Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/3u58LyoibH6ViLaynNTGpj3fQVo.roa
File:                     3u58LyoibH6ViLaynNTGpj3fQVo.roa (raw, json)
Hash identifier:          huzq/h5cdjCKam0i4SPoTmEl3ci2ZwPRJR6AGlwK+ow=
Subject key identifier:   DE:EE:7C:2F:2A:22:6C:7E:95:88:B6:B2:9C:D4:C6:A6:3D:DF:41:5A
Certificate issuer:       /CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Certificate serial:       018CC94CC597F53236398254895FF6F5585B
Authority key identifier: 81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/3u58LyoibH6ViLaynNTGpj3fQVo.roa
Signing time:             Tue 02 Jan 2024 08:31:40 +0000
ROA not before:           Tue 02 Jan 2024 08:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2001:67c:2500::/45 maxlen: 45
                          2001:67c:24f0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:c5:97:f5:32:36:39:82:54:89:5f:f6:f5:58:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
        Validity
            Not Before: Jan  2 08:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=deee7c2f2a226c7e9588b6b29cd4c6a63ddf415a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:cc:bb:66:2b:c2:1b:9a:50:d3:0f:b0:f1:41:
                    f2:b8:e0:53:75:40:8d:b6:0d:05:15:58:6f:6a:51:
                    81:6d:5e:35:4e:b7:2e:c5:c9:6c:12:58:d4:1d:8d:
                    ff:c8:c2:24:f8:b9:06:d7:be:e4:e6:c4:62:ca:65:
                    9e:93:77:5e:87:71:1d:40:13:28:0d:d6:9d:d6:bd:
                    a6:26:0c:6c:04:4c:d9:f8:64:9b:d3:8e:d9:c8:9e:
                    46:fa:16:f8:05:2e:46:28:81:71:ab:dd:1c:92:da:
                    81:01:1b:c8:8d:ae:42:8d:07:74:7d:19:86:31:2a:
                    49:5c:65:2c:f3:c6:09:07:17:ac:0f:fa:ed:cc:e6:
                    ce:c4:69:4a:c7:ec:69:ff:77:f7:ed:57:88:30:9a:
                    87:95:40:b3:d6:47:81:31:9c:4a:4d:61:96:d2:a0:
                    f3:ca:06:91:0c:bc:f2:50:7b:e2:a7:fe:17:9f:48:
                    d9:6e:71:d6:90:db:99:3d:7b:e8:0c:4b:49:c2:69:
                    7a:53:62:6e:eb:4a:29:57:f5:a4:b4:40:cc:ff:a1:
                    09:d4:ca:be:f3:11:7a:be:4b:06:12:10:c4:74:2c:
                    57:fb:ed:28:b8:af:8a:6b:56:b5:d1:75:2a:ae:2d:
                    63:d4:07:10:49:90:ad:4b:7e:8d:f2:23:1e:c8:39:
                    b9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:EE:7C:2F:2A:22:6C:7E:95:88:B6:B2:9C:D4:C6:A6:3D:DF:41:5A
            X509v3 Authority Key Identifier:
                keyid:81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/3u58LyoibH6ViLaynNTGpj3fQVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:24f0::/48
                  2001:67c:2500::/45

    Signature Algorithm: sha256WithRSAEncryption
         0e:8f:21:48:f5:0c:59:4b:dc:9a:05:d6:c8:99:a5:27:a5:53:
         25:59:7f:30:6f:f7:50:04:7d:2c:33:21:9d:26:e1:1c:d6:e6:
         08:cc:f9:47:41:9c:a7:82:75:8f:5c:39:a5:d3:6a:1d:92:32:
         af:cf:01:ec:15:75:52:5c:68:b2:70:06:8a:2f:02:9c:d3:b9:
         38:00:2d:fb:40:83:bb:59:c1:51:84:43:ee:7a:48:16:4f:75:
         8a:23:05:1c:9e:bb:d8:89:b5:38:58:f4:ae:37:b2:3d:70:65:
         ad:77:0e:1c:d9:6b:e1:5f:15:25:ab:af:26:4f:a4:ab:e0:3f:
         39:a4:ce:5e:02:9e:da:64:c7:c1:c9:b9:7d:78:59:3e:31:a9:
         2f:3f:86:12:68:24:36:e2:c3:69:20:38:d7:8c:34:24:fa:76:
         5e:86:91:90:e3:d7:17:66:69:e1:3c:c5:1e:4c:ea:10:de:5c:
         18:24:dc:b6:0a:5d:8b:93:60:01:b9:f0:3c:d4:08:4d:7b:5a:
         2e:c7:86:f8:27:18:41:23:24:7f:42:a1:1d:36:f7:3a:b4:22:
         f6:66:82:91:0d:58:bb:07:63:2e:23:43:4d:1d:f4:9c:e0:a5:
         1d:15:99:dd:13:67:dc:dd:11:e3:d9:7e:2d:83:d8:30:84:31:
         5a:b2:dc:cc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTMWX9TI2OYJUiV/29VhbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZWVkNDA5MTM4M2Q5ZWQ0MDU2ZDlmNGVmZjdkMjYyMmRk
Y2UyMDUwHhcNMjQwMTAyMDgzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWVlN2MyZjJhMjI2YzdlOTU4OGI2YjI5Y2Q0YzZhNjNkZGY0MTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMy7ZivCG5pQ0w+w8UHyuOBTdUCN
tg0FFVhvalGBbV41TrcuxclsEljUHY3/yMIk+LkG177k5sRiymWek3deh3EdQBMo
Ddad1r2mJgxsBEzZ+GSb047ZyJ5G+hb4BS5GKIFxq90cktqBARvIja5CjQd0fRmG
MSpJXGUs88YJBxesD/rtzObOxGlKx+xp/3f37VeIMJqHlUCz1keBMZxKTWGW0qDz
ygaRDLzyUHvip/4Xn0jZbnHWkNuZPXvoDEtJwml6U2Ju60opV/WktEDM/6EJ1Mq+
8xF6vksGEhDEdCxX++0ouK+Ka1a10XUqri1j1AcQSZCtS36N8iMeyDm5PwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN7ufC8qImx+lYi2spzUxqY930FaMB8GA1UdIwQY
MBaAFIHu1AkTg9ntQFbZ9O/30mIt3OIFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2Et
ODcyYjM3MTBjMmExLzEvM3U1OEx5b2liSDZWaUxheW5OVEdwajNmUVZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2EtODcyYjM3MTBjMmEx
LzEvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGfCTw
AwcDIAEGfCUAMA0GCSqGSIb3DQEBCwUAA4IBAQAOjyFI9QxZS9yaBdbImaUnpVMl
WX8wb/dQBH0sMyGdJuEc1uYIzPlHQZyngnWPXDml02odkjKvzwHsFXVSXGiycAaK
LwKc07k4AC37QIO7WcFRhEPuekgWT3WKIwUcnrvYibU4WPSuN7I9cGWtdw4c2Wvh
XxUlq68mT6Sr4D85pM5eAp7aZMfBybl9eFk+MakvP4YSaCQ24sNpIDjXjDQk+nZe
hpGQ49cXZmnhPMUeTOoQ3lwYJNy2Cl2Lk2ABufA81AhNe1oux4b4JxhBIyR/QqEd
Nvc6tCL2ZoKRDVi7B2MuI0NNHfSc4KUdFZndE2fc3RHj2X4tg9gwhDFastzM
-----END CERTIFICATE-----