Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/d5c38f-4fc3-4283-9c39-9055283f0eae/1/IDWCNBQQFEnbye7uGg_fkl-BR20.roa
File:                     IDWCNBQQFEnbye7uGg_fkl-BR20.roa (raw, json)
Hash identifier:          dSFRXZ0ZiNA8FLCAgC5blFKKzz7II9TRZXP+5twNJaU=
Subject key identifier:   20:35:82:34:14:10:14:49:DB:C9:EE:EE:1A:0F:DF:92:5F:81:47:6D
Certificate issuer:       /CN=2a4558e2656bf89733389594df144d21d1dc0313
Certificate serial:       018D7E0232693C03E30000F7BA5AF6512821
Authority key identifier: 2A:45:58:E2:65:6B:F8:97:33:38:95:94:DF:14:4D:21:D1:DC:03:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KkVY4mVr-JczOJWU3xRNIdHcAxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/d5c38f-4fc3-4283-9c39-9055283f0eae/1/IDWCNBQQFEnbye7uGg_fkl-BR20.roa
Signing time:             Tue 06 Feb 2024 10:41:29 +0000
ROA not before:           Tue 06 Feb 2024 10:41:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215582
IP address blocks:        2001:67c:dc0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/d5c38f-4fc3-4283-9c39-9055283f0eae/1/KkVY4mVr-JczOJWU3xRNIdHcAxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/d5c38f-4fc3-4283-9c39-9055283f0eae/1/KkVY4mVr-JczOJWU3xRNIdHcAxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KkVY4mVr-JczOJWU3xRNIdHcAxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 10:03:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7e:02:32:69:3c:03:e3:00:00:f7:ba:5a:f6:51:28:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a4558e2656bf89733389594df144d21d1dc0313
        Validity
            Not Before: Feb  6 10:41:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2035823414101449dbc9eeee1a0fdf925f81476d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:7c:03:b8:66:52:32:91:56:39:bd:90:7d:ae:
                    0e:dd:b6:94:22:26:03:ba:b8:4c:e5:cb:f8:ac:31:
                    74:31:83:a6:6f:66:5f:02:c3:fb:1e:1e:8c:ab:0a:
                    32:ae:88:37:97:f0:e5:c1:07:24:02:a5:3e:3e:bb:
                    d6:45:1d:84:18:c6:f7:e7:53:d2:2e:4f:ac:7e:dc:
                    87:e7:f0:7d:7e:c5:fb:5b:c7:73:02:c1:3d:d4:f1:
                    36:50:f6:04:49:e4:0f:e8:73:5f:ea:de:a7:73:c2:
                    78:04:4d:1d:10:cf:96:eb:e0:44:46:f5:16:ff:bf:
                    c1:46:a9:b6:b1:f1:48:ab:78:a9:48:20:bb:5c:23:
                    c7:0f:3d:91:e5:52:76:50:99:4c:04:f9:23:85:6d:
                    d1:7f:38:92:10:33:4b:92:ce:92:9f:45:f9:b8:92:
                    8c:03:10:8c:1e:d8:d6:47:c6:ac:22:25:d3:2c:bb:
                    b5:a1:cc:25:84:ce:f2:42:3d:7f:54:cc:b7:d8:2d:
                    88:4a:65:4a:f2:05:bb:4e:02:88:05:30:72:92:53:
                    7e:3d:95:05:10:2e:02:5d:5c:9f:77:1e:9f:51:03:
                    64:76:93:fb:46:41:01:06:cc:95:d0:97:9c:d5:4e:
                    5f:98:f1:5c:98:2e:1c:29:92:42:60:fa:09:56:bf:
                    d3:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:35:82:34:14:10:14:49:DB:C9:EE:EE:1A:0F:DF:92:5F:81:47:6D
            X509v3 Authority Key Identifier:
                keyid:2A:45:58:E2:65:6B:F8:97:33:38:95:94:DF:14:4D:21:D1:DC:03:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KkVY4mVr-JczOJWU3xRNIdHcAxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/d5c38f-4fc3-4283-9c39-9055283f0eae/1/IDWCNBQQFEnbye7uGg_fkl-BR20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/d5c38f-4fc3-4283-9c39-9055283f0eae/1/KkVY4mVr-JczOJWU3xRNIdHcAxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:dc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:c7:ad:af:40:fa:d5:6d:f7:16:70:d9:20:c2:73:83:f1:c2:
         99:eb:ed:70:91:86:34:5b:19:8a:40:83:73:cc:93:54:82:fb:
         cf:6a:41:99:49:9f:76:da:1a:cb:39:55:56:3f:da:06:d7:41:
         3c:39:0c:db:a8:94:d8:e0:a5:9f:89:3e:fa:29:02:a9:ed:d9:
         40:2e:4a:9d:a9:da:24:9f:c2:39:30:8d:6e:76:e7:98:13:49:
         39:81:85:3a:35:84:a6:cd:a2:1c:c4:8a:00:7b:2a:27:a5:90:
         7d:c4:92:73:bf:2f:f3:c0:60:6a:cf:27:3b:4c:30:4f:48:b3:
         a6:7a:b1:9e:bf:69:5a:27:27:a6:56:ac:04:a3:06:4f:bd:b8:
         4b:dc:24:36:73:05:d6:f2:5a:2d:48:90:f7:0d:9a:d6:3e:f5:
         cf:74:fc:fd:5e:a7:31:03:2c:bb:2d:82:86:89:29:50:6f:9e:
         c3:27:b0:b3:ec:c6:4b:69:96:76:1a:a0:d1:16:a0:78:67:8d:
         08:56:ab:8f:b7:58:1c:22:c6:8f:66:04:3c:cb:ef:a3:ef:62:
         fb:ab:0a:da:a6:0c:fc:53:9a:e1:95:e0:54:80:e3:d1:60:16:
         99:08:bd:54:d6:c8:76:0b:15:c4:17:09:d8:96:5d:35:3f:94:
         91:ba:31:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1+AjJpPAPjAAD3ulr2USghMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhNDU1OGUyNjU2YmY4OTczMzM4OTU5NGRmMTQ0ZDIxZDFk
YzAzMTMwHhcNMjQwMjA2MTA0MTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDM1ODIzNDE0MTAxNDQ5ZGJjOWVlZWUxYTBmZGY5MjVmODE0NzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA53wDuGZSMpFWOb2Qfa4O3baUIiYD
urhM5cv4rDF0MYOmb2ZfAsP7Hh6Mqwoyrog3l/DlwQckAqU+PrvWRR2EGMb351PS
Lk+sftyH5/B9fsX7W8dzAsE91PE2UPYESeQP6HNf6t6nc8J4BE0dEM+W6+BERvUW
/7/BRqm2sfFIq3ipSCC7XCPHDz2R5VJ2UJlMBPkjhW3RfziSEDNLks6Sn0X5uJKM
AxCMHtjWR8asIiXTLLu1ocwlhM7yQj1/VMy32C2ISmVK8gW7TgKIBTByklN+PZUF
EC4CXVyfdx6fUQNkdpP7RkEBBsyV0Jec1U5fmPFcmC4cKZJCYPoJVr/ThQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCA1gjQUEBRJ28nu7hoP35JfgUdtMB8GA1UdIwQY
MBaAFCpFWOJla/iXMziVlN8UTSHR3AMTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2tWWTRtVnItSmN6T0pXVTN4Uk5JZEhjQXhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9kNWMzOGYtNGZjMy00MjgzLTljMzkt
OTA1NTI4M2YwZWFlLzEvSURXQ05CUVFGRW5ieWU3dUdnX2ZrbC1CUjIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9kNWMzOGYtNGZjMy00MjgzLTljMzktOTA1NTI4M2YwZWFl
LzEvS2tWWTRtVnItSmN6T0pXVTN4Uk5JZEhjQXhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA3A
MA0GCSqGSIb3DQEBCwUAA4IBAQAQx62vQPrVbfcWcNkgwnOD8cKZ6+1wkYY0WxmK
QINzzJNUgvvPakGZSZ922hrLOVVWP9oG10E8OQzbqJTY4KWfiT76KQKp7dlALkqd
qdokn8I5MI1udueYE0k5gYU6NYSmzaIcxIoAeyonpZB9xJJzvy/zwGBqzyc7TDBP
SLOmerGev2laJyemVqwEowZPvbhL3CQ2cwXW8lotSJD3DZrWPvXPdPz9XqcxAyy7
LYKGiSlQb57DJ7Cz7MZLaZZ2GqDRFqB4Z40IVquPt1gcIsaPZgQ8y++j72L7qwra
pgz8U5rhleBUgOPRYBaZCL1U1sh2CxXEFwnYll01P5SRujEz
-----END CERTIFICATE-----