Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/e7b40c-414b-473a-b8c7-b7b1481625b1/1/tSvr38ObB0-1eC7Z-K0qQPIPAdc.roa
File:                     tSvr38ObB0-1eC7Z-K0qQPIPAdc.roa (raw, json)
Hash identifier:          XpCXW15mUTrB++qvgndiiC7MsT8q2iqb+K2hot2nt8k=
Subject key identifier:   B5:2B:EB:DF:C3:9B:07:4F:B5:78:2E:D9:F8:AD:2A:40:F2:0F:01:D7
Certificate issuer:       /CN=a669f1c21370c44dfd10e2af688c8c4e0ea12955
Certificate serial:       018CCA285CC1460FBFD8011A64EF8593D4B4
Authority key identifier: A6:69:F1:C2:13:70:C4:4D:FD:10:E2:AF:68:8C:8C:4E:0E:A1:29:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pmnxwhNwxE39EOKvaIyMTg6hKVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/e7b40c-414b-473a-b8c7-b7b1481625b1/1/tSvr38ObB0-1eC7Z-K0qQPIPAdc.roa
Signing time:             Tue 02 Jan 2024 12:31:31 +0000
ROA not before:           Tue 02 Jan 2024 12:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211723
IP address blocks:        2001:67c:296c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/e7b40c-414b-473a-b8c7-b7b1481625b1/1/pmnxwhNwxE39EOKvaIyMTg6hKVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/e7b40c-414b-473a-b8c7-b7b1481625b1/1/pmnxwhNwxE39EOKvaIyMTg6hKVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pmnxwhNwxE39EOKvaIyMTg6hKVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:5c:c1:46:0f:bf:d8:01:1a:64:ef:85:93:d4:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a669f1c21370c44dfd10e2af688c8c4e0ea12955
        Validity
            Not Before: Jan  2 12:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b52bebdfc39b074fb5782ed9f8ad2a40f20f01d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:d9:74:70:82:78:3a:96:be:a3:f0:67:6c:c7:
                    d7:03:78:82:ca:64:26:08:5f:61:32:1f:57:f7:6f:
                    df:72:d0:33:27:42:4e:3a:db:94:bf:b1:d7:2e:4d:
                    22:b5:c8:0b:72:df:dd:33:51:cf:81:0c:9c:09:d4:
                    06:c1:17:9e:09:70:12:76:25:ce:81:a0:ad:4d:8a:
                    1b:af:ca:b0:dc:1f:5a:3a:c3:01:23:63:f5:cf:09:
                    6e:ca:f1:5c:94:8e:bf:d7:2c:06:19:ae:6d:9f:ce:
                    13:cb:e6:a5:96:fa:f6:68:b6:77:92:56:66:0c:73:
                    30:23:26:09:91:5e:72:9e:08:6b:3d:0d:dc:5f:b2:
                    0b:c3:45:6e:99:af:b0:fb:2d:c7:dc:cd:f1:7e:98:
                    89:d5:0c:a2:b4:c7:f3:de:7e:60:2f:64:42:f2:e6:
                    38:67:5b:b4:c3:3c:63:dc:bd:50:f7:85:3a:3d:dd:
                    d4:1d:12:01:5c:81:10:97:d8:29:ac:ea:62:cc:d4:
                    3b:3e:77:52:bd:e1:d2:0c:48:a0:ec:74:1a:61:5b:
                    b3:0d:2c:76:50:a4:57:46:d3:df:d8:e0:e3:22:b3:
                    61:1e:ca:fe:3a:03:99:04:74:06:40:6d:a3:93:06:
                    28:94:e1:bd:7a:c9:15:b5:10:36:bd:65:39:97:1c:
                    84:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:2B:EB:DF:C3:9B:07:4F:B5:78:2E:D9:F8:AD:2A:40:F2:0F:01:D7
            X509v3 Authority Key Identifier:
                keyid:A6:69:F1:C2:13:70:C4:4D:FD:10:E2:AF:68:8C:8C:4E:0E:A1:29:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pmnxwhNwxE39EOKvaIyMTg6hKVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e7b40c-414b-473a-b8c7-b7b1481625b1/1/tSvr38ObB0-1eC7Z-K0qQPIPAdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e7b40c-414b-473a-b8c7-b7b1481625b1/1/pmnxwhNwxE39EOKvaIyMTg6hKVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:296c::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:1d:92:e0:15:83:41:31:31:80:52:b9:7c:98:54:3c:12:7a:
         b8:42:09:c8:61:62:0f:8d:97:54:3f:64:ea:e6:3f:bb:9f:12:
         e9:77:7e:b1:36:66:37:8f:4a:ca:b2:c8:d1:7d:e3:85:4b:82:
         1b:c3:3c:01:45:74:1d:66:db:56:f8:0a:b9:39:51:f0:61:dc:
         80:f1:c2:3f:a0:fc:8e:88:37:a5:52:78:60:51:ba:8f:06:0b:
         94:a8:56:d7:a2:9d:0e:19:25:c4:50:bf:dd:a2:f0:47:d1:8f:
         75:f5:6d:90:40:0f:00:64:eb:28:b5:d3:45:53:b8:fa:16:39:
         20:d7:31:51:a7:7d:a2:c0:6b:bb:6e:0e:13:1c:f2:bc:04:b6:
         93:bc:71:32:0a:72:6a:0c:c9:6d:cd:aa:4f:3a:c0:9b:fb:31:
         23:74:45:ca:e4:05:86:32:32:e6:a2:61:65:e4:2a:9b:59:98:
         bd:35:8c:ef:15:e6:ae:61:82:7d:f4:df:84:16:12:0a:c4:ba:
         96:c5:fd:6f:5a:de:20:58:d2:1c:1d:3c:96:2f:62:fd:97:84:
         66:69:af:17:84:57:66:d2:2a:0d:fd:eb:fc:4b:50:dd:60:67:
         42:cc:d8:aa:8e:d8:f2:27:29:63:f4:79:bb:22:af:a7:d6:57:
         2c:bb:3e:2d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKFzBRg+/2AEaZO+Fk9S0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NjlmMWMyMTM3MGM0NGRmZDEwZTJhZjY4OGM4YzRlMGVh
MTI5NTUwHhcNMjQwMTAyMTIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTJiZWJkZmMzOWIwNzRmYjU3ODJlZDlmOGFkMmE0MGYyMGYwMWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9l0cIJ4Opa+o/BnbMfXA3iCymQm
CF9hMh9X92/fctAzJ0JOOtuUv7HXLk0itcgLct/dM1HPgQycCdQGwReeCXASdiXO
gaCtTYobr8qw3B9aOsMBI2P1zwluyvFclI6/1ywGGa5tn84Ty+allvr2aLZ3klZm
DHMwIyYJkV5ynghrPQ3cX7ILw0Vuma+w+y3H3M3xfpiJ1QyitMfz3n5gL2RC8uY4
Z1u0wzxj3L1Q94U6Pd3UHRIBXIEQl9gprOpizNQ7PndSveHSDEig7HQaYVuzDSx2
UKRXRtPf2ODjIrNhHsr+OgOZBHQGQG2jkwYolOG9eskVtRA2vWU5lxyE4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLUr69/DmwdPtXgu2fitKkDyDwHXMB8GA1UdIwQY
MBaAFKZp8cITcMRN/RDir2iMjE4OoSlVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG1ueHdoTnd4RTM5RU9LdmFJeU1UZzZoS1ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9lN2I0MGMtNDE0Yi00NzNhLWI4Yzct
YjdiMTQ4MTYyNWIxLzEvdFN2cjM4T2JCMC0xZUM3Wi1LMHFRUElQQWRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9lN2I0MGMtNDE0Yi00NzNhLWI4YzctYjdiMTQ4MTYyNWIx
LzEvcG1ueHdoTnd4RTM5RU9LdmFJeU1UZzZoS1ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCls
MA0GCSqGSIb3DQEBCwUAA4IBAQB7HZLgFYNBMTGAUrl8mFQ8Enq4QgnIYWIPjZdU
P2Tq5j+7nxLpd36xNmY3j0rKssjRfeOFS4IbwzwBRXQdZttW+Aq5OVHwYdyA8cI/
oPyOiDelUnhgUbqPBguUqFbXop0OGSXEUL/dovBH0Y919W2QQA8AZOsotdNFU7j6
Fjkg1zFRp32iwGu7bg4THPK8BLaTvHEyCnJqDMltzapPOsCb+zEjdEXK5AWGMjLm
omFl5CqbWZi9NYzvFeauYYJ99N+EFhIKxLqWxf1vWt4gWNIcHTyWL2L9l4Rmaa8X
hFdm0ioN/ev8S1DdYGdCzNiqjtjyJylj9Hm7Iq+n1lcsuz4t
-----END CERTIFICATE-----