Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/37205b-fc57-464c-a1c1-6c62b9366705/1/5KaNzc5VVhRT8ER_9N9DGpGdKZg.roa
File:                     5KaNzc5VVhRT8ER_9N9DGpGdKZg.roa (raw, json)
Hash identifier:          xic2UxaWUEDYUA7pO+aiXilwJagcp00IsukXxJn8kDM=
Subject key identifier:   E4:A6:8D:CD:CE:55:56:14:53:F0:44:7F:F4:DF:43:1A:91:9D:29:98
Certificate issuer:       /CN=5cb813e09c9955e0bda7041f8373a8fc5dae6b9d
Certificate serial:       018CC80146E5E5E4CA8A464A43BACA9F7DD3
Authority key identifier: 5C:B8:13:E0:9C:99:55:E0:BD:A7:04:1F:83:73:A8:FC:5D:AE:6B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XLgT4JyZVeC9pwQfg3Oo_F2ua50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/37205b-fc57-464c-a1c1-6c62b9366705/1/5KaNzc5VVhRT8ER_9N9DGpGdKZg.roa
Signing time:             Tue 02 Jan 2024 02:29:35 +0000
ROA not before:           Tue 02 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50345
IP address blocks:        2001:67c:1058::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/37205b-fc57-464c-a1c1-6c62b9366705/1/XLgT4JyZVeC9pwQfg3Oo_F2ua50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/37205b-fc57-464c-a1c1-6c62b9366705/1/XLgT4JyZVeC9pwQfg3Oo_F2ua50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XLgT4JyZVeC9pwQfg3Oo_F2ua50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:46:e5:e5:e4:ca:8a:46:4a:43:ba:ca:9f:7d:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cb813e09c9955e0bda7041f8373a8fc5dae6b9d
        Validity
            Not Before: Jan  2 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4a68dcdce55561453f0447ff4df431a919d2998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:86:97:72:1d:17:b6:60:66:fc:a5:dc:59:1f:
                    6f:78:7e:e1:1c:f2:48:89:4f:fa:7a:b3:85:4d:e1:
                    56:48:0c:0b:d7:bf:83:41:90:50:86:5f:2a:5f:19:
                    f1:b0:24:de:af:53:cc:36:90:62:58:a7:9f:aa:66:
                    d3:29:b5:b2:c6:f2:bd:d9:88:c9:b4:21:69:af:e1:
                    d6:b3:90:96:7e:52:64:70:1c:6d:28:f3:23:52:82:
                    5a:a8:7e:71:54:dc:9f:ee:66:a3:7f:65:77:2f:39:
                    89:21:44:5e:99:a7:cc:86:9c:ec:92:89:78:f6:a2:
                    de:27:c7:e8:56:2f:4a:6f:97:66:2e:91:41:16:5f:
                    c3:df:7a:02:6f:d5:7d:97:7f:37:e4:70:3f:73:9d:
                    46:24:4e:70:dd:84:a7:e9:c3:c8:58:74:d4:9b:35:
                    91:52:a0:a4:cc:b6:22:3f:3d:da:1e:04:7a:52:57:
                    6f:c1:19:1b:42:87:7e:fd:2f:7f:4e:87:97:cc:b9:
                    bb:66:d9:5a:86:8e:b2:1b:28:e6:64:8d:50:85:d0:
                    51:d3:6e:15:ae:fa:72:76:ab:6b:59:e6:78:75:ff:
                    5b:a5:37:dc:c4:2a:1e:00:32:97:b1:53:73:68:08:
                    da:d7:51:43:98:97:08:82:85:52:9d:55:10:9b:be:
                    d3:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:A6:8D:CD:CE:55:56:14:53:F0:44:7F:F4:DF:43:1A:91:9D:29:98
            X509v3 Authority Key Identifier:
                keyid:5C:B8:13:E0:9C:99:55:E0:BD:A7:04:1F:83:73:A8:FC:5D:AE:6B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XLgT4JyZVeC9pwQfg3Oo_F2ua50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/37205b-fc57-464c-a1c1-6c62b9366705/1/5KaNzc5VVhRT8ER_9N9DGpGdKZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/37205b-fc57-464c-a1c1-6c62b9366705/1/XLgT4JyZVeC9pwQfg3Oo_F2ua50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1058::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:84:8e:96:30:29:f1:7c:05:f2:1d:c7:ba:83:ca:3f:f2:a2:
         74:0c:7c:51:35:fb:69:92:90:ad:97:9f:c0:77:92:74:04:93:
         9e:c6:b0:d3:ce:f7:98:89:fd:bf:db:af:6e:9a:01:32:ef:08:
         89:66:d6:e1:6e:d7:62:ec:53:06:75:b4:7a:0b:cf:91:48:90:
         48:7d:0f:f0:b9:7e:64:2b:dc:fd:69:27:6f:c5:29:88:1e:5b:
         4a:a1:5e:f8:2d:e4:63:cb:2d:78:c1:44:26:54:3a:c4:c2:72:
         d9:1c:ce:cf:42:92:23:8b:d9:9e:e0:55:a2:ae:01:51:79:45:
         7a:5b:ff:94:ce:4f:e3:35:90:b4:07:2f:9a:6a:a1:07:6d:94:
         84:2a:1e:0f:bc:e8:42:6f:00:b2:59:f3:35:db:f0:7d:e8:34:
         79:f0:28:2e:94:90:83:8d:5f:7a:20:8e:1b:5c:47:63:60:7e:
         dd:fa:5d:3a:91:68:71:78:98:7f:c9:9e:83:d5:7e:88:7a:d3:
         a0:68:d0:4c:42:c9:19:f6:b7:94:19:26:84:9d:54:c2:02:89:
         a6:ba:5d:09:f9:bc:ae:56:da:18:47:5c:fa:dc:b2:d8:bf:9d:
         c8:66:7d:a6:af:ab:53:3c:f7:25:a5:31:dd:b3:17:34:03:54:
         7b:fc:9b:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAUbl5eTKikZKQ7rKn33TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjYjgxM2UwOWM5OTU1ZTBiZGE3MDQxZjgzNzNhOGZjNWRh
ZTZiOWQwHhcNMjQwMTAyMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGE2OGRjZGNlNTU1NjE0NTNmMDQ0N2ZmNGRmNDMxYTkxOWQyOTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoaXch0XtmBm/KXcWR9veH7hHPJI
iU/6erOFTeFWSAwL17+DQZBQhl8qXxnxsCTer1PMNpBiWKefqmbTKbWyxvK92YjJ
tCFpr+HWs5CWflJkcBxtKPMjUoJaqH5xVNyf7majf2V3LzmJIURemafMhpzskol4
9qLeJ8foVi9Kb5dmLpFBFl/D33oCb9V9l3835HA/c51GJE5w3YSn6cPIWHTUmzWR
UqCkzLYiPz3aHgR6UldvwRkbQod+/S9/ToeXzLm7Ztlaho6yGyjmZI1QhdBR024V
rvpydqtrWeZ4df9bpTfcxCoeADKXsVNzaAja11FDmJcIgoVSnVUQm77TtwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOSmjc3OVVYUU/BEf/TfQxqRnSmYMB8GA1UdIwQY
MBaAFFy4E+CcmVXgvacEH4NzqPxdrmudMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWExnVDRKeVpWZUM5cHdRZmczT29fRjJ1YTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8zNzIwNWItZmM1Ny00NjRjLWExYzEt
NmM2MmI5MzY2NzA1LzEvNUthTnpjNVZWaFJUOEVSXzlOOURHcEdkS1pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8zNzIwNWItZmM1Ny00NjRjLWExYzEtNmM2MmI5MzY2NzA1
LzEvWExnVDRKeVpWZUM5cHdRZmczT29fRjJ1YTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBBY
MA0GCSqGSIb3DQEBCwUAA4IBAQBshI6WMCnxfAXyHce6g8o/8qJ0DHxRNftpkpCt
l5/Ad5J0BJOexrDTzveYif2/269umgEy7wiJZtbhbtdi7FMGdbR6C8+RSJBIfQ/w
uX5kK9z9aSdvxSmIHltKoV74LeRjyy14wUQmVDrEwnLZHM7PQpIji9me4FWirgFR
eUV6W/+Uzk/jNZC0By+aaqEHbZSEKh4PvOhCbwCyWfM12/B96DR58CgulJCDjV96
II4bXEdjYH7d+l06kWhxeJh/yZ6D1X6IetOgaNBMQskZ9reUGSaEnVTCAommul0J
+byuVtoYR1z63LLYv53IZn2mr6tTPPclpTHdsxc0A1R7/JuM
-----END CERTIFICATE-----