Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/e589c2-1acb-4d82-9b9a-52362b6b3334/1/D4XV9LHf6d9EoFJRi_eT_r1mRXw.roa
File:                     D4XV9LHf6d9EoFJRi_eT_r1mRXw.roa (raw, json)
Hash identifier:          AltbsQPx6QDuPFn/A/7bnYU+bZh4jBxePJCzRorcxIg=
Subject key identifier:   0F:85:D5:F4:B1:DF:E9:DF:44:A0:52:51:8B:F7:93:FE:BD:66:45:7C
Certificate issuer:       /CN=05964b6d51902fdc1aa6841bb3d3c622a579825a
Certificate serial:       018CC801750B00AC3C847C54E4AA906EEE38
Authority key identifier: 05:96:4B:6D:51:90:2F:DC:1A:A6:84:1B:B3:D3:C6:22:A5:79:82:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZZLbVGQL9wapoQbs9PGIqV5glo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/e589c2-1acb-4d82-9b9a-52362b6b3334/1/D4XV9LHf6d9EoFJRi_eT_r1mRXw.roa
Signing time:             Tue 02 Jan 2024 02:29:47 +0000
ROA not before:           Tue 02 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202520
IP address blocks:        2001:67c:b58::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/e589c2-1acb-4d82-9b9a-52362b6b3334/1/BZZLbVGQL9wapoQbs9PGIqV5glo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/e589c2-1acb-4d82-9b9a-52362b6b3334/1/BZZLbVGQL9wapoQbs9PGIqV5glo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZZLbVGQL9wapoQbs9PGIqV5glo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:75:0b:00:ac:3c:84:7c:54:e4:aa:90:6e:ee:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05964b6d51902fdc1aa6841bb3d3c622a579825a
        Validity
            Not Before: Jan  2 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f85d5f4b1dfe9df44a052518bf793febd66457c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c4:1c:77:45:05:0a:4c:1c:7b:2c:fc:44:63:
                    cc:9e:3c:fc:43:79:5f:10:dd:ee:31:61:a3:f8:d3:
                    e6:d5:eb:58:e3:ac:dc:af:ac:15:26:c8:1f:af:c0:
                    fb:a4:17:11:1e:44:3d:e1:ef:5d:cc:01:17:a9:5b:
                    29:5a:8e:94:22:04:df:bc:8d:35:e0:5a:7a:f9:da:
                    e1:06:a4:10:57:40:4a:45:a5:7f:fd:0a:1e:13:6a:
                    fd:a2:bc:c4:21:dc:d8:8e:62:42:36:7d:b6:a7:9f:
                    09:b9:d6:31:62:6d:f8:59:d4:9d:76:07:d9:8f:ef:
                    16:14:31:8d:8c:03:d5:0a:60:60:0d:6c:75:01:69:
                    17:3b:33:cb:df:9d:c9:04:2a:e2:3d:09:bd:f5:58:
                    75:e9:6e:9d:7c:04:a3:a6:36:4b:5c:7c:dc:17:74:
                    46:35:7a:9a:cf:03:9f:12:75:61:02:ed:b5:58:1b:
                    fc:48:af:96:c6:7e:49:2b:c1:19:81:d7:66:5c:d2:
                    5c:9f:5a:91:c1:fe:83:81:b7:15:72:27:9e:b1:d9:
                    51:c5:dc:f1:23:1a:47:10:f9:d8:cc:e1:10:d3:da:
                    68:44:bc:40:d4:63:9c:42:ee:f3:9d:e3:e7:59:fa:
                    9f:94:dc:66:87:13:80:be:ae:62:30:c3:da:ca:30:
                    5b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:85:D5:F4:B1:DF:E9:DF:44:A0:52:51:8B:F7:93:FE:BD:66:45:7C
            X509v3 Authority Key Identifier:
                keyid:05:96:4B:6D:51:90:2F:DC:1A:A6:84:1B:B3:D3:C6:22:A5:79:82:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZZLbVGQL9wapoQbs9PGIqV5glo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e589c2-1acb-4d82-9b9a-52362b6b3334/1/D4XV9LHf6d9EoFJRi_eT_r1mRXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e589c2-1acb-4d82-9b9a-52362b6b3334/1/BZZLbVGQL9wapoQbs9PGIqV5glo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b58::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:3f:c0:e0:6e:32:e1:e1:59:c0:3f:ad:c2:89:6f:c2:5e:c4:
         5a:06:37:88:2e:86:00:ca:e7:a1:fb:18:17:6a:f3:fa:d6:35:
         56:8b:47:80:f7:5e:2d:39:a4:93:4c:4d:df:1a:d9:48:f9:f1:
         2b:65:c4:0e:1e:1b:23:04:34:0a:f7:44:36:7d:4f:20:bf:b1:
         14:7a:d5:7a:27:79:b2:dc:02:01:a4:c1:5e:52:a7:9f:de:d1:
         d0:c5:44:96:ac:e2:3e:73:4f:a4:0f:9b:93:04:c1:6a:c1:7a:
         6a:fc:5e:0c:b4:3b:a8:16:2a:8b:09:21:8f:f1:42:fc:25:37:
         16:da:76:a2:73:8f:51:aa:eb:11:a1:88:e5:ac:cb:ef:85:65:
         18:b7:2e:5b:73:68:49:af:20:ca:ed:1f:9e:fa:a7:e9:56:49:
         c1:53:a1:49:82:36:1e:dd:5a:fc:db:df:44:f9:91:75:a4:b5:
         03:3d:46:ac:81:1f:6e:a1:39:31:5f:58:2b:c2:10:29:01:53:
         35:05:71:12:cc:c0:30:53:bf:43:0d:3d:2c:6d:98:35:89:27:
         71:a3:40:16:c6:f6:41:dc:93:6c:ad:fc:b2:a5:97:8f:dd:bd:
         c0:de:06:3d:98:b8:31:ee:06:0b:b7:d4:61:a7:33:17:5d:22:
         95:38:bc:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXULAKw8hHxU5KqQbu44MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTY0YjZkNTE5MDJmZGMxYWE2ODQxYmIzZDNjNjIyYTU3
OTgyNWEwHhcNMjQwMTAyMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjg1ZDVmNGIxZGZlOWRmNDRhMDUyNTE4YmY3OTNmZWJkNjY0NTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosQcd0UFCkwceyz8RGPMnjz8Q3lf
EN3uMWGj+NPm1etY46zcr6wVJsgfr8D7pBcRHkQ94e9dzAEXqVspWo6UIgTfvI01
4Fp6+drhBqQQV0BKRaV//QoeE2r9orzEIdzYjmJCNn22p58JudYxYm34WdSddgfZ
j+8WFDGNjAPVCmBgDWx1AWkXOzPL353JBCriPQm99Vh16W6dfASjpjZLXHzcF3RG
NXqazwOfEnVhAu21WBv8SK+Wxn5JK8EZgddmXNJcn1qRwf6DgbcVcieesdlRxdzx
IxpHEPnYzOEQ09poRLxA1GOcQu7znePnWfqflNxmhxOAvq5iMMPayjBbzQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA+F1fSx3+nfRKBSUYv3k/69ZkV8MB8GA1UdIwQY
MBaAFAWWS21RkC/cGqaEG7PTxiKleYJaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpaTGJWR1FMOXdhcG9RYnM5UEdJcVY1Z2xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9lNTg5YzItMWFjYi00ZDgyLTliOWEt
NTIzNjJiNmIzMzM0LzEvRDRYVjlMSGY2ZDlFb0ZKUmlfZVRfcjFtUlh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9lNTg5YzItMWFjYi00ZDgyLTliOWEtNTIzNjJiNmIzMzM0
LzEvQlpaTGJWR1FMOXdhcG9RYnM5UEdJcVY1Z2xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAtY
MA0GCSqGSIb3DQEBCwUAA4IBAQAyP8DgbjLh4VnAP63CiW/CXsRaBjeILoYAyueh
+xgXavP61jVWi0eA914tOaSTTE3fGtlI+fErZcQOHhsjBDQK90Q2fU8gv7EUetV6
J3my3AIBpMFeUqef3tHQxUSWrOI+c0+kD5uTBMFqwXpq/F4MtDuoFiqLCSGP8UL8
JTcW2naic49RqusRoYjlrMvvhWUYty5bc2hJryDK7R+e+qfpVknBU6FJgjYe3Vr8
299E+ZF1pLUDPUasgR9uoTkxX1grwhApAVM1BXESzMAwU79DDT0sbZg1iSdxo0AW
xvZB3JNsrfyypZeP3b3A3gY9mLgx7gYLt9RhpzMXXSKVOLzi
-----END CERTIFICATE-----