Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/149332-6969-4c4b-b591-7c2c08b5ee49/1/pylGOp6dSG3Yi6srv4HvdkMVMrM.roa
File:                     pylGOp6dSG3Yi6srv4HvdkMVMrM.roa (raw, json)
Hash identifier:          Vw0cGOakLtmFZZMcMXF3XAziiOz0rE3949aWOojE2Tg=
Subject key identifier:   A7:29:46:3A:9E:9D:48:6D:D8:8B:AB:2B:BF:81:EF:76:43:15:32:B3
Certificate issuer:       /CN=c719cad9922115bcfa7452ba0a6e43a6af4e4c24
Certificate serial:       018CC8DCC8716D856DBBBBB7E98E0D2B87C1
Authority key identifier: C7:19:CA:D9:92:21:15:BC:FA:74:52:BA:0A:6E:43:A6:AF:4E:4C:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xxnK2ZIhFbz6dFK6Cm5Dpq9OTCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/149332-6969-4c4b-b591-7c2c08b5ee49/1/pylGOp6dSG3Yi6srv4HvdkMVMrM.roa
Signing time:             Tue 02 Jan 2024 06:29:21 +0000
ROA not before:           Tue 02 Jan 2024 06:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41046
IP address blocks:        2001:67c:2d90::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/149332-6969-4c4b-b591-7c2c08b5ee49/1/xxnK2ZIhFbz6dFK6Cm5Dpq9OTCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/149332-6969-4c4b-b591-7c2c08b5ee49/1/xxnK2ZIhFbz6dFK6Cm5Dpq9OTCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xxnK2ZIhFbz6dFK6Cm5Dpq9OTCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 18:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:c8:71:6d:85:6d:bb:bb:b7:e9:8e:0d:2b:87:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c719cad9922115bcfa7452ba0a6e43a6af4e4c24
        Validity
            Not Before: Jan  2 06:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a729463a9e9d486dd88bab2bbf81ef76431532b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:4d:a0:4b:7b:91:a5:ee:bc:50:fe:63:7a:55:
                    44:f5:04:a2:ff:7e:02:45:16:9d:65:21:52:f4:9b:
                    49:21:e8:06:56:ea:30:07:ed:26:47:35:2e:e9:18:
                    1b:66:bb:46:69:d7:39:bb:9c:a8:a8:bd:38:56:75:
                    b3:26:84:66:05:e5:09:1b:05:f1:c7:c0:f3:4b:76:
                    81:60:30:03:4f:28:12:b2:e7:5b:c4:0a:50:9b:c1:
                    c6:cb:b1:ad:d2:87:ed:38:3d:e2:cf:68:09:05:14:
                    c6:22:cf:73:92:09:9b:42:cb:70:b9:0d:68:bc:47:
                    8b:27:9e:97:f7:43:86:6b:90:2e:5b:51:4a:b6:ef:
                    25:da:76:9f:3a:c1:45:be:0c:9e:d7:64:50:ef:5c:
                    51:cf:9a:e9:29:2e:69:e4:b4:e1:f2:29:23:a0:e1:
                    1e:33:c7:e2:ce:6c:45:18:c4:51:0d:33:86:56:fb:
                    33:5f:82:2d:3a:a7:eb:fc:de:af:3c:9d:58:1d:0d:
                    b9:50:73:3d:57:fa:52:92:26:cf:b0:05:a6:2c:55:
                    09:01:99:48:bf:e9:c4:6b:ab:bc:d3:b9:36:c6:cd:
                    3f:ac:a3:b2:7e:fa:e7:c4:43:7b:dd:b6:94:bc:3d:
                    c1:30:09:8d:5b:05:4b:4c:b6:70:2f:1c:fb:39:27:
                    96:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:29:46:3A:9E:9D:48:6D:D8:8B:AB:2B:BF:81:EF:76:43:15:32:B3
            X509v3 Authority Key Identifier:
                keyid:C7:19:CA:D9:92:21:15:BC:FA:74:52:BA:0A:6E:43:A6:AF:4E:4C:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xxnK2ZIhFbz6dFK6Cm5Dpq9OTCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/149332-6969-4c4b-b591-7c2c08b5ee49/1/pylGOp6dSG3Yi6srv4HvdkMVMrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/149332-6969-4c4b-b591-7c2c08b5ee49/1/xxnK2ZIhFbz6dFK6Cm5Dpq9OTCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2d90::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:71:bf:d0:f3:bf:a5:7d:29:cb:60:26:e2:ce:f6:a2:be:72:
         65:c0:a4:2f:63:ee:be:f2:1d:41:0b:0f:37:9c:1c:0c:a8:13:
         a5:a8:5d:a3:87:aa:5d:55:ce:70:00:3a:c6:d3:3b:34:49:f3:
         3a:64:89:33:4e:24:77:6f:2e:85:ee:67:4b:90:52:01:ae:67:
         f9:3c:f3:06:79:04:77:70:a9:b4:a3:fd:28:8a:bf:0b:a3:20:
         ac:0f:ad:51:6d:1c:f4:18:97:0c:29:ad:49:92:fb:01:48:28:
         0c:3e:46:cc:81:46:a7:8b:0e:c1:b7:99:92:74:2c:9c:be:51:
         05:41:c2:53:47:6b:98:fa:55:ab:42:35:58:7a:ce:9a:b2:80:
         78:07:09:b1:c1:8f:36:8e:c3:d8:4b:58:74:26:2e:d4:35:a2:
         7e:34:f7:f6:97:c9:d1:d4:60:ea:3b:39:45:39:2f:28:60:02:
         8c:a3:8c:71:3f:de:a1:71:50:f0:23:fe:f8:46:49:9a:5d:47:
         d3:c5:9e:2a:2b:14:87:f8:1c:a0:d2:42:44:cf:84:fa:34:9a:
         3d:b4:dc:cf:e6:1c:c5:b8:d9:ef:1a:38:c9:a1:6a:09:50:1b:
         e1:9f:ba:f7:b4:9b:ab:ce:55:75:8f:d5:0a:a6:27:22:e9:2d:
         f2:e0:be:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3MhxbYVtu7u36Y4NK4fBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3MTljYWQ5OTIyMTE1YmNmYTc0NTJiYTBhNmU0M2E2YWY0
ZTRjMjQwHhcNMjQwMTAyMDYyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzI5NDYzYTllOWQ0ODZkZDg4YmFiMmJiZjgxZWY3NjQzMTUzMmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwE2gS3uRpe68UP5jelVE9QSi/34C
RRadZSFS9JtJIegGVuowB+0mRzUu6RgbZrtGadc5u5yoqL04VnWzJoRmBeUJGwXx
x8DzS3aBYDADTygSsudbxApQm8HGy7Gt0oftOD3iz2gJBRTGIs9zkgmbQstwuQ1o
vEeLJ56X90OGa5AuW1FKtu8l2nafOsFFvgye12RQ71xRz5rpKS5p5LTh8ikjoOEe
M8fizmxFGMRRDTOGVvszX4ItOqfr/N6vPJ1YHQ25UHM9V/pSkibPsAWmLFUJAZlI
v+nEa6u807k2xs0/rKOyfvrnxEN73baUvD3BMAmNWwVLTLZwLxz7OSeWAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKcpRjqenUht2IurK7+B73ZDFTKzMB8GA1UdIwQY
MBaAFMcZytmSIRW8+nRSugpuQ6avTkwkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHhuSzJaSWhGYno2ZEZLNkNtNURwcTlPVENRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8xNDkzMzItNjk2OS00YzRiLWI1OTEt
N2MyYzA4YjVlZTQ5LzEvcHlsR09wNmRTRzNZaTZzcnY0SHZka01WTXJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8xNDkzMzItNjk2OS00YzRiLWI1OTEtN2MyYzA4YjVlZTQ5
LzEveHhuSzJaSWhGYno2ZEZLNkNtNURwcTlPVENRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC2Q
MA0GCSqGSIb3DQEBCwUAA4IBAQBkcb/Q87+lfSnLYCbizvaivnJlwKQvY+6+8h1B
Cw83nBwMqBOlqF2jh6pdVc5wADrG0zs0SfM6ZIkzTiR3by6F7mdLkFIBrmf5PPMG
eQR3cKm0o/0oir8LoyCsD61RbRz0GJcMKa1JkvsBSCgMPkbMgUaniw7Bt5mSdCyc
vlEFQcJTR2uY+lWrQjVYes6asoB4BwmxwY82jsPYS1h0Ji7UNaJ+NPf2l8nR1GDq
OzlFOS8oYAKMo4xxP96hcVDwI/74RkmaXUfTxZ4qKxSH+Byg0kJEz4T6NJo9tNzP
5hzFuNnvGjjJoWoJUBvhn7r3tJurzlV1j9UKpici6S3y4L6F
-----END CERTIFICATE-----