Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/5571f9-d9bb-4e78-bad6-09d4231c1c99/1/22roCiU6j6261Tf2xHjOeaVXPf8.roa
File:                     22roCiU6j6261Tf2xHjOeaVXPf8.roa (raw, json)
Hash identifier:          PuMLQ30DfEoEKDxeny2h0jxhmq5+Wq4VxfLmEZEXgYo=
Subject key identifier:   DB:6A:E8:0A:25:3A:8F:AD:BA:D5:37:F6:C4:78:CE:79:A5:57:3D:FF
Certificate issuer:       /CN=cbb996ff055d6575e01f2e64d9a3b382834702d1
Certificate serial:       018CC4250AA236573F5EEF0319CDCF0AB172
Authority key identifier: CB:B9:96:FF:05:5D:65:75:E0:1F:2E:64:D9:A3:B3:82:83:47:02:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y7mW_wVdZXXgHy5k2aOzgoNHAtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/5571f9-d9bb-4e78-bad6-09d4231c1c99/1/22roCiU6j6261Tf2xHjOeaVXPf8.roa
Signing time:             Mon 01 Jan 2024 08:30:10 +0000
ROA not before:           Mon 01 Jan 2024 08:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202351
IP address blocks:        2001:67c:ae0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/5571f9-d9bb-4e78-bad6-09d4231c1c99/1/y7mW_wVdZXXgHy5k2aOzgoNHAtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/5571f9-d9bb-4e78-bad6-09d4231c1c99/1/y7mW_wVdZXXgHy5k2aOzgoNHAtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y7mW_wVdZXXgHy5k2aOzgoNHAtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:0a:a2:36:57:3f:5e:ef:03:19:cd:cf:0a:b1:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbb996ff055d6575e01f2e64d9a3b382834702d1
        Validity
            Not Before: Jan  1 08:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db6ae80a253a8fadbad537f6c478ce79a5573dff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:98:c1:ef:55:4f:e9:a9:34:5a:2b:e7:8b:47:
                    e3:59:25:78:ee:33:f0:f8:2f:c3:20:27:37:8d:76:
                    05:1d:59:4a:ae:53:1a:df:15:4c:ab:40:8a:7e:54:
                    b2:23:ea:58:bd:ae:17:8a:07:c3:1f:81:1a:d7:f9:
                    36:c9:d0:f9:09:9f:bd:20:29:22:a3:6c:ea:27:4b:
                    8c:6a:23:3a:82:45:ae:27:53:0f:23:53:1a:3e:3c:
                    24:86:5e:11:70:ad:ab:20:90:fc:24:7d:0a:df:d3:
                    3c:31:ab:23:06:1f:05:54:05:fe:45:16:77:84:73:
                    c3:12:89:34:ee:65:30:63:e2:47:80:11:f4:a1:45:
                    23:54:73:58:6a:9e:ca:0d:77:92:7b:84:e6:9f:c6:
                    44:d6:c8:00:3a:08:d9:61:98:b9:41:e2:9b:ec:23:
                    86:a7:4c:ac:44:f1:38:70:24:aa:eb:c9:53:a7:2b:
                    47:32:79:32:d1:fc:c7:be:6d:c7:75:d7:2b:09:61:
                    45:ca:f4:43:c3:fb:29:c0:45:65:b1:79:19:69:9b:
                    e9:a2:71:3f:30:23:68:de:0b:98:d2:c6:83:16:8b:
                    92:7a:a4:c8:34:6e:2a:20:11:2b:f2:25:01:19:24:
                    6b:6c:cb:45:47:d3:1d:d2:8e:a8:f2:09:13:c4:f4:
                    fb:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:6A:E8:0A:25:3A:8F:AD:BA:D5:37:F6:C4:78:CE:79:A5:57:3D:FF
            X509v3 Authority Key Identifier:
                keyid:CB:B9:96:FF:05:5D:65:75:E0:1F:2E:64:D9:A3:B3:82:83:47:02:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y7mW_wVdZXXgHy5k2aOzgoNHAtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/5571f9-d9bb-4e78-bad6-09d4231c1c99/1/22roCiU6j6261Tf2xHjOeaVXPf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/5571f9-d9bb-4e78-bad6-09d4231c1c99/1/y7mW_wVdZXXgHy5k2aOzgoNHAtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ae0::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:b7:a6:ad:6e:37:5c:02:83:e6:ea:f5:8a:c3:63:44:c5:23:
         64:1d:61:61:ce:41:1d:ab:c6:3e:8f:a8:9a:78:d8:f2:6a:8f:
         6e:6c:33:e4:d6:3e:1a:65:4e:d4:8c:6b:31:53:72:9f:b4:94:
         73:25:45:b6:9c:94:fc:e3:9d:71:f3:b3:d9:2a:e0:57:42:d0:
         36:6f:dc:d9:98:c2:8b:2a:1b:5b:3f:6d:d7:30:ef:17:68:24:
         fb:00:dd:de:30:08:23:16:f7:73:8d:17:4a:ff:11:28:1b:0c:
         6b:7b:a2:af:ba:0c:b0:ca:9c:3c:df:1b:65:07:54:89:dd:ac:
         d0:62:b2:09:bb:b8:be:1f:84:78:63:c0:db:e8:f5:36:4d:74:
         d9:a8:9a:1a:f1:68:13:2b:f1:a4:d1:b8:36:23:f1:76:16:d1:
         b8:ff:f3:39:3a:8d:34:2d:5a:6b:61:28:5d:6c:c6:b7:ab:9c:
         b5:ec:cc:8d:bf:91:ed:a4:07:ca:40:b4:61:35:08:63:03:9a:
         e3:51:c6:60:1a:0f:3f:0d:2d:f2:db:5c:45:b0:4e:ab:df:4a:
         70:a7:3f:86:6c:5a:10:d7:ed:38:cd:e4:40:ba:22:20:b9:d9:
         42:af:b8:08:69:89:03:26:d6:3b:19:88:f7:0d:f7:71:1c:d4:
         e7:c6:c4:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJQqiNlc/Xu8DGc3PCrFyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiYjk5NmZmMDU1ZDY1NzVlMDFmMmU2NGQ5YTNiMzgyODM0
NzAyZDEwHhcNMjQwMTAxMDgzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjZhZTgwYTI1M2E4ZmFkYmFkNTM3ZjZjNDc4Y2U3OWE1NTczZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJjB71VP6ak0Wivni0fjWSV47jPw
+C/DICc3jXYFHVlKrlMa3xVMq0CKflSyI+pYva4XigfDH4Ea1/k2ydD5CZ+9ICki
o2zqJ0uMaiM6gkWuJ1MPI1MaPjwkhl4RcK2rIJD8JH0K39M8MasjBh8FVAX+RRZ3
hHPDEok07mUwY+JHgBH0oUUjVHNYap7KDXeSe4Tmn8ZE1sgAOgjZYZi5QeKb7COG
p0ysRPE4cCSq68lTpytHMnky0fzHvm3HddcrCWFFyvRDw/spwEVlsXkZaZvponE/
MCNo3guY0saDFouSeqTING4qIBEr8iUBGSRrbMtFR9Md0o6o8gkTxPT7QwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNtq6AolOo+tutU39sR4znmlVz3/MB8GA1UdIwQY
MBaAFMu5lv8FXWV14B8uZNmjs4KDRwLRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTdtV193VmRaWFhnSHk1azJhT3pnb05IQXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC81NTcxZjktZDliYi00ZTc4LWJhZDYt
MDlkNDIzMWMxYzk5LzEvMjJyb0NpVTZqNjI2MVRmMnhIak9lYVZYUGY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC81NTcxZjktZDliYi00ZTc4LWJhZDYtMDlkNDIzMWMxYzk5
LzEveTdtV193VmRaWFhnSHk1azJhT3pnb05IQXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfArg
MA0GCSqGSIb3DQEBCwUAA4IBAQCNt6atbjdcAoPm6vWKw2NExSNkHWFhzkEdq8Y+
j6iaeNjyao9ubDPk1j4aZU7UjGsxU3KftJRzJUW2nJT8451x87PZKuBXQtA2b9zZ
mMKLKhtbP23XMO8XaCT7AN3eMAgjFvdzjRdK/xEoGwxre6Kvugywypw83xtlB1SJ
3azQYrIJu7i+H4R4Y8Db6PU2TXTZqJoa8WgTK/Gk0bg2I/F2FtG4//M5Oo00LVpr
YShdbMa3q5y17MyNv5HtpAfKQLRhNQhjA5rjUcZgGg8/DS3y21xFsE6r30pwpz+G
bFoQ1+04zeRAuiIgudlCr7gIaYkDJtY7GYj3DfdxHNTnxsQw
-----END CERTIFICATE-----