Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/rN-4kZsEay-BY1CV_lvBg0rzTOY.roa
File:                     rN-4kZsEay-BY1CV_lvBg0rzTOY.roa (raw, json)
Hash identifier:          esRPsBnyjdEDFMkCs4qhh1/e6urQcCzMwiCqa6qSnws=
Subject key identifier:   AC:DF:B8:91:9B:04:6B:2F:81:63:50:95:FE:5B:C1:83:4A:F3:4C:E6
Certificate issuer:       /CN=0e69a67d4b215a3f31fc462f0ea534ef83f8ef57
Certificate serial:       018CC7274F311245B2F4C658EF8075207B18
Authority key identifier: 0E:69:A6:7D:4B:21:5A:3F:31:FC:46:2F:0E:A5:34:EF:83:F8:EF:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DmmmfUshWj8x_EYvDqU074P471c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/rN-4kZsEay-BY1CV_lvBg0rzTOY.roa
Signing time:             Mon 01 Jan 2024 22:31:31 +0000
ROA not before:           Mon 01 Jan 2024 22:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8893
IP address blocks:        2001:67c:2064::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/DmmmfUshWj8x_EYvDqU074P471c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/DmmmfUshWj8x_EYvDqU074P471c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DmmmfUshWj8x_EYvDqU074P471c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4f:31:12:45:b2:f4:c6:58:ef:80:75:20:7b:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e69a67d4b215a3f31fc462f0ea534ef83f8ef57
        Validity
            Not Before: Jan  1 22:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acdfb8919b046b2f81635095fe5bc1834af34ce6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e5:42:fb:60:c9:e3:a2:7f:26:c8:5d:7d:e4:
                    8d:db:40:d6:57:83:ed:1c:58:d4:4d:b6:33:3a:15:
                    45:ec:ca:8c:c7:a5:d3:af:ed:6f:c8:b7:0a:00:2c:
                    fa:d7:cb:1c:35:a4:92:c6:48:27:b7:85:e8:01:d7:
                    66:15:aa:97:36:04:e8:ce:12:80:ba:45:f0:69:16:
                    e7:30:67:73:ab:81:23:e1:2f:40:4d:93:3a:85:49:
                    73:f6:87:0a:cd:39:23:76:61:89:ba:40:76:fe:66:
                    fe:c2:ad:7a:3c:fc:60:ce:61:56:54:fc:3f:1a:94:
                    ab:78:5e:30:ee:b0:a2:69:5a:6d:e5:76:9b:f0:bb:
                    66:bc:90:30:c2:64:c9:10:d2:56:01:86:18:7f:d7:
                    3a:41:57:c8:d4:e6:34:bf:3d:50:8c:80:16:f7:60:
                    20:a4:93:3e:86:d3:45:6b:4a:5c:c2:f4:5a:ad:00:
                    05:58:27:b1:54:66:36:a6:0a:c0:76:3d:18:88:ef:
                    09:66:be:ac:6b:b9:4c:3e:fc:ab:fd:1c:69:b9:c1:
                    89:6f:24:83:b3:28:17:2b:cc:20:79:70:93:8e:d0:
                    7c:2f:d7:88:a8:74:58:73:a1:7b:59:2b:ef:fb:3c:
                    e3:a3:b9:bb:8b:be:7c:f1:bc:51:ca:c0:1f:6b:55:
                    5e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:DF:B8:91:9B:04:6B:2F:81:63:50:95:FE:5B:C1:83:4A:F3:4C:E6
            X509v3 Authority Key Identifier:
                keyid:0E:69:A6:7D:4B:21:5A:3F:31:FC:46:2F:0E:A5:34:EF:83:F8:EF:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DmmmfUshWj8x_EYvDqU074P471c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/rN-4kZsEay-BY1CV_lvBg0rzTOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/50bdd4-e2a9-46c9-836e-68c1b7dfb190/1/DmmmfUshWj8x_EYvDqU074P471c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2064::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:63:c6:43:83:0b:34:52:84:1a:36:c1:62:d5:44:4d:4b:1e:
         f4:4d:2c:8b:f3:da:e3:74:d1:05:e6:3c:ba:53:e3:ff:96:7b:
         c0:42:14:d5:4b:d7:e4:52:7a:8a:d0:9d:c1:21:6b:85:bd:a0:
         9f:25:5c:78:2b:44:1c:c7:ea:8d:f8:69:b6:e4:a0:77:d6:1b:
         54:99:53:be:17:3f:f1:6f:8b:7f:a4:80:d9:5f:9e:5a:e8:2e:
         20:8f:6e:ed:b5:31:1d:1c:dd:8c:cb:2d:9d:e5:39:1a:75:52:
         ae:df:22:1e:25:e3:4b:95:36:f5:65:6f:57:ce:ae:23:29:ac:
         f4:96:42:cb:e0:e9:44:6b:fd:34:d6:d0:19:05:39:97:ec:d4:
         59:18:db:b6:d6:e9:d2:14:dc:1d:26:ad:02:ae:e4:58:7f:5f:
         5c:e7:fd:d2:9c:97:1c:14:64:9b:ea:c7:1c:89:ab:2f:5a:ac:
         f8:7c:53:36:ef:9f:e0:ad:d2:bf:99:82:7a:cd:cf:0c:04:7e:
         64:9e:82:9c:dd:ff:dc:d4:a4:fd:6f:cf:6c:87:25:65:d5:59:
         1d:02:20:62:fd:a6:1c:ee:46:ef:2e:5f:ca:5d:0b:49:40:6b:
         d9:7b:11:f1:b6:ce:0e:4d:a2:36:1a:1c:c5:af:45:68:05:e6:
         45:77:67:c0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJ08xEkWy9MZY74B1IHsYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNjlhNjdkNGIyMTVhM2YzMWZjNDYyZjBlYTUzNGVmODNm
OGVmNTcwHhcNMjQwMTAxMjIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2RmYjg5MTliMDQ2YjJmODE2MzUwOTVmZTViYzE4MzRhZjM0Y2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOVC+2DJ46J/JshdfeSN20DWV4Pt
HFjUTbYzOhVF7MqMx6XTr+1vyLcKACz618scNaSSxkgnt4XoAddmFaqXNgTozhKA
ukXwaRbnMGdzq4Ej4S9ATZM6hUlz9ocKzTkjdmGJukB2/mb+wq16PPxgzmFWVPw/
GpSreF4w7rCiaVpt5Xab8LtmvJAwwmTJENJWAYYYf9c6QVfI1OY0vz1QjIAW92Ag
pJM+htNFa0pcwvRarQAFWCexVGY2pgrAdj0YiO8JZr6sa7lMPvyr/RxpucGJbySD
sygXK8wgeXCTjtB8L9eIqHRYc6F7WSvv+zzjo7m7i7588bxRysAfa1VeAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKzfuJGbBGsvgWNQlf5bwYNK80zmMB8GA1UdIwQY
MBaAFA5ppn1LIVo/MfxGLw6lNO+D+O9XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG1tbWZVc2hXajh4X0VZdkRxVTA3NFA0NzFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy81MGJkZDQtZTJhOS00NmM5LTgzNmUt
NjhjMWI3ZGZiMTkwLzEvck4tNGtac0VheS1CWTFDVl9sdkJnMHJ6VE9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy81MGJkZDQtZTJhOS00NmM5LTgzNmUtNjhjMWI3ZGZiMTkw
LzEvRG1tbWZVc2hXajh4X0VZdkRxVTA3NFA0NzFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCBk
MA0GCSqGSIb3DQEBCwUAA4IBAQCTY8ZDgws0UoQaNsFi1URNSx70TSyL89rjdNEF
5jy6U+P/lnvAQhTVS9fkUnqK0J3BIWuFvaCfJVx4K0Qcx+qN+Gm25KB31htUmVO+
Fz/xb4t/pIDZX55a6C4gj27ttTEdHN2Myy2d5TkadVKu3yIeJeNLlTb1ZW9Xzq4j
Kaz0lkLL4OlEa/001tAZBTmX7NRZGNu21unSFNwdJq0CruRYf19c5/3SnJccFGSb
6scciasvWqz4fFM275/grdK/mYJ6zc8MBH5knoKc3f/c1KT9b89shyVl1VkdAiBi
/aYc7kbvLl/KXQtJQGvZexHxts4OTaI2GhzFr0VoBeZFd2fA
-----END CERTIFICATE-----