Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/be9311-66d8-4c19-8267-3c529bf62e54/1/yZ4mv2GNBpF2s8xhif6RvJH_mek.roa
File:                     yZ4mv2GNBpF2s8xhif6RvJH_mek.roa (raw, json)
Hash identifier:          eF71+BtyVjVcTQrVyjHn8NY6MvpEmaTN1GZAR9bTUKc=
Subject key identifier:   C9:9E:26:BF:61:8D:06:91:76:B3:CC:61:89:FE:91:BC:91:FF:99:E9
Certificate issuer:       /CN=c07750b83111d4171bbf55ca02322c1a0dc0ac32
Certificate serial:       018CC94D5438516C657E8075723DFB81C5B7
Authority key identifier: C0:77:50:B8:31:11:D4:17:1B:BF:55:CA:02:32:2C:1A:0D:C0:AC:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wHdQuDER1Bcbv1XKAjIsGg3ArDI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/be9311-66d8-4c19-8267-3c529bf62e54/1/yZ4mv2GNBpF2s8xhif6RvJH_mek.roa
Signing time:             Tue 02 Jan 2024 08:32:17 +0000
ROA not before:           Tue 02 Jan 2024 08:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207575
IP address blocks:        2001:67c:2d30::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/be9311-66d8-4c19-8267-3c529bf62e54/1/wHdQuDER1Bcbv1XKAjIsGg3ArDI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/be9311-66d8-4c19-8267-3c529bf62e54/1/wHdQuDER1Bcbv1XKAjIsGg3ArDI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wHdQuDER1Bcbv1XKAjIsGg3ArDI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:54:38:51:6c:65:7e:80:75:72:3d:fb:81:c5:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c07750b83111d4171bbf55ca02322c1a0dc0ac32
        Validity
            Not Before: Jan  2 08:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c99e26bf618d069176b3cc6189fe91bc91ff99e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ff:a3:15:41:8b:8f:00:78:aa:a3:8e:62:a8:
                    8b:67:15:e3:8a:f7:cd:af:da:04:6b:b6:f1:7a:a4:
                    6e:2d:3a:73:b3:0c:a9:1d:a9:5c:05:98:56:3f:81:
                    06:5f:02:c3:f8:7f:b1:65:a9:7b:d7:99:70:7c:ec:
                    8c:ea:f7:04:fe:7f:ca:35:54:e0:16:54:1e:6b:f8:
                    c7:4b:80:22:13:79:ae:2d:5a:56:aa:8d:f1:32:e9:
                    46:fd:0b:67:97:48:1f:56:21:eb:b5:f8:c9:41:88:
                    7b:b5:64:55:79:3a:d6:1d:b2:c2:55:d0:78:b2:86:
                    83:9d:2e:57:66:76:f5:fc:42:59:74:ff:08:26:a2:
                    45:ff:b4:bd:86:2b:dd:cf:f1:cb:0e:10:e8:27:7b:
                    07:5f:fc:69:ed:5f:4f:00:1a:35:58:bc:ae:90:84:
                    e5:9d:fc:42:59:78:f6:2b:99:f1:98:4c:10:69:f3:
                    b5:91:16:86:bf:d3:76:8a:35:26:8b:0b:cd:03:dc:
                    52:e8:53:0b:69:0b:f8:be:c3:89:e6:dd:34:b7:f3:
                    08:f8:33:d0:71:34:71:ab:40:1e:62:77:6f:f4:31:
                    10:89:1a:e5:03:26:e7:72:e4:f0:0d:67:6a:b1:a4:
                    e4:2a:a4:e0:4e:b0:cf:e5:2d:7d:41:cf:c1:d7:60:
                    8d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:9E:26:BF:61:8D:06:91:76:B3:CC:61:89:FE:91:BC:91:FF:99:E9
            X509v3 Authority Key Identifier:
                keyid:C0:77:50:B8:31:11:D4:17:1B:BF:55:CA:02:32:2C:1A:0D:C0:AC:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wHdQuDER1Bcbv1XKAjIsGg3ArDI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/be9311-66d8-4c19-8267-3c529bf62e54/1/yZ4mv2GNBpF2s8xhif6RvJH_mek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/be9311-66d8-4c19-8267-3c529bf62e54/1/wHdQuDER1Bcbv1XKAjIsGg3ArDI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2d30::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:02:15:be:6e:34:b7:49:df:5b:10:25:53:bd:fa:ed:34:9b:
         e8:30:eb:7c:4e:ed:32:b6:14:ee:42:60:11:67:6f:76:8b:0c:
         c0:98:50:b7:73:e3:1c:83:0e:84:31:91:c5:53:5c:cf:08:e4:
         cf:bc:59:d4:06:b5:21:d2:94:17:5c:3e:78:ea:3a:69:69:4c:
         84:25:ee:0e:0b:35:18:81:80:14:d5:ad:dc:86:ff:1e:e2:08:
         fc:7e:b3:a2:1c:02:ed:72:10:67:fb:8d:c8:c9:40:72:fc:25:
         d9:eb:dd:6d:92:61:f0:fa:8e:41:12:dc:02:17:c4:e8:c9:13:
         79:3a:2d:3e:a5:20:a6:70:a6:a8:5c:e4:32:31:2e:27:f5:4c:
         4c:1f:80:56:eb:59:f2:eb:ad:a5:76:52:53:10:2e:86:e9:cf:
         a4:ca:28:ad:c9:46:e2:3e:e3:8b:8b:fd:0c:17:0b:dc:df:2a:
         31:36:d0:b6:c5:58:11:82:81:1a:f0:72:7c:2a:d4:d0:78:be:
         44:a2:b9:9f:73:cb:ab:03:ed:ed:71:63:07:23:f2:c0:c3:29:
         1f:36:68:5d:94:82:90:8b:37:f5:03:97:e9:7c:8b:58:aa:41:
         b8:b4:52:5a:e3:aa:b7:e8:26:ed:d2:23:4c:93:c6:57:98:07:
         a4:03:ce:52
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTVQ4UWxlfoB1cj37gcW3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNzc1MGI4MzExMWQ0MTcxYmJmNTVjYTAyMzIyYzFhMGRj
MGFjMzIwHhcNMjQwMTAyMDgzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTllMjZiZjYxOGQwNjkxNzZiM2NjNjE4OWZlOTFiYzkxZmY5OWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxP+jFUGLjwB4qqOOYqiLZxXjivfN
r9oEa7bxeqRuLTpzswypHalcBZhWP4EGXwLD+H+xZal715lwfOyM6vcE/n/KNVTg
FlQea/jHS4AiE3muLVpWqo3xMulG/Qtnl0gfViHrtfjJQYh7tWRVeTrWHbLCVdB4
soaDnS5XZnb1/EJZdP8IJqJF/7S9hivdz/HLDhDoJ3sHX/xp7V9PABo1WLyukITl
nfxCWXj2K5nxmEwQafO1kRaGv9N2ijUmiwvNA9xS6FMLaQv4vsOJ5t00t/MI+DPQ
cTRxq0AeYndv9DEQiRrlAybncuTwDWdqsaTkKqTgTrDP5S19Qc/B12CNGwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMmeJr9hjQaRdrPMYYn+kbyR/5npMB8GA1UdIwQY
MBaAFMB3ULgxEdQXG79VygIyLBoNwKwyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0hkUXVERVIxQmNidjFYS0FqSXNHZzNBckRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9iZTkzMTEtNjZkOC00YzE5LTgyNjct
M2M1MjliZjYyZTU0LzEveVo0bXYyR05CcEYyczh4aGlmNlJ2SkhfbWVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9iZTkzMTEtNjZkOC00YzE5LTgyNjctM2M1MjliZjYyZTU0
LzEvd0hkUXVERVIxQmNidjFYS0FqSXNHZzNBckRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC0w
MA0GCSqGSIb3DQEBCwUAA4IBAQB/AhW+bjS3Sd9bECVTvfrtNJvoMOt8Tu0ythTu
QmARZ292iwzAmFC3c+Mcgw6EMZHFU1zPCOTPvFnUBrUh0pQXXD546jppaUyEJe4O
CzUYgYAU1a3chv8e4gj8frOiHALtchBn+43IyUBy/CXZ691tkmHw+o5BEtwCF8To
yRN5Oi0+pSCmcKaoXOQyMS4n9UxMH4BW61ny662ldlJTEC6G6c+kyiityUbiPuOL
i/0MFwvc3yoxNtC2xVgRgoEa8HJ8KtTQeL5Eormfc8urA+3tcWMHI/LAwykfNmhd
lIKQizf1A5fpfItYqkG4tFJa46q36Cbt0iNMk8ZXmAekA85S
-----END CERTIFICATE-----