Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/lQ5hB-7hNZThCFW0LDq5_X81XZE.roa
File:                     lQ5hB-7hNZThCFW0LDq5_X81XZE.roa (raw, json)
Hash identifier:          E7Vkixyc8a8YcC0CSEO6SZeM4pY9tCx8oyT0n+/+RTA=
Subject key identifier:   95:0E:61:07:EE:E1:35:94:E1:08:55:B4:2C:3A:B9:FD:7F:35:5D:91
Certificate issuer:       /CN=0e69a67d4b215a3f31fc462f0ea534ef83f8ef57
Certificate serial:       018CC7274F6B4F9397528D4052BB9D327253
Authority key identifier: 0E:69:A6:7D:4B:21:5A:3F:31:FC:46:2F:0E:A5:34:EF:83:F8:EF:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DmmmfUshWj8x_EYvDqU074P471c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/lQ5hB-7hNZThCFW0LDq5_X81XZE.roa
Signing time:             Mon 01 Jan 2024 22:31:31 +0000
ROA not before:           Mon 01 Jan 2024 22:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        2001:67c:2064::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/DmmmfUshWj8x_EYvDqU074P471c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/DmmmfUshWj8x_EYvDqU074P471c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DmmmfUshWj8x_EYvDqU074P471c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4f:6b:4f:93:97:52:8d:40:52:bb:9d:32:72:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e69a67d4b215a3f31fc462f0ea534ef83f8ef57
        Validity
            Not Before: Jan  1 22:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=950e6107eee13594e10855b42c3ab9fd7f355d91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:05:36:c2:1d:4a:02:7c:3e:0b:c3:d8:d9:f0:
                    25:43:ff:94:31:9e:3e:4c:00:a3:c0:92:4f:ec:aa:
                    77:04:d0:69:2b:d3:86:d8:30:87:b8:5a:ec:ec:e9:
                    d8:33:7b:08:84:34:4d:90:3f:c1:63:20:46:af:2d:
                    ee:db:26:82:72:f7:55:14:8d:d2:e7:d8:49:04:49:
                    71:eb:10:c2:8e:c7:8c:c7:65:98:61:70:11:af:3f:
                    92:85:09:58:22:33:45:aa:39:c9:b8:96:95:3f:a8:
                    db:f8:94:ad:53:ca:be:de:93:a3:c5:55:9a:99:19:
                    53:ba:92:ef:87:35:23:be:8a:2a:d5:e1:d2:b4:d4:
                    dd:cc:17:ac:b5:d4:ef:2b:36:c4:46:5f:d5:bd:e1:
                    3c:12:1c:4d:7e:06:fc:29:f2:c6:ed:6f:60:15:fd:
                    21:c2:93:b2:b5:3e:9a:ed:32:aa:0a:06:e3:f9:cb:
                    c4:92:bb:9d:d6:5f:d3:93:09:62:74:4a:cc:a3:f9:
                    53:d6:3c:d2:a2:db:f5:8f:e4:11:e0:5d:4d:8f:35:
                    4f:21:61:70:ca:07:4d:a2:79:92:e2:e8:a0:27:00:
                    0e:b5:a2:75:b0:b0:39:47:6d:52:4d:39:59:22:2e:
                    12:2f:6f:cb:07:ce:06:65:a2:4c:64:e3:9c:d1:6d:
                    e7:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:0E:61:07:EE:E1:35:94:E1:08:55:B4:2C:3A:B9:FD:7F:35:5D:91
            X509v3 Authority Key Identifier:
                keyid:0E:69:A6:7D:4B:21:5A:3F:31:FC:46:2F:0E:A5:34:EF:83:F8:EF:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DmmmfUshWj8x_EYvDqU074P471c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/lQ5hB-7hNZThCFW0LDq5_X81XZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/DmmmfUshWj8x_EYvDqU074P471c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2064::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:71:36:9f:c2:ba:a8:4a:89:68:1f:2e:41:b1:8b:eb:c4:bd:
         e4:d0:f2:92:02:8d:f6:93:c7:c9:49:1f:68:50:a9:d8:77:48:
         04:c2:e6:9f:85:04:19:24:6c:a4:29:fa:4d:ce:69:08:0f:6e:
         6c:a2:7d:fc:09:46:74:a6:c3:3b:3a:e3:79:d2:74:3d:19:a8:
         f8:27:20:14:65:15:19:a5:5b:52:67:34:51:b4:42:ac:98:e5:
         46:5e:a2:04:fc:25:97:eb:63:5f:50:39:95:10:c3:60:61:40:
         58:ef:9a:fa:e4:93:05:e6:c5:e7:9f:0d:07:4e:cf:2e:dc:77:
         92:c1:fb:26:58:a7:1b:76:35:e4:fc:58:77:76:81:35:81:11:
         6f:11:b2:33:75:db:c5:c9:ca:fa:40:d4:cd:0e:fe:a2:f1:38:
         6b:1b:9e:53:dc:5b:5e:67:a8:b2:1e:7b:ef:61:0d:52:a4:3a:
         c7:dc:bf:c5:34:f4:52:02:4c:1e:fa:c1:77:a9:78:c3:82:ad:
         98:e6:8f:a3:8a:3a:ef:5e:f8:7b:44:3f:2b:e1:e5:00:97:87:
         20:ab:84:87:be:09:46:8d:38:07:db:af:18:f1:0b:75:7b:fd:
         b5:b4:24:5f:11:7f:17:87:27:ea:b2:59:fe:2c:a7:99:88:f4:
         13:93:f0:d4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJ09rT5OXUo1AUrudMnJTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNjlhNjdkNGIyMTVhM2YzMWZjNDYyZjBlYTUzNGVmODNm
OGVmNTcwHhcNMjQwMTAxMjIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTBlNjEwN2VlZTEzNTk0ZTEwODU1YjQyYzNhYjlmZDdmMzU1ZDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwU2wh1KAnw+C8PY2fAlQ/+UMZ4+
TACjwJJP7Kp3BNBpK9OG2DCHuFrs7OnYM3sIhDRNkD/BYyBGry3u2yaCcvdVFI3S
59hJBElx6xDCjseMx2WYYXARrz+ShQlYIjNFqjnJuJaVP6jb+JStU8q+3pOjxVWa
mRlTupLvhzUjvooq1eHStNTdzBestdTvKzbERl/VveE8EhxNfgb8KfLG7W9gFf0h
wpOytT6a7TKqCgbj+cvEkrud1l/TkwlidErMo/lT1jzSotv1j+QR4F1NjzVPIWFw
ygdNonmS4uigJwAOtaJ1sLA5R21STTlZIi4SL2/LB84GZaJMZOOc0W3nKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJUOYQfu4TWU4QhVtCw6uf1/NV2RMB8GA1UdIwQY
MBaAFA5ppn1LIVo/MfxGLw6lNO+D+O9XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG1tbWZVc2hXajh4X0VZdkRxVTA3NFA0NzFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy81MGJkZDQtZTJhOS00NmM5LTgzNmUt
NjhjMWI3ZGZiMTkwLzEvbFE1aEItN2hOWlRoQ0ZXMExEcTVfWDgxWFpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy81MGJkZDQtZTJhOS00NmM5LTgzNmUtNjhjMWI3ZGZiMTkw
LzEvRG1tbWZVc2hXajh4X0VZdkRxVTA3NFA0NzFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCBk
MA0GCSqGSIb3DQEBCwUAA4IBAQBDcTafwrqoSoloHy5BsYvrxL3k0PKSAo32k8fJ
SR9oUKnYd0gEwuafhQQZJGykKfpNzmkID25son38CUZ0psM7OuN50nQ9Gaj4JyAU
ZRUZpVtSZzRRtEKsmOVGXqIE/CWX62NfUDmVEMNgYUBY75r65JMF5sXnnw0HTs8u
3HeSwfsmWKcbdjXk/Fh3doE1gRFvEbIzddvFycr6QNTNDv6i8ThrG55T3FteZ6iy
HnvvYQ1SpDrH3L/FNPRSAkwe+sF3qXjDgq2Y5o+jijrvXvh7RD8r4eUAl4cgq4SH
vglGjTgH268Y8Qt1e/21tCRfEX8Xhyfqsln+LKeZiPQTk/DU
-----END CERTIFICATE-----