Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/a20101-1c9f-44c5-8077-5190f7869a7f/1/VgRS2b3MaErF6VQzo2inraglu0M.roa
File:                     VgRS2b3MaErF6VQzo2inraglu0M.roa (raw, json)
Hash identifier:          HYJmhfSHBO/6eQVuE7xVEoRyEM0H4BDFDyueXDGQLRU=
Subject key identifier:   56:04:52:D9:BD:CC:68:4A:C5:E9:54:33:A3:68:A7:AD:A8:25:BB:43
Certificate issuer:       /CN=996f903f91a85a60c546ee1141348cc3c8036927
Certificate serial:       018CC5DC6651BD99C5797B2D47A31E8AF619
Authority key identifier: 99:6F:90:3F:91:A8:5A:60:C5:46:EE:11:41:34:8C:C3:C8:03:69:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mW-QP5GoWmDFRu4RQTSMw8gDaSc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/a20101-1c9f-44c5-8077-5190f7869a7f/1/VgRS2b3MaErF6VQzo2inraglu0M.roa
Signing time:             Mon 01 Jan 2024 16:30:04 +0000
ROA not before:           Mon 01 Jan 2024 16:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198333
IP address blocks:        2001:67c:1988::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/a20101-1c9f-44c5-8077-5190f7869a7f/1/mW-QP5GoWmDFRu4RQTSMw8gDaSc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/a20101-1c9f-44c5-8077-5190f7869a7f/1/mW-QP5GoWmDFRu4RQTSMw8gDaSc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mW-QP5GoWmDFRu4RQTSMw8gDaSc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 04:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:66:51:bd:99:c5:79:7b:2d:47:a3:1e:8a:f6:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=996f903f91a85a60c546ee1141348cc3c8036927
        Validity
            Not Before: Jan  1 16:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=560452d9bdcc684ac5e95433a368a7ada825bb43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:17:15:2c:b6:2f:1b:86:61:1c:64:9c:a3:5c:
                    95:e6:4e:bf:a1:64:7a:22:b3:9c:e4:40:23:9e:c3:
                    55:96:2b:df:ff:9d:bd:95:8d:42:0c:1c:33:71:03:
                    1b:7c:c2:da:7b:3d:77:43:e2:09:8b:f7:d5:42:a9:
                    21:73:3f:fc:1e:58:4e:09:a9:2c:b3:c0:74:22:38:
                    81:59:4f:79:c9:01:c9:03:64:f8:8f:30:e4:ed:5d:
                    a7:57:24:77:cf:55:7b:d2:2e:4a:de:1d:27:14:3f:
                    86:e3:ef:b7:8e:c8:a5:0f:d5:57:b8:2a:69:6d:48:
                    69:75:9f:e7:ae:9b:9f:0e:7e:93:7c:7c:73:32:3b:
                    dc:3b:5f:a1:7e:fe:66:b7:86:91:86:75:5b:51:22:
                    94:70:18:f1:92:a3:c3:69:be:bf:32:0c:ca:f4:ec:
                    ff:5d:7f:79:0f:30:b6:35:f8:1c:28:16:91:a0:da:
                    a2:60:f2:0c:96:f2:87:ff:a9:ec:1a:92:b9:f4:fe:
                    62:ad:53:87:1f:82:95:9d:fb:ba:f9:e3:35:e4:29:
                    aa:15:6f:2c:5d:93:0e:69:31:77:82:04:f9:b1:7c:
                    3b:15:b0:2b:53:f1:b3:80:8b:9f:b5:bc:ae:68:e8:
                    e9:6e:3b:0d:b8:57:39:78:a3:d6:f2:51:e9:63:8a:
                    35:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:04:52:D9:BD:CC:68:4A:C5:E9:54:33:A3:68:A7:AD:A8:25:BB:43
            X509v3 Authority Key Identifier:
                keyid:99:6F:90:3F:91:A8:5A:60:C5:46:EE:11:41:34:8C:C3:C8:03:69:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mW-QP5GoWmDFRu4RQTSMw8gDaSc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/a20101-1c9f-44c5-8077-5190f7869a7f/1/VgRS2b3MaErF6VQzo2inraglu0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/a20101-1c9f-44c5-8077-5190f7869a7f/1/mW-QP5GoWmDFRu4RQTSMw8gDaSc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1988::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:27:df:d5:e3:34:b7:c6:40:4a:7f:75:ef:51:a5:3b:03:8d:
         a8:88:e7:30:13:13:34:8b:49:10:ee:2d:e7:5c:be:a0:ff:e5:
         36:76:49:29:4a:bd:e1:21:d0:f4:0b:49:c7:dc:ff:68:cf:79:
         4d:08:f0:14:63:a5:de:60:de:64:6b:19:fa:9a:fe:ae:5b:8c:
         7f:ab:70:19:49:14:0f:74:ee:43:9a:f7:3e:34:a4:7a:b8:81:
         51:7f:35:f4:83:3f:e5:aa:41:11:a9:94:fa:7c:bc:c2:ae:70:
         5f:8f:d4:53:06:66:8a:a0:95:2f:55:a5:c6:7c:80:67:a1:45:
         64:fd:99:5d:0f:36:1f:6e:4d:b3:05:0e:3c:4f:2c:bb:9f:42:
         80:34:60:12:df:f4:38:80:eb:8b:85:f4:c8:2d:d5:1c:52:64:
         83:53:fc:59:b7:2d:1d:be:6a:90:e2:29:61:fd:83:97:a8:9e:
         02:5e:ea:8d:6e:7e:a7:5c:f3:c5:9a:c4:2e:ea:62:c9:37:73:
         d1:66:64:10:4b:98:33:38:f4:92:8a:bc:b5:48:b2:8a:a7:22:
         cf:b3:13:34:2e:fc:65:99:55:18:72:db:58:20:c1:55:fe:70:
         a2:06:ba:be:3e:61:02:2e:d6:3a:c0:ba:4f:a2:7b:ee:52:f8:
         17:32:0a:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3GZRvZnFeXstR6MeivYZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5NmY5MDNmOTFhODVhNjBjNTQ2ZWUxMTQxMzQ4Y2MzYzgw
MzY5MjcwHhcNMjQwMTAxMTYzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjA0NTJkOWJkY2M2ODRhYzVlOTU0MzNhMzY4YTdhZGE4MjViYjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxcVLLYvG4ZhHGSco1yV5k6/oWR6
IrOc5EAjnsNVlivf/529lY1CDBwzcQMbfMLaez13Q+IJi/fVQqkhcz/8HlhOCaks
s8B0IjiBWU95yQHJA2T4jzDk7V2nVyR3z1V70i5K3h0nFD+G4++3jsilD9VXuCpp
bUhpdZ/nrpufDn6TfHxzMjvcO1+hfv5mt4aRhnVbUSKUcBjxkqPDab6/MgzK9Oz/
XX95DzC2NfgcKBaRoNqiYPIMlvKH/6nsGpK59P5irVOHH4KVnfu6+eM15CmqFW8s
XZMOaTF3ggT5sXw7FbArU/GzgIuftbyuaOjpbjsNuFc5eKPW8lHpY4o1bwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFYEUtm9zGhKxelUM6Nop62oJbtDMB8GA1UdIwQY
MBaAFJlvkD+RqFpgxUbuEUE0jMPIA2knMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVctUVA1R29XbURGUnU0UlFUU013OGdEYVNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9hMjAxMDEtMWM5Zi00NGM1LTgwNzct
NTE5MGY3ODY5YTdmLzEvVmdSUzJiM01hRXJGNlZRem8yaW5yYWdsdTBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9hMjAxMDEtMWM5Zi00NGM1LTgwNzctNTE5MGY3ODY5YTdm
LzEvbVctUVA1R29XbURGUnU0UlFUU013OGdEYVNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBmI
MA0GCSqGSIb3DQEBCwUAA4IBAQBQJ9/V4zS3xkBKf3XvUaU7A42oiOcwExM0i0kQ
7i3nXL6g/+U2dkkpSr3hIdD0C0nH3P9oz3lNCPAUY6XeYN5kaxn6mv6uW4x/q3AZ
SRQPdO5Dmvc+NKR6uIFRfzX0gz/lqkERqZT6fLzCrnBfj9RTBmaKoJUvVaXGfIBn
oUVk/ZldDzYfbk2zBQ48Tyy7n0KANGAS3/Q4gOuLhfTILdUcUmSDU/xZty0dvmqQ
4ilh/YOXqJ4CXuqNbn6nXPPFmsQu6mLJN3PRZmQQS5gzOPSSiry1SLKKpyLPsxM0
LvxlmVUYcttYIMFV/nCiBrq+PmECLtY6wLpPonvuUvgXMgqz
-----END CERTIFICATE-----