYEnPh92PH9TIAktabJ6pTxe2+9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWdTYy1IM1k4ZjFNZ0NTMXBzbnFsUEY3YjcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8wNjBjZWEtZTkyMC00MGRlLTkwZGEt
OGQ0OWViY2FlOWIzLzEvQzVQSzRHYTFKNGVNX1BsTDRpWHl0aTdQVUdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8wNjBjZWEtZTkyMC00MGRlLTkwZGEtOGQ0OWViY2FlOWIz
LzEvNWdTYy1IM1k4ZjFNZ0NTMXBzbnFsUEY3YjcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAaE
MA0GCSqGSIb3DQEBCwUAA4IBAQCYYnopFNwDaqr7D1CgV1hKw93XuaVAE4jvNaVw
hgcBb1fnkpVYz68kHcJ85cTtZl+2GPC/1KxcKW/djaYWDetU21SUchDqsjPhK+qk
+AmIEvDjyMAgo5ey/GLazv6Ny5eC2+GhewIPuT56xLUCw99jssz6ksdK6zuLZhHP
lrc+3sfhoLz00ppXemzXhla3n9biXWDIzgGDoepr6qV3by6NMQpWIf+FLOGjRU72
vVfq5pqHme42LIQ4P+VCquqeXRLGa7OVvErX8NViEJxvXutliCymyu2X5zECCGAf
G1tiwcbuDEvq9HcTs8LvQxzW7R8ibIRxGaJx9bQavhEiWfF5
-----END CERTIFICATE-----