Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/dc3491-c699-42b5-90a7-cc7e9ab09fb8/1/LlC6hu8QYDlRotqLhNgCkiwE6n4.roa
File:                     LlC6hu8QYDlRotqLhNgCkiwE6n4.roa (raw, json)
Hash identifier:          4o90HooJILHUlDWMgh7Q/FIZ9dm5I1N46StbWvJdx1g=
Subject key identifier:   2E:50:BA:86:EF:10:60:39:51:A2:DA:8B:84:D8:02:92:2C:04:EA:7E
Certificate issuer:       /CN=b5c288e963e0e9f82d1c6a7fd84ec5aa340aba8f
Certificate serial:       01933ED47137D8394BF9E7E918C8AE137C71
Authority key identifier: B5:C2:88:E9:63:E0:E9:F8:2D:1C:6A:7F:D8:4E:C5:AA:34:0A:BA:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tcKI6WPg6fgtHGp_2E7FqjQKuo8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/dc3491-c699-42b5-90a7-cc7e9ab09fb8/1/LlC6hu8QYDlRotqLhNgCkiwE6n4.roa
Signing time:             Mon 18 Nov 2024 10:32:10 +0000
ROA not before:           Mon 18 Nov 2024 10:32:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215295
IP address blocks:        2001:67c:f90::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/dc3491-c699-42b5-90a7-cc7e9ab09fb8/1/tcKI6WPg6fgtHGp_2E7FqjQKuo8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/dc3491-c699-42b5-90a7-cc7e9ab09fb8/1/tcKI6WPg6fgtHGp_2E7FqjQKuo8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tcKI6WPg6fgtHGp_2E7FqjQKuo8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3e:d4:71:37:d8:39:4b:f9:e7:e9:18:c8:ae:13:7c:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5c288e963e0e9f82d1c6a7fd84ec5aa340aba8f
        Validity
            Not Before: Nov 18 10:32:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e50ba86ef10603951a2da8b84d802922c04ea7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c5:cf:88:37:26:b8:a5:c6:a8:3a:e8:4d:4d:
                    85:86:96:a6:75:6d:30:e2:88:cb:eb:71:af:dc:8f:
                    31:bc:8c:f9:da:43:8f:1e:a5:cb:8a:a9:25:c1:fe:
                    4e:ae:ef:0e:43:f4:87:8b:87:7f:ab:20:f9:f0:55:
                    fc:8d:73:ae:19:b3:00:92:52:9b:ac:8c:da:13:4d:
                    99:a3:86:d8:cd:ff:2f:9f:73:18:86:75:1d:63:3c:
                    b0:aa:cd:ec:8a:92:1d:8e:c8:7e:f8:c1:40:14:31:
                    b0:9c:75:fb:34:50:1b:3e:db:fe:f8:e7:43:54:37:
                    2f:2b:16:c1:61:a3:6e:0b:77:a7:a1:31:d5:ad:b2:
                    25:22:d7:15:5f:87:0a:e0:8e:b4:f9:3f:63:79:b3:
                    b2:e1:d6:62:d3:15:6c:c2:07:6f:41:8e:43:7e:35:
                    ea:ce:24:17:ea:2d:f9:5b:d8:5d:f4:fd:7f:b7:65:
                    58:4f:e8:83:61:bc:d2:cd:94:9b:02:f5:b3:2f:2d:
                    69:28:16:c5:5b:b5:4b:24:6a:64:ca:ed:f4:8f:55:
                    70:fb:83:d3:89:0e:00:ba:15:e8:7b:03:fa:28:2b:
                    ff:a5:66:e8:59:9b:e8:a3:99:af:8c:f9:59:5b:db:
                    1f:b1:cf:f4:19:e6:5e:a9:d5:12:0c:16:58:3e:94:
                    02:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:50:BA:86:EF:10:60:39:51:A2:DA:8B:84:D8:02:92:2C:04:EA:7E
            X509v3 Authority Key Identifier:
                keyid:B5:C2:88:E9:63:E0:E9:F8:2D:1C:6A:7F:D8:4E:C5:AA:34:0A:BA:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tcKI6WPg6fgtHGp_2E7FqjQKuo8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/dc3491-c699-42b5-90a7-cc7e9ab09fb8/1/LlC6hu8QYDlRotqLhNgCkiwE6n4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/dc3491-c699-42b5-90a7-cc7e9ab09fb8/1/tcKI6WPg6fgtHGp_2E7FqjQKuo8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:f90::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:30:87:2f:6b:01:3e:ab:c7:7a:ec:35:4e:63:eb:07:07:41:
         da:4f:17:de:ed:9a:dc:27:6a:13:8f:4e:9a:1b:69:9c:ae:66:
         e6:65:d1:fa:1d:f2:f2:8f:a6:6a:8a:39:d6:6e:97:e6:f0:c6:
         2c:82:64:87:f4:79:28:65:fc:43:25:e6:87:ee:bb:ef:30:b8:
         d4:b1:fb:7a:f6:7f:d0:be:dd:44:42:01:6d:c2:5d:45:30:86:
         bf:0b:e5:85:7a:9f:b7:7a:d8:90:20:99:45:45:b9:b0:f6:0e:
         9f:a7:8d:28:b3:5d:e9:b2:42:20:08:28:fa:60:1f:29:d7:7b:
         21:9b:0e:bf:27:fe:54:85:2e:3a:81:9c:e9:65:8c:18:25:d1:
         b5:1b:4d:5a:fe:3d:5d:39:e4:9a:0b:c0:66:96:60:86:4d:31:
         8c:6e:f0:85:8a:a4:2a:bf:56:ce:2e:c5:3e:4a:0a:10:53:48:
         1d:d7:ef:c5:af:0f:d2:a8:f0:70:a1:30:58:41:f6:0b:bc:f4:
         e6:a6:f0:72:6a:92:fe:63:51:b4:01:b3:1a:d6:cb:11:1a:35:
         ed:30:c4:ca:f9:cf:53:ba:3a:8a:d4:ff:a9:10:46:48:0c:f6:
         15:be:bb:34:51:0b:5e:6e:a6:e5:c4:7c:42:18:03:da:27:bc:
         0d:a5:c8:49
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZM+1HE32DlL+efpGMiuE3xxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1YzI4OGU5NjNlMGU5ZjgyZDFjNmE3ZmQ4NGVjNWFhMzQw
YWJhOGYwHhcNMjQxMTE4MTAzMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTUwYmE4NmVmMTA2MDM5NTFhMmRhOGI4NGQ4MDI5MjJjMDRlYTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsXPiDcmuKXGqDroTU2FhpamdW0w
4ojL63Gv3I8xvIz52kOPHqXLiqklwf5Oru8OQ/SHi4d/qyD58FX8jXOuGbMAklKb
rIzaE02Zo4bYzf8vn3MYhnUdYzywqs3sipIdjsh++MFAFDGwnHX7NFAbPtv++OdD
VDcvKxbBYaNuC3enoTHVrbIlItcVX4cK4I60+T9jebOy4dZi0xVswgdvQY5DfjXq
ziQX6i35W9hd9P1/t2VYT+iDYbzSzZSbAvWzLy1pKBbFW7VLJGpkyu30j1Vw+4PT
iQ4AuhXoewP6KCv/pWboWZvoo5mvjPlZW9sfsc/0GeZeqdUSDBZYPpQCswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC5QuobvEGA5UaLai4TYApIsBOp+MB8GA1UdIwQY
MBaAFLXCiOlj4On4LRxqf9hOxao0CrqPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGNLSTZXUGc2Zmd0SEdwXzJFN0ZxalFLdW84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9kYzM0OTEtYzY5OS00MmI1LTkwYTct
Y2M3ZTlhYjA5ZmI4LzEvTGxDNmh1OFFZRGxSb3RxTGhOZ0NraXdFNm40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9kYzM0OTEtYzY5OS00MmI1LTkwYTctY2M3ZTlhYjA5ZmI4
LzEvdGNLSTZXUGc2Zmd0SEdwXzJFN0ZxalFLdW84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA+Q
MA0GCSqGSIb3DQEBCwUAA4IBAQA6MIcvawE+q8d67DVOY+sHB0HaTxfe7ZrcJ2oT
j06aG2mcrmbmZdH6HfLyj6ZqijnWbpfm8MYsgmSH9HkoZfxDJeaH7rvvMLjUsft6
9n/Qvt1EQgFtwl1FMIa/C+WFep+3etiQIJlFRbmw9g6fp40os13pskIgCCj6YB8p
13shmw6/J/5UhS46gZzpZYwYJdG1G01a/j1dOeSaC8BmlmCGTTGMbvCFiqQqv1bO
LsU+SgoQU0gd1+/Frw/SqPBwoTBYQfYLvPTmpvByapL+Y1G0AbMa1ssRGjXtMMTK
+c9TujqK1P+pEEZIDPYVvrs0UQtebqblxHxCGAPaJ7wNpchJ
-----END CERTIFICATE-----