Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/ec3531-82f8-4b4d-b590-23430950609c/1/W5sm7cvxU1BnnQ88R_KAVoph7FA.roa
File:                     W5sm7cvxU1BnnQ88R_KAVoph7FA.roa (raw, json)
Hash identifier:          uNnrMxIVi4AwJKkjA34LwVfPS8a2KMSKWs5uSaCaf5o=
Subject key identifier:   5B:9B:26:ED:CB:F1:53:50:67:9D:0F:3C:47:F2:80:56:8A:61:EC:50
Certificate issuer:       /CN=5e8d3c0b6414c9c86e3c94a714dfb269cb5e9169
Certificate serial:       018CCA2A22A70DD7896F698A582686C88A54
Authority key identifier: 5E:8D:3C:0B:64:14:C9:C8:6E:3C:94:A7:14:DF:B2:69:CB:5E:91:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xo08C2QUychuPJSnFN-yactekWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/ec3531-82f8-4b4d-b590-23430950609c/1/W5sm7cvxU1BnnQ88R_KAVoph7FA.roa
Signing time:             Tue 02 Jan 2024 12:33:28 +0000
ROA not before:           Tue 02 Jan 2024 12:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2485
IP address blocks:        2001:67c:1348::/48 maxlen: 48
                          2001:67c:2218::/47 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/ec3531-82f8-4b4d-b590-23430950609c/1/Xo08C2QUychuPJSnFN-yactekWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/ec3531-82f8-4b4d-b590-23430950609c/1/Xo08C2QUychuPJSnFN-yactekWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xo08C2QUychuPJSnFN-yactekWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:22:a7:0d:d7:89:6f:69:8a:58:26:86:c8:8a:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e8d3c0b6414c9c86e3c94a714dfb269cb5e9169
        Validity
            Not Before: Jan  2 12:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b9b26edcbf15350679d0f3c47f280568a61ec50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:62:21:01:74:5b:94:e3:ee:a3:ff:f3:48:28:
                    3c:78:d6:fe:af:e1:d0:44:00:ff:e1:04:37:47:6f:
                    c2:1b:f6:93:0a:11:56:96:4b:4b:8b:29:00:d4:cc:
                    0c:39:51:45:95:68:f3:6d:c1:d2:49:c7:58:90:53:
                    94:a7:85:de:09:91:7c:17:c1:15:00:47:ad:42:eb:
                    c6:cf:23:c8:8e:f6:34:32:d2:c9:b7:1d:83:28:e8:
                    8e:16:d7:9b:c1:c9:37:bd:d3:da:5d:6e:c9:e8:2b:
                    08:46:2b:ed:fc:47:75:f1:d5:52:87:51:32:16:9c:
                    cd:72:e3:ed:48:46:9c:01:eb:0c:19:5a:8e:87:15:
                    2e:7c:86:3a:77:01:e3:ab:cb:d8:e3:f2:28:71:9c:
                    63:2e:79:d1:fa:a7:9c:32:c6:b4:92:93:de:37:9d:
                    88:bc:46:0c:3f:9c:ff:34:ef:95:72:90:63:f1:28:
                    28:52:5e:e6:2f:38:93:2e:ba:7f:09:f0:0c:51:bf:
                    9f:86:64:30:89:5d:89:68:1a:e1:d2:fa:c0:6e:12:
                    3f:9a:74:04:75:9b:e1:80:a2:69:c8:c4:b1:21:c8:
                    e3:ae:7e:7d:a8:68:db:2a:d9:ba:93:19:c6:84:52:
                    f2:6d:a0:c7:88:cd:89:a8:79:c3:6f:3b:3c:3c:63:
                    8d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:9B:26:ED:CB:F1:53:50:67:9D:0F:3C:47:F2:80:56:8A:61:EC:50
            X509v3 Authority Key Identifier:
                keyid:5E:8D:3C:0B:64:14:C9:C8:6E:3C:94:A7:14:DF:B2:69:CB:5E:91:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xo08C2QUychuPJSnFN-yactekWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/ec3531-82f8-4b4d-b590-23430950609c/1/W5sm7cvxU1BnnQ88R_KAVoph7FA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/ec3531-82f8-4b4d-b590-23430950609c/1/Xo08C2QUychuPJSnFN-yactekWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1348::/48
                  2001:67c:2218::/47

    Signature Algorithm: sha256WithRSAEncryption
         57:16:16:2f:af:20:10:a7:c0:91:d2:7d:80:d3:df:fc:c5:49:
         49:6c:36:e5:d1:8c:7f:33:03:3e:68:50:7e:b5:2d:43:30:d5:
         2b:14:cb:f3:c0:d3:68:d9:64:c8:c0:43:12:a0:ac:fe:cd:71:
         4a:3f:62:49:5b:90:c6:0b:77:08:47:50:b1:f3:25:5e:69:b6:
         f5:a5:50:02:87:cc:d4:5e:61:19:72:41:40:ab:4e:ec:0e:d6:
         fb:3a:4a:6e:63:13:58:4c:ea:ac:c7:54:4b:b6:53:cb:bb:37:
         97:67:9f:fe:41:8e:2c:68:60:98:99:e7:e1:d7:47:ef:6e:fd:
         95:2f:43:e1:48:85:2f:79:90:a1:73:cb:f6:0d:9c:c5:a1:60:
         de:9a:08:25:0f:8c:a4:f1:d9:92:5f:c1:2d:fb:b3:17:ac:24:
         ff:be:39:f9:c8:df:06:8b:09:67:80:f8:77:c1:13:d7:c4:6c:
         b2:bf:5d:50:91:26:4e:fa:b4:ac:cd:5d:b5:3e:9f:87:24:5a:
         32:a7:74:ec:36:c7:6f:64:cb:5e:a3:c1:af:29:09:12:e8:f8:
         98:63:66:55:b6:b6:3e:ab:06:8d:6f:4a:6d:7e:1d:03:9f:b0:
         4e:07:83:07:35:5d:4c:78:c3:e2:a0:9f:aa:56:8f:99:1c:da:
         20:d1:a0:0d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKiKnDdeJb2mKWCaGyIpUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlOGQzYzBiNjQxNGM5Yzg2ZTNjOTRhNzE0ZGZiMjY5Y2I1
ZTkxNjkwHhcNMjQwMTAyMTIzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjliMjZlZGNiZjE1MzUwNjc5ZDBmM2M0N2YyODA1NjhhNjFlYzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGIhAXRblOPuo//zSCg8eNb+r+HQ
RAD/4QQ3R2/CG/aTChFWlktLiykA1MwMOVFFlWjzbcHSScdYkFOUp4XeCZF8F8EV
AEetQuvGzyPIjvY0MtLJtx2DKOiOFtebwck3vdPaXW7J6CsIRivt/Ed18dVSh1Ey
FpzNcuPtSEacAesMGVqOhxUufIY6dwHjq8vY4/IocZxjLnnR+qecMsa0kpPeN52I
vEYMP5z/NO+VcpBj8SgoUl7mLziTLrp/CfAMUb+fhmQwiV2JaBrh0vrAbhI/mnQE
dZvhgKJpyMSxIcjjrn59qGjbKtm6kxnGhFLybaDHiM2JqHnDbzs8PGONewIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFubJu3L8VNQZ50PPEfygFaKYexQMB8GA1UdIwQY
MBaAFF6NPAtkFMnIbjyUpxTfsmnLXpFpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG8wOEMyUVV5Y2h1UEpTbkZOLXlhY3Rla1drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9lYzM1MzEtODJmOC00YjRkLWI1OTAt
MjM0MzA5NTA2MDljLzEvVzVzbTdjdnhVMUJublE4OFJfS0FWb3BoN0ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9lYzM1MzEtODJmOC00YjRkLWI1OTAtMjM0MzA5NTA2MDlj
LzEvWG8wOEMyUVV5Y2h1UEpTbkZOLXlhY3Rla1drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGfBNI
AwcBIAEGfCIYMA0GCSqGSIb3DQEBCwUAA4IBAQBXFhYvryAQp8CR0n2A09/8xUlJ
bDbl0Yx/MwM+aFB+tS1DMNUrFMvzwNNo2WTIwEMSoKz+zXFKP2JJW5DGC3cIR1Cx
8yVeabb1pVACh8zUXmEZckFAq07sDtb7OkpuYxNYTOqsx1RLtlPLuzeXZ5/+QY4s
aGCYmefh10fvbv2VL0PhSIUveZChc8v2DZzFoWDemgglD4yk8dmSX8Et+7MXrCT/
vjn5yN8GiwlngPh3wRPXxGyyv11QkSZO+rSszV21Pp+HJFoyp3TsNsdvZMteo8Gv
KQkS6PiYY2ZVtrY+qwaNb0ptfh0Dn7BOB4MHNV1MeMPioJ+qVo+ZHNog0aAN
-----END CERTIFICATE-----