Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/446e9a-963f-44cb-a42d-48741009fc1e/1/RnwoULn3Xr5y1pgkY5FI0MeRZqI.roa
File:                     RnwoULn3Xr5y1pgkY5FI0MeRZqI.roa (raw, json)
Hash identifier:          RgPYk+xoFr3XcpLodSocxBhPztPJhUflynUvvrhV0A4=
Subject key identifier:   46:7C:28:50:B9:F7:5E:BE:72:D6:98:24:63:91:48:D0:C7:91:66:A2
Certificate issuer:       /CN=962fd6881dc6859b7afaa9f750a6dd8bbd69e99a
Certificate serial:       018CC64B2175A4AC5D628C0BFACAB644744D
Authority key identifier: 96:2F:D6:88:1D:C6:85:9B:7A:FA:A9:F7:50:A6:DD:8B:BD:69:E9:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/li_WiB3GhZt6-qn3UKbdi71p6Zo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/446e9a-963f-44cb-a42d-48741009fc1e/1/RnwoULn3Xr5y1pgkY5FI0MeRZqI.roa
Signing time:             Mon 01 Jan 2024 18:31:01 +0000
ROA not before:           Mon 01 Jan 2024 18:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48550
IP address blocks:        2001:67c:4e0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/446e9a-963f-44cb-a42d-48741009fc1e/1/li_WiB3GhZt6-qn3UKbdi71p6Zo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/446e9a-963f-44cb-a42d-48741009fc1e/1/li_WiB3GhZt6-qn3UKbdi71p6Zo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/li_WiB3GhZt6-qn3UKbdi71p6Zo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:21:75:a4:ac:5d:62:8c:0b:fa:ca:b6:44:74:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=962fd6881dc6859b7afaa9f750a6dd8bbd69e99a
        Validity
            Not Before: Jan  1 18:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=467c2850b9f75ebe72d69824639148d0c79166a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:25:a9:eb:60:ac:3f:33:b3:44:95:76:22:d8:
                    6f:92:ef:7d:8c:37:e4:1f:11:26:f2:ef:a6:7a:11:
                    3a:cd:95:03:c9:7c:7e:20:56:c9:a8:01:f5:52:97:
                    ac:ca:d9:08:81:95:2b:cb:84:ad:ab:d9:1d:07:7f:
                    dd:c6:05:c5:0f:5d:8f:53:ea:86:c4:96:a8:3a:ab:
                    49:e1:89:2d:ae:99:6f:d2:55:d9:d3:61:8d:8a:48:
                    e7:3c:15:51:a1:fd:22:42:e8:5b:65:a0:48:2e:18:
                    d4:e1:4d:ca:c8:81:27:97:e2:2d:64:ba:b3:98:fa:
                    44:65:83:2d:2b:8c:3a:ea:b7:df:0b:a8:0a:f1:5b:
                    74:93:3d:7e:3e:b9:10:61:78:7d:78:fe:91:d9:ea:
                    07:2c:46:bf:b0:1a:20:b2:37:75:65:d4:db:25:b3:
                    65:bf:c5:f9:8e:53:89:28:e5:91:74:f0:f3:0d:58:
                    46:db:c5:c6:33:cb:78:5b:e1:03:1f:af:fa:32:33:
                    79:3e:53:91:52:30:7b:5a:4d:9d:e1:fe:37:10:68:
                    db:8b:b2:32:3b:27:41:1a:31:ca:08:e3:31:6b:2c:
                    12:f8:ba:4c:99:52:20:cf:0f:2c:57:65:1d:ef:96:
                    9b:6d:c0:6f:e7:91:e4:11:c7:97:f3:8a:54:b2:d3:
                    55:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:7C:28:50:B9:F7:5E:BE:72:D6:98:24:63:91:48:D0:C7:91:66:A2
            X509v3 Authority Key Identifier:
                keyid:96:2F:D6:88:1D:C6:85:9B:7A:FA:A9:F7:50:A6:DD:8B:BD:69:E9:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/li_WiB3GhZt6-qn3UKbdi71p6Zo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/446e9a-963f-44cb-a42d-48741009fc1e/1/RnwoULn3Xr5y1pgkY5FI0MeRZqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/446e9a-963f-44cb-a42d-48741009fc1e/1/li_WiB3GhZt6-qn3UKbdi71p6Zo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:4e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:c1:99:5d:36:a2:1d:62:6f:ed:f2:bc:c1:f0:90:cb:15:ae:
         4a:5d:e7:a0:9d:5a:da:eb:91:ca:20:f0:cf:b1:f5:49:d5:1b:
         29:e0:fb:8a:d2:6c:22:3f:ca:f0:77:e9:2d:36:07:5d:d7:1f:
         d4:0b:19:5a:92:06:1a:8f:a4:91:41:5a:cf:8c:4f:90:fc:bb:
         e7:26:20:2c:dd:5a:a7:af:38:5e:45:57:3e:59:3e:d9:91:ec:
         b9:50:bd:66:e3:8f:91:1b:32:a9:b5:29:03:10:96:3c:34:87:
         3c:7c:43:07:8e:60:8c:17:b0:73:89:0a:fc:be:fa:d9:6a:d0:
         dd:6f:2c:0c:7a:2e:95:a4:bd:75:1d:54:52:c5:36:bb:1c:9e:
         14:c2:00:09:45:6b:26:ca:f5:ae:bb:0a:7a:84:94:1a:04:2a:
         d3:72:87:0c:bb:ca:12:1c:a8:d7:f8:bc:e3:d5:18:fb:68:ce:
         ab:22:ab:73:fe:3b:ae:10:3a:17:01:5e:f5:8e:dd:e1:61:f7:
         64:9f:31:1d:a0:5a:69:fd:cb:43:5e:ee:d6:3a:4b:8d:5e:e1:
         69:0e:4f:7d:78:b3:5e:74:51:a6:cb:a6:57:bc:39:c5:55:a5:
         50:9b:c1:52:cd:8a:ea:2e:c0:d5:5e:ca:e1:dd:f8:a7:39:18:
         44:12:69:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSyF1pKxdYowL+sq2RHRNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MmZkNjg4MWRjNjg1OWI3YWZhYTlmNzUwYTZkZDhiYmQ2
OWU5OWEwHhcNMjQwMTAxMTgzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjdjMjg1MGI5Zjc1ZWJlNzJkNjk4MjQ2MzkxNDhkMGM3OTE2NmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSWp62CsPzOzRJV2Ithvku99jDfk
HxEm8u+mehE6zZUDyXx+IFbJqAH1UpesytkIgZUry4Stq9kdB3/dxgXFD12PU+qG
xJaoOqtJ4Yktrplv0lXZ02GNikjnPBVRof0iQuhbZaBILhjU4U3KyIEnl+ItZLqz
mPpEZYMtK4w66rffC6gK8Vt0kz1+PrkQYXh9eP6R2eoHLEa/sBogsjd1ZdTbJbNl
v8X5jlOJKOWRdPDzDVhG28XGM8t4W+EDH6/6MjN5PlORUjB7Wk2d4f43EGjbi7Iy
OydBGjHKCOMxaywS+LpMmVIgzw8sV2Ud75abbcBv55HkEceX84pUstNVpwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEZ8KFC5916+ctaYJGORSNDHkWaiMB8GA1UdIwQY
MBaAFJYv1ogdxoWbevqp91Cm3Yu9aemaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGlfV2lCM0doWnQ2LXFuM1VLYmRpNzFwNlpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS80NDZlOWEtOTYzZi00NGNiLWE0MmQt
NDg3NDEwMDlmYzFlLzEvUm53b1VMbjNYcjV5MXBna1k1RkkwTWVSWnFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS80NDZlOWEtOTYzZi00NGNiLWE0MmQtNDg3NDEwMDlmYzFl
LzEvbGlfV2lCM0doWnQ2LXFuM1VLYmRpNzFwNlpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfATg
MA0GCSqGSIb3DQEBCwUAA4IBAQB3wZldNqIdYm/t8rzB8JDLFa5KXeegnVra65HK
IPDPsfVJ1Rsp4PuK0mwiP8rwd+ktNgdd1x/UCxlakgYaj6SRQVrPjE+Q/LvnJiAs
3VqnrzheRVc+WT7Zkey5UL1m44+RGzKptSkDEJY8NIc8fEMHjmCMF7BziQr8vvrZ
atDdbywMei6VpL11HVRSxTa7HJ4UwgAJRWsmyvWuuwp6hJQaBCrTcocMu8oSHKjX
+Lzj1Rj7aM6rIqtz/juuEDoXAV71jt3hYfdknzEdoFpp/ctDXu7WOkuNXuFpDk99
eLNedFGmy6ZXvDnFVaVQm8FSzYrqLsDVXsrh3finORhEEmkw
-----END CERTIFICATE-----