Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/793283-e304-4270-b300-1b15b25879f2/1/gj6Yi2KQAGes4eI6WnlmwiQ6kdA.roa
File:                     gj6Yi2KQAGes4eI6WnlmwiQ6kdA.roa (raw, json)
Hash identifier:          U/KvyTRHoYm4+lr8DamrffptLgYZWzqgWZ1VwobHzuA=
Subject key identifier:   82:3E:98:8B:62:90:00:67:AC:E1:E2:3A:5A:79:66:C2:24:3A:91:D0
Certificate issuer:       /CN=53c8c4f951206f1abd86a73d1cbbb39907e86e1f
Certificate serial:       019421B167B84528109EB8DAD10A5C3A0703
Authority key identifier: 53:C8:C4:F9:51:20:6F:1A:BD:86:A7:3D:1C:BB:B3:99:07:E8:6E:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U8jE-VEgbxq9hqc9HLuzmQfobh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/793283-e304-4270-b300-1b15b25879f2/1/gj6Yi2KQAGes4eI6WnlmwiQ6kdA.roa
Signing time:             Wed 01 Jan 2025 11:47:41 +0000
ROA not before:           Wed 01 Jan 2025 11:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16375
IP address blocks:        2001:67c:2568::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/793283-e304-4270-b300-1b15b25879f2/1/U8jE-VEgbxq9hqc9HLuzmQfobh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/793283-e304-4270-b300-1b15b25879f2/1/U8jE-VEgbxq9hqc9HLuzmQfobh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U8jE-VEgbxq9hqc9HLuzmQfobh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 11:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:67:b8:45:28:10:9e:b8:da:d1:0a:5c:3a:07:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53c8c4f951206f1abd86a73d1cbbb39907e86e1f
        Validity
            Not Before: Jan  1 11:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=823e988b62900067ace1e23a5a7966c2243a91d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:72:f2:55:32:6f:fd:c8:c9:60:9e:b9:ac:64:
                    b8:26:c6:c1:95:46:1a:0c:fc:ae:60:2e:a0:dd:0b:
                    82:c6:03:c8:58:fd:70:7e:f9:8d:4e:2c:1d:4b:87:
                    ac:5a:1b:82:ec:f9:0f:2b:8c:bc:77:90:8e:2c:ae:
                    6e:0f:43:7a:54:ef:d9:a1:1c:d1:08:c6:d7:84:7a:
                    8e:90:47:46:82:a9:d6:97:24:83:e0:31:53:53:71:
                    30:5c:29:73:d2:56:1e:a4:f2:8b:cc:75:46:76:af:
                    4b:64:00:66:94:fa:af:96:32:06:b7:b5:e9:af:71:
                    c2:38:50:77:a5:28:bb:5b:38:ce:6e:62:30:95:47:
                    44:28:e1:3d:38:5c:ef:50:f7:0e:49:92:eb:98:82:
                    3f:78:eb:9b:46:06:73:f0:ee:3f:95:63:31:c2:af:
                    90:d9:2c:be:06:db:a3:ba:0c:ec:b3:81:7c:c8:80:
                    22:23:dc:82:ac:fe:88:cc:44:41:f5:76:08:06:01:
                    16:a7:78:d6:38:4b:cd:48:ed:18:ab:65:cc:af:cc:
                    2f:67:1d:38:73:24:2b:2a:bf:89:56:48:60:15:fc:
                    e9:6b:b9:d3:34:9b:67:30:c3:29:00:1e:1c:cf:33:
                    fd:cd:b5:2a:90:22:bd:90:fa:da:af:a9:27:f6:94:
                    a1:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:3E:98:8B:62:90:00:67:AC:E1:E2:3A:5A:79:66:C2:24:3A:91:D0
            X509v3 Authority Key Identifier:
                keyid:53:C8:C4:F9:51:20:6F:1A:BD:86:A7:3D:1C:BB:B3:99:07:E8:6E:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U8jE-VEgbxq9hqc9HLuzmQfobh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/793283-e304-4270-b300-1b15b25879f2/1/gj6Yi2KQAGes4eI6WnlmwiQ6kdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/793283-e304-4270-b300-1b15b25879f2/1/U8jE-VEgbxq9hqc9HLuzmQfobh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2568::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:83:ab:91:61:46:20:ba:ff:14:d9:a7:89:00:f6:38:2f:ce:
         da:68:a2:91:01:82:8c:d2:d7:e0:49:14:2b:f5:de:53:77:be:
         63:3b:3a:ac:91:34:65:32:be:a9:1c:32:4f:c0:41:99:8a:c5:
         53:3a:97:4b:b6:54:95:cb:fd:32:cb:26:63:97:c1:13:6f:03:
         ed:af:22:30:0d:96:6c:38:15:28:cc:12:4f:aa:76:28:c6:c2:
         4f:ea:10:1d:15:ae:70:68:3a:a5:01:e3:09:85:74:13:3f:51:
         86:9a:e6:5c:ac:75:d3:7b:16:6d:08:11:f9:31:7a:8c:11:46:
         78:f6:69:fb:c5:40:50:75:72:35:06:81:a6:62:f6:4e:1b:dd:
         be:3d:9f:77:15:06:8e:d7:92:5b:cf:37:82:a7:b7:54:4c:f2:
         7d:18:85:81:ca:8a:d2:1d:50:8a:d7:3c:9b:40:c3:23:7b:aa:
         ef:14:f5:13:f6:46:0f:85:16:40:65:69:5d:17:7d:e9:8a:58:
         f9:5f:75:d7:c1:94:79:89:3f:e3:1e:74:b2:12:60:c0:61:b0:
         6f:af:a2:7f:e9:4e:6b:3e:86:3c:a3:5d:a7:f7:e3:e9:a0:f2:
         44:b6:fa:8e:0b:f5:5d:10:95:b4:c7:05:0d:e2:88:1a:d8:aa:
         56:23:7e:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhsWe4RSgQnrja0QpcOgcDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYzhjNGY5NTEyMDZmMWFiZDg2YTczZDFjYmJiMzk5MDdl
ODZlMWYwHhcNMjUwMTAxMTE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjNlOTg4YjYyOTAwMDY3YWNlMWUyM2E1YTc5NjZjMjI0M2E5MWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnLyVTJv/cjJYJ65rGS4JsbBlUYa
DPyuYC6g3QuCxgPIWP1wfvmNTiwdS4esWhuC7PkPK4y8d5COLK5uD0N6VO/ZoRzR
CMbXhHqOkEdGgqnWlySD4DFTU3EwXClz0lYepPKLzHVGdq9LZABmlPqvljIGt7Xp
r3HCOFB3pSi7WzjObmIwlUdEKOE9OFzvUPcOSZLrmII/eOubRgZz8O4/lWMxwq+Q
2Sy+Btujugzss4F8yIAiI9yCrP6IzERB9XYIBgEWp3jWOEvNSO0Yq2XMr8wvZx04
cyQrKr+JVkhgFfzpa7nTNJtnMMMpAB4czzP9zbUqkCK9kPrar6kn9pShxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFII+mItikABnrOHiOlp5ZsIkOpHQMB8GA1UdIwQY
MBaAFFPIxPlRIG8avYanPRy7s5kH6G4fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVThqRS1WRWdieHE5aHFjOUhMdXptUWZvYmg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi83OTMyODMtZTMwNC00MjcwLWIzMDAt
MWIxNWIyNTg3OWYyLzEvZ2o2WWkyS1FBR2VzNGVJNldubG13aVE2a2RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi83OTMyODMtZTMwNC00MjcwLWIzMDAtMWIxNWIyNTg3OWYy
LzEvVThqRS1WRWdieHE5aHFjOUhMdXptUWZvYmg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCVo
MA0GCSqGSIb3DQEBCwUAA4IBAQBbg6uRYUYguv8U2aeJAPY4L87aaKKRAYKM0tfg
SRQr9d5Td75jOzqskTRlMr6pHDJPwEGZisVTOpdLtlSVy/0yyyZjl8ETbwPtryIw
DZZsOBUozBJPqnYoxsJP6hAdFa5waDqlAeMJhXQTP1GGmuZcrHXTexZtCBH5MXqM
EUZ49mn7xUBQdXI1BoGmYvZOG92+PZ93FQaO15JbzzeCp7dUTPJ9GIWByorSHVCK
1zybQMMje6rvFPUT9kYPhRZAZWldF33pilj5X3XXwZR5iT/jHnSyEmDAYbBvr6J/
6U5rPoY8o12n9+PpoPJEtvqOC/VdEJW0xwUN4oga2KpWI36C
-----END CERTIFICATE-----