Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/cf11b4-797b-4820-bfea-53cd91b28c4f/1/5s99nJRM2eMbXzt-Pb8JUUeMtJU.roa
File:                     5s99nJRM2eMbXzt-Pb8JUUeMtJU.roa (raw, json)
Hash identifier:          YKfz3Fban6WshxhpRVMgdw5j0CS3+dTCgPi0vXb0lvQ=
Subject key identifier:   E6:CF:7D:9C:94:4C:D9:E3:1B:5F:3B:7E:3D:BF:09:51:47:8C:B4:95
Certificate issuer:       /CN=023f63fb2bfc631c44f4bb6d94bdf28b3ec9dff7
Certificate serial:       01907CAD1D85616AC4A8C6316F1D9FAFF213
Authority key identifier: 02:3F:63:FB:2B:FC:63:1C:44:F4:BB:6D:94:BD:F2:8B:3E:C9:DF:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Aj9j-yv8YxxE9LttlL3yiz7J3_c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/cf11b4-797b-4820-bfea-53cd91b28c4f/1/5s99nJRM2eMbXzt-Pb8JUUeMtJU.roa
Signing time:             Thu 04 Jul 2024 07:37:18 +0000
ROA not before:           Thu 04 Jul 2024 07:37:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214710
IP address blocks:        2001:67c:eb8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/cf11b4-797b-4820-bfea-53cd91b28c4f/1/Aj9j-yv8YxxE9LttlL3yiz7J3_c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/cf11b4-797b-4820-bfea-53cd91b28c4f/1/Aj9j-yv8YxxE9LttlL3yiz7J3_c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Aj9j-yv8YxxE9LttlL3yiz7J3_c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:02:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7c:ad:1d:85:61:6a:c4:a8:c6:31:6f:1d:9f:af:f2:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=023f63fb2bfc631c44f4bb6d94bdf28b3ec9dff7
        Validity
            Not Before: Jul  4 07:37:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6cf7d9c944cd9e31b5f3b7e3dbf0951478cb495
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:7b:c8:e9:e9:e2:fa:18:80:48:7f:a1:74:81:
                    4d:e9:dd:27:84:58:3e:7b:da:1d:29:28:f5:65:19:
                    e0:57:45:72:fa:98:fd:5d:97:c2:d9:30:5a:af:12:
                    c9:c6:dd:80:aa:cf:91:0f:20:c0:94:84:63:51:38:
                    42:07:ff:19:b0:0e:b3:79:93:30:34:2a:e4:c8:b1:
                    ce:0b:98:12:79:3d:c2:4e:f8:7f:53:e0:6a:a7:c4:
                    a3:26:14:89:05:15:5d:53:9c:f2:25:8b:db:26:0c:
                    fe:61:a2:93:b2:7d:5e:17:38:d9:2a:e1:1a:f5:8f:
                    17:3e:dd:97:c5:b7:0f:0c:27:7b:d4:ed:79:ec:6a:
                    07:53:d1:07:06:64:3a:9c:2e:e6:0f:e7:89:78:95:
                    5e:6c:c2:bc:37:f2:28:96:56:4f:e8:d8:43:62:18:
                    4e:b6:4f:54:17:e2:4c:41:56:e6:6d:a8:22:de:0c:
                    30:75:65:07:b2:24:b3:4b:95:d0:9a:8a:85:5e:3a:
                    5a:27:33:23:cf:af:3b:27:8c:66:6f:f6:b2:c7:99:
                    dd:a6:f1:3b:79:2f:a2:c5:b6:22:8b:9f:8c:88:46:
                    d6:52:16:26:69:00:71:fa:b4:62:dc:f2:8a:3f:ce:
                    e8:27:b1:76:b6:81:7c:27:c6:70:fe:99:26:1f:41:
                    88:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:CF:7D:9C:94:4C:D9:E3:1B:5F:3B:7E:3D:BF:09:51:47:8C:B4:95
            X509v3 Authority Key Identifier:
                keyid:02:3F:63:FB:2B:FC:63:1C:44:F4:BB:6D:94:BD:F2:8B:3E:C9:DF:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Aj9j-yv8YxxE9LttlL3yiz7J3_c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/cf11b4-797b-4820-bfea-53cd91b28c4f/1/5s99nJRM2eMbXzt-Pb8JUUeMtJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/cf11b4-797b-4820-bfea-53cd91b28c4f/1/Aj9j-yv8YxxE9LttlL3yiz7J3_c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:eb8::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:7e:e9:6f:d7:88:b3:f6:4b:a9:70:44:bd:71:a1:4f:b9:7d:
         93:1f:79:c0:4d:1d:ab:70:91:b2:63:63:32:6a:5c:13:32:03:
         fa:79:24:e0:8c:91:62:2e:8a:4e:f4:a3:80:c7:00:3d:9d:7a:
         80:a8:18:52:5e:76:a1:0d:9d:96:be:5b:12:96:7e:f0:85:81:
         55:19:fd:c9:79:af:40:52:cb:6b:62:dc:5e:70:67:a5:ad:40:
         b0:5e:78:32:da:5d:75:65:b5:cc:82:f7:69:55:98:82:42:9f:
         77:8c:0a:44:90:3c:5e:b3:23:af:bc:32:ff:8c:32:79:29:af:
         80:4a:31:22:47:96:3d:f4:8a:99:1c:a0:30:ed:81:88:89:71:
         77:43:1b:20:df:9e:8c:c3:ea:ce:64:af:a0:2a:5a:e7:fd:72:
         dd:f6:86:ab:92:01:30:42:84:ff:e9:0c:e4:6f:0f:5b:8e:a9:
         d8:ed:9e:57:5a:c9:22:07:0e:97:57:c5:e1:b9:fb:b0:29:a5:
         54:4c:bc:c9:c0:2e:4c:8c:54:d0:e6:b5:1f:85:ec:4a:83:17:
         66:e5:c9:ef:97:4a:c3:32:50:53:52:17:2d:53:c3:74:38:9e:
         a6:36:d7:b4:2e:93:f7:cb:b5:bd:4b:06:32:c8:8f:af:35:ef:
         e5:1c:81:02
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZB8rR2FYWrEqMYxbx2fr/ITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyM2Y2M2ZiMmJmYzYzMWM0NGY0YmI2ZDk0YmRmMjhiM2Vj
OWRmZjcwHhcNMjQwNzA0MDczNzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmNmN2Q5Yzk0NGNkOWUzMWI1ZjNiN2UzZGJmMDk1MTQ3OGNiNDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4XvI6eni+hiASH+hdIFN6d0nhFg+
e9odKSj1ZRngV0Vy+pj9XZfC2TBarxLJxt2Aqs+RDyDAlIRjUThCB/8ZsA6zeZMw
NCrkyLHOC5gSeT3CTvh/U+Bqp8SjJhSJBRVdU5zyJYvbJgz+YaKTsn1eFzjZKuEa
9Y8XPt2XxbcPDCd71O157GoHU9EHBmQ6nC7mD+eJeJVebMK8N/IollZP6NhDYhhO
tk9UF+JMQVbmbagi3gwwdWUHsiSzS5XQmoqFXjpaJzMjz687J4xmb/ayx5ndpvE7
eS+ixbYii5+MiEbWUhYmaQBx+rRi3PKKP87oJ7F2toF8J8Zw/pkmH0GIPQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFObPfZyUTNnjG187fj2/CVFHjLSVMB8GA1UdIwQY
MBaAFAI/Y/sr/GMcRPS7bZS98os+yd/3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWo5ai15djhZeHhFOUx0dGxMM3lpejdKM19jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9jZjExYjQtNzk3Yi00ODIwLWJmZWEt
NTNjZDkxYjI4YzRmLzEvNXM5OW5KUk0yZU1iWHp0LVBiOEpVVWVNdEpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9jZjExYjQtNzk3Yi00ODIwLWJmZWEtNTNjZDkxYjI4YzRm
LzEvQWo5ai15djhZeHhFOUx0dGxMM3lpejdKM19jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA64
MA0GCSqGSIb3DQEBCwUAA4IBAQB8fulv14iz9kupcES9caFPuX2TH3nATR2rcJGy
Y2MyalwTMgP6eSTgjJFiLopO9KOAxwA9nXqAqBhSXnahDZ2WvlsSln7whYFVGf3J
ea9AUstrYtxecGelrUCwXngy2l11ZbXMgvdpVZiCQp93jApEkDxesyOvvDL/jDJ5
Ka+ASjEiR5Y99IqZHKAw7YGIiXF3Qxsg356Mw+rOZK+gKlrn/XLd9oarkgEwQoT/
6Qzkbw9bjqnY7Z5XWskiBw6XV8XhufuwKaVUTLzJwC5MjFTQ5rUfhexKgxdm5cnv
l0rDMlBTUhctU8N0OJ6mNte0LpP3y7W9SwYyyI+vNe/lHIEC
-----END CERTIFICATE-----