Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/CW34vKzSnapwu-m6h0SEGIENNAA.roa
File:                     CW34vKzSnapwu-m6h0SEGIENNAA.roa (raw, json)
Hash identifier:          WR5xPPn8uZzztUD15rIAuPoLHyn8xz/LUqGsdVkWPlw=
Subject key identifier:   09:6D:F8:BC:AC:D2:9D:AA:70:BB:E9:BA:87:44:84:18:81:0D:34:00
Certificate issuer:       /CN=bde6ac28f954e13dcb7db69bc222b785b4d75f2c
Certificate serial:       018CC2DB0C21D7BF21F6842D6578EC8167F6
Authority key identifier: BD:E6:AC:28:F9:54:E1:3D:CB:7D:B6:9B:C2:22:B7:85:B4:D7:5F:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/veasKPlU4T3LfbabwiK3hbTXXyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/CW34vKzSnapwu-m6h0SEGIENNAA.roa
Signing time:             Mon 01 Jan 2024 02:29:44 +0000
ROA not before:           Mon 01 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2001:67c:2ccc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/veasKPlU4T3LfbabwiK3hbTXXyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/veasKPlU4T3LfbabwiK3hbTXXyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/veasKPlU4T3LfbabwiK3hbTXXyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0c:21:d7:bf:21:f6:84:2d:65:78:ec:81:67:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bde6ac28f954e13dcb7db69bc222b785b4d75f2c
        Validity
            Not Before: Jan  1 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=096df8bcacd29daa70bbe9ba87448418810d3400
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:85:51:af:9a:47:40:4e:88:77:f1:53:cc:95:
                    a7:d5:2c:2c:d8:01:b9:f4:19:bd:7e:1c:60:87:ac:
                    a3:cd:74:59:eb:24:24:d5:dd:5f:11:74:14:c1:3a:
                    31:f7:4d:89:99:8a:1c:93:21:82:fa:b7:c8:34:c6:
                    c9:e7:ec:22:f8:8a:51:6e:e9:78:b1:8c:f5:bd:b0:
                    fc:8c:ed:07:25:a1:60:ed:b8:0a:c8:1d:27:a9:2a:
                    1c:24:28:b1:1d:e2:16:73:36:2c:d4:ef:52:5b:6d:
                    fa:d6:4a:f8:a8:97:59:8a:9f:95:08:59:aa:95:3b:
                    10:b3:fd:9f:8f:78:a5:c6:cb:53:68:2d:2a:62:a6:
                    dd:54:c1:05:95:c6:e8:66:8f:6a:0a:60:52:a3:b2:
                    7d:dd:2e:5a:b4:e7:67:94:12:9d:f4:5c:53:74:1d:
                    e7:ed:3d:9d:86:a5:61:5e:c3:0f:0d:36:b4:72:7f:
                    4a:18:37:03:68:4a:42:0b:0c:29:9d:e3:fa:8a:2d:
                    12:08:55:7a:35:03:35:61:0b:ee:59:f0:73:a1:94:
                    ba:76:6b:dc:57:40:3a:aa:1f:1f:31:9a:38:a9:72:
                    81:7f:60:cf:c7:cc:69:5c:e8:80:bd:51:23:8c:f4:
                    6a:29:75:fe:66:70:f5:01:9a:52:d1:b1:43:27:68:
                    d2:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:6D:F8:BC:AC:D2:9D:AA:70:BB:E9:BA:87:44:84:18:81:0D:34:00
            X509v3 Authority Key Identifier:
                keyid:BD:E6:AC:28:F9:54:E1:3D:CB:7D:B6:9B:C2:22:B7:85:B4:D7:5F:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/veasKPlU4T3LfbabwiK3hbTXXyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/CW34vKzSnapwu-m6h0SEGIENNAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/5b4e13-b3dd-4d8a-8e71-cae6c725d92f/1/veasKPlU4T3LfbabwiK3hbTXXyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2ccc::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:b1:5e:e0:85:95:40:f7:c5:56:1f:55:d4:4b:35:cb:78:bd:
         11:e4:ce:ae:79:7d:58:4a:5b:c3:7b:47:a9:61:37:45:2e:d8:
         84:c8:04:02:f7:a4:72:99:a6:db:05:24:6a:56:67:69:11:13:
         65:b8:f1:38:a4:4a:16:eb:d2:fd:48:04:6e:b0:31:0a:1c:a8:
         87:ff:02:b8:1a:ea:0c:ba:1e:7e:8d:fa:97:8e:0b:9a:db:42:
         9c:53:73:4a:91:d6:eb:de:ca:b3:13:3b:bc:b1:b5:a1:06:f3:
         19:fa:93:65:4f:c9:c8:ad:72:8f:dd:0e:07:04:77:aa:6b:f2:
         6d:2a:29:c6:d3:59:65:43:7f:11:b9:51:e9:cd:55:51:2d:84:
         75:61:8f:d8:fa:e6:0f:5b:f1:9c:06:d8:b2:f7:33:ad:6a:f1:
         f1:56:a0:2c:1e:e1:3d:62:48:79:bd:0a:b2:f2:21:da:6d:81:
         95:66:24:06:c0:97:9c:d8:65:5a:b5:c1:63:e4:23:3b:f3:4b:
         28:11:4f:e1:f0:0c:e4:1e:cf:63:57:da:1f:15:6c:a5:9e:37:
         6e:79:47:dc:d2:17:1f:c7:43:f5:89:58:3a:cb:cb:23:95:ed:
         5c:fb:69:9b:27:e8:86:ef:d9:d8:83:7c:dd:9a:a5:27:7a:dc:
         74:92:0c:d3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wwh178h9oQtZXjsgWf2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZTZhYzI4Zjk1NGUxM2RjYjdkYjY5YmMyMjJiNzg1YjRk
NzVmMmMwHhcNMjQwMTAxMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTZkZjhiY2FjZDI5ZGFhNzBiYmU5YmE4NzQ0ODQxODgxMGQzNDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoVRr5pHQE6Id/FTzJWn1Sws2AG5
9Bm9fhxgh6yjzXRZ6yQk1d1fEXQUwTox902JmYockyGC+rfINMbJ5+wi+IpRbul4
sYz1vbD8jO0HJaFg7bgKyB0nqSocJCixHeIWczYs1O9SW2361kr4qJdZip+VCFmq
lTsQs/2fj3ilxstTaC0qYqbdVMEFlcboZo9qCmBSo7J93S5atOdnlBKd9FxTdB3n
7T2dhqVhXsMPDTa0cn9KGDcDaEpCCwwpneP6ii0SCFV6NQM1YQvuWfBzoZS6dmvc
V0A6qh8fMZo4qXKBf2DPx8xpXOiAvVEjjPRqKXX+ZnD1AZpS0bFDJ2jSzQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAlt+Lys0p2qcLvpuodEhBiBDTQAMB8GA1UdIwQY
MBaAFL3mrCj5VOE9y322m8Iit4W0118sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmVhc0tQbFU0VDNMZmJhYndpSzNoYlRYWHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy81YjRlMTMtYjNkZC00ZDhhLThlNzEt
Y2FlNmM3MjVkOTJmLzEvQ1czNHZLelNuYXB3dS1tNmgwU0VHSUVOTkFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy81YjRlMTMtYjNkZC00ZDhhLThlNzEtY2FlNmM3MjVkOTJm
LzEvdmVhc0tQbFU0VDNMZmJhYndpSzNoYlRYWHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCzM
MA0GCSqGSIb3DQEBCwUAA4IBAQC1sV7ghZVA98VWH1XUSzXLeL0R5M6ueX1YSlvD
e0epYTdFLtiEyAQC96RymabbBSRqVmdpERNluPE4pEoW69L9SARusDEKHKiH/wK4
GuoMuh5+jfqXjgua20KcU3NKkdbr3sqzEzu8sbWhBvMZ+pNlT8nIrXKP3Q4HBHeq
a/JtKinG01llQ38RuVHpzVVRLYR1YY/Y+uYPW/GcBtiy9zOtavHxVqAsHuE9Ykh5
vQqy8iHabYGVZiQGwJec2GVatcFj5CM780soEU/h8AzkHs9jV9ofFWylnjdueUfc
0hcfx0P1iVg6y8sjle1c+2mbJ+iG79nYg3zdmqUnetx0kgzT
-----END CERTIFICATE-----