Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/ae251b-572d-41c4-ad2e-c287db934912/1/ko1Z0Xr7B9-t3TQt_o6_tMOcSBM.roa
File:                     ko1Z0Xr7B9-t3TQt_o6_tMOcSBM.roa (raw, json)
Hash identifier:          Ftp2WNb26HnL0q8QoseVv2d68lqvxba7gdJHUXdje6s=
Subject key identifier:   92:8D:59:D1:7A:FB:07:DF:AD:DD:34:2D:FE:8E:BF:B4:C3:9C:48:13
Certificate issuer:       /CN=596d400faa5269099cc7b1c7a03ce69d8391f21a
Certificate serial:       018DC136AB5516F707B2B5370FEDC86AFAAB
Authority key identifier: 59:6D:40:0F:AA:52:69:09:9C:C7:B1:C7:A0:3C:E6:9D:83:91:F2:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WW1AD6pSaQmcx7HHoDzmnYOR8ho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/ae251b-572d-41c4-ad2e-c287db934912/1/ko1Z0Xr7B9-t3TQt_o6_tMOcSBM.roa
Signing time:             Mon 19 Feb 2024 11:53:21 +0000
ROA not before:           Mon 19 Feb 2024 11:53:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60514
IP address blocks:        2001:67c:df4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/ae251b-572d-41c4-ad2e-c287db934912/1/WW1AD6pSaQmcx7HHoDzmnYOR8ho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/ae251b-572d-41c4-ad2e-c287db934912/1/WW1AD6pSaQmcx7HHoDzmnYOR8ho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WW1AD6pSaQmcx7HHoDzmnYOR8ho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:36:ab:55:16:f7:07:b2:b5:37:0f:ed:c8:6a:fa:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=596d400faa5269099cc7b1c7a03ce69d8391f21a
        Validity
            Not Before: Feb 19 11:53:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=928d59d17afb07dfaddd342dfe8ebfb4c39c4813
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f3:8b:df:f3:64:d9:08:1c:e0:1c:4d:2a:a7:
                    26:78:95:84:99:e3:4d:39:c0:b4:6a:be:4f:4a:8a:
                    96:11:b6:f9:5f:31:36:7f:64:6b:f1:57:65:a4:aa:
                    b5:32:71:b9:9b:2a:af:0f:aa:45:d7:36:70:78:bd:
                    23:01:34:00:27:1d:8d:97:0e:4d:9f:04:0a:12:87:
                    f9:5a:05:66:6a:7c:ad:59:db:a4:05:ee:ab:01:ea:
                    7d:2c:67:92:26:8a:af:db:c1:8e:79:09:82:58:a3:
                    cd:0f:59:0c:dd:a5:d0:6f:e4:e0:29:5b:4c:aa:7e:
                    dc:b6:b2:1f:d1:ad:aa:77:98:f4:d1:a8:0b:ce:2f:
                    0b:8f:ac:a0:2d:63:09:39:9e:4a:34:aa:3c:90:b0:
                    aa:42:8b:d8:ac:7a:9f:f3:da:bc:bc:b7:82:fc:9a:
                    8a:5a:16:ca:6f:c9:6e:97:25:ea:74:8d:62:e1:dc:
                    63:30:c8:75:15:05:e2:bd:b4:d5:fe:75:59:3c:51:
                    ec:1e:eb:7c:6d:d8:7f:94:24:59:b7:a3:22:70:f9:
                    80:b6:c7:cc:cb:2a:07:17:40:01:5f:38:be:47:c9:
                    17:ed:2b:cc:1f:1b:1e:6a:71:1e:95:40:06:49:a7:
                    29:5f:f8:c3:f7:e4:c1:54:91:cf:4d:fb:03:ea:73:
                    85:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:8D:59:D1:7A:FB:07:DF:AD:DD:34:2D:FE:8E:BF:B4:C3:9C:48:13
            X509v3 Authority Key Identifier:
                keyid:59:6D:40:0F:AA:52:69:09:9C:C7:B1:C7:A0:3C:E6:9D:83:91:F2:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WW1AD6pSaQmcx7HHoDzmnYOR8ho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/ae251b-572d-41c4-ad2e-c287db934912/1/ko1Z0Xr7B9-t3TQt_o6_tMOcSBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/ae251b-572d-41c4-ad2e-c287db934912/1/WW1AD6pSaQmcx7HHoDzmnYOR8ho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:df4::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:29:8c:82:38:e0:16:cc:7e:96:0d:5b:90:9c:1c:39:dd:62:
         41:9d:79:ef:38:9c:be:c4:5a:dc:18:47:ac:6f:78:5e:cb:69:
         05:1c:24:6b:f8:20:6b:bd:ad:b2:26:16:07:7b:4c:70:bd:70:
         0d:15:5d:a8:7a:c2:03:96:45:fe:e5:c3:4f:76:dc:17:09:1b:
         90:5c:13:cc:68:3a:bf:8e:36:e4:64:d6:b5:3b:3e:68:f9:ae:
         5a:83:61:1a:af:d9:b8:4d:92:d0:d9:f2:f5:44:f1:c7:ae:31:
         ad:05:91:e2:39:ba:f7:60:4a:46:ff:19:ff:2e:bc:57:6d:d1:
         a7:48:c9:d2:84:44:ab:e6:bd:e7:ed:0d:20:af:f5:bb:c1:ea:
         62:23:0a:d5:30:9b:2f:61:ca:88:27:2c:79:c2:00:49:89:7b:
         48:16:37:30:48:c2:34:25:4d:87:26:b4:87:8a:fe:84:df:af:
         0c:9a:bf:86:a4:92:91:9e:bf:68:de:25:ec:6d:1c:ce:50:9b:
         97:b5:ab:45:6c:3f:96:1a:99:df:62:d2:c3:e3:ae:31:b6:bc:
         34:85:9c:2e:20:84:6a:01:8a:26:52:f1:d0:0f:d6:0e:13:25:
         e3:6e:cf:d8:33:d1:a8:5d:17:06:2b:34:ba:c3:26:1f:4a:cb:
         e3:50:7e:11
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3BNqtVFvcHsrU3D+3IavqrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NmQ0MDBmYWE1MjY5MDk5Y2M3YjFjN2EwM2NlNjlkODM5
MWYyMWEwHhcNMjQwMjE5MTE1MzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjhkNTlkMTdhZmIwN2RmYWRkZDM0MmRmZThlYmZiNGMzOWM0ODEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvOL3/Nk2Qgc4BxNKqcmeJWEmeNN
OcC0ar5PSoqWEbb5XzE2f2Rr8VdlpKq1MnG5myqvD6pF1zZweL0jATQAJx2Nlw5N
nwQKEof5WgVmanytWdukBe6rAep9LGeSJoqv28GOeQmCWKPND1kM3aXQb+TgKVtM
qn7ctrIf0a2qd5j00agLzi8Lj6ygLWMJOZ5KNKo8kLCqQovYrHqf89q8vLeC/JqK
WhbKb8lulyXqdI1i4dxjMMh1FQXivbTV/nVZPFHsHut8bdh/lCRZt6MicPmAtsfM
yyoHF0ABXzi+R8kX7SvMHxseanEelUAGSacpX/jD9+TBVJHPTfsD6nOFEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJKNWdF6+wffrd00Lf6Ov7TDnEgTMB8GA1UdIwQY
MBaAFFltQA+qUmkJnMexx6A85p2DkfIaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1cxQUQ2cFNhUW1jeDdISG9Eem1uWU9SOGhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9hZTI1MWItNTcyZC00MWM0LWFkMmUt
YzI4N2RiOTM0OTEyLzEva28xWjBYcjdCOS10M1RRdF9vNl90TU9jU0JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9hZTI1MWItNTcyZC00MWM0LWFkMmUtYzI4N2RiOTM0OTEy
LzEvV1cxQUQ2cFNhUW1jeDdISG9Eem1uWU9SOGhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA30
MA0GCSqGSIb3DQEBCwUAA4IBAQBLKYyCOOAWzH6WDVuQnBw53WJBnXnvOJy+xFrc
GEesb3hey2kFHCRr+CBrva2yJhYHe0xwvXANFV2oesIDlkX+5cNPdtwXCRuQXBPM
aDq/jjbkZNa1Oz5o+a5ag2Ear9m4TZLQ2fL1RPHHrjGtBZHiObr3YEpG/xn/LrxX
bdGnSMnShESr5r3n7Q0gr/W7wepiIwrVMJsvYcqIJyx5wgBJiXtIFjcwSMI0JU2H
JrSHiv6E368Mmr+GpJKRnr9o3iXsbRzOUJuXtatFbD+WGpnfYtLD464xtrw0hZwu
IIRqAYomUvHQD9YOEyXjbs/YM9GoXRcGKzS6wyYfSsvjUH4R
-----END CERTIFICATE-----