Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/8878d9-4f1c-426b-8a40-658120ae68e1/1/_V1zm2gwXVk9BxSHcnJUx9IAc1U.roa
File:                     _V1zm2gwXVk9BxSHcnJUx9IAc1U.roa (raw, json)
Hash identifier:          qJkFRYMG7jmn/lYUw1SXMp1o3xdtAZSFzU+zm2gM7Mo=
Subject key identifier:   FD:5D:73:9B:68:30:5D:59:3D:07:14:87:72:72:54:C7:D2:00:73:55
Certificate issuer:       /CN=20264d51a112d0bc22cea7314cb06cf5a1ae33e9
Certificate serial:       018CC794B616C86D75719A0A141C1BB5AB5E
Authority key identifier: 20:26:4D:51:A1:12:D0:BC:22:CE:A7:31:4C:B0:6C:F5:A1:AE:33:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ICZNUaES0LwizqcxTLBs9aGuM-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/8878d9-4f1c-426b-8a40-658120ae68e1/1/_V1zm2gwXVk9BxSHcnJUx9IAc1U.roa
Signing time:             Tue 02 Jan 2024 00:31:01 +0000
ROA not before:           Tue 02 Jan 2024 00:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204896
IP address blocks:        2001:67c:4bc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/8878d9-4f1c-426b-8a40-658120ae68e1/1/ICZNUaES0LwizqcxTLBs9aGuM-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/8878d9-4f1c-426b-8a40-658120ae68e1/1/ICZNUaES0LwizqcxTLBs9aGuM-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ICZNUaES0LwizqcxTLBs9aGuM-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:b6:16:c8:6d:75:71:9a:0a:14:1c:1b:b5:ab:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20264d51a112d0bc22cea7314cb06cf5a1ae33e9
        Validity
            Not Before: Jan  2 00:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd5d739b68305d593d071487727254c7d2007355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8b:ee:b3:23:36:19:07:d1:85:ee:ba:bc:c9:
                    9b:4b:39:23:29:85:e8:08:83:34:c8:6e:be:12:ac:
                    b2:71:23:03:88:72:b2:16:ab:d6:dd:33:5a:91:eb:
                    0a:60:82:2f:4d:c4:e8:37:e7:44:87:69:8e:2d:a5:
                    2f:d0:26:90:d1:a7:e1:68:4c:57:6d:32:f6:69:f8:
                    3b:27:c1:0d:6a:97:6e:01:35:38:5b:d8:f7:0a:26:
                    a5:e9:90:88:0a:22:61:0c:0d:6a:1d:06:8a:e9:f8:
                    49:fb:54:f6:2e:b7:14:9b:75:ee:52:a7:9c:d1:bb:
                    46:cf:f8:55:54:21:39:b0:11:3a:cb:24:95:dc:17:
                    e8:4c:46:45:c6:53:99:3c:f2:58:b1:2d:7f:4f:f4:
                    d2:87:e6:45:67:a2:03:05:66:23:0a:b0:1f:ab:59:
                    cb:8e:2f:07:7c:62:55:8c:f9:0c:6c:79:50:fa:29:
                    bd:0f:65:96:2a:e6:ff:9a:29:34:c2:52:4a:59:c0:
                    a1:49:ea:61:0b:c7:4b:91:56:ce:2b:15:50:75:09:
                    d6:10:9c:21:2b:21:55:55:2e:ec:f7:d9:2d:3f:4a:
                    79:02:52:cc:ee:50:dd:30:07:ae:10:79:2a:f0:45:
                    9e:6d:14:08:d3:4b:46:b7:02:93:14:55:bd:1f:bc:
                    ce:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:5D:73:9B:68:30:5D:59:3D:07:14:87:72:72:54:C7:D2:00:73:55
            X509v3 Authority Key Identifier:
                keyid:20:26:4D:51:A1:12:D0:BC:22:CE:A7:31:4C:B0:6C:F5:A1:AE:33:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ICZNUaES0LwizqcxTLBs9aGuM-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/8878d9-4f1c-426b-8a40-658120ae68e1/1/_V1zm2gwXVk9BxSHcnJUx9IAc1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/8878d9-4f1c-426b-8a40-658120ae68e1/1/ICZNUaES0LwizqcxTLBs9aGuM-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:4bc::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:8e:41:87:4c:ab:7b:4c:2b:d2:9b:32:c5:bc:33:a8:22:cc:
         46:01:41:2e:98:cb:d1:11:a1:8e:49:ac:c9:c8:6c:8b:86:ff:
         26:62:44:79:1c:06:8b:10:a2:7d:17:03:28:90:55:93:18:91:
         84:34:9e:1f:57:0f:39:88:07:8d:40:8d:be:7f:80:7f:39:8b:
         b3:1d:c2:e3:9d:99:bf:64:94:d3:28:c5:92:f7:15:de:fc:9e:
         83:d6:e0:ce:4a:2e:3d:52:59:a4:71:b9:30:df:82:95:d1:6a:
         60:af:3c:f3:39:6c:fb:b7:c1:8f:86:96:a4:da:42:3a:1f:9a:
         63:cb:73:0f:90:aa:c7:37:95:c4:52:e6:c6:9f:b8:5c:af:3d:
         e2:01:bc:a8:9e:38:a4:6e:22:6f:dc:99:e9:d6:cf:78:c5:41:
         43:c5:2b:96:75:57:8f:fd:f1:12:90:79:53:9f:5c:b3:6f:4a:
         d4:c1:c7:8c:94:d1:fd:5c:41:0f:ad:fb:fb:4b:77:67:5f:1d:
         fa:ff:ed:e6:de:da:a3:59:30:a1:b3:14:1f:b4:fd:a2:c9:a1:
         1f:7e:48:9e:4e:69:3d:78:2e:3b:b2:ab:af:81:fe:b2:9c:83:
         97:8c:bd:a7:c3:81:5c:cb:98:3f:ad:68:4e:10:d2:f1:2f:d1:
         7a:b9:3d:ce
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlLYWyG11cZoKFBwbtateMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMjY0ZDUxYTExMmQwYmMyMmNlYTczMTRjYjA2Y2Y1YTFh
ZTMzZTkwHhcNMjQwMTAyMDAzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDVkNzM5YjY4MzA1ZDU5M2QwNzE0ODc3MjcyNTRjN2QyMDA3MzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYvusyM2GQfRhe66vMmbSzkjKYXo
CIM0yG6+EqyycSMDiHKyFqvW3TNakesKYIIvTcToN+dEh2mOLaUv0CaQ0afhaExX
bTL2afg7J8ENapduATU4W9j3Cial6ZCICiJhDA1qHQaK6fhJ+1T2LrcUm3XuUqec
0btGz/hVVCE5sBE6yySV3BfoTEZFxlOZPPJYsS1/T/TSh+ZFZ6IDBWYjCrAfq1nL
ji8HfGJVjPkMbHlQ+im9D2WWKub/mik0wlJKWcChSephC8dLkVbOKxVQdQnWEJwh
KyFVVS7s99ktP0p5AlLM7lDdMAeuEHkq8EWebRQI00tGtwKTFFW9H7zOVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP1dc5toMF1ZPQcUh3JyVMfSAHNVMB8GA1UdIwQY
MBaAFCAmTVGhEtC8Is6nMUywbPWhrjPpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUNaTlVhRVMwTHdpenFjeFRMQnM5YUd1TS1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy84ODc4ZDktNGYxYy00MjZiLThhNDAt
NjU4MTIwYWU2OGUxLzEvX1Yxem0yZ3dYVms5QnhTSGNuSlV4OUlBYzFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy84ODc4ZDktNGYxYy00MjZiLThhNDAtNjU4MTIwYWU2OGUx
LzEvSUNaTlVhRVMwTHdpenFjeFRMQnM5YUd1TS1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAS8
MA0GCSqGSIb3DQEBCwUAA4IBAQCDjkGHTKt7TCvSmzLFvDOoIsxGAUEumMvREaGO
SazJyGyLhv8mYkR5HAaLEKJ9FwMokFWTGJGENJ4fVw85iAeNQI2+f4B/OYuzHcLj
nZm/ZJTTKMWS9xXe/J6D1uDOSi49Ulmkcbkw34KV0WpgrzzzOWz7t8GPhpak2kI6
H5pjy3MPkKrHN5XEUubGn7hcrz3iAbyonjikbiJv3Jnp1s94xUFDxSuWdVeP/fES
kHlTn1yzb0rUwceMlNH9XEEPrfv7S3dnXx36/+3m3tqjWTChsxQftP2iyaEffkie
Tmk9eC47squvgf6ynIOXjL2nw4Fcy5g/rWhOENLxL9F6uT3O
-----END CERTIFICATE-----