Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/92d719-0bc2-4a1e-8b94-661bb0e9e6ec/1/rZhKELf9Q0f0TWXoIzh5fcogcis.roa
File:                     rZhKELf9Q0f0TWXoIzh5fcogcis.roa (raw, json)
Hash identifier:          PVrDJXay44NQCEyzescyWjI4esEAg+7JBXm7tVo3VuI=
Subject key identifier:   AD:98:4A:10:B7:FD:43:47:F4:4D:65:E8:23:38:79:7D:CA:20:72:2B
Certificate issuer:       /CN=4c24c308b0241c3bcc14cf6777591d27237ffaf1
Certificate serial:       0192B88C52D31E10717D3D72AA3C98DC3EA0
Authority key identifier: 4C:24:C3:08:B0:24:1C:3B:CC:14:CF:67:77:59:1D:27:23:7F:FA:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TCTDCLAkHDvMFM9nd1kdJyN_-vE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/92d719-0bc2-4a1e-8b94-661bb0e9e6ec/1/rZhKELf9Q0f0TWXoIzh5fcogcis.roa
Signing time:             Wed 23 Oct 2024 08:44:16 +0000
ROA not before:           Wed 23 Oct 2024 08:44:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        2001:67c:b74::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/92d719-0bc2-4a1e-8b94-661bb0e9e6ec/1/TCTDCLAkHDvMFM9nd1kdJyN_-vE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/92d719-0bc2-4a1e-8b94-661bb0e9e6ec/1/TCTDCLAkHDvMFM9nd1kdJyN_-vE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TCTDCLAkHDvMFM9nd1kdJyN_-vE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:8c:52:d3:1e:10:71:7d:3d:72:aa:3c:98:dc:3e:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c24c308b0241c3bcc14cf6777591d27237ffaf1
        Validity
            Not Before: Oct 23 08:44:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad984a10b7fd4347f44d65e82338797dca20722b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:24:77:9e:ee:87:b3:81:e5:87:d0:27:3b:33:
                    77:d6:55:b4:c9:03:7c:0a:80:ea:21:48:4d:a5:aa:
                    91:29:13:3d:4d:0a:b1:b4:00:36:5a:8d:1d:60:ff:
                    82:e6:0e:6c:5b:b8:80:9d:b1:bd:63:92:bf:2b:bd:
                    25:cd:18:0e:6a:d3:c1:28:e2:39:58:6d:a6:18:78:
                    45:a2:02:d7:57:a2:74:b3:1d:c2:12:84:93:1b:78:
                    e8:4f:c3:f4:2d:0b:65:b1:97:17:b5:42:2b:cd:9b:
                    ec:87:f1:73:cc:8f:36:a8:38:16:a2:f7:63:61:20:
                    9e:6c:e2:56:08:c8:d1:a4:35:70:d1:36:b4:2f:2b:
                    51:b1:44:3d:06:c9:40:70:a8:b2:be:a4:e8:90:f6:
                    80:0e:cc:c2:5c:ac:be:b6:5d:2a:7f:76:4b:eb:12:
                    bc:7b:73:4c:b8:a6:ec:a5:32:14:af:1f:45:5c:e3:
                    4d:9d:47:fe:40:fc:c2:68:db:88:4e:19:d9:61:17:
                    1c:e1:80:9e:97:2b:c3:74:e6:3c:ff:15:fc:db:b7:
                    c5:55:83:f6:57:b5:51:d2:5d:f3:39:a5:8d:0e:ca:
                    b5:c3:cb:b5:20:29:09:48:f9:82:70:78:2b:1a:80:
                    d2:14:53:a7:dd:2c:c7:49:96:a3:cc:dd:48:cf:5c:
                    ba:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:98:4A:10:B7:FD:43:47:F4:4D:65:E8:23:38:79:7D:CA:20:72:2B
            X509v3 Authority Key Identifier:
                keyid:4C:24:C3:08:B0:24:1C:3B:CC:14:CF:67:77:59:1D:27:23:7F:FA:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TCTDCLAkHDvMFM9nd1kdJyN_-vE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/92d719-0bc2-4a1e-8b94-661bb0e9e6ec/1/rZhKELf9Q0f0TWXoIzh5fcogcis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/92d719-0bc2-4a1e-8b94-661bb0e9e6ec/1/TCTDCLAkHDvMFM9nd1kdJyN_-vE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b74::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:1b:e0:88:6f:67:e6:23:bb:40:ba:8a:fb:ea:f4:cd:06:47:
         eb:15:c3:8a:30:60:c4:f3:24:de:0f:d3:d9:90:dd:38:07:89:
         04:1a:34:07:42:af:2d:2e:4b:5e:a6:1a:87:11:68:32:e5:76:
         8f:0a:03:cf:2c:65:82:f8:79:4b:ba:7b:d3:fe:72:77:25:d4:
         9c:a4:74:db:d1:25:e2:3d:29:21:75:1d:b3:19:43:ee:0a:5a:
         c3:6a:0a:9b:76:38:ba:21:8a:64:77:2e:37:8a:29:79:02:ec:
         2f:34:9f:5c:79:a0:94:11:85:77:57:a5:7c:14:94:98:40:65:
         02:7e:77:20:05:67:9f:73:b4:1e:a2:41:c5:d8:64:2f:72:1f:
         2b:57:f8:38:95:fa:9a:a1:12:ee:a3:6c:a0:29:3d:93:59:9a:
         8f:c9:3a:28:70:c0:1e:57:c8:d7:bf:b7:1c:fa:52:f8:ce:46:
         ab:85:fb:59:3a:2c:3d:e4:d5:24:d8:f5:47:bd:56:4d:c1:ab:
         9e:a8:4f:35:e3:58:b1:90:16:3e:e4:1d:30:97:d8:40:3f:1c:
         df:25:d3:3c:78:3f:bb:9a:02:29:2a:8e:60:43:2e:72:08:ba:
         c1:ac:79:65:1c:6e:e5:77:b0:8a:d2:ca:94:d2:a5:8e:df:87:
         4c:cd:bb:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZK4jFLTHhBxfT1yqjyY3D6gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMjRjMzA4YjAyNDFjM2JjYzE0Y2Y2Nzc3NTkxZDI3MjM3
ZmZhZjEwHhcNMjQxMDIzMDg0NDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDk4NGExMGI3ZmQ0MzQ3ZjQ0ZDY1ZTgyMzM4Nzk3ZGNhMjA3MjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyR3nu6Hs4Hlh9AnOzN31lW0yQN8
CoDqIUhNpaqRKRM9TQqxtAA2Wo0dYP+C5g5sW7iAnbG9Y5K/K70lzRgOatPBKOI5
WG2mGHhFogLXV6J0sx3CEoSTG3joT8P0LQtlsZcXtUIrzZvsh/FzzI82qDgWovdj
YSCebOJWCMjRpDVw0Ta0LytRsUQ9BslAcKiyvqTokPaADszCXKy+tl0qf3ZL6xK8
e3NMuKbspTIUrx9FXONNnUf+QPzCaNuIThnZYRcc4YCelyvDdOY8/xX827fFVYP2
V7VR0l3zOaWNDsq1w8u1ICkJSPmCcHgrGoDSFFOn3SzHSZajzN1Iz1y67wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK2YShC3/UNH9E1l6CM4eX3KIHIrMB8GA1UdIwQY
MBaAFEwkwwiwJBw7zBTPZ3dZHScjf/rxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVENURENMQWtIRHZNRk05bmQxa2RKeU5fLXZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85MmQ3MTktMGJjMi00YTFlLThiOTQt
NjYxYmIwZTllNmVjLzEvclpoS0VMZjlRMGYwVFdYb0l6aDVmY29nY2lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85MmQ3MTktMGJjMi00YTFlLThiOTQtNjYxYmIwZTllNmVj
LzEvVENURENMQWtIRHZNRk05bmQxa2RKeU5fLXZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAt0
MA0GCSqGSIb3DQEBCwUAA4IBAQBLG+CIb2fmI7tAuor76vTNBkfrFcOKMGDE8yTe
D9PZkN04B4kEGjQHQq8tLktephqHEWgy5XaPCgPPLGWC+HlLunvT/nJ3JdScpHTb
0SXiPSkhdR2zGUPuClrDagqbdji6IYpkdy43iil5AuwvNJ9ceaCUEYV3V6V8FJSY
QGUCfncgBWefc7QeokHF2GQvch8rV/g4lfqaoRLuo2ygKT2TWZqPyToocMAeV8jX
v7cc+lL4zkarhftZOiw95NUk2PVHvVZNwaueqE8141ixkBY+5B0wl9hAPxzfJdM8
eD+7mgIpKo5gQy5yCLrBrHllHG7ld7CK0sqU0qWO34dMzbsA
-----END CERTIFICATE-----