Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/9eaf7f-ab00-42b2-9ce2-b3580994a3b1/1/LjUmwrYWnN-ggpEDA6rhcRJ27LY.roa
File:                     LjUmwrYWnN-ggpEDA6rhcRJ27LY.roa (raw, json)
Hash identifier:          k4k7soZrIj0pLqHfgg0bbN20nR7zKxSiVAxgutLsxe8=
Subject key identifier:   2E:35:26:C2:B6:16:9C:DF:A0:82:91:03:03:AA:E1:71:12:76:EC:B6
Certificate issuer:       /CN=6f33afd41ea012fb2803c7274523c8ec3f261311
Certificate serial:       018CC6B7BD8A9DA11E3BF22395A51963B81B
Authority key identifier: 6F:33:AF:D4:1E:A0:12:FB:28:03:C7:27:45:23:C8:EC:3F:26:13:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bzOv1B6gEvsoA8cnRSPI7D8mExE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/9eaf7f-ab00-42b2-9ce2-b3580994a3b1/1/LjUmwrYWnN-ggpEDA6rhcRJ27LY.roa
Signing time:             Mon 01 Jan 2024 20:29:39 +0000
ROA not before:           Mon 01 Jan 2024 20:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201723
IP address blocks:        2001:67c:6bc::/48 maxlen: 48
                          2001:678:3d4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/9eaf7f-ab00-42b2-9ce2-b3580994a3b1/1/bzOv1B6gEvsoA8cnRSPI7D8mExE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/9eaf7f-ab00-42b2-9ce2-b3580994a3b1/1/bzOv1B6gEvsoA8cnRSPI7D8mExE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bzOv1B6gEvsoA8cnRSPI7D8mExE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:bd:8a:9d:a1:1e:3b:f2:23:95:a5:19:63:b8:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f33afd41ea012fb2803c7274523c8ec3f261311
        Validity
            Not Before: Jan  1 20:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e3526c2b6169cdfa082910303aae1711276ecb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:3e:80:1c:66:ad:6a:63:68:ed:84:d2:f6:b9:
                    b8:c2:ca:d2:78:a1:88:7d:62:01:07:6e:1d:a7:53:
                    31:ef:c7:c1:d5:e5:92:17:c7:c0:d6:91:d0:29:ca:
                    4a:6b:7b:21:1e:f7:30:be:39:f3:df:1d:b4:fa:e8:
                    12:95:c8:f7:71:84:05:11:8a:fc:67:23:eb:b6:1a:
                    1a:98:47:32:bc:3d:a2:dd:34:58:07:b3:7d:36:8a:
                    23:4c:af:4a:44:d0:20:94:69:33:59:33:b9:3d:b3:
                    d8:2d:eb:d7:31:96:6f:29:8f:da:61:8b:d5:97:15:
                    30:51:62:9e:c6:c0:df:c6:c3:df:c1:0e:ff:fa:b2:
                    65:79:42:1f:e5:90:48:2b:da:18:c2:25:61:16:9f:
                    71:20:92:18:8c:f4:fb:c4:f5:b6:66:41:dc:e2:ba:
                    1b:aa:f5:34:a9:0c:72:87:b3:7f:fe:a6:19:94:1e:
                    b8:96:8e:be:7c:27:dd:b0:05:f1:cb:7b:9e:66:b0:
                    fd:e3:41:e6:aa:1a:83:32:40:12:df:0a:53:87:c7:
                    e5:e4:23:64:f8:2b:cf:d2:03:03:96:01:c6:64:46:
                    2d:09:e3:95:00:57:f1:58:67:96:48:f0:ed:47:49:
                    9e:65:b2:8f:98:e0:58:41:c0:f9:00:77:18:59:2c:
                    75:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:35:26:C2:B6:16:9C:DF:A0:82:91:03:03:AA:E1:71:12:76:EC:B6
            X509v3 Authority Key Identifier:
                keyid:6F:33:AF:D4:1E:A0:12:FB:28:03:C7:27:45:23:C8:EC:3F:26:13:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bzOv1B6gEvsoA8cnRSPI7D8mExE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/9eaf7f-ab00-42b2-9ce2-b3580994a3b1/1/LjUmwrYWnN-ggpEDA6rhcRJ27LY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/9eaf7f-ab00-42b2-9ce2-b3580994a3b1/1/bzOv1B6gEvsoA8cnRSPI7D8mExE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:3d4::/48
                  2001:67c:6bc::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:4a:2c:27:a1:55:fd:b2:1e:03:53:b8:10:6c:ff:e6:0c:8c:
         36:34:1c:16:f9:51:40:05:66:47:10:cc:98:7e:f4:99:ab:b0:
         0b:dc:39:0b:f9:be:ce:f6:d1:d2:02:c0:48:35:1d:03:0b:27:
         54:fc:3c:a8:56:07:ed:33:1d:1e:1a:9a:8b:d9:d8:bf:ad:a3:
         39:8a:06:25:54:ef:fc:5d:48:e6:6c:cb:be:f5:4e:94:e9:8b:
         ce:f9:66:81:16:52:dc:6f:59:db:d8:18:0c:01:f1:2e:26:af:
         89:39:f5:ba:f6:97:e2:d5:b6:e3:70:e1:09:46:36:57:44:27:
         f5:06:1f:be:6f:a7:96:13:5b:f2:2e:e0:58:d7:9b:c2:cf:61:
         b8:b0:01:75:51:61:93:c2:04:34:c8:82:5f:c7:82:54:7a:ff:
         c2:17:17:8f:78:ce:15:e5:d7:a6:cd:06:31:51:74:1b:18:e9:
         dc:b2:93:3d:35:54:68:89:94:1e:df:58:4b:2c:75:75:c5:4d:
         f9:2e:79:35:6c:5d:12:c7:3c:a2:5a:10:1b:ab:47:42:14:bf:
         ea:b0:14:47:7b:6c:21:ea:4c:54:c3:27:1b:d0:b7:c9:3b:3e:
         fa:78:b0:80:2d:de:12:1c:50:1b:21:09:40:0c:60:f0:28:4c:
         52:91:c7:2a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGt72KnaEeO/IjlaUZY7gbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMzNhZmQ0MWVhMDEyZmIyODAzYzcyNzQ1MjNjOGVjM2Yy
NjEzMTEwHhcNMjQwMTAxMjAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTM1MjZjMmI2MTY5Y2RmYTA4MjkxMDMwM2FhZTE3MTEyNzZlY2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0j6AHGatamNo7YTS9rm4wsrSeKGI
fWIBB24dp1Mx78fB1eWSF8fA1pHQKcpKa3shHvcwvjnz3x20+ugSlcj3cYQFEYr8
ZyPrthoamEcyvD2i3TRYB7N9NoojTK9KRNAglGkzWTO5PbPYLevXMZZvKY/aYYvV
lxUwUWKexsDfxsPfwQ7/+rJleUIf5ZBIK9oYwiVhFp9xIJIYjPT7xPW2ZkHc4rob
qvU0qQxyh7N//qYZlB64lo6+fCfdsAXxy3ueZrD940HmqhqDMkAS3wpTh8fl5CNk
+CvP0gMDlgHGZEYtCeOVAFfxWGeWSPDtR0meZbKPmOBYQcD5AHcYWSx13wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC41JsK2FpzfoIKRAwOq4XESduy2MB8GA1UdIwQY
MBaAFG8zr9QeoBL7KAPHJ0UjyOw/JhMRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnpPdjFCNmdFdnNvQThjblJTUEk3RDhtRXhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS85ZWFmN2YtYWIwMC00MmIyLTljZTIt
YjM1ODA5OTRhM2IxLzEvTGpVbXdyWVduTi1nZ3BFREE2cmhjUkoyN0xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS85ZWFmN2YtYWIwMC00MmIyLTljZTItYjM1ODA5OTRhM2Ix
LzEvYnpPdjFCNmdFdnNvQThjblJTUEk3RDhtRXhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGeAPU
AwcAIAEGfAa8MA0GCSqGSIb3DQEBCwUAA4IBAQC3SiwnoVX9sh4DU7gQbP/mDIw2
NBwW+VFABWZHEMyYfvSZq7AL3DkL+b7O9tHSAsBINR0DCydU/DyoVgftMx0eGpqL
2di/raM5igYlVO/8XUjmbMu+9U6U6YvO+WaBFlLcb1nb2BgMAfEuJq+JOfW69pfi
1bbjcOEJRjZXRCf1Bh++b6eWE1vyLuBY15vCz2G4sAF1UWGTwgQ0yIJfx4JUev/C
FxePeM4V5demzQYxUXQbGOncspM9NVRoiZQe31hLLHV1xU35Lnk1bF0SxzyiWhAb
q0dCFL/qsBRHe2wh6kxUwycb0LfJOz76eLCALd4SHFAbIQlADGDwKExSkccq
-----END CERTIFICATE-----