Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/102bef-6459-44bc-840e-e9d2b3a7872c/1/Jy9KYe6gXkf-yHpBxSjRl9tNNcs.roa
File:                     Jy9KYe6gXkf-yHpBxSjRl9tNNcs.roa (raw, json)
Hash identifier:          HsvvGXp+ZXj5pOysDrmBbU8YZ+l6Z9DH+rDb1yl8Ma0=
Subject key identifier:   27:2F:4A:61:EE:A0:5E:47:FE:C8:7A:41:C5:28:D1:97:DB:4D:35:CB
Certificate issuer:       /CN=44d64dac03f1a57c1931667118048d82c43c5540
Certificate serial:       018CC5012EF319B5EA93BD91F9CD14A94D8C
Authority key identifier: 44:D6:4D:AC:03:F1:A5:7C:19:31:66:71:18:04:8D:82:C4:3C:55:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RNZNrAPxpXwZMWZxGASNgsQ8VUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/102bef-6459-44bc-840e-e9d2b3a7872c/1/Jy9KYe6gXkf-yHpBxSjRl9tNNcs.roa
Signing time:             Mon 01 Jan 2024 12:30:38 +0000
ROA not before:           Mon 01 Jan 2024 12:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204828
IP address blocks:        2001:67c:2284::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/102bef-6459-44bc-840e-e9d2b3a7872c/1/RNZNrAPxpXwZMWZxGASNgsQ8VUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/102bef-6459-44bc-840e-e9d2b3a7872c/1/RNZNrAPxpXwZMWZxGASNgsQ8VUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RNZNrAPxpXwZMWZxGASNgsQ8VUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2e:f3:19:b5:ea:93:bd:91:f9:cd:14:a9:4d:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44d64dac03f1a57c1931667118048d82c43c5540
        Validity
            Not Before: Jan  1 12:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=272f4a61eea05e47fec87a41c528d197db4d35cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c2:7e:b6:55:4f:a0:43:ae:34:2b:e5:31:36:
                    dd:46:f1:ff:f9:6b:51:7b:29:1f:f7:bf:82:dc:d6:
                    19:b8:6d:83:b9:14:64:85:d4:fc:83:7d:66:65:1e:
                    2e:82:a5:94:f6:b4:79:7f:ec:37:13:f2:c7:6c:11:
                    2f:48:85:3e:4a:52:ca:a7:6e:39:77:3e:91:33:fb:
                    41:68:39:13:e5:b1:54:04:e9:19:d9:52:38:91:fc:
                    22:27:71:4e:d2:f7:97:27:b1:83:30:cd:5f:6f:87:
                    4c:f2:5d:ea:0a:39:3a:40:96:5a:b2:7a:83:de:fb:
                    13:a3:79:4f:8c:41:c6:4b:11:2f:0f:5a:b4:3d:ee:
                    2b:58:28:e9:c8:a5:7e:e7:1b:9d:43:c0:8e:b4:a1:
                    3b:55:bd:01:1b:b5:5b:1b:46:63:98:3d:a5:1a:8e:
                    c5:c4:45:4a:49:82:d6:e1:53:a2:e7:4f:d2:53:82:
                    f2:45:66:f7:c3:39:6a:af:be:20:3a:99:89:74:a1:
                    b9:28:36:cf:20:7d:06:d9:f1:43:f3:19:cf:40:05:
                    a3:80:7b:2d:db:ee:a5:52:b6:a5:8e:ab:98:02:fd:
                    7c:77:05:d2:a5:06:11:6a:69:d6:71:63:92:c4:db:
                    59:7c:3b:62:c5:ce:ad:cf:e5:22:7e:dd:f3:68:18:
                    3a:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:2F:4A:61:EE:A0:5E:47:FE:C8:7A:41:C5:28:D1:97:DB:4D:35:CB
            X509v3 Authority Key Identifier:
                keyid:44:D6:4D:AC:03:F1:A5:7C:19:31:66:71:18:04:8D:82:C4:3C:55:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RNZNrAPxpXwZMWZxGASNgsQ8VUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/102bef-6459-44bc-840e-e9d2b3a7872c/1/Jy9KYe6gXkf-yHpBxSjRl9tNNcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/102bef-6459-44bc-840e-e9d2b3a7872c/1/RNZNrAPxpXwZMWZxGASNgsQ8VUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2284::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:db:ec:ab:23:1d:77:9d:85:55:7b:ce:98:08:d9:ca:03:f6:
         9a:f2:b9:5b:49:51:f5:a1:a9:83:3c:6f:3c:74:4d:0e:36:48:
         46:15:69:36:98:66:02:50:79:fe:1e:ae:c1:7e:ad:4f:32:2a:
         46:f0:7b:5a:9f:5c:1b:53:0b:5c:00:c2:74:67:2a:7b:ee:32:
         93:70:c9:b6:a8:78:92:e9:95:4e:c2:43:b4:cf:71:67:70:c6:
         2c:90:31:1f:6d:b3:97:ae:e4:80:a4:6d:ef:ce:3b:52:23:f7:
         19:41:40:ab:98:b9:a2:e7:dd:22:3c:b9:59:c8:60:25:c8:a5:
         18:30:7d:5a:d4:68:d6:56:94:2f:a2:46:38:0e:42:28:b2:5b:
         66:82:33:f5:4e:1a:eb:cf:f0:6b:44:43:5d:84:1f:0a:9e:38:
         c5:0c:4c:50:67:72:8d:72:7d:b3:2f:a5:59:d7:fe:03:c6:5a:
         81:d4:84:6d:69:3a:5b:9c:1f:a3:d4:a5:77:51:d3:27:f2:e1:
         7b:3f:52:12:7f:b8:c2:0c:36:a5:e1:20:0a:86:0a:1c:32:36:
         a8:24:8c:68:f7:e4:a3:6f:87:1b:12:a2:dd:95:96:27:98:88:
         7d:ca:0e:e5:3d:ac:09:91:94:6a:a1:87:ae:76:c7:15:ae:cf:
         9b:71:9c:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAS7zGbXqk72R+c0UqU2MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZDY0ZGFjMDNmMWE1N2MxOTMxNjY3MTE4MDQ4ZDgyYzQz
YzU1NDAwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzJmNGE2MWVlYTA1ZTQ3ZmVjODdhNDFjNTI4ZDE5N2RiNGQzNWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcJ+tlVPoEOuNCvlMTbdRvH/+WtR
eykf97+C3NYZuG2DuRRkhdT8g31mZR4ugqWU9rR5f+w3E/LHbBEvSIU+SlLKp245
dz6RM/tBaDkT5bFUBOkZ2VI4kfwiJ3FO0veXJ7GDMM1fb4dM8l3qCjk6QJZasnqD
3vsTo3lPjEHGSxEvD1q0Pe4rWCjpyKV+5xudQ8COtKE7Vb0BG7VbG0ZjmD2lGo7F
xEVKSYLW4VOi50/SU4LyRWb3wzlqr74gOpmJdKG5KDbPIH0G2fFD8xnPQAWjgHst
2+6lUraljquYAv18dwXSpQYRamnWcWOSxNtZfDtixc6tz+Uift3zaBg6lQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCcvSmHuoF5H/sh6QcUo0ZfbTTXLMB8GA1UdIwQY
MBaAFETWTawD8aV8GTFmcRgEjYLEPFVAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUk5aTnJBUHhwWHdaTVdaeEdBU05nc1E4VlVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8xMDJiZWYtNjQ1OS00NGJjLTg0MGUt
ZTlkMmIzYTc4NzJjLzEvSnk5S1llNmdYa2YteUhwQnhTalJsOXROTmNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8xMDJiZWYtNjQ1OS00NGJjLTg0MGUtZTlkMmIzYTc4NzJj
LzEvUk5aTnJBUHhwWHdaTVdaeEdBU05nc1E4VlVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCKE
MA0GCSqGSIb3DQEBCwUAA4IBAQBL2+yrIx13nYVVe86YCNnKA/aa8rlbSVH1oamD
PG88dE0ONkhGFWk2mGYCUHn+Hq7Bfq1PMipG8Htan1wbUwtcAMJ0Zyp77jKTcMm2
qHiS6ZVOwkO0z3FncMYskDEfbbOXruSApG3vzjtSI/cZQUCrmLmi590iPLlZyGAl
yKUYMH1a1GjWVpQvokY4DkIosltmgjP1Thrrz/BrRENdhB8KnjjFDExQZ3KNcn2z
L6VZ1/4DxlqB1IRtaTpbnB+j1KV3UdMn8uF7P1ISf7jCDDal4SAKhgocMjaoJIxo
9+Sjb4cbEqLdlZYnmIh9yg7lPawJkZRqoYeudscVrs+bcZxQ
-----END CERTIFICATE-----