Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/29373e-c309-4c32-a606-d692c3729c48/1/lMGdYgzwgaT_E7URumGsKGYpRm8.roa
File:                     lMGdYgzwgaT_E7URumGsKGYpRm8.roa (raw, json)
Hash identifier:          kL2rl4lRguL/8Xce/Og8ZuX7b8NIeWwAkD9AdWaLC6M=
Subject key identifier:   94:C1:9D:62:0C:F0:81:A4:FF:13:B5:11:BA:61:AC:28:66:29:46:6F
Certificate issuer:       /CN=02da4cd044c6e9873ac8fd9cfd30f1ecb3d80bca
Certificate serial:       018CC79401B8AF49FFE891A3B1AF70DDD05C
Authority key identifier: 02:DA:4C:D0:44:C6:E9:87:3A:C8:FD:9C:FD:30:F1:EC:B3:D8:0B:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AtpM0ETG6Yc6yP2c_TDx7LPYC8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/29373e-c309-4c32-a606-d692c3729c48/1/lMGdYgzwgaT_E7URumGsKGYpRm8.roa
Signing time:             Tue 02 Jan 2024 00:30:14 +0000
ROA not before:           Tue 02 Jan 2024 00:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59891
IP address blocks:        2001:67c:17a4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/29373e-c309-4c32-a606-d692c3729c48/1/AtpM0ETG6Yc6yP2c_TDx7LPYC8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/29373e-c309-4c32-a606-d692c3729c48/1/AtpM0ETG6Yc6yP2c_TDx7LPYC8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AtpM0ETG6Yc6yP2c_TDx7LPYC8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 18:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:01:b8:af:49:ff:e8:91:a3:b1:af:70:dd:d0:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02da4cd044c6e9873ac8fd9cfd30f1ecb3d80bca
        Validity
            Not Before: Jan  2 00:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94c19d620cf081a4ff13b511ba61ac286629466f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:9c:af:5d:d4:2b:0b:70:0f:2b:9c:d6:cc:00:
                    0b:ea:0a:b4:18:8a:d5:e3:11:ef:a8:6a:bf:f5:83:
                    53:fc:17:54:0b:2c:98:80:5a:87:45:16:bc:ed:aa:
                    9d:8a:fb:32:d6:99:a9:2f:d7:15:52:64:92:09:db:
                    8b:65:b3:6c:c7:09:fb:8b:07:d3:71:da:c8:04:2d:
                    8e:b3:ab:22:79:9d:12:67:ae:f0:af:da:a6:d4:dd:
                    48:7d:f3:5f:21:3d:4c:ae:16:12:e6:bf:56:0e:e5:
                    cd:46:d6:c5:25:ed:28:dc:b2:74:07:dc:1a:f3:59:
                    4d:c0:fe:83:ab:59:45:79:27:fa:a4:b2:6a:ec:06:
                    a0:4a:9c:5d:ab:b2:24:bf:2f:cc:34:5d:36:ef:c6:
                    e6:20:39:b8:9f:f1:6b:87:64:6c:17:3d:a8:9d:28:
                    16:22:75:a5:25:16:de:63:23:c8:4b:34:fd:d0:92:
                    58:31:19:3a:1c:f0:00:ad:b8:e1:78:ac:d7:8c:a7:
                    7b:c5:d8:dc:c5:e5:f6:af:80:36:06:8a:a5:f9:0a:
                    75:06:2f:18:90:7b:26:a5:1e:6c:63:c8:b3:fa:f3:
                    7d:65:b1:18:a0:99:66:33:e3:ef:a4:4e:fa:7b:8c:
                    a9:bc:b2:c8:62:ea:6a:ad:26:2c:be:bc:bc:89:a7:
                    87:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:C1:9D:62:0C:F0:81:A4:FF:13:B5:11:BA:61:AC:28:66:29:46:6F
            X509v3 Authority Key Identifier:
                keyid:02:DA:4C:D0:44:C6:E9:87:3A:C8:FD:9C:FD:30:F1:EC:B3:D8:0B:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AtpM0ETG6Yc6yP2c_TDx7LPYC8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/29373e-c309-4c32-a606-d692c3729c48/1/lMGdYgzwgaT_E7URumGsKGYpRm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/29373e-c309-4c32-a606-d692c3729c48/1/AtpM0ETG6Yc6yP2c_TDx7LPYC8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:17a4::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:f3:c9:ce:39:ac:ea:3e:88:20:e0:bb:da:3b:a2:78:13:2f:
         06:fd:cc:d7:c8:8b:58:9d:ba:94:19:b8:5a:e8:b7:3b:b7:26:
         f9:1a:d8:34:c8:97:b8:fd:68:0f:9e:b8:9d:9a:a6:04:e5:94:
         97:82:98:e4:a0:64:b9:d7:de:ec:d8:c7:31:d9:e1:bf:7c:9c:
         03:bb:ac:76:71:8f:b0:08:f4:78:10:4a:83:8d:af:2c:2f:de:
         a1:54:1f:da:e5:54:66:82:7e:eb:53:0d:80:33:a8:99:1a:60:
         fe:03:c4:3b:75:c5:af:1c:e6:ee:ba:b3:3d:3f:39:a7:3b:5e:
         eb:0d:e0:75:0e:c0:c8:70:90:78:0d:6c:89:a9:ab:b4:47:6d:
         0c:56:b4:63:29:4d:db:e7:aa:84:73:9d:c6:74:fb:84:cb:b4:
         36:45:30:54:4d:28:8c:f0:d5:ad:e2:05:49:c4:ee:d6:3b:af:
         ac:a4:0f:22:4a:3b:bc:81:48:3c:8a:11:53:07:5a:2a:2c:8c:
         b8:5c:2d:e5:3c:5c:f2:f8:20:62:5c:ff:2c:0f:5a:f7:2a:ee:
         c1:90:8e:d8:83:0d:60:5a:06:5f:96:ba:f9:08:b4:39:d0:f7:
         73:a4:c2:8b:ea:d1:9d:dc:d2:aa:36:04:5c:6f:1f:90:fe:7a:
         a4:dc:33:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlAG4r0n/6JGjsa9w3dBcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyZGE0Y2QwNDRjNmU5ODczYWM4ZmQ5Y2ZkMzBmMWVjYjNk
ODBiY2EwHhcNMjQwMTAyMDAzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGMxOWQ2MjBjZjA4MWE0ZmYxM2I1MTFiYTYxYWMyODY2Mjk0NjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZyvXdQrC3APK5zWzAAL6gq0GIrV
4xHvqGq/9YNT/BdUCyyYgFqHRRa87aqdivsy1pmpL9cVUmSSCduLZbNsxwn7iwfT
cdrIBC2Os6sieZ0SZ67wr9qm1N1IffNfIT1MrhYS5r9WDuXNRtbFJe0o3LJ0B9wa
81lNwP6Dq1lFeSf6pLJq7AagSpxdq7Ikvy/MNF0278bmIDm4n/Frh2RsFz2onSgW
InWlJRbeYyPISzT90JJYMRk6HPAArbjheKzXjKd7xdjcxeX2r4A2Boql+Qp1Bi8Y
kHsmpR5sY8iz+vN9ZbEYoJlmM+PvpE76e4ypvLLIYupqrSYsvry8iaeHPwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJTBnWIM8IGk/xO1EbphrChmKUZvMB8GA1UdIwQY
MBaAFALaTNBExumHOsj9nP0w8eyz2AvKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXRwTTBFVEc2WWM2eVAyY19URHg3TFBZQzhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi8yOTM3M2UtYzMwOS00YzMyLWE2MDYt
ZDY5MmMzNzI5YzQ4LzEvbE1HZFlnendnYVRfRTdVUnVtR3NLR1lwUm04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi8yOTM3M2UtYzMwOS00YzMyLWE2MDYtZDY5MmMzNzI5YzQ4
LzEvQXRwTTBFVEc2WWM2eVAyY19URHg3TFBZQzhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBek
MA0GCSqGSIb3DQEBCwUAA4IBAQCF88nOOazqPogg4LvaO6J4Ey8G/czXyItYnbqU
Gbha6Lc7tyb5Gtg0yJe4/WgPnridmqYE5ZSXgpjkoGS5197s2Mcx2eG/fJwDu6x2
cY+wCPR4EEqDja8sL96hVB/a5VRmgn7rUw2AM6iZGmD+A8Q7dcWvHObuurM9Pzmn
O17rDeB1DsDIcJB4DWyJqau0R20MVrRjKU3b56qEc53GdPuEy7Q2RTBUTSiM8NWt
4gVJxO7WO6+spA8iSju8gUg8ihFTB1oqLIy4XC3lPFzy+CBiXP8sD1r3Ku7BkI7Y
gw1gWgZflrr5CLQ50PdzpMKL6tGd3NKqNgRcbx+Q/nqk3DMc
-----END CERTIFICATE-----