Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/21b007-a086-4312-9d23-62f666473b21/1/4F5_eVYJG9hUB5W-Sluj7GspvGc.roa
File:                     4F5_eVYJG9hUB5W-Sluj7GspvGc.roa (raw, json)
Hash identifier:          kB+yQpcvethguyZgnzvLynn+gEfcQl1AtZbRWbHy7Ao=
Subject key identifier:   E0:5E:7F:79:56:09:1B:D8:54:07:95:BE:4A:5B:A3:EC:6B:29:BC:67
Certificate issuer:       /CN=7d01a5d90dc3a836ceb6381efc7534e129f43a4c
Certificate serial:       018CC9BB2387B169C0E50D4BF83E66E1BC66
Authority key identifier: 7D:01:A5:D9:0D:C3:A8:36:CE:B6:38:1E:FC:75:34:E1:29:F4:3A:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQGl2Q3DqDbOtjge_HU04Sn0Okw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/21b007-a086-4312-9d23-62f666473b21/1/4F5_eVYJG9hUB5W-Sluj7GspvGc.roa
Signing time:             Tue 02 Jan 2024 10:32:13 +0000
ROA not before:           Tue 02 Jan 2024 10:32:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5524
IP address blocks:        2001:67c:23b8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/21b007-a086-4312-9d23-62f666473b21/1/fQGl2Q3DqDbOtjge_HU04Sn0Okw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/21b007-a086-4312-9d23-62f666473b21/1/fQGl2Q3DqDbOtjge_HU04Sn0Okw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQGl2Q3DqDbOtjge_HU04Sn0Okw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:23:87:b1:69:c0:e5:0d:4b:f8:3e:66:e1:bc:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d01a5d90dc3a836ceb6381efc7534e129f43a4c
        Validity
            Not Before: Jan  2 10:32:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e05e7f7956091bd8540795be4a5ba3ec6b29bc67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:48:3b:f3:ce:ae:83:95:76:a8:ce:2a:6a:d9:
                    e7:d0:0b:cd:e6:f5:f7:38:7b:a4:d9:4d:af:12:ec:
                    91:4c:56:d5:13:57:87:26:dc:26:b9:b2:24:eb:26:
                    57:1c:1c:9c:c2:e0:74:8a:d4:39:88:82:80:09:e5:
                    b2:4a:4a:5f:1c:bb:0f:ae:83:c2:3e:6b:f5:0d:ef:
                    36:a6:b5:42:84:b3:b7:56:21:71:fb:df:ea:cd:e6:
                    79:c2:57:ae:8f:0a:e1:07:f5:ab:aa:ac:c2:6d:e4:
                    e3:c4:bf:d0:7d:9d:8d:63:c1:37:9c:83:13:c1:8c:
                    f2:4b:9f:21:27:1d:60:9e:d9:78:77:19:37:bf:19:
                    7a:64:ea:3a:5e:c7:98:2e:09:8a:83:a4:99:a9:fc:
                    ca:cc:a9:56:18:a4:f1:92:95:8c:34:83:38:24:2e:
                    8f:99:eb:b4:6d:69:91:f5:d9:4b:a8:2e:0f:b3:fc:
                    f1:d1:88:e3:21:12:d7:b8:ef:7a:63:e2:1c:c2:ae:
                    d8:72:31:ae:0e:fb:a0:0b:9e:75:0e:cc:f1:0f:ac:
                    28:0b:c1:a3:e0:81:25:16:26:a7:bc:a3:fe:7f:04:
                    03:6b:b8:7e:8c:df:43:ec:a5:d2:1f:39:a9:0e:84:
                    62:d9:c0:9a:ac:a0:eb:69:c9:7f:d6:c4:d4:09:16:
                    fa:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:5E:7F:79:56:09:1B:D8:54:07:95:BE:4A:5B:A3:EC:6B:29:BC:67
            X509v3 Authority Key Identifier:
                keyid:7D:01:A5:D9:0D:C3:A8:36:CE:B6:38:1E:FC:75:34:E1:29:F4:3A:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQGl2Q3DqDbOtjge_HU04Sn0Okw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/21b007-a086-4312-9d23-62f666473b21/1/4F5_eVYJG9hUB5W-Sluj7GspvGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/21b007-a086-4312-9d23-62f666473b21/1/fQGl2Q3DqDbOtjge_HU04Sn0Okw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:23b8::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:c0:2e:b5:82:c9:50:d6:93:f1:c1:39:75:8a:6f:86:7d:8e:
         63:6a:c4:fa:c1:23:71:73:7b:6b:8a:a3:8a:1b:c4:cd:d9:bc:
         a6:07:3f:97:9b:83:50:07:36:d4:0f:12:18:41:99:88:bf:1c:
         f4:d7:2f:fe:63:04:ba:f9:51:a2:ea:b4:f3:8b:62:40:cd:9f:
         87:f5:29:44:ac:2c:fd:18:c1:42:28:f1:ef:46:73:1e:94:46:
         23:84:dd:a3:a7:7d:64:27:ed:8a:a7:26:eb:70:f0:da:26:d6:
         5e:58:83:62:fc:c0:fa:ad:e1:cc:fc:14:a6:72:a7:c1:55:ba:
         a8:37:a0:49:73:07:ec:cf:5e:96:0b:d2:ce:ae:67:2d:55:b1:
         16:fc:3c:46:e1:87:6d:30:69:68:51:dd:68:31:ab:50:ef:12:
         b4:5e:96:48:8d:bf:14:97:cc:de:26:c8:c9:68:64:7c:a3:36:
         a8:d6:71:5c:66:3c:cd:25:32:3c:73:38:7d:b9:33:2f:f4:94:
         3d:da:a9:79:c6:ef:2f:20:6f:cf:4b:28:66:a4:ad:b8:ef:bd:
         89:94:9f:4e:65:33:36:92:03:9f:1e:88:6f:17:85:eb:ed:9a:
         bb:c9:b9:6b:de:27:da:b4:e5:75:c0:4c:12:d4:8c:52:7c:81:
         6f:50:bf:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJuyOHsWnA5Q1L+D5m4bxmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDFhNWQ5MGRjM2E4MzZjZWI2MzgxZWZjNzUzNGUxMjlm
NDNhNGMwHhcNMjQwMTAyMTAzMjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDVlN2Y3OTU2MDkxYmQ4NTQwNzk1YmU0YTViYTNlYzZiMjliYzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0g7886ug5V2qM4qatnn0AvN5vX3
OHuk2U2vEuyRTFbVE1eHJtwmubIk6yZXHBycwuB0itQ5iIKACeWySkpfHLsProPC
Pmv1De82prVChLO3ViFx+9/qzeZ5wleujwrhB/WrqqzCbeTjxL/QfZ2NY8E3nIMT
wYzyS58hJx1gntl4dxk3vxl6ZOo6XseYLgmKg6SZqfzKzKlWGKTxkpWMNIM4JC6P
meu0bWmR9dlLqC4Ps/zx0YjjIRLXuO96Y+Icwq7YcjGuDvugC551DszxD6woC8Gj
4IElFianvKP+fwQDa7h+jN9D7KXSHzmpDoRi2cCarKDracl/1sTUCRb6jwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOBef3lWCRvYVAeVvkpbo+xrKbxnMB8GA1UdIwQY
MBaAFH0BpdkNw6g2zrY4Hvx1NOEp9DpMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFHbDJRM0RxRGJPdGpnZV9IVTA0U24wT2t3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8yMWIwMDctYTA4Ni00MzEyLTlkMjMt
NjJmNjY2NDczYjIxLzEvNEY1X2VWWUpHOWhVQjVXLVNsdWo3R3NwdkdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8yMWIwMDctYTA4Ni00MzEyLTlkMjMtNjJmNjY2NDczYjIx
LzEvZlFHbDJRM0RxRGJPdGpnZV9IVTA0U24wT2t3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCO4
MA0GCSqGSIb3DQEBCwUAA4IBAQCpwC61gslQ1pPxwTl1im+GfY5jasT6wSNxc3tr
iqOKG8TN2bymBz+Xm4NQBzbUDxIYQZmIvxz01y/+YwS6+VGi6rTzi2JAzZ+H9SlE
rCz9GMFCKPHvRnMelEYjhN2jp31kJ+2KpybrcPDaJtZeWINi/MD6reHM/BSmcqfB
VbqoN6BJcwfsz16WC9LOrmctVbEW/DxG4YdtMGloUd1oMatQ7xK0XpZIjb8Ul8ze
JsjJaGR8ozao1nFcZjzNJTI8czh9uTMv9JQ92ql5xu8vIG/PSyhmpK24772JlJ9O
ZTM2kgOfHohvF4Xr7Zq7yblr3ifatOV1wEwS1IxSfIFvUL8A
-----END CERTIFICATE-----