Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/CJ4N0Q9kxz8qHPOIwkhDsbB4Lbk.roa
File:                     CJ4N0Q9kxz8qHPOIwkhDsbB4Lbk.roa (raw, json)
Hash identifier:          Rc7F/UarTXIhzSmof4SDK+QfoCOb4yfJ3ZVqMR9CtE0=
Subject key identifier:   08:9E:0D:D1:0F:64:C7:3F:2A:1C:F3:88:C2:48:43:B1:B0:78:2D:B9
Certificate issuer:       /CN=2bfb0d548c49b6a5618a4d3b3c1da4c3d144bf46
Certificate serial:       018F309AE3AC20C26C24BC82DAC4DD867D7F
Authority key identifier: 2B:FB:0D:54:8C:49:B6:A5:61:8A:4D:3B:3C:1D:A4:C3:D1:44:BF:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K_sNVIxJtqVhik07PB2kw9FEv0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/CJ4N0Q9kxz8qHPOIwkhDsbB4Lbk.roa
Signing time:             Tue 30 Apr 2024 20:03:28 +0000
ROA not before:           Tue 30 Apr 2024 20:03:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210152
IP address blocks:        2001:67c:c14::/48 maxlen: 48
                          2001:67c:e88::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/K_sNVIxJtqVhik07PB2kw9FEv0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/K_sNVIxJtqVhik07PB2kw9FEv0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K_sNVIxJtqVhik07PB2kw9FEv0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:30:9a:e3:ac:20:c2:6c:24:bc:82:da:c4:dd:86:7d:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bfb0d548c49b6a5618a4d3b3c1da4c3d144bf46
        Validity
            Not Before: Apr 30 20:03:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=089e0dd10f64c73f2a1cf388c24843b1b0782db9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b8:6f:98:0f:12:65:56:f6:c0:a2:3c:f4:75:
                    be:5b:87:dc:4d:db:30:71:f2:38:71:3a:2d:ab:d8:
                    99:aa:6c:88:c4:f7:0b:cf:84:7b:cb:cf:e2:e9:04:
                    94:ef:6b:82:94:d5:06:ba:cf:14:4f:e4:a4:f2:8d:
                    7c:bd:9b:c9:f2:ee:b3:44:84:8d:f6:2b:7f:7e:cf:
                    6b:86:e3:be:61:f3:e3:03:83:c4:32:60:a7:40:4b:
                    ed:f4:9f:56:36:28:bd:f4:79:83:cf:e0:54:4a:09:
                    9b:09:92:81:0b:fc:bb:c6:ee:50:2b:eb:08:16:00:
                    a1:e0:37:fd:f9:3d:2c:76:3a:ed:b9:c7:d6:7b:06:
                    17:09:8f:a1:40:73:3c:b6:dd:66:0a:15:ad:d2:ae:
                    aa:e3:c8:86:c0:fc:19:c8:0e:d0:5d:a6:8b:18:b3:
                    b5:ac:ea:b5:e5:d9:0d:92:4a:32:1e:82:57:19:1f:
                    9e:b2:50:af:fb:51:e1:ca:f6:bb:34:c4:37:61:06:
                    85:61:f4:e4:2d:9b:ee:4a:eb:a9:18:3d:3d:bb:47:
                    74:52:fe:67:a9:25:cf:75:3d:78:7b:81:65:6e:c5:
                    cf:8b:dc:be:3c:44:01:f2:be:64:cb:5e:ee:ec:d3:
                    6c:7a:ac:d6:31:e3:3c:6d:51:4c:ed:3b:b1:7f:26:
                    ac:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:9E:0D:D1:0F:64:C7:3F:2A:1C:F3:88:C2:48:43:B1:B0:78:2D:B9
            X509v3 Authority Key Identifier:
                keyid:2B:FB:0D:54:8C:49:B6:A5:61:8A:4D:3B:3C:1D:A4:C3:D1:44:BF:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K_sNVIxJtqVhik07PB2kw9FEv0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/CJ4N0Q9kxz8qHPOIwkhDsbB4Lbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/K_sNVIxJtqVhik07PB2kw9FEv0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c14::/48
                  2001:67c:e88::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:42:39:9b:52:2d:2d:0b:ef:cd:1b:64:c1:38:a6:ee:68:a2:
         f2:c1:fb:27:f2:13:3b:45:5a:94:6c:1e:78:3d:3b:31:07:cd:
         bc:e4:d6:5d:f1:9d:8c:46:eb:69:68:03:80:bc:f8:d7:49:5e:
         54:bf:c2:ac:33:73:5c:09:96:ac:50:d7:6a:b8:ce:82:71:73:
         bd:aa:6e:d8:1a:72:ef:c7:7f:79:85:5b:28:43:05:f1:3a:53:
         1b:d5:44:ef:33:0c:97:62:1d:00:a8:93:6b:e3:21:6c:b1:e5:
         05:46:b8:0e:7b:4b:21:66:b0:63:67:56:c2:d1:f7:29:9b:c2:
         69:2c:34:56:7f:4c:8c:27:ed:8d:82:4d:cc:c7:94:f3:18:2f:
         90:94:e1:06:87:5e:b3:ef:f5:37:7e:d3:f4:93:70:fa:99:31:
         4d:76:ef:c8:b0:2a:55:5a:4e:48:55:cf:5e:14:50:a0:f4:a1:
         fc:3e:27:df:4e:ea:da:eb:95:e5:8a:ba:5c:08:ba:6e:bc:4c:
         0c:98:d5:63:24:d7:a4:37:55:1c:43:18:54:a5:22:6a:c2:87:
         81:b1:9c:02:4b:d6:5b:35:9d:1f:74:29:f8:16:f9:40:82:03:
         f1:1f:fa:ee:4a:63:70:1d:85:43:f5:18:14:0f:d8:e7:10:2d:
         f0:e6:77:ac
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8wmuOsIMJsJLyC2sTdhn1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiZmIwZDU0OGM0OWI2YTU2MThhNGQzYjNjMWRhNGMzZDE0
NGJmNDYwHhcNMjQwNDMwMjAwMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODllMGRkMTBmNjRjNzNmMmExY2YzODhjMjQ4NDNiMWIwNzgyZGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrhvmA8SZVb2wKI89HW+W4fcTdsw
cfI4cTotq9iZqmyIxPcLz4R7y8/i6QSU72uClNUGus8UT+Sk8o18vZvJ8u6zRISN
9it/fs9rhuO+YfPjA4PEMmCnQEvt9J9WNii99HmDz+BUSgmbCZKBC/y7xu5QK+sI
FgCh4Df9+T0sdjrtucfWewYXCY+hQHM8tt1mChWt0q6q48iGwPwZyA7QXaaLGLO1
rOq15dkNkkoyHoJXGR+eslCv+1Hhyva7NMQ3YQaFYfTkLZvuSuupGD09u0d0Uv5n
qSXPdT14e4FlbsXPi9y+PEQB8r5ky17u7NNseqzWMeM8bVFM7Tuxfyas/QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAieDdEPZMc/KhzziMJIQ7GweC25MB8GA1UdIwQY
MBaAFCv7DVSMSbalYYpNOzwdpMPRRL9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS19zTlZJeEp0cVZoaWswN1BCMmt3OUZFdjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mNWQwZjktY2EyZi00YjZlLTkxN2Mt
MTM3MTA5MzY5NjIxLzEvQ0o0TjBROWt4ejhxSFBPSXdraERzYkI0TGJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mNWQwZjktY2EyZi00YjZlLTkxN2MtMTM3MTA5MzY5NjIx
LzEvS19zTlZJeEp0cVZoaWswN1BCMmt3OUZFdjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGfAwU
AwcAIAEGfA6IMA0GCSqGSIb3DQEBCwUAA4IBAQCJQjmbUi0tC+/NG2TBOKbuaKLy
wfsn8hM7RVqUbB54PTsxB8285NZd8Z2MRutpaAOAvPjXSV5Uv8KsM3NcCZasUNdq
uM6CcXO9qm7YGnLvx395hVsoQwXxOlMb1UTvMwyXYh0AqJNr4yFsseUFRrgOe0sh
ZrBjZ1bC0fcpm8JpLDRWf0yMJ+2Ngk3Mx5TzGC+QlOEGh16z7/U3ftP0k3D6mTFN
du/IsCpVWk5IVc9eFFCg9KH8PiffTura65XlirpcCLpuvEwMmNVjJNekN1UcQxhU
pSJqwoeBsZwCS9ZbNZ0fdCn4FvlAggPxH/ruSmNwHYVD9RgUD9jnEC3w5nes
-----END CERTIFICATE-----