Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/fbf239-5f8a-4d6a-a0cb-44ac6adb3a49/1/5VP2o0Bt7GCX4vYPs_CK7CAEWFw.roa
File:                     5VP2o0Bt7GCX4vYPs_CK7CAEWFw.roa (raw, json)
Hash identifier:          7hFz6un2wDtcnW2Hv32Sxk+2M8BMmqcxffv511Y9lOI=
Subject key identifier:   E5:53:F6:A3:40:6D:EC:60:97:E2:F6:0F:B3:F0:8A:EC:20:04:58:5C
Certificate issuer:       /CN=4aabd1a765ae5cbe1dc93daf024d3a47e72ac918
Certificate serial:       018CC50112D81108A728E8734A2C13D46479
Authority key identifier: 4A:AB:D1:A7:65:AE:5C:BE:1D:C9:3D:AF:02:4D:3A:47:E7:2A:C9:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SqvRp2WuXL4dyT2vAk06R-cqyRg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/fbf239-5f8a-4d6a-a0cb-44ac6adb3a49/1/5VP2o0Bt7GCX4vYPs_CK7CAEWFw.roa
Signing time:             Mon 01 Jan 2024 12:30:31 +0000
ROA not before:           Mon 01 Jan 2024 12:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210961
IP address blocks:        2001:67c:30::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/fbf239-5f8a-4d6a-a0cb-44ac6adb3a49/1/SqvRp2WuXL4dyT2vAk06R-cqyRg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/fbf239-5f8a-4d6a-a0cb-44ac6adb3a49/1/SqvRp2WuXL4dyT2vAk06R-cqyRg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SqvRp2WuXL4dyT2vAk06R-cqyRg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:12:d8:11:08:a7:28:e8:73:4a:2c:13:d4:64:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4aabd1a765ae5cbe1dc93daf024d3a47e72ac918
        Validity
            Not Before: Jan  1 12:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e553f6a3406dec6097e2f60fb3f08aec2004585c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:fa:92:70:02:1a:81:bd:88:1c:52:1c:00:d3:
                    5e:ad:49:26:9e:99:49:2e:bc:a5:f1:af:44:e6:45:
                    2d:6e:4d:36:47:24:a4:ed:84:8d:ab:56:69:69:99:
                    07:0f:12:1b:e9:8c:fb:93:ed:f3:54:43:ae:c9:7a:
                    64:b1:95:4e:11:6a:96:42:07:a8:98:01:29:73:c3:
                    8c:c8:98:df:00:8e:20:ac:0f:ad:56:59:48:43:39:
                    15:df:6f:0b:4d:91:f4:b7:94:ed:7a:47:0d:40:d9:
                    a8:0b:94:4c:92:b9:34:98:6e:59:41:4e:96:10:03:
                    55:3d:5e:a7:8c:34:fa:0c:52:49:8b:01:18:10:09:
                    f2:91:42:a2:92:e5:8c:84:d5:70:fd:e5:71:41:fa:
                    c8:56:f7:fc:e3:0f:d7:7d:a7:9a:95:32:8e:2d:09:
                    1a:fb:10:a7:1d:0b:de:24:07:a6:d1:a5:31:6e:4b:
                    c5:ee:e5:10:3a:1b:de:22:da:ca:d9:92:2a:9b:21:
                    6f:9b:33:77:c5:09:39:b8:21:50:98:6f:b1:bb:6a:
                    07:da:04:d9:41:f6:61:84:03:9a:c5:32:d7:e6:d3:
                    f3:af:26:20:43:ff:5a:26:38:5b:79:e5:42:60:08:
                    bd:4e:4f:96:ef:06:01:b5:fb:d9:b6:ea:f9:40:66:
                    1a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:53:F6:A3:40:6D:EC:60:97:E2:F6:0F:B3:F0:8A:EC:20:04:58:5C
            X509v3 Authority Key Identifier:
                keyid:4A:AB:D1:A7:65:AE:5C:BE:1D:C9:3D:AF:02:4D:3A:47:E7:2A:C9:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SqvRp2WuXL4dyT2vAk06R-cqyRg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/fbf239-5f8a-4d6a-a0cb-44ac6adb3a49/1/5VP2o0Bt7GCX4vYPs_CK7CAEWFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/fbf239-5f8a-4d6a-a0cb-44ac6adb3a49/1/SqvRp2WuXL4dyT2vAk06R-cqyRg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:30::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:ff:dd:d9:ca:5d:e9:28:0f:e8:0f:20:61:75:bf:4f:c2:03:
         94:d8:d9:18:51:1a:a9:f2:59:0e:40:40:e0:28:d8:df:47:28:
         58:7c:f1:fc:d6:95:d4:cf:93:c8:19:f4:a9:69:b4:a5:45:28:
         80:53:2c:90:4d:91:30:37:a3:d4:21:35:fc:3c:aa:88:09:7d:
         45:66:81:22:b7:89:bb:19:a5:41:7e:4d:6b:5b:97:f2:0b:fb:
         f6:1c:be:31:26:b4:89:5b:68:02:9c:07:d7:2f:1c:b2:01:72:
         52:b3:58:08:66:8a:73:09:2c:70:72:20:1c:29:a8:ce:e4:a1:
         9a:c4:4f:e5:cf:82:25:75:37:6e:7f:75:87:2d:b6:6d:07:f4:
         2b:39:64:09:a0:b3:d2:c6:0c:ef:7a:cb:b9:97:56:45:b6:21:
         72:e6:b8:ca:be:26:34:4f:a8:dc:f1:ab:67:52:44:33:80:c6:
         1e:c8:1b:99:81:3f:9e:fb:96:e8:ae:7f:1a:f2:53:c3:38:05:
         62:f0:c7:f1:2b:7c:9c:3c:38:6f:38:a6:2f:28:e7:9d:79:e5:
         11:4f:54:34:dc:f8:10:df:bd:5c:b9:ed:c8:29:40:aa:77:5d:
         86:40:41:14:76:11:13:a1:e8:4c:65:1e:4e:ca:06:c5:c8:e8:
         7e:65:f2:31
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFARLYEQinKOhzSiwT1GR5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhYWJkMWE3NjVhZTVjYmUxZGM5M2RhZjAyNGQzYTQ3ZTcy
YWM5MTgwHhcNMjQwMTAxMTIzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTUzZjZhMzQwNmRlYzYwOTdlMmY2MGZiM2YwOGFlYzIwMDQ1ODVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfqScAIagb2IHFIcANNerUkmnplJ
Lryl8a9E5kUtbk02RySk7YSNq1ZpaZkHDxIb6Yz7k+3zVEOuyXpksZVOEWqWQgeo
mAEpc8OMyJjfAI4grA+tVllIQzkV328LTZH0t5TtekcNQNmoC5RMkrk0mG5ZQU6W
EANVPV6njDT6DFJJiwEYEAnykUKikuWMhNVw/eVxQfrIVvf84w/XfaealTKOLQka
+xCnHQveJAem0aUxbkvF7uUQOhveItrK2ZIqmyFvmzN3xQk5uCFQmG+xu2oH2gTZ
QfZhhAOaxTLX5tPzryYgQ/9aJjhbeeVCYAi9Tk+W7wYBtfvZtur5QGYaQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOVT9qNAbexgl+L2D7PwiuwgBFhcMB8GA1UdIwQY
MBaAFEqr0adlrly+Hck9rwJNOkfnKskYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3F2UnAyV3VYTDRkeVQydkFrMDZSLWNxeVJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9mYmYyMzktNWY4YS00ZDZhLWEwY2It
NDRhYzZhZGIzYTQ5LzEvNVZQMm8wQnQ3R0NYNHZZUHNfQ0s3Q0FFV0Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9mYmYyMzktNWY4YS00ZDZhLWEwY2ItNDRhYzZhZGIzYTQ5
LzEvU3F2UnAyV3VYTDRkeVQydkFrMDZSLWNxeVJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAAw
MA0GCSqGSIb3DQEBCwUAA4IBAQCC/93Zyl3pKA/oDyBhdb9PwgOU2NkYURqp8lkO
QEDgKNjfRyhYfPH81pXUz5PIGfSpabSlRSiAUyyQTZEwN6PUITX8PKqICX1FZoEi
t4m7GaVBfk1rW5fyC/v2HL4xJrSJW2gCnAfXLxyyAXJSs1gIZopzCSxwciAcKajO
5KGaxE/lz4IldTduf3WHLbZtB/QrOWQJoLPSxgzvesu5l1ZFtiFy5rjKviY0T6jc
8atnUkQzgMYeyBuZgT+e+5born8a8lPDOAVi8MfxK3ycPDhvOKYvKOedeeURT1Q0
3PgQ371cue3IKUCqd12GQEEUdhEToehMZR5OygbFyOh+ZfIx
-----END CERTIFICATE-----