Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/27e1ca-e61f-4e8c-ad9c-145c36e38276/1/Pa4LfTuy0RPZB4x115GbKWKE0tQ.roa
File:                     Pa4LfTuy0RPZB4x115GbKWKE0tQ.roa (raw, json)
Hash identifier:          FLflCHUIfc0QFk7LJt5UC3FMMGTlF2EixZxttaKyGT8=
Subject key identifier:   3D:AE:0B:7D:3B:B2:D1:13:D9:07:8C:75:D7:91:9B:29:62:84:D2:D4
Certificate issuer:       /CN=4de2dc2c1c93847bf979f9b010edc4cda849f4f8
Certificate serial:       018CCA28F5CEA6906507E1C2A69A455677DD
Authority key identifier: 4D:E2:DC:2C:1C:93:84:7B:F9:79:F9:B0:10:ED:C4:CD:A8:49:F4:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TeLcLByThHv5efmwEO3EzahJ9Pg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/27e1ca-e61f-4e8c-ad9c-145c36e38276/1/Pa4LfTuy0RPZB4x115GbKWKE0tQ.roa
Signing time:             Tue 02 Jan 2024 12:32:11 +0000
ROA not before:           Tue 02 Jan 2024 12:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15542
IP address blocks:        2001:67c:2e64::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/27e1ca-e61f-4e8c-ad9c-145c36e38276/1/TeLcLByThHv5efmwEO3EzahJ9Pg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/27e1ca-e61f-4e8c-ad9c-145c36e38276/1/TeLcLByThHv5efmwEO3EzahJ9Pg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TeLcLByThHv5efmwEO3EzahJ9Pg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:f5:ce:a6:90:65:07:e1:c2:a6:9a:45:56:77:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4de2dc2c1c93847bf979f9b010edc4cda849f4f8
        Validity
            Not Before: Jan  2 12:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3dae0b7d3bb2d113d9078c75d7919b296284d2d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:6c:dc:73:2f:17:ef:3b:50:84:84:59:4c:4c:
                    d0:9c:11:fd:ac:37:ea:61:90:19:bd:db:21:eb:8d:
                    ea:7e:97:13:74:69:31:f5:ed:c8:1c:b3:bb:7e:3a:
                    8d:6d:1a:fc:f0:c7:cd:16:b5:00:1d:d0:5f:e4:98:
                    3e:61:85:7e:43:21:57:a7:32:0c:63:92:de:0e:5d:
                    d8:c2:a6:36:df:1c:3c:63:97:9a:e1:d1:97:24:50:
                    b2:ab:35:b8:67:8d:5d:2a:4b:df:61:15:2d:a9:e6:
                    5c:78:58:16:6f:56:b1:e7:1b:3f:0f:6f:4b:bf:ed:
                    7f:93:60:ec:c2:8c:da:e9:9b:7b:c7:39:10:3c:73:
                    ac:53:7b:71:6e:d0:66:7c:42:7a:18:e1:c1:ed:13:
                    e9:8b:38:62:71:76:ff:bd:ae:55:5e:3e:85:bd:48:
                    00:37:03:0f:6c:2b:b6:81:30:13:e0:9a:fa:01:d6:
                    45:c7:e2:6c:11:89:ad:45:74:6d:4e:90:4c:36:bc:
                    f6:55:35:4d:da:11:ad:f7:cf:90:5d:27:90:9d:13:
                    b0:d8:0e:03:d9:78:67:c2:37:ce:8b:1a:41:37:c0:
                    f5:64:bc:a3:18:53:43:e8:47:78:fe:08:ba:73:31:
                    90:b5:8f:26:ab:af:79:f6:93:b6:d1:94:6e:5f:aa:
                    52:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:AE:0B:7D:3B:B2:D1:13:D9:07:8C:75:D7:91:9B:29:62:84:D2:D4
            X509v3 Authority Key Identifier:
                keyid:4D:E2:DC:2C:1C:93:84:7B:F9:79:F9:B0:10:ED:C4:CD:A8:49:F4:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TeLcLByThHv5efmwEO3EzahJ9Pg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/27e1ca-e61f-4e8c-ad9c-145c36e38276/1/Pa4LfTuy0RPZB4x115GbKWKE0tQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/27e1ca-e61f-4e8c-ad9c-145c36e38276/1/TeLcLByThHv5efmwEO3EzahJ9Pg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2e64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:b9:f6:0a:48:4e:c4:b7:92:7a:72:f6:ac:15:f2:bc:17:f4:
         82:08:0a:11:56:e5:5e:78:d4:c2:77:fc:2f:d0:87:c3:bc:cb:
         cd:63:13:9c:62:ef:ff:da:2e:e4:56:14:8a:96:c5:a0:2a:61:
         5a:a0:28:57:af:38:b0:74:57:e6:b5:a0:9b:1a:ed:ed:9f:8f:
         19:0f:4b:c1:fb:42:8d:fe:6b:c7:77:21:c8:58:49:de:18:b0:
         94:a8:9d:3d:3e:d9:3e:6c:ad:65:86:bb:7b:49:9f:19:95:cb:
         bb:55:00:a0:c4:02:f7:d8:49:a5:4b:82:c3:38:0b:50:9a:5a:
         6a:e7:0a:de:20:97:66:e3:14:2e:6a:d9:2d:14:77:3e:13:97:
         26:9e:2c:d2:fa:ec:88:a7:a3:f6:43:62:0e:7c:19:bb:f0:b2:
         29:f4:91:c9:8f:2f:75:d5:48:06:46:84:af:4f:b0:26:fd:cf:
         c6:12:93:6f:ed:12:d2:46:26:68:0f:33:f6:75:01:8a:21:a4:
         ae:cf:12:78:1d:0c:00:d7:eb:8d:1a:22:a2:a3:83:ce:49:65:
         c2:74:aa:36:12:59:94:e2:a5:7a:f9:64:05:e7:ca:bd:81:e5:
         fd:d6:cc:8a:1d:38:41:87:d0:73:5e:15:1b:4b:72:ea:d7:d4:
         a7:25:84:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKPXOppBlB+HCpppFVnfdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZTJkYzJjMWM5Mzg0N2JmOTc5ZjliMDEwZWRjNGNkYTg0
OWY0ZjgwHhcNMjQwMTAyMTIzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGFlMGI3ZDNiYjJkMTEzZDkwNzhjNzVkNzkxOWIyOTYyODRkMmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2zccy8X7ztQhIRZTEzQnBH9rDfq
YZAZvdsh643qfpcTdGkx9e3IHLO7fjqNbRr88MfNFrUAHdBf5Jg+YYV+QyFXpzIM
Y5LeDl3YwqY23xw8Y5ea4dGXJFCyqzW4Z41dKkvfYRUtqeZceFgWb1ax5xs/D29L
v+1/k2Dswoza6Zt7xzkQPHOsU3txbtBmfEJ6GOHB7RPpizhicXb/va5VXj6FvUgA
NwMPbCu2gTAT4Jr6AdZFx+JsEYmtRXRtTpBMNrz2VTVN2hGt98+QXSeQnROw2A4D
2XhnwjfOixpBN8D1ZLyjGFND6Ed4/gi6czGQtY8mq6959pO20ZRuX6pSJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD2uC307stET2QeMddeRmylihNLUMB8GA1UdIwQY
MBaAFE3i3Cwck4R7+Xn5sBDtxM2oSfT4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGVMY0xCeVRoSHY1ZWZtd0VPM0V6YWhKOVBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yN2UxY2EtZTYxZi00ZThjLWFkOWMt
MTQ1YzM2ZTM4Mjc2LzEvUGE0TGZUdXkwUlBaQjR4MTE1R2JLV0tFMHRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yN2UxY2EtZTYxZi00ZThjLWFkOWMtMTQ1YzM2ZTM4Mjc2
LzEvVGVMY0xCeVRoSHY1ZWZtd0VPM0V6YWhKOVBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC5k
MA0GCSqGSIb3DQEBCwUAA4IBAQCaufYKSE7Et5J6cvasFfK8F/SCCAoRVuVeeNTC
d/wv0IfDvMvNYxOcYu//2i7kVhSKlsWgKmFaoChXrziwdFfmtaCbGu3tn48ZD0vB
+0KN/mvHdyHIWEneGLCUqJ09Ptk+bK1lhrt7SZ8Zlcu7VQCgxAL32EmlS4LDOAtQ
mlpq5wreIJdm4xQuatktFHc+E5cmnizS+uyIp6P2Q2IOfBm78LIp9JHJjy911UgG
RoSvT7Am/c/GEpNv7RLSRiZoDzP2dQGKIaSuzxJ4HQwA1+uNGiKio4POSWXCdKo2
ElmU4qV6+WQF58q9geX91syKHThBh9BzXhUbS3Lq19SnJYRU
-----END CERTIFICATE-----