Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/715b05-39d8-4261-9bbb-c4856d48846b/1/KlXy5jI-psGBZ-BWdw--opxhKjI.roa
File:                     KlXy5jI-psGBZ-BWdw--opxhKjI.roa (raw, json)
Hash identifier:          sVYancsPgklA71dMUjkyNB6m/y5SBPXZajVM+eRKKLY=
Subject key identifier:   2A:55:F2:E6:32:3E:A6:C1:81:67:E0:56:77:0F:BE:A2:9C:61:2A:32
Certificate issuer:       /CN=022d580f4a069358f8fa57ef065e18f5fe936980
Certificate serial:       018CC795493C543E29672C76F5B08E484350
Authority key identifier: 02:2D:58:0F:4A:06:93:58:F8:FA:57:EF:06:5E:18:F5:FE:93:69:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ai1YD0oGk1j4-lfvBl4Y9f6TaYA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/715b05-39d8-4261-9bbb-c4856d48846b/1/KlXy5jI-psGBZ-BWdw--opxhKjI.roa
Signing time:             Tue 02 Jan 2024 00:31:38 +0000
ROA not before:           Tue 02 Jan 2024 00:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200372
IP address blocks:        2001:67c:b40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/715b05-39d8-4261-9bbb-c4856d48846b/1/Ai1YD0oGk1j4-lfvBl4Y9f6TaYA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/715b05-39d8-4261-9bbb-c4856d48846b/1/Ai1YD0oGk1j4-lfvBl4Y9f6TaYA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ai1YD0oGk1j4-lfvBl4Y9f6TaYA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:49:3c:54:3e:29:67:2c:76:f5:b0:8e:48:43:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=022d580f4a069358f8fa57ef065e18f5fe936980
        Validity
            Not Before: Jan  2 00:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a55f2e6323ea6c18167e056770fbea29c612a32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4b:9a:da:a5:98:00:fd:b6:61:b2:10:fa:9d:
                    54:6b:4f:3a:4e:60:fa:28:df:f6:ba:d3:7b:21:79:
                    d5:89:2f:73:e3:17:d2:06:6d:b2:d5:9e:87:bf:a0:
                    92:0f:72:52:dc:78:1a:86:fd:94:49:79:56:2e:92:
                    dc:ad:24:71:00:eb:55:9b:2c:77:78:8b:2b:a2:b1:
                    aa:b5:b0:f6:fc:1f:0b:2b:54:15:fa:22:dd:43:cb:
                    b6:dc:70:a0:16:52:22:81:de:0f:bb:21:6d:16:be:
                    1e:79:ce:15:86:6c:f4:a9:3d:ec:49:1e:5e:a2:56:
                    7f:68:07:58:19:d0:b4:f4:e1:0c:51:7d:d7:c4:bb:
                    43:14:64:63:ca:99:7b:ea:be:ab:eb:d5:54:5d:a9:
                    5b:ae:73:3e:57:ef:39:47:81:d0:df:75:4f:2f:90:
                    54:d2:bc:33:26:7a:db:24:e9:6a:09:f2:48:5c:35:
                    90:4e:e4:a4:4c:d4:4f:c4:83:8a:84:e4:4f:71:c6:
                    91:bc:e8:56:0c:08:fa:57:35:52:d5:29:4a:11:09:
                    cd:ba:3b:ca:1d:fd:f2:67:cc:b9:66:b6:98:0c:fb:
                    c0:b9:d5:72:8a:3c:20:19:8c:c8:50:a7:87:ab:24:
                    87:83:2f:d7:21:ac:da:2c:5f:70:7c:62:73:dc:88:
                    94:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:55:F2:E6:32:3E:A6:C1:81:67:E0:56:77:0F:BE:A2:9C:61:2A:32
            X509v3 Authority Key Identifier:
                keyid:02:2D:58:0F:4A:06:93:58:F8:FA:57:EF:06:5E:18:F5:FE:93:69:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ai1YD0oGk1j4-lfvBl4Y9f6TaYA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/715b05-39d8-4261-9bbb-c4856d48846b/1/KlXy5jI-psGBZ-BWdw--opxhKjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/715b05-39d8-4261-9bbb-c4856d48846b/1/Ai1YD0oGk1j4-lfvBl4Y9f6TaYA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b40::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:5b:41:89:7c:9f:a8:ac:98:f8:03:a7:b5:c8:ad:2c:49:6d:
         c0:ce:df:f4:4b:6a:f5:10:43:20:0a:46:0c:9b:e0:a9:3b:c1:
         f2:f0:f2:73:57:64:00:db:4f:c4:4a:cf:a5:d6:7d:08:a1:9e:
         a1:7f:6b:c7:43:cc:c6:78:d9:d9:06:a8:c6:d7:b6:f7:3f:a9:
         ec:e8:e8:d6:53:f7:d8:72:9e:b9:26:87:d8:9c:8a:1a:62:d2:
         37:6f:4a:25:37:12:cd:ae:8c:d4:80:5b:cf:bf:d1:81:9e:72:
         b9:08:26:83:32:53:13:02:54:f8:78:05:7d:11:56:3f:57:82:
         fd:9a:c4:9f:3a:b9:df:a3:79:82:6f:14:10:09:41:76:1b:fa:
         cd:9c:63:70:64:e9:5c:fc:38:af:ee:30:39:10:ac:84:dd:3b:
         83:e1:fc:2a:27:4f:46:21:c7:4c:3f:d1:8e:94:5e:da:c2:6f:
         ae:14:00:4b:8d:04:0d:a8:9d:80:1f:d3:6d:c9:aa:5c:99:a7:
         28:53:da:ae:4f:83:da:e8:5c:4a:43:e9:60:20:ae:6d:52:db:
         62:5b:88:fd:d5:9e:4f:73:70:1d:db:2c:3c:30:75:45:3a:c2:
         dd:79:ff:6f:a8:40:bc:c5:c3:7e:cb:0b:7f:7d:4d:df:11:60:
         4c:4e:91:25
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlUk8VD4pZyx29bCOSENQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyMmQ1ODBmNGEwNjkzNThmOGZhNTdlZjA2NWUxOGY1ZmU5
MzY5ODAwHhcNMjQwMTAyMDAzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTU1ZjJlNjMyM2VhNmMxODE2N2UwNTY3NzBmYmVhMjljNjEyYTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0ua2qWYAP22YbIQ+p1Ua086TmD6
KN/2utN7IXnViS9z4xfSBm2y1Z6Hv6CSD3JS3Hgahv2USXlWLpLcrSRxAOtVmyx3
eIsrorGqtbD2/B8LK1QV+iLdQ8u23HCgFlIigd4PuyFtFr4eec4Vhmz0qT3sSR5e
olZ/aAdYGdC09OEMUX3XxLtDFGRjypl76r6r69VUXalbrnM+V+85R4HQ33VPL5BU
0rwzJnrbJOlqCfJIXDWQTuSkTNRPxIOKhORPccaRvOhWDAj6VzVS1SlKEQnNujvK
Hf3yZ8y5ZraYDPvAudVyijwgGYzIUKeHqySHgy/XIazaLF9wfGJz3IiUCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCpV8uYyPqbBgWfgVncPvqKcYSoyMB8GA1UdIwQY
MBaAFAItWA9KBpNY+PpX7wZeGPX+k2mAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWkxWUQwb0drMWo0LWxmdkJsNFk5ZjZUYVlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS83MTViMDUtMzlkOC00MjYxLTliYmIt
YzQ4NTZkNDg4NDZiLzEvS2xYeTVqSS1wc0dCWi1CV2R3LS1vcHhoS2pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS83MTViMDUtMzlkOC00MjYxLTliYmItYzQ4NTZkNDg4NDZi
LzEvQWkxWUQwb0drMWo0LWxmdkJsNFk5ZjZUYVlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAtA
MA0GCSqGSIb3DQEBCwUAA4IBAQB5W0GJfJ+orJj4A6e1yK0sSW3Azt/0S2r1EEMg
CkYMm+CpO8Hy8PJzV2QA20/ESs+l1n0IoZ6hf2vHQ8zGeNnZBqjG17b3P6ns6OjW
U/fYcp65JofYnIoaYtI3b0olNxLNrozUgFvPv9GBnnK5CCaDMlMTAlT4eAV9EVY/
V4L9msSfOrnfo3mCbxQQCUF2G/rNnGNwZOlc/Div7jA5EKyE3TuD4fwqJ09GIcdM
P9GOlF7awm+uFABLjQQNqJ2AH9NtyapcmacoU9quT4Pa6FxKQ+lgIK5tUttiW4j9
1Z5Pc3Ad2yw8MHVFOsLdef9vqEC8xcN+ywt/fU3fEWBMTpEl
-----END CERTIFICATE-----