Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/817e7d-5b82-487a-9d6f-1a5080864fa7/1/5PGRPB9_gbxao4aJ26pjSjpxeFA.roa
File:                     5PGRPB9_gbxao4aJ26pjSjpxeFA.roa (raw, json)
Hash identifier:          1ClkvxMBKx8ucmWqOBr9hdbyCREMrET60Q4ldqTsJE4=
Subject key identifier:   E4:F1:91:3C:1F:7F:81:BC:5A:A3:86:89:DB:AA:63:4A:3A:71:78:50
Certificate issuer:       /CN=bde1ac8f8ebb502fcc44562dc10d973884493be5
Certificate serial:       018CC5DC404ACF57C9359D666D4C619AA715
Authority key identifier: BD:E1:AC:8F:8E:BB:50:2F:CC:44:56:2D:C1:0D:97:38:84:49:3B:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/veGsj467UC_MRFYtwQ2XOIRJO-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/817e7d-5b82-487a-9d6f-1a5080864fa7/1/5PGRPB9_gbxao4aJ26pjSjpxeFA.roa
Signing time:             Mon 01 Jan 2024 16:29:55 +0000
ROA not before:           Mon 01 Jan 2024 16:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210562
IP address blocks:        2001:67c:8cc::/48 maxlen: 48
                          2001:67c:b10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/817e7d-5b82-487a-9d6f-1a5080864fa7/1/veGsj467UC_MRFYtwQ2XOIRJO-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/817e7d-5b82-487a-9d6f-1a5080864fa7/1/veGsj467UC_MRFYtwQ2XOIRJO-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/veGsj467UC_MRFYtwQ2XOIRJO-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 13:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:40:4a:cf:57:c9:35:9d:66:6d:4c:61:9a:a7:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bde1ac8f8ebb502fcc44562dc10d973884493be5
        Validity
            Not Before: Jan  1 16:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4f1913c1f7f81bc5aa38689dbaa634a3a717850
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1d:a2:ce:c4:68:80:3c:f9:97:7e:56:c8:b0:
                    4c:38:ba:31:13:62:03:88:17:33:00:8c:e2:16:ca:
                    eb:df:6d:d2:7e:fb:f9:70:9b:dc:9a:fc:11:87:42:
                    40:f5:77:14:f3:3f:2a:4c:f2:93:cf:ae:e1:fa:8d:
                    e9:6b:85:72:77:08:e8:e1:af:09:4f:92:f0:73:68:
                    9e:50:77:0b:79:3d:9a:af:9c:d8:a4:1d:81:6f:76:
                    d6:e1:e0:16:a6:74:3b:0a:96:5e:7f:e6:06:6f:69:
                    c9:a8:b7:29:81:96:46:c5:92:ec:aa:ec:7e:3e:9e:
                    a5:3e:cb:00:73:a4:9f:44:a6:2a:70:ce:7d:cb:6e:
                    dc:c6:0d:72:bf:a9:6b:25:9e:66:5b:28:1b:58:c5:
                    f9:c8:cd:fc:61:fe:2b:4b:a8:d7:9f:d8:fe:60:a2:
                    50:aa:17:06:98:c7:ce:64:b3:6e:1a:6c:ce:bb:88:
                    a4:5b:2d:b5:99:c2:be:9b:c5:30:de:c6:5a:01:f4:
                    56:f9:70:c2:20:f4:f7:39:9a:c1:d7:9b:bc:0f:fa:
                    2e:15:8e:c6:49:b7:76:ca:62:a8:b3:0a:61:0f:66:
                    dc:09:8f:96:a4:d4:9b:4f:8a:d1:c0:d2:e3:e8:e2:
                    67:6b:2f:1b:29:fe:e8:f3:bb:4c:75:20:97:2e:17:
                    48:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:F1:91:3C:1F:7F:81:BC:5A:A3:86:89:DB:AA:63:4A:3A:71:78:50
            X509v3 Authority Key Identifier:
                keyid:BD:E1:AC:8F:8E:BB:50:2F:CC:44:56:2D:C1:0D:97:38:84:49:3B:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/veGsj467UC_MRFYtwQ2XOIRJO-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/817e7d-5b82-487a-9d6f-1a5080864fa7/1/5PGRPB9_gbxao4aJ26pjSjpxeFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/817e7d-5b82-487a-9d6f-1a5080864fa7/1/veGsj467UC_MRFYtwQ2XOIRJO-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:8cc::/48
                  2001:67c:b10::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:63:c9:a4:43:22:b9:8f:0c:47:d8:38:a1:bb:9e:55:5d:13:
         49:70:58:90:fd:83:46:c0:b0:19:7e:cd:65:48:76:10:ed:3e:
         f0:53:c0:5c:93:10:ef:2c:a9:65:e0:fc:ee:fc:0e:6e:f2:04:
         59:1f:c6:28:c6:b8:2e:c9:91:84:ff:4b:a3:e1:6f:5f:f7:5b:
         2d:58:74:89:95:d1:0f:da:80:80:30:63:b5:8b:f0:ca:ee:5a:
         0b:bc:8a:c1:27:6e:81:89:8a:0d:ca:64:d3:c4:71:5f:d1:ed:
         a1:f7:f3:15:06:bc:6a:62:de:b3:da:53:37:cd:e9:73:40:7f:
         38:90:ec:ea:31:a1:81:85:4f:3e:ae:32:42:e7:90:58:59:0f:
         09:a9:60:c5:22:af:1b:f3:a1:9c:45:31:c0:de:c4:49:c2:9e:
         31:16:9f:03:94:35:67:ec:69:1b:a9:eb:69:87:53:dc:99:5b:
         57:01:82:9f:46:4d:b8:e0:60:ff:bd:90:ef:1f:34:d6:7e:53:
         a7:41:52:4a:9a:0c:13:3c:76:34:0a:3f:ad:d7:2d:29:2b:b1:
         cf:18:92:72:2d:40:f2:82:e8:4c:5f:0a:16:e1:1c:8b:a9:ec:
         5b:d6:24:fe:ea:fd:31:65:c7:15:bc:d5:8b:7c:11:98:02:0a:
         59:32:35:e7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzF3EBKz1fJNZ1mbUxhmqcVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZTFhYzhmOGViYjUwMmZjYzQ0NTYyZGMxMGQ5NzM4ODQ0
OTNiZTUwHhcNMjQwMTAxMTYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGYxOTEzYzFmN2Y4MWJjNWFhMzg2ODlkYmFhNjM0YTNhNzE3ODUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsR2izsRogDz5l35WyLBMOLoxE2ID
iBczAIziFsrr323Sfvv5cJvcmvwRh0JA9XcU8z8qTPKTz67h+o3pa4Vydwjo4a8J
T5Lwc2ieUHcLeT2ar5zYpB2Bb3bW4eAWpnQ7CpZef+YGb2nJqLcpgZZGxZLsqux+
Pp6lPssAc6SfRKYqcM59y27cxg1yv6lrJZ5mWygbWMX5yM38Yf4rS6jXn9j+YKJQ
qhcGmMfOZLNuGmzOu4ikWy21mcK+m8Uw3sZaAfRW+XDCIPT3OZrB15u8D/ouFY7G
Sbd2ymKoswphD2bcCY+WpNSbT4rRwNLj6OJnay8bKf7o87tMdSCXLhdIGwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOTxkTwff4G8WqOGiduqY0o6cXhQMB8GA1UdIwQY
MBaAFL3hrI+Ou1AvzERWLcENlziESTvlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmVHc2o0NjdVQ19NUkZZdHdRMlhPSVJKTy1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC84MTdlN2QtNWI4Mi00ODdhLTlkNmYt
MWE1MDgwODY0ZmE3LzEvNVBHUlBCOV9nYnhhbzRhSjI2cGpTanB4ZUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC84MTdlN2QtNWI4Mi00ODdhLTlkNmYtMWE1MDgwODY0ZmE3
LzEvdmVHc2o0NjdVQ19NUkZZdHdRMlhPSVJKTy1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGfAjM
AwcAIAEGfAsQMA0GCSqGSIb3DQEBCwUAA4IBAQBWY8mkQyK5jwxH2Dihu55VXRNJ
cFiQ/YNGwLAZfs1lSHYQ7T7wU8BckxDvLKll4Pzu/A5u8gRZH8YoxrguyZGE/0uj
4W9f91stWHSJldEP2oCAMGO1i/DK7loLvIrBJ26BiYoNymTTxHFf0e2h9/MVBrxq
Yt6z2lM3zelzQH84kOzqMaGBhU8+rjJC55BYWQ8JqWDFIq8b86GcRTHA3sRJwp4x
Fp8DlDVn7Gkbqetph1PcmVtXAYKfRk244GD/vZDvHzTWflOnQVJKmgwTPHY0Cj+t
1y0pK7HPGJJyLUDyguhMXwoW4RyLqexb1iT+6v0xZccVvNWLfBGYAgpZMjXn
-----END CERTIFICATE-----