Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/57d1db-d8eb-49e0-8133-5bc90505d8ca/1/tMgG9IZZ_AY2QXFrFgikmH_tb0I.roa
File:                     tMgG9IZZ_AY2QXFrFgikmH_tb0I.roa (raw, json)
Hash identifier:          9sGV5pBXamcQ1Vym05LXxfssd99QZGwLY2Gaw9fyQtM=
Subject key identifier:   B4:C8:06:F4:86:59:FC:06:36:41:71:6B:16:08:A4:98:7F:ED:6F:42
Certificate issuer:       /CN=86daaf4e68d322248230544cd8db29568e6cf003
Certificate serial:       018CC649F825EE437055CCF01C406C8AD15B
Authority key identifier: 86:DA:AF:4E:68:D3:22:24:82:30:54:4C:D8:DB:29:56:8E:6C:F0:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htqvTmjTIiSCMFRM2NspVo5s8AM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/57d1db-d8eb-49e0-8133-5bc90505d8ca/1/tMgG9IZZ_AY2QXFrFgikmH_tb0I.roa
Signing time:             Mon 01 Jan 2024 18:29:45 +0000
ROA not before:           Mon 01 Jan 2024 18:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204088
IP address blocks:        2001:67c:2d14::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/57d1db-d8eb-49e0-8133-5bc90505d8ca/1/htqvTmjTIiSCMFRM2NspVo5s8AM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/57d1db-d8eb-49e0-8133-5bc90505d8ca/1/htqvTmjTIiSCMFRM2NspVo5s8AM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htqvTmjTIiSCMFRM2NspVo5s8AM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:f8:25:ee:43:70:55:cc:f0:1c:40:6c:8a:d1:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86daaf4e68d322248230544cd8db29568e6cf003
        Validity
            Not Before: Jan  1 18:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4c806f48659fc063641716b1608a4987fed6f42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:ad:cd:f8:6d:7f:8a:e7:6e:40:19:e7:1a:e8:
                    b8:fb:9f:0d:6a:25:12:b5:42:af:e3:80:2e:f1:4a:
                    b9:f8:47:c6:5b:c6:20:ed:b4:a8:b2:bd:68:63:bb:
                    5e:71:ad:f5:be:f6:6f:24:31:6b:50:e0:36:5e:4b:
                    b8:14:14:9b:c2:27:06:0d:62:da:de:90:f4:7d:f3:
                    cb:0b:1f:92:43:9d:f0:77:df:22:75:dd:58:95:5a:
                    ab:94:98:60:33:f1:70:54:d7:3c:a8:c4:1c:25:1e:
                    de:6e:47:c8:01:fe:da:ef:f9:08:1a:1d:62:30:24:
                    e1:ed:d8:47:57:8d:de:fd:3c:20:c5:e7:4f:e0:0c:
                    09:3c:07:4e:95:cb:1e:d7:4c:cd:d5:92:af:ac:dc:
                    40:10:8d:fd:5b:8a:e2:33:7e:bd:36:21:45:3d:90:
                    3d:12:52:41:ac:b6:63:c2:fa:ac:27:09:48:96:5d:
                    d8:50:15:d1:c4:32:0c:89:72:2f:70:0d:b5:d0:5c:
                    c0:16:70:34:d7:81:a1:ba:a1:f6:92:d4:98:19:ff:
                    58:ff:ca:b6:b9:87:c5:87:02:de:d8:3b:12:86:c7:
                    0a:73:9b:28:9b:42:23:3b:fe:b7:45:14:eb:b5:b4:
                    44:f4:ec:45:42:4d:50:5d:60:41:6e:fc:ad:a9:25:
                    72:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:C8:06:F4:86:59:FC:06:36:41:71:6B:16:08:A4:98:7F:ED:6F:42
            X509v3 Authority Key Identifier:
                keyid:86:DA:AF:4E:68:D3:22:24:82:30:54:4C:D8:DB:29:56:8E:6C:F0:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htqvTmjTIiSCMFRM2NspVo5s8AM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/57d1db-d8eb-49e0-8133-5bc90505d8ca/1/tMgG9IZZ_AY2QXFrFgikmH_tb0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/57d1db-d8eb-49e0-8133-5bc90505d8ca/1/htqvTmjTIiSCMFRM2NspVo5s8AM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2d14::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:df:6b:e0:9e:37:b4:4e:82:16:76:1b:78:82:fc:25:a3:d2:
         6c:b4:0c:e6:27:30:69:91:48:e0:ea:5d:35:66:16:f5:ab:4a:
         a4:91:53:68:03:a3:a6:63:6e:81:ab:2d:6f:34:aa:d9:1f:e9:
         87:54:1c:89:9e:1d:20:68:20:11:4a:57:43:9d:2d:a4:7d:52:
         a9:0d:e4:ff:f9:e6:39:34:7b:3c:e5:d5:aa:d1:20:2b:34:3f:
         a4:5a:43:bc:c9:48:5a:1f:d4:63:54:77:bf:99:62:8f:6d:d5:
         2d:0e:d6:53:80:19:e6:4e:c6:30:ba:ad:e8:94:e0:35:15:27:
         49:b5:2d:9a:d6:bb:55:28:69:32:c8:c2:7a:66:15:29:34:15:
         2d:46:c3:4d:71:e3:4f:83:21:69:f2:d9:4e:5c:d9:2a:8d:58:
         bd:64:a2:f6:a3:27:34:54:b1:aa:c9:47:41:54:27:0f:6c:16:
         d2:20:fc:f9:74:e5:57:83:22:68:29:97:aa:07:14:04:c1:cd:
         f4:80:b3:ea:11:5a:63:7b:2c:72:c8:44:36:13:23:c5:41:86:
         db:72:57:22:e8:4e:01:aa:3b:ac:ea:83:74:12:47:05:57:18:
         4c:4b:9d:eb:7c:1b:09:27:83:c1:36:56:69:e1:ff:eb:2c:7c:
         b7:66:a4:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSfgl7kNwVczwHEBsitFbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZGFhZjRlNjhkMzIyMjQ4MjMwNTQ0Y2Q4ZGIyOTU2OGU2
Y2YwMDMwHhcNMjQwMTAxMTgyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGM4MDZmNDg2NTlmYzA2MzY0MTcxNmIxNjA4YTQ5ODdmZWQ2ZjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA463N+G1/iuduQBnnGui4+58NaiUS
tUKv44Au8Uq5+EfGW8Yg7bSosr1oY7teca31vvZvJDFrUOA2Xku4FBSbwicGDWLa
3pD0ffPLCx+SQ53wd98idd1YlVqrlJhgM/FwVNc8qMQcJR7ebkfIAf7a7/kIGh1i
MCTh7dhHV43e/TwgxedP4AwJPAdOlcse10zN1ZKvrNxAEI39W4riM369NiFFPZA9
ElJBrLZjwvqsJwlIll3YUBXRxDIMiXIvcA210FzAFnA014GhuqH2ktSYGf9Y/8q2
uYfFhwLe2DsShscKc5som0IjO/63RRTrtbRE9OxFQk1QXWBBbvytqSVymQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLTIBvSGWfwGNkFxaxYIpJh/7W9CMB8GA1UdIwQY
MBaAFIbar05o0yIkgjBUTNjbKVaObPADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRxdlRtalRJaVNDTUZSTTJOc3BWbzVzOEFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS81N2QxZGItZDhlYi00OWUwLTgxMzMt
NWJjOTA1MDVkOGNhLzEvdE1nRzlJWlpfQVkyUVhGckZnaWttSF90YjBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS81N2QxZGItZDhlYi00OWUwLTgxMzMtNWJjOTA1MDVkOGNh
LzEvaHRxdlRtalRJaVNDTUZSTTJOc3BWbzVzOEFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC0U
MA0GCSqGSIb3DQEBCwUAA4IBAQAw32vgnje0ToIWdht4gvwlo9JstAzmJzBpkUjg
6l01Zhb1q0qkkVNoA6OmY26Bqy1vNKrZH+mHVByJnh0gaCARSldDnS2kfVKpDeT/
+eY5NHs85dWq0SArND+kWkO8yUhaH9RjVHe/mWKPbdUtDtZTgBnmTsYwuq3olOA1
FSdJtS2a1rtVKGkyyMJ6ZhUpNBUtRsNNceNPgyFp8tlOXNkqjVi9ZKL2oyc0VLGq
yUdBVCcPbBbSIPz5dOVXgyJoKZeqBxQEwc30gLPqEVpjeyxyyEQ2EyPFQYbbclci
6E4Bqjus6oN0EkcFVxhMS53rfBsJJ4PBNlZp4f/rLHy3ZqQE
-----END CERTIFICATE-----