Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/5526d4-afc1-401f-a09f-0b697a3b762a/1/5kctDk8Wf4BYwwyOTvhVEgLbNCc.roa
File:                     5kctDk8Wf4BYwwyOTvhVEgLbNCc.roa (raw, json)
Hash identifier:          Nr3IK7da9sCnFBQmx3qWayM9ggxh14MDv8UovVq5g2w=
Subject key identifier:   E6:47:2D:0E:4F:16:7F:80:58:C3:0C:8E:4E:F8:55:12:02:DB:34:27
Certificate issuer:       /CN=4a341558dba0b6db94c55ce06e306ff6519d6ef1
Certificate serial:       018CC3492E718BA0D4E71DEECF3694597D0A
Authority key identifier: 4A:34:15:58:DB:A0:B6:DB:94:C5:5C:E0:6E:30:6F:F6:51:9D:6E:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SjQVWNugttuUxVzgbjBv9lGdbvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/5526d4-afc1-401f-a09f-0b697a3b762a/1/5kctDk8Wf4BYwwyOTvhVEgLbNCc.roa
Signing time:             Mon 01 Jan 2024 04:30:02 +0000
ROA not before:           Mon 01 Jan 2024 04:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49792
IP address blocks:        2001:67c:1194::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/5526d4-afc1-401f-a09f-0b697a3b762a/1/SjQVWNugttuUxVzgbjBv9lGdbvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/5526d4-afc1-401f-a09f-0b697a3b762a/1/SjQVWNugttuUxVzgbjBv9lGdbvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SjQVWNugttuUxVzgbjBv9lGdbvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:2e:71:8b:a0:d4:e7:1d:ee:cf:36:94:59:7d:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a341558dba0b6db94c55ce06e306ff6519d6ef1
        Validity
            Not Before: Jan  1 04:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6472d0e4f167f8058c30c8e4ef8551202db3427
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c0:28:c7:ed:b2:4c:9b:64:1b:22:63:a4:c9:
                    30:f1:fb:ed:24:d3:81:b4:8c:44:fc:b2:43:27:39:
                    9e:bd:45:bb:a7:08:c9:19:3a:89:8d:32:36:cd:87:
                    bb:de:74:f2:e0:9e:3b:6f:34:6d:05:48:d3:fe:ce:
                    d9:a3:fa:87:7f:08:ca:95:2a:e6:93:80:c2:bd:24:
                    3e:8d:24:3e:b4:c2:4d:1f:58:1b:35:93:1e:39:f3:
                    7e:ca:d4:7a:73:55:98:4e:64:27:e9:d6:cd:f4:b0:
                    39:ac:0e:7f:9f:2b:f2:83:88:13:e6:96:f9:a0:c9:
                    4f:91:bb:1e:63:ad:65:e0:5c:12:cb:c4:7e:16:c0:
                    8e:ac:52:d5:8b:d1:32:6c:af:65:6c:c4:ab:be:61:
                    03:74:4b:54:00:b1:e4:7f:61:13:ba:f7:30:a1:cb:
                    fa:cc:67:a7:91:7f:89:5c:d0:d4:8f:5b:35:3e:17:
                    f7:28:40:25:43:8b:43:84:5b:3d:cb:9f:07:a4:42:
                    46:a6:8d:74:e5:da:ca:f3:e8:b6:d7:24:39:72:e7:
                    4e:15:50:4e:09:ff:b8:f8:07:00:98:03:33:05:1f:
                    6f:25:9f:ab:24:0e:b4:77:eb:66:81:8a:4b:95:ba:
                    8b:a2:a7:69:c1:02:75:17:d7:94:43:33:8e:00:76:
                    04:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:47:2D:0E:4F:16:7F:80:58:C3:0C:8E:4E:F8:55:12:02:DB:34:27
            X509v3 Authority Key Identifier:
                keyid:4A:34:15:58:DB:A0:B6:DB:94:C5:5C:E0:6E:30:6F:F6:51:9D:6E:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SjQVWNugttuUxVzgbjBv9lGdbvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/5526d4-afc1-401f-a09f-0b697a3b762a/1/5kctDk8Wf4BYwwyOTvhVEgLbNCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/5526d4-afc1-401f-a09f-0b697a3b762a/1/SjQVWNugttuUxVzgbjBv9lGdbvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1194::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:9d:2a:2f:b0:4a:4e:e3:bb:5d:9d:f4:3e:0c:04:f2:bc:34:
         65:af:9c:7c:b7:e7:64:14:f7:26:6a:d7:e9:83:eb:a9:72:2d:
         2a:9f:84:46:a5:7e:6a:40:de:de:d9:c0:6e:de:0d:cd:93:57:
         a9:9e:0d:2c:09:a1:92:2b:96:f1:d2:ff:09:a0:6d:77:fd:a9:
         0c:41:82:e4:54:9c:7b:c7:11:5e:3a:5f:19:98:f9:8f:97:b6:
         16:70:8a:bf:88:29:e1:8c:d4:0a:ac:7a:07:e8:05:1b:81:04:
         6c:31:34:5f:9c:5b:66:73:8e:3f:b7:23:f6:df:0c:3d:69:ec:
         c2:ff:e9:3b:47:25:5e:48:92:9d:42:a2:9f:e8:27:db:13:3c:
         04:12:33:b3:88:5a:90:df:39:24:2c:09:dd:1d:df:b3:22:16:
         42:ae:0c:a5:c0:18:77:12:b9:5e:f4:53:ca:f0:b3:b8:f3:1e:
         fa:8e:4c:0f:ce:06:e7:75:9c:ab:68:06:8c:4b:d5:49:11:a4:
         d9:87:25:03:e9:f6:4a:41:19:41:28:42:cd:2c:68:df:b2:32:
         48:1a:3a:4e:33:6e:3f:f1:49:e1:77:8a:25:87:cb:b9:f0:b6:
         f3:85:c9:fc:a9:ce:77:ff:1b:f3:fe:9b:2e:fe:f5:e1:6e:60:
         bf:2f:1e:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSS5xi6DU5x3uzzaUWX0KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhMzQxNTU4ZGJhMGI2ZGI5NGM1NWNlMDZlMzA2ZmY2NTE5
ZDZlZjEwHhcNMjQwMTAxMDQzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjQ3MmQwZTRmMTY3ZjgwNThjMzBjOGU0ZWY4NTUxMjAyZGIzNDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcAox+2yTJtkGyJjpMkw8fvtJNOB
tIxE/LJDJzmevUW7pwjJGTqJjTI2zYe73nTy4J47bzRtBUjT/s7Zo/qHfwjKlSrm
k4DCvSQ+jSQ+tMJNH1gbNZMeOfN+ytR6c1WYTmQn6dbN9LA5rA5/nyvyg4gT5pb5
oMlPkbseY61l4FwSy8R+FsCOrFLVi9EybK9lbMSrvmEDdEtUALHkf2ETuvcwocv6
zGenkX+JXNDUj1s1Phf3KEAlQ4tDhFs9y58HpEJGpo105drK8+i21yQ5cudOFVBO
Cf+4+AcAmAMzBR9vJZ+rJA60d+tmgYpLlbqLoqdpwQJ1F9eUQzOOAHYElQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOZHLQ5PFn+AWMMMjk74VRIC2zQnMB8GA1UdIwQY
MBaAFEo0FVjboLbblMVc4G4wb/ZRnW7xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2pRVldOdWd0dHVVeFZ6Z2JqQnY5bEdkYnZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi81NTI2ZDQtYWZjMS00MDFmLWEwOWYt
MGI2OTdhM2I3NjJhLzEvNWtjdERrOFdmNEJZd3d5T1R2aFZFZ0xiTkNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi81NTI2ZDQtYWZjMS00MDFmLWEwOWYtMGI2OTdhM2I3NjJh
LzEvU2pRVldOdWd0dHVVeFZ6Z2JqQnY5bEdkYnZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBGU
MA0GCSqGSIb3DQEBCwUAA4IBAQB9nSovsEpO47tdnfQ+DATyvDRlr5x8t+dkFPcm
atfpg+upci0qn4RGpX5qQN7e2cBu3g3Nk1epng0sCaGSK5bx0v8JoG13/akMQYLk
VJx7xxFeOl8ZmPmPl7YWcIq/iCnhjNQKrHoH6AUbgQRsMTRfnFtmc44/tyP23ww9
aezC/+k7RyVeSJKdQqKf6CfbEzwEEjOziFqQ3zkkLAndHd+zIhZCrgylwBh3Erle
9FPK8LO48x76jkwPzgbndZyraAaMS9VJEaTZhyUD6fZKQRlBKELNLGjfsjJIGjpO
M24/8Unhd4olh8u58Lbzhcn8qc53/xvz/psu/vXhbmC/Lx55
-----END CERTIFICATE-----