Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/b3bc70-5db0-47b9-b696-67da5409116f/1/t0xsopxVHraBTpSNlvTGDAFVGGQ.roa
File:                     t0xsopxVHraBTpSNlvTGDAFVGGQ.roa (raw, json)
Hash identifier:          jCc0hQ7GmTGu8Rmftr5LSwizYFrFL3h2mgBRNyfWY+Y=
Subject key identifier:   B7:4C:6C:A2:9C:55:1E:B6:81:4E:94:8D:96:F4:C6:0C:01:55:18:64
Certificate issuer:       /CN=24e1c5110e0e90302e47012ff5c82303a4661ade
Certificate serial:       019096AD3E68457A11C4556488DFD1F1493B
Authority key identifier: 24:E1:C5:11:0E:0E:90:30:2E:47:01:2F:F5:C8:23:03:A4:66:1A:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JOHFEQ4OkDAuRwEv9cgjA6RmGt4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/b3bc70-5db0-47b9-b696-67da5409116f/1/t0xsopxVHraBTpSNlvTGDAFVGGQ.roa
Signing time:             Tue 09 Jul 2024 08:47:34 +0000
ROA not before:           Tue 09 Jul 2024 08:47:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24603
IP address blocks:        2001:67c:ef4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/b3bc70-5db0-47b9-b696-67da5409116f/1/JOHFEQ4OkDAuRwEv9cgjA6RmGt4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/b3bc70-5db0-47b9-b696-67da5409116f/1/JOHFEQ4OkDAuRwEv9cgjA6RmGt4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JOHFEQ4OkDAuRwEv9cgjA6RmGt4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 14:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:96:ad:3e:68:45:7a:11:c4:55:64:88:df:d1:f1:49:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24e1c5110e0e90302e47012ff5c82303a4661ade
        Validity
            Not Before: Jul  9 08:47:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b74c6ca29c551eb6814e948d96f4c60c01551864
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:21:4e:39:97:8d:9e:9d:bf:a6:46:f2:f2:42:
                    f0:39:3c:89:a0:28:7a:34:2d:90:05:bd:bf:93:06:
                    78:3f:84:ec:80:7b:bf:7c:07:9b:87:a7:0f:36:8c:
                    49:d1:5b:76:1b:b5:8d:7e:e7:c7:63:43:89:38:b0:
                    a8:0b:9a:89:ae:61:8b:d7:19:11:40:b2:27:af:04:
                    99:58:7f:0d:96:02:fa:a7:75:4c:3f:f0:43:0d:23:
                    ff:57:d0:a6:0e:06:da:29:86:ac:73:ad:d9:8f:12:
                    e6:8c:57:04:f7:ad:a2:e8:4b:8b:25:88:72:e9:b7:
                    96:f5:33:80:5f:f6:23:2c:19:c7:ce:89:fc:2f:49:
                    5c:7d:31:e7:31:a0:67:0f:1c:c1:cb:be:0d:98:b5:
                    44:3e:1e:11:97:59:99:cf:d6:ca:65:08:28:66:3b:
                    95:c7:d3:0b:b7:5f:52:f2:b0:9a:60:ac:7a:8c:07:
                    d5:4c:c7:9f:d9:3c:8f:86:7a:08:1f:66:b4:18:20:
                    90:e0:52:51:c1:cf:d4:8f:69:81:3e:c2:a0:e5:34:
                    81:33:a4:03:d9:3e:09:5d:79:44:b7:dc:b4:c1:da:
                    ff:f8:59:76:ad:d6:9f:af:d4:02:34:e4:5d:87:30:
                    26:76:b5:16:8e:e2:f2:1d:e1:e6:74:30:32:6b:d9:
                    34:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:4C:6C:A2:9C:55:1E:B6:81:4E:94:8D:96:F4:C6:0C:01:55:18:64
            X509v3 Authority Key Identifier:
                keyid:24:E1:C5:11:0E:0E:90:30:2E:47:01:2F:F5:C8:23:03:A4:66:1A:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JOHFEQ4OkDAuRwEv9cgjA6RmGt4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/b3bc70-5db0-47b9-b696-67da5409116f/1/t0xsopxVHraBTpSNlvTGDAFVGGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/b3bc70-5db0-47b9-b696-67da5409116f/1/JOHFEQ4OkDAuRwEv9cgjA6RmGt4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ef4::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:b2:00:aa:5a:a2:37:8e:d8:5b:48:26:cc:66:af:e0:ee:24:
         84:f6:56:83:e9:9f:5f:b5:2b:ff:29:ca:29:5b:00:4b:6e:75:
         1f:7a:22:ac:e2:13:6d:64:0d:21:d0:67:eb:ca:f1:39:28:f1:
         63:16:01:f9:f3:90:36:d5:77:76:32:83:8e:ce:a4:d1:4b:52:
         8d:e8:24:ea:46:fd:63:96:8d:dc:33:2d:cf:fa:ff:45:11:79:
         ba:01:c3:52:16:59:0a:a3:b6:e3:27:e8:f3:5d:7f:9c:4a:52:
         f4:64:15:af:48:36:dd:22:eb:ed:0e:50:44:38:ab:08:0a:86:
         7e:03:be:c4:2f:08:23:80:87:4b:19:87:3f:b6:67:2d:25:2e:
         56:88:af:02:7b:c0:1b:f3:bd:d7:a1:1f:3b:00:ba:a3:a0:ae:
         3b:b9:ce:a1:4c:54:46:89:f2:bc:83:9b:90:81:e9:80:11:ef:
         6f:54:d4:67:c9:e8:c9:ad:38:bb:df:97:8e:d3:49:5e:a9:fc:
         ce:e8:a2:de:d7:4f:a5:11:6f:b9:a8:d6:1a:82:a5:3f:30:08:
         53:53:9e:7a:92:d0:8b:51:bc:51:a7:30:30:76:56:89:71:26:
         98:2f:8c:87:92:ca:7f:4a:5c:01:07:22:35:64:2f:05:71:bb:
         cc:75:4e:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZCWrT5oRXoRxFVkiN/R8Uk7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0ZTFjNTExMGUwZTkwMzAyZTQ3MDEyZmY1YzgyMzAzYTQ2
NjFhZGUwHhcNMjQwNzA5MDg0NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzRjNmNhMjljNTUxZWI2ODE0ZTk0OGQ5NmY0YzYwYzAxNTUxODY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiFOOZeNnp2/pkby8kLwOTyJoCh6
NC2QBb2/kwZ4P4TsgHu/fAebh6cPNoxJ0Vt2G7WNfufHY0OJOLCoC5qJrmGL1xkR
QLInrwSZWH8NlgL6p3VMP/BDDSP/V9CmDgbaKYasc63ZjxLmjFcE962i6EuLJYhy
6beW9TOAX/YjLBnHzon8L0lcfTHnMaBnDxzBy74NmLVEPh4Rl1mZz9bKZQgoZjuV
x9MLt19S8rCaYKx6jAfVTMef2TyPhnoIH2a0GCCQ4FJRwc/Uj2mBPsKg5TSBM6QD
2T4JXXlEt9y0wdr/+Fl2rdafr9QCNORdhzAmdrUWjuLyHeHmdDAya9k01QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLdMbKKcVR62gU6UjZb0xgwBVRhkMB8GA1UdIwQY
MBaAFCThxREODpAwLkcBL/XIIwOkZhreMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSk9IRkVRNE9rREF1UndFdjljZ2pBNlJtR3Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9iM2JjNzAtNWRiMC00N2I5LWI2OTYt
NjdkYTU0MDkxMTZmLzEvdDB4c29weFZIcmFCVHBTTmx2VEdEQUZWR0dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9iM2JjNzAtNWRiMC00N2I5LWI2OTYtNjdkYTU0MDkxMTZm
LzEvSk9IRkVRNE9rREF1UndFdjljZ2pBNlJtR3Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA70
MA0GCSqGSIb3DQEBCwUAA4IBAQAvsgCqWqI3jthbSCbMZq/g7iSE9laD6Z9ftSv/
KcopWwBLbnUfeiKs4hNtZA0h0GfryvE5KPFjFgH585A21Xd2MoOOzqTRS1KN6CTq
Rv1jlo3cMy3P+v9FEXm6AcNSFlkKo7bjJ+jzXX+cSlL0ZBWvSDbdIuvtDlBEOKsI
CoZ+A77ELwgjgIdLGYc/tmctJS5WiK8Ce8Ab873XoR87ALqjoK47uc6hTFRGifK8
g5uQgemAEe9vVNRnyejJrTi735eO00leqfzO6KLe10+lEW+5qNYagqU/MAhTU556
ktCLUbxRpzAwdlaJcSaYL4yHksp/SlwBByI1ZC8FcbvMdU6H
-----END CERTIFICATE-----