Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/594e08-1665-4348-80a4-3be9a66972e7/1/UPhMHmcvQmd85wmH5vkfpilF9Sk.roa
File:                     UPhMHmcvQmd85wmH5vkfpilF9Sk.roa (raw, json)
Hash identifier:          bLy+v/B6QoRdc36I+JOyWqvkEL/j1sUcsZg26nJ/H/Y=
Subject key identifier:   50:F8:4C:1E:67:2F:42:67:7C:E7:09:87:E6:F9:1F:A6:29:45:F5:29
Certificate issuer:       /CN=b63f9769df97b8b9aa88bd22e9f41cc27fcf16a7
Certificate serial:       018ECDB92650B51C01A277082321D965B72C
Authority key identifier: B6:3F:97:69:DF:97:B8:B9:AA:88:BD:22:E9:F4:1C:C2:7F:CF:16:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tj-Xad-XuLmqiL0i6fQcwn_PFqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/594e08-1665-4348-80a4-3be9a66972e7/1/UPhMHmcvQmd85wmH5vkfpilF9Sk.roa
Signing time:             Thu 11 Apr 2024 15:14:06 +0000
ROA not before:           Thu 11 Apr 2024 15:14:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204181
IP address blocks:        2001:67c:a10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/594e08-1665-4348-80a4-3be9a66972e7/1/tj-Xad-XuLmqiL0i6fQcwn_PFqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/594e08-1665-4348-80a4-3be9a66972e7/1/tj-Xad-XuLmqiL0i6fQcwn_PFqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tj-Xad-XuLmqiL0i6fQcwn_PFqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cd:b9:26:50:b5:1c:01:a2:77:08:23:21:d9:65:b7:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b63f9769df97b8b9aa88bd22e9f41cc27fcf16a7
        Validity
            Not Before: Apr 11 15:14:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50f84c1e672f42677ce70987e6f91fa62945f529
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:36:7d:8f:01:d8:da:a6:45:81:ed:e4:7a:e9:
                    83:40:47:87:ea:08:0d:d8:47:76:e4:0f:4e:8f:74:
                    a8:1a:6d:e8:94:d7:1c:02:94:3d:d5:fc:95:77:fb:
                    0b:51:02:ea:1f:25:29:5a:7d:8b:df:0f:45:91:ce:
                    17:19:35:33:02:e5:87:a4:5b:c4:c8:87:65:0e:58:
                    6d:4b:fa:9d:69:a8:32:63:b4:8c:54:68:e9:65:65:
                    c5:57:46:d3:91:c2:70:d1:c9:bc:4d:75:3c:5b:9d:
                    1f:25:25:0e:8f:20:ab:ea:9b:94:4c:96:d6:e9:ef:
                    86:0b:ed:af:cd:d4:ad:d1:8f:e6:ba:81:51:7a:3b:
                    7d:d9:7c:84:bf:70:52:0d:8c:61:16:be:61:3c:c4:
                    38:1b:df:c8:70:7d:7e:88:e7:98:a8:fb:41:c9:5f:
                    03:d6:65:d4:0f:b3:e9:83:5a:f9:32:29:92:e1:61:
                    5a:a0:29:84:8c:b0:4a:4c:45:b0:97:6c:7b:2a:30:
                    2b:12:62:51:0e:c0:a6:af:b0:2d:11:46:39:09:d0:
                    87:3d:68:da:6f:79:6a:ff:a3:0b:7a:60:ba:6c:8e:
                    5a:21:c3:87:ec:86:79:c3:49:cc:70:b3:65:c5:63:
                    19:6c:05:fb:f6:92:54:52:0c:18:96:4a:99:59:1d:
                    6c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:F8:4C:1E:67:2F:42:67:7C:E7:09:87:E6:F9:1F:A6:29:45:F5:29
            X509v3 Authority Key Identifier:
                keyid:B6:3F:97:69:DF:97:B8:B9:AA:88:BD:22:E9:F4:1C:C2:7F:CF:16:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tj-Xad-XuLmqiL0i6fQcwn_PFqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/594e08-1665-4348-80a4-3be9a66972e7/1/UPhMHmcvQmd85wmH5vkfpilF9Sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/594e08-1665-4348-80a4-3be9a66972e7/1/tj-Xad-XuLmqiL0i6fQcwn_PFqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a10::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:7b:3a:95:80:74:d5:6a:1a:2e:58:cb:f9:8a:55:db:07:19:
         85:e3:30:c0:ed:7f:ad:7e:90:ee:16:4a:e5:31:ea:b4:21:12:
         85:61:ea:ac:3b:25:19:47:8b:8e:d5:fa:02:7d:4c:bc:3d:4c:
         9f:e2:d5:9d:ee:dd:f8:13:68:62:71:66:8e:1b:7d:92:1e:28:
         5f:78:24:55:ce:a8:22:78:29:d6:6d:d3:8b:e3:b2:84:50:f4:
         ac:2a:80:66:48:8a:ef:30:05:0f:c6:fa:a0:07:aa:9f:d5:0c:
         aa:75:dc:71:aa:6b:f1:dc:c0:06:af:df:d0:dc:77:0f:23:9e:
         75:49:46:4b:23:51:be:2e:5f:ff:85:09:79:5c:84:63:bb:a6:
         dd:ec:a2:c4:7d:5a:c5:99:7f:f4:fc:bb:fd:d9:51:56:e7:aa:
         d3:60:1f:b1:70:97:15:81:88:ee:72:4d:18:c0:b4:2b:53:bf:
         ec:6d:04:5c:88:83:e3:76:29:ea:e0:cf:f3:91:a7:26:51:30:
         54:52:1e:c3:ca:95:ee:fb:b8:bd:43:77:b6:80:ce:ac:8d:53:
         da:d1:b9:cf:2c:1a:ab:32:da:42:3b:8a:3a:a1:c8:d4:0f:2d:
         18:51:e9:1e:0e:d9:5c:8a:b8:94:13:1c:f7:19:01:5b:47:68:
         cf:ed:0f:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY7NuSZQtRwBoncIIyHZZbcsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2M2Y5NzY5ZGY5N2I4YjlhYTg4YmQyMmU5ZjQxY2MyN2Zj
ZjE2YTcwHhcNMjQwNDExMTUxNDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGY4NGMxZTY3MmY0MjY3N2NlNzA5ODdlNmY5MWZhNjI5NDVmNTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTZ9jwHY2qZFge3keumDQEeH6ggN
2Ed25A9Oj3SoGm3olNccApQ91fyVd/sLUQLqHyUpWn2L3w9Fkc4XGTUzAuWHpFvE
yIdlDlhtS/qdaagyY7SMVGjpZWXFV0bTkcJw0cm8TXU8W50fJSUOjyCr6puUTJbW
6e+GC+2vzdSt0Y/muoFRejt92XyEv3BSDYxhFr5hPMQ4G9/IcH1+iOeYqPtByV8D
1mXUD7Ppg1r5MimS4WFaoCmEjLBKTEWwl2x7KjArEmJRDsCmr7AtEUY5CdCHPWja
b3lq/6MLemC6bI5aIcOH7IZ5w0nMcLNlxWMZbAX79pJUUgwYlkqZWR1sAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFD4TB5nL0JnfOcJh+b5H6YpRfUpMB8GA1UdIwQY
MBaAFLY/l2nfl7i5qoi9Iun0HMJ/zxanMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGotWGFkLVh1TG1xaUwwaTZmUWN3bl9QRnFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC81OTRlMDgtMTY2NS00MzQ4LTgwYTQt
M2JlOWE2Njk3MmU3LzEvVVBoTUhtY3ZRbWQ4NXdtSDV2a2ZwaWxGOVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC81OTRlMDgtMTY2NS00MzQ4LTgwYTQtM2JlOWE2Njk3MmU3
LzEvdGotWGFkLVh1TG1xaUwwaTZmUWN3bl9QRnFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAzezqVgHTVahouWMv5ilXbBxmF4zDA7X+tfpDu
FkrlMeq0IRKFYeqsOyUZR4uO1foCfUy8PUyf4tWd7t34E2hicWaOG32SHihfeCRV
zqgieCnWbdOL47KEUPSsKoBmSIrvMAUPxvqgB6qf1Qyqddxxqmvx3MAGr9/Q3HcP
I551SUZLI1G+Ll//hQl5XIRju6bd7KLEfVrFmX/0/Lv92VFW56rTYB+xcJcVgYju
ck0YwLQrU7/sbQRciIPjdinq4M/zkacmUTBUUh7DypXu+7i9Q3e2gM6sjVPa0bnP
LBqrMtpCO4o6ocjUDy0YUekeDtlciriUExz3GQFbR2jP7Q/6
-----END CERTIFICATE-----