Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/99ccfa-c96f-4d12-b18f-5b3a41125bea/1/wSiU1K5I33FzyjdPAv3O49ZflHg.roa
File:                     wSiU1K5I33FzyjdPAv3O49ZflHg.roa (raw, json)
Hash identifier:          3kvPm8gTTtEemaP6jbU6qzkZlOf4JaqWPZQiXXhzv5c=
Subject key identifier:   C1:28:94:D4:AE:48:DF:71:73:CA:37:4F:02:FD:CE:E3:D6:5F:94:78
Certificate issuer:       /CN=544905eaad4cea6c3f2d650c08fae3d445186752
Certificate serial:       018CC86F3F393A6E9B52FE290081547A5B1B
Authority key identifier: 54:49:05:EA:AD:4C:EA:6C:3F:2D:65:0C:08:FA:E3:D4:45:18:67:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VEkF6q1M6mw_LWUMCPrj1EUYZ1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/99ccfa-c96f-4d12-b18f-5b3a41125bea/1/wSiU1K5I33FzyjdPAv3O49ZflHg.roa
Signing time:             Tue 02 Jan 2024 04:29:42 +0000
ROA not before:           Tue 02 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210941
IP address blocks:        2001:67c:810::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/99ccfa-c96f-4d12-b18f-5b3a41125bea/1/VEkF6q1M6mw_LWUMCPrj1EUYZ1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/99ccfa-c96f-4d12-b18f-5b3a41125bea/1/VEkF6q1M6mw_LWUMCPrj1EUYZ1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VEkF6q1M6mw_LWUMCPrj1EUYZ1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:3f:39:3a:6e:9b:52:fe:29:00:81:54:7a:5b:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=544905eaad4cea6c3f2d650c08fae3d445186752
        Validity
            Not Before: Jan  2 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c12894d4ae48df7173ca374f02fdcee3d65f9478
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:fd:09:07:c5:ea:50:e8:d9:10:2a:ab:44:29:
                    67:55:d8:69:96:7c:aa:6e:69:2c:04:e6:be:59:f3:
                    cd:0a:28:a3:74:eb:ab:f6:52:17:c8:cb:75:a0:cd:
                    a2:1d:32:fd:a9:6c:66:a8:12:f5:26:16:c2:42:19:
                    42:50:8a:a9:7a:a8:16:34:e3:26:42:8d:f7:18:6b:
                    96:0d:f6:07:14:17:6e:2e:8b:1f:2d:32:92:47:0a:
                    0d:97:f7:8f:fc:45:df:91:7c:d9:ea:96:01:6b:91:
                    ed:0c:2f:f8:08:d3:b2:05:63:38:c8:2a:47:f9:09:
                    2b:8b:af:d5:d7:57:02:d5:af:29:47:78:b5:8d:e3:
                    cb:b7:73:2e:0f:96:16:75:a2:87:c6:78:12:97:fe:
                    73:01:a7:4b:18:16:d6:b1:c5:5d:af:a6:9d:85:76:
                    21:da:ae:14:cf:34:9d:c6:c1:2a:4a:63:6b:85:d7:
                    11:1d:35:14:23:4b:c7:d4:24:b3:f3:7f:2d:42:8d:
                    d8:2c:73:7c:e8:d8:85:3d:e4:cc:a4:3d:9b:23:1d:
                    1d:48:1d:cb:3e:da:4d:c9:68:f8:3d:b2:2d:73:88:
                    20:6e:1a:b8:52:ef:73:d9:63:99:00:62:59:bd:e4:
                    3a:76:ff:34:e6:3d:ac:8f:58:20:99:6e:8e:92:e2:
                    28:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:28:94:D4:AE:48:DF:71:73:CA:37:4F:02:FD:CE:E3:D6:5F:94:78
            X509v3 Authority Key Identifier:
                keyid:54:49:05:EA:AD:4C:EA:6C:3F:2D:65:0C:08:FA:E3:D4:45:18:67:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VEkF6q1M6mw_LWUMCPrj1EUYZ1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/99ccfa-c96f-4d12-b18f-5b3a41125bea/1/wSiU1K5I33FzyjdPAv3O49ZflHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/99ccfa-c96f-4d12-b18f-5b3a41125bea/1/VEkF6q1M6mw_LWUMCPrj1EUYZ1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:810::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:3b:c0:aa:3d:89:d0:b7:c3:98:9d:35:8b:89:5d:1d:c9:ec:
         59:07:65:85:b2:15:80:69:eb:01:7f:b9:36:2b:fe:0e:1b:c4:
         7c:ac:ea:48:ee:86:0d:49:ce:e4:29:03:9d:a3:31:79:78:c9:
         55:55:af:cb:72:12:02:34:78:00:5d:21:bf:ec:6e:ef:2d:81:
         5d:5b:ae:82:98:3c:39:e5:4a:0d:af:b2:2c:c0:c1:f0:39:bf:
         9a:b2:ba:7a:0c:fd:1a:06:6f:15:47:66:27:f7:d5:e7:9a:12:
         f9:02:25:bd:3c:d0:57:33:d5:b3:c5:0b:f1:b6:be:ef:35:5f:
         3c:bd:02:f0:e7:b8:35:66:31:17:21:17:b8:e3:29:88:dd:48:
         14:c9:2e:03:ee:04:35:4b:21:c8:3e:7b:bb:e3:b9:d0:64:96:
         62:2c:8c:87:b2:b4:93:93:f6:99:9d:6c:2a:2e:8a:0c:16:22:
         b2:8d:d1:2c:18:88:38:d0:07:d8:b4:d4:39:0f:58:06:a3:40:
         3e:67:28:07:22:59:e4:25:c2:f4:52:95:c5:05:cd:90:8c:04:
         83:1b:fc:21:89:2b:71:d4:2d:d6:f7:ba:0f:af:69:c9:ae:7a:
         93:61:e6:8b:8c:a2:7a:a5:0d:ee:1e:d2:0f:0c:41:a0:4f:c4:
         20:55:e7:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIbz85Om6bUv4pAIFUelsbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NDkwNWVhYWQ0Y2VhNmMzZjJkNjUwYzA4ZmFlM2Q0NDUx
ODY3NTIwHhcNMjQwMTAyMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTI4OTRkNGFlNDhkZjcxNzNjYTM3NGYwMmZkY2VlM2Q2NWY5NDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAif0JB8XqUOjZECqrRClnVdhplnyq
bmksBOa+WfPNCiijdOur9lIXyMt1oM2iHTL9qWxmqBL1JhbCQhlCUIqpeqgWNOMm
Qo33GGuWDfYHFBduLosfLTKSRwoNl/eP/EXfkXzZ6pYBa5HtDC/4CNOyBWM4yCpH
+Qkri6/V11cC1a8pR3i1jePLt3MuD5YWdaKHxngSl/5zAadLGBbWscVdr6adhXYh
2q4UzzSdxsEqSmNrhdcRHTUUI0vH1CSz838tQo3YLHN86NiFPeTMpD2bIx0dSB3L
PtpNyWj4PbItc4ggbhq4Uu9z2WOZAGJZveQ6dv805j2sj1ggmW6OkuIotQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMEolNSuSN9xc8o3TwL9zuPWX5R4MB8GA1UdIwQY
MBaAFFRJBeqtTOpsPy1lDAj649RFGGdSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkVrRjZxMU02bXdfTFdVTUNQcmoxRVVZWjFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85OWNjZmEtYzk2Zi00ZDEyLWIxOGYt
NWIzYTQxMTI1YmVhLzEvd1NpVTFLNUkzM0Z6eWpkUEF2M080OVpmbEhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85OWNjZmEtYzk2Zi00ZDEyLWIxOGYtNWIzYTQxMTI1YmVh
LzEvVkVrRjZxMU02bXdfTFdVTUNQcmoxRVVZWjFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAgQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBTO8CqPYnQt8OYnTWLiV0dyexZB2WFshWAaesB
f7k2K/4OG8R8rOpI7oYNSc7kKQOdozF5eMlVVa/LchICNHgAXSG/7G7vLYFdW66C
mDw55UoNr7IswMHwOb+asrp6DP0aBm8VR2Yn99XnmhL5AiW9PNBXM9WzxQvxtr7v
NV88vQLw57g1ZjEXIRe44ymI3UgUyS4D7gQ1SyHIPnu747nQZJZiLIyHsrSTk/aZ
nWwqLooMFiKyjdEsGIg40AfYtNQ5D1gGo0A+ZygHIlnkJcL0UpXFBc2QjASDG/wh
iStx1C3W97oPr2nJrnqTYeaLjKJ6pQ3uHtIPDEGgT8QgVecE
-----END CERTIFICATE-----