Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/03d342-a349-4656-9d40-b3e43d305b89/1/xbt1jibAv_UpXNz2j5670oyX4d8.roa
File:                     xbt1jibAv_UpXNz2j5670oyX4d8.roa (raw, json)
Hash identifier:          tCgnaJ+siD6k0JB5CBEUEgUKO5ikHwv2D+AHip7C+G4=
Subject key identifier:   C5:BB:75:8E:26:C0:BF:F5:29:5C:DC:F6:8F:9E:BB:D2:8C:97:E1:DF
Certificate issuer:       /CN=5fa7b6aef0bd2411304e4f3c6957c82eb2567cd3
Certificate serial:       018CC94CE3E795BF1576AA0FE5F830B0BDCF
Authority key identifier: 5F:A7:B6:AE:F0:BD:24:11:30:4E:4F:3C:69:57:C8:2E:B2:56:7C:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X6e2rvC9JBEwTk88aVfILrJWfNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/03d342-a349-4656-9d40-b3e43d305b89/1/xbt1jibAv_UpXNz2j5670oyX4d8.roa
Signing time:             Tue 02 Jan 2024 08:31:48 +0000
ROA not before:           Tue 02 Jan 2024 08:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201190
IP address blocks:        2001:67c:b0c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/03d342-a349-4656-9d40-b3e43d305b89/1/X6e2rvC9JBEwTk88aVfILrJWfNM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/03d342-a349-4656-9d40-b3e43d305b89/1/X6e2rvC9JBEwTk88aVfILrJWfNM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X6e2rvC9JBEwTk88aVfILrJWfNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:e3:e7:95:bf:15:76:aa:0f:e5:f8:30:b0:bd:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fa7b6aef0bd2411304e4f3c6957c82eb2567cd3
        Validity
            Not Before: Jan  2 08:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5bb758e26c0bff5295cdcf68f9ebbd28c97e1df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:43:88:26:17:4a:15:4a:47:09:89:6b:9d:60:
                    1b:87:56:1c:de:60:88:21:21:ae:eb:96:d9:f0:b1:
                    f3:c0:7a:f1:30:2f:0b:c6:e0:32:58:7d:ef:3c:e7:
                    60:20:43:99:0d:91:b3:86:d0:d1:9b:b3:a5:01:86:
                    89:8a:66:13:8b:d0:3d:66:ec:8c:04:90:7c:c7:3f:
                    8b:ba:f5:16:4c:77:8b:ed:62:f2:a7:2a:94:ff:98:
                    e9:df:53:66:c9:05:dc:f5:e8:de:37:ac:b8:01:8f:
                    f8:db:87:d7:0a:6c:de:07:06:bf:7e:e7:29:56:9a:
                    06:c9:71:bd:6f:23:b8:a5:ee:ef:a8:c6:76:1f:e7:
                    6f:14:39:41:25:10:8d:4a:73:c4:71:fd:d5:48:09:
                    9b:bc:14:e9:28:b8:de:e8:67:8b:ac:85:22:67:bf:
                    b0:e6:9d:49:bb:1c:d3:8f:12:9a:99:4e:50:b8:bd:
                    f5:dc:e2:20:36:6c:5a:e8:6d:1d:0e:d6:ff:23:b3:
                    2b:f8:26:cd:db:b3:ab:29:a0:de:a9:1c:34:e9:30:
                    7b:41:b3:d2:d7:b4:3e:5f:01:73:9d:73:5a:fb:6a:
                    80:61:1e:bb:03:4e:90:a3:0b:1c:03:4e:0d:e3:a8:
                    82:20:c9:ab:b6:f7:ff:22:b1:82:b1:f1:44:fb:ac:
                    5d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:BB:75:8E:26:C0:BF:F5:29:5C:DC:F6:8F:9E:BB:D2:8C:97:E1:DF
            X509v3 Authority Key Identifier:
                keyid:5F:A7:B6:AE:F0:BD:24:11:30:4E:4F:3C:69:57:C8:2E:B2:56:7C:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X6e2rvC9JBEwTk88aVfILrJWfNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/03d342-a349-4656-9d40-b3e43d305b89/1/xbt1jibAv_UpXNz2j5670oyX4d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/03d342-a349-4656-9d40-b3e43d305b89/1/X6e2rvC9JBEwTk88aVfILrJWfNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b0c::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:87:12:05:0b:39:bc:29:3e:e8:33:a2:36:87:19:c9:8e:65:
         c3:9a:05:29:f6:da:2f:32:3b:8f:19:ca:ff:e9:ae:b3:d1:43:
         ba:52:ca:bb:71:f4:6c:89:1e:72:3d:af:e8:6a:0d:34:9d:2f:
         ed:ea:fc:2b:40:cd:e4:9d:ee:46:5a:99:c6:93:50:7c:7d:7e:
         55:9c:a1:71:a6:60:98:ef:de:10:63:82:51:cf:be:4f:5b:15:
         54:26:3f:3c:5a:38:e9:64:59:f3:8a:17:42:7a:4b:94:1a:90:
         75:17:5c:8a:2f:fb:98:b3:8e:ef:c6:62:38:1a:78:d5:ff:95:
         d0:aa:0a:21:60:6f:d9:70:c5:2b:21:77:3c:78:74:e8:ca:81:
         cc:38:ae:99:fa:f1:e4:8b:de:59:d8:2e:b5:63:40:27:b8:60:
         3b:1b:ff:b0:4f:29:53:23:f6:c0:ee:e6:19:b6:93:ee:ae:3b:
         c3:35:24:5e:f1:e8:9e:34:35:56:d7:83:b4:6c:b6:e5:14:25:
         68:8a:4b:f9:38:73:99:17:ca:79:66:c2:3d:b7:01:a9:ac:f1:
         a5:d5:31:2a:c0:b6:4e:d4:b7:bd:7c:f1:6e:ed:7b:be:78:c0:
         99:74:4c:18:b6:b5:cb:9a:65:2e:fc:98:32:b4:a6:96:51:e1:
         69:1f:e7:5c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTOPnlb8VdqoP5fgwsL3PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYTdiNmFlZjBiZDI0MTEzMDRlNGYzYzY5NTdjODJlYjI1
NjdjZDMwHhcNMjQwMTAyMDgzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWJiNzU4ZTI2YzBiZmY1Mjk1Y2RjZjY4ZjllYmJkMjhjOTdlMWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkOIJhdKFUpHCYlrnWAbh1Yc3mCI
ISGu65bZ8LHzwHrxMC8LxuAyWH3vPOdgIEOZDZGzhtDRm7OlAYaJimYTi9A9ZuyM
BJB8xz+LuvUWTHeL7WLypyqU/5jp31NmyQXc9ejeN6y4AY/424fXCmzeBwa/fucp
VpoGyXG9byO4pe7vqMZ2H+dvFDlBJRCNSnPEcf3VSAmbvBTpKLje6GeLrIUiZ7+w
5p1JuxzTjxKamU5QuL313OIgNmxa6G0dDtb/I7Mr+CbN27OrKaDeqRw06TB7QbPS
17Q+XwFznXNa+2qAYR67A06QowscA04N46iCIMmrtvf/IrGCsfFE+6xdUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMW7dY4mwL/1KVzc9o+eu9KMl+HfMB8GA1UdIwQY
MBaAFF+ntq7wvSQRME5PPGlXyC6yVnzTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDZlMnJ2QzlKQkV3VGs4OGFWZklMckpXZk5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8wM2QzNDItYTM0OS00NjU2LTlkNDAt
YjNlNDNkMzA1Yjg5LzEveGJ0MWppYkF2X1VwWE56Mmo1Njcwb3lYNGQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8wM2QzNDItYTM0OS00NjU2LTlkNDAtYjNlNDNkMzA1Yjg5
LzEvWDZlMnJ2QzlKQkV3VGs4OGFWZklMckpXZk5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAsM
MA0GCSqGSIb3DQEBCwUAA4IBAQBqhxIFCzm8KT7oM6I2hxnJjmXDmgUp9tovMjuP
Gcr/6a6z0UO6Usq7cfRsiR5yPa/oag00nS/t6vwrQM3kne5GWpnGk1B8fX5VnKFx
pmCY794QY4JRz75PWxVUJj88WjjpZFnzihdCekuUGpB1F1yKL/uYs47vxmI4GnjV
/5XQqgohYG/ZcMUrIXc8eHToyoHMOK6Z+vHki95Z2C61Y0AnuGA7G/+wTylTI/bA
7uYZtpPurjvDNSRe8eieNDVW14O0bLblFCVoikv5OHOZF8p5ZsI9twGprPGl1TEq
wLZO1Le9fPFu7Xu+eMCZdEwYtrXLmmUu/JgytKaWUeFpH+dc
-----END CERTIFICATE-----