Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/Z4NOFYYk4RzpPX66ta_3-E_fPZY.roa
File:                     Z4NOFYYk4RzpPX66ta_3-E_fPZY.roa (raw, json)
Hash identifier:          Raq4KrmkYE0fIRsUFR1EIMoYTODFKHYRyhepPWtx7Rc=
Subject key identifier:   67:83:4E:15:86:24:E1:1C:E9:3D:7E:BA:B5:AF:F7:F8:4F:DF:3D:96
Certificate issuer:       /CN=2bfb0d548c49b6a5618a4d3b3c1da4c3d144bf46
Certificate serial:       018F2E65031E58D69551097CA5CA4ECF1F0A
Authority key identifier: 2B:FB:0D:54:8C:49:B6:A5:61:8A:4D:3B:3C:1D:A4:C3:D1:44:BF:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K_sNVIxJtqVhik07PB2kw9FEv0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/Z4NOFYYk4RzpPX66ta_3-E_fPZY.roa
Signing time:             Tue 30 Apr 2024 09:45:22 +0000
ROA not before:           Tue 30 Apr 2024 09:45:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210475
IP address blocks:        2001:67c:2ff8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/K_sNVIxJtqVhik07PB2kw9FEv0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/K_sNVIxJtqVhik07PB2kw9FEv0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K_sNVIxJtqVhik07PB2kw9FEv0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 01:07:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2e:65:03:1e:58:d6:95:51:09:7c:a5:ca:4e:cf:1f:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bfb0d548c49b6a5618a4d3b3c1da4c3d144bf46
        Validity
            Not Before: Apr 30 09:45:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67834e158624e11ce93d7ebab5aff7f84fdf3d96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:bd:9d:5f:dd:b2:97:fb:a9:9d:56:60:58:52:
                    25:f6:19:6d:75:d6:8e:f3:a8:78:19:7f:94:ec:3d:
                    1d:b1:54:f8:90:7d:3b:75:1c:a6:84:eb:a2:fa:72:
                    3f:4f:d1:28:88:4a:83:e4:da:57:25:eb:25:96:8d:
                    02:c2:76:f9:c2:5c:06:ee:79:15:1c:42:4c:c2:d5:
                    15:76:14:7f:f4:05:b8:a6:e4:47:f8:bd:43:49:21:
                    0b:28:03:fc:58:2c:27:8a:6c:29:02:59:6f:b7:d8:
                    13:50:08:3f:28:f9:40:fd:25:c7:65:63:2e:9d:98:
                    d3:77:76:a7:09:f7:cb:2c:32:a5:64:c0:77:7f:47:
                    40:37:ce:d0:30:74:6c:40:51:d1:2e:e5:72:74:94:
                    95:5d:b9:b5:76:f4:ca:af:e1:63:d7:0b:81:f0:d2:
                    96:0a:c0:40:f0:d9:ae:af:33:e4:12:98:34:a2:c0:
                    44:cb:fa:e9:10:dc:c7:19:2e:c4:50:dd:8b:c3:6d:
                    50:d9:a0:d7:52:2d:be:11:42:87:8d:43:a8:9f:aa:
                    e7:9a:56:de:1f:0b:2a:27:12:1d:cf:0c:d5:88:e7:
                    14:86:c1:d3:79:91:69:30:fb:53:03:e3:2f:42:04:
                    7b:91:95:e8:e2:94:4a:c8:57:23:9b:ce:ca:a9:57:
                    97:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:83:4E:15:86:24:E1:1C:E9:3D:7E:BA:B5:AF:F7:F8:4F:DF:3D:96
            X509v3 Authority Key Identifier:
                keyid:2B:FB:0D:54:8C:49:B6:A5:61:8A:4D:3B:3C:1D:A4:C3:D1:44:BF:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K_sNVIxJtqVhik07PB2kw9FEv0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/Z4NOFYYk4RzpPX66ta_3-E_fPZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/f5d0f9-ca2f-4b6e-917c-137109369621/1/K_sNVIxJtqVhik07PB2kw9FEv0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2ff8::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:8e:b8:de:18:a5:8d:b2:3a:64:cf:fa:39:6f:ff:52:a3:34:
         d8:23:c0:80:d3:b6:51:8a:1f:40:9e:e2:ab:97:7e:37:9c:b5:
         e7:28:b6:fc:2e:c3:92:a3:54:a6:e5:50:83:f6:72:6c:16:6b:
         3f:b9:98:7b:8b:c5:9e:46:e2:c0:80:c4:e9:32:74:0b:56:c3:
         47:82:3a:31:93:eb:51:32:dd:f1:9b:d3:89:0d:7a:a2:b6:a9:
         6e:e9:38:d0:c8:d2:0f:5d:4d:82:24:8d:7d:4c:2c:52:6c:cb:
         d2:6b:d2:17:c8:cf:8d:ec:31:0f:57:58:51:00:a8:82:93:5b:
         8b:96:5f:95:79:12:b1:45:2c:9d:bb:5c:4c:2f:e8:d8:3c:b2:
         3d:da:45:e8:e9:ed:c4:75:fd:01:e6:4c:14:d8:d6:c6:56:58:
         a2:e1:02:bc:e9:d5:d4:f7:69:6b:82:bb:48:d3:36:59:35:77:
         ee:60:e4:bd:27:88:d5:d8:81:ba:23:b2:2f:75:fa:75:20:75:
         2b:53:52:aa:f4:87:46:c8:55:9e:4f:6b:da:d1:36:a3:43:bc:
         14:dc:6a:a8:5c:ed:a0:1c:54:9d:f9:6e:8a:21:ee:38:bf:b0:
         b7:d7:75:fb:7a:dc:7a:40:b6:16:28:be:6c:fb:f9:f3:65:4c:
         38:92:74:6f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8uZQMeWNaVUQl8pcpOzx8KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiZmIwZDU0OGM0OWI2YTU2MThhNGQzYjNjMWRhNGMzZDE0
NGJmNDYwHhcNMjQwNDMwMDk0NTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzgzNGUxNTg2MjRlMTFjZTkzZDdlYmFiNWFmZjdmODRmZGYzZDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxL2dX92yl/upnVZgWFIl9hltddaO
86h4GX+U7D0dsVT4kH07dRymhOui+nI/T9EoiEqD5NpXJesllo0Cwnb5wlwG7nkV
HEJMwtUVdhR/9AW4puRH+L1DSSELKAP8WCwnimwpAllvt9gTUAg/KPlA/SXHZWMu
nZjTd3anCffLLDKlZMB3f0dAN87QMHRsQFHRLuVydJSVXbm1dvTKr+Fj1wuB8NKW
CsBA8NmurzPkEpg0osBEy/rpENzHGS7EUN2Lw21Q2aDXUi2+EUKHjUOon6rnmlbe
HwsqJxIdzwzViOcUhsHTeZFpMPtTA+MvQgR7kZXo4pRKyFcjm87KqVeXLwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGeDThWGJOEc6T1+urWv9/hP3z2WMB8GA1UdIwQY
MBaAFCv7DVSMSbalYYpNOzwdpMPRRL9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS19zTlZJeEp0cVZoaWswN1BCMmt3OUZFdjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mNWQwZjktY2EyZi00YjZlLTkxN2Mt
MTM3MTA5MzY5NjIxLzEvWjROT0ZZWWs0UnpwUFg2NnRhXzMtRV9mUFpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mNWQwZjktY2EyZi00YjZlLTkxN2MtMTM3MTA5MzY5NjIx
LzEvS19zTlZJeEp0cVZoaWswN1BCMmt3OUZFdjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC/4
MA0GCSqGSIb3DQEBCwUAA4IBAQBHjrjeGKWNsjpkz/o5b/9SozTYI8CA07ZRih9A
nuKrl343nLXnKLb8LsOSo1Sm5VCD9nJsFms/uZh7i8WeRuLAgMTpMnQLVsNHgjox
k+tRMt3xm9OJDXqitqlu6TjQyNIPXU2CJI19TCxSbMvSa9IXyM+N7DEPV1hRAKiC
k1uLll+VeRKxRSydu1xML+jYPLI92kXo6e3Edf0B5kwU2NbGVlii4QK86dXU92lr
grtI0zZZNXfuYOS9J4jV2IG6I7Ivdfp1IHUrU1Kq9IdGyFWeT2va0TajQ7wU3Gqo
XO2gHFSd+W6KIe44v7C313X7etx6QLYWKL5s+/nzZUw4knRv
-----END CERTIFICATE-----