Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/32e7dc-bd1a-425b-9ee1-01de2598629f/1/5DqRVBQiSxH6fb-7gPGkbB4qHOY.roa
File:                     5DqRVBQiSxH6fb-7gPGkbB4qHOY.roa (raw, json)
Hash identifier:          mdTGi5XhuTKs/DuTNhD0vtQHVVVMOcaGHLwkuy87xuM=
Subject key identifier:   E4:3A:91:54:14:22:4B:11:FA:7D:BF:BB:80:F1:A4:6C:1E:2A:1C:E6
Certificate issuer:       /CN=fb7548da38beb1ce72f8a6933b31da5b5c654834
Certificate serial:       018E5A8B58203FFCDCBA46DE38123742F807
Authority key identifier: FB:75:48:DA:38:BE:B1:CE:72:F8:A6:93:3B:31:DA:5B:5C:65:48:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-3VI2ji-sc5y-KaTOzHaW1xlSDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/32e7dc-bd1a-425b-9ee1-01de2598629f/1/5DqRVBQiSxH6fb-7gPGkbB4qHOY.roa
Signing time:             Wed 20 Mar 2024 06:27:45 +0000
ROA not before:           Wed 20 Mar 2024 06:27:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215296
IP address blocks:        2001:67c:e3c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/32e7dc-bd1a-425b-9ee1-01de2598629f/1/1-3VI2ji-sc5y-KaTOzHaW1xlSDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/32e7dc-bd1a-425b-9ee1-01de2598629f/1/1-3VI2ji-sc5y-KaTOzHaW1xlSDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-3VI2ji-sc5y-KaTOzHaW1xlSDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5a:8b:58:20:3f:fc:dc:ba:46:de:38:12:37:42:f8:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb7548da38beb1ce72f8a6933b31da5b5c654834
        Validity
            Not Before: Mar 20 06:27:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e43a915414224b11fa7dbfbb80f1a46c1e2a1ce6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a6:0e:ca:96:90:26:51:1b:81:92:8a:b4:1c:
                    a4:9b:e4:c3:b1:c7:af:34:51:eb:4d:c6:a1:2d:9c:
                    bb:07:19:e8:8d:e5:2a:ea:e8:dc:cf:66:36:51:32:
                    61:bd:90:55:8c:e8:1a:58:bc:dd:bd:a6:2b:d4:46:
                    86:86:44:7c:dc:03:0d:a4:65:68:77:57:36:16:7f:
                    8f:94:b7:fe:d1:05:3a:f7:c5:a7:93:56:c2:2d:d4:
                    d4:4c:e7:39:d0:bd:52:a6:98:04:6d:4f:87:ae:0d:
                    ad:98:b2:44:cf:dc:d9:6c:cc:a6:f8:9c:20:b9:65:
                    a3:69:7b:ab:15:9f:55:27:20:3c:00:e3:df:b1:4e:
                    ec:f6:ed:01:3d:a6:33:cd:aa:ca:67:fb:be:4f:7a:
                    d4:cf:f1:0e:11:50:a3:07:8a:39:48:0b:56:14:e6:
                    0c:4a:fd:a1:e5:e0:c1:ab:c2:aa:3b:10:0f:b9:e3:
                    ea:0e:d3:02:d9:d2:da:5c:80:17:47:78:d6:d7:5c:
                    1f:a9:79:91:1f:78:b9:a2:06:df:84:7e:c0:3c:18:
                    ac:f2:dc:70:e9:7b:bc:28:2c:b3:db:13:76:76:03:
                    7e:a1:21:58:1c:82:6c:84:8c:14:8d:c1:02:b5:ef:
                    59:8f:3d:e5:d2:39:bd:81:99:6b:d9:91:43:b1:22:
                    92:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:3A:91:54:14:22:4B:11:FA:7D:BF:BB:80:F1:A4:6C:1E:2A:1C:E6
            X509v3 Authority Key Identifier:
                keyid:FB:75:48:DA:38:BE:B1:CE:72:F8:A6:93:3B:31:DA:5B:5C:65:48:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-3VI2ji-sc5y-KaTOzHaW1xlSDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/32e7dc-bd1a-425b-9ee1-01de2598629f/1/5DqRVBQiSxH6fb-7gPGkbB4qHOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/32e7dc-bd1a-425b-9ee1-01de2598629f/1/1-3VI2ji-sc5y-KaTOzHaW1xlSDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e3c::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:7d:24:46:83:d1:55:5c:c1:5f:36:3b:4a:91:c0:2d:a3:6b:
         8c:d5:0a:9d:53:b8:77:f0:c9:27:d7:9b:14:37:fc:70:91:19:
         98:6c:df:ee:b0:92:38:be:09:44:c3:86:1c:51:92:c7:fb:6b:
         b1:f3:b6:9d:d4:2b:3e:81:60:28:33:96:bb:e0:ca:eb:18:1e:
         a4:52:f2:d5:8b:5c:1f:62:76:92:0f:de:14:80:3b:5c:15:da:
         de:a0:80:2b:36:cc:be:4d:01:21:03:61:b2:82:f8:0d:04:ab:
         6d:e0:3f:87:1c:aa:27:e6:37:71:d8:e2:91:b5:5c:fc:d0:ec:
         aa:f7:91:e8:50:85:10:12:ba:b6:65:2d:ac:b8:e7:ab:5c:ad:
         15:5a:a0:ab:72:c1:c8:52:18:48:27:64:ea:3c:c5:55:65:1d:
         5d:83:1e:bd:c7:3f:05:1f:28:62:86:8d:21:a2:47:86:c0:05:
         36:79:ad:0f:40:fe:78:70:e7:65:fb:64:70:14:d3:6a:a5:ad:
         2a:94:5b:d5:d7:da:44:89:c9:f9:d8:48:20:d8:85:ab:42:e9:
         39:35:bd:6f:60:44:28:38:ba:66:20:d4:3d:5d:40:9b:9b:31:
         96:80:be:6a:36:a8:fb:ef:b7:54:62:5b:eb:1e:f6:1f:97:b7:
         4c:71:05:bf
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAY5ai1ggP/zcukbeOBI3QvgHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiNzU0OGRhMzhiZWIxY2U3MmY4YTY5MzNiMzFkYTViNWM2
NTQ4MzQwHhcNMjQwMzIwMDYyNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDNhOTE1NDE0MjI0YjExZmE3ZGJmYmI4MGYxYTQ2YzFlMmExY2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqYOypaQJlEbgZKKtBykm+TDscev
NFHrTcahLZy7BxnojeUq6ujcz2Y2UTJhvZBVjOgaWLzdvaYr1EaGhkR83AMNpGVo
d1c2Fn+PlLf+0QU698Wnk1bCLdTUTOc50L1SppgEbU+Hrg2tmLJEz9zZbMym+Jwg
uWWjaXurFZ9VJyA8AOPfsU7s9u0BPaYzzarKZ/u+T3rUz/EOEVCjB4o5SAtWFOYM
Sv2h5eDBq8KqOxAPuePqDtMC2dLaXIAXR3jW11wfqXmRH3i5ogbfhH7APBis8txw
6Xu8KCyz2xN2dgN+oSFYHIJshIwUjcECte9Zjz3l0jm9gZlr2ZFDsSKS5wIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFOQ6kVQUIksR+n2/u4DxpGweKhzmMB8GA1UdIwQY
MBaAFPt1SNo4vrHOcvimkzsx2ltcZUg0MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0zVkkyamktc2M1eS1LYVRPekhhVzF4bFNEUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjAvMzJlN2RjLWJkMWEtNDI1Yi05ZWUx
LTAxZGUyNTk4NjI5Zi8xLzVEcVJWQlFpU3hINmZiLTdnUEdrYkI0cUhPWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjAvMzJlN2RjLWJkMWEtNDI1Yi05ZWUxLTAxZGUyNTk4NjI5
Zi8xLzEtM1ZJMmppLXNjNXktS2FUT3pIYVcxeGxTRFEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQZ8
DjwwDQYJKoZIhvcNAQELBQADggEBAHx9JEaD0VVcwV82O0qRwC2ja4zVCp1TuHfw
ySfXmxQ3/HCRGZhs3+6wkji+CUTDhhxRksf7a7Hztp3UKz6BYCgzlrvgyusYHqRS
8tWLXB9idpIP3hSAO1wV2t6ggCs2zL5NASEDYbKC+A0Eq23gP4ccqifmN3HY4pG1
XPzQ7Kr3kehQhRASurZlLay456tcrRVaoKtywchSGEgnZOo8xVVlHV2DHr3HPwUf
KGKGjSGiR4bABTZ5rQ9A/nhw52X7ZHAU02qlrSqUW9XX2kSJyfnYSCDYhatC6Tk1
vW9gRCg4umYg1D1dQJubMZaAvmo2qPvvt1RiW+se9h+Xt0xxBb8=
-----END CERTIFICATE-----