Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/_-1mhhT0VPWeGQeKp3w6W-AZzl0.roa
File:                     _-1mhhT0VPWeGQeKp3w6W-AZzl0.roa (raw, json)
Hash identifier:          oY4uoKGtUbKs+AYe7VUuGssKKlPs8/hkhs6viKVC8wM=
Subject key identifier:   FF:ED:66:86:14:F4:54:F5:9E:19:07:8A:A7:7C:3A:5B:E0:19:CE:5D
Certificate issuer:       /CN=780de16eee947b0a8c75714fc5da6a0259ca1b90
Certificate serial:       018CC8DF26C52A8100590FA872F5A2FE715B
Authority key identifier: 78:0D:E1:6E:EE:94:7B:0A:8C:75:71:4F:C5:DA:6A:02:59:CA:1B:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eA3hbu6UewqMdXFPxdpqAlnKG5A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/_-1mhhT0VPWeGQeKp3w6W-AZzl0.roa
Signing time:             Tue 02 Jan 2024 06:31:56 +0000
ROA not before:           Tue 02 Jan 2024 06:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39004
IP address blocks:        2001:67c:2854::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/eA3hbu6UewqMdXFPxdpqAlnKG5A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/eA3hbu6UewqMdXFPxdpqAlnKG5A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eA3hbu6UewqMdXFPxdpqAlnKG5A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 12:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:26:c5:2a:81:00:59:0f:a8:72:f5:a2:fe:71:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=780de16eee947b0a8c75714fc5da6a0259ca1b90
        Validity
            Not Before: Jan  2 06:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffed668614f454f59e19078aa77c3a5be019ce5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ab:ce:be:8a:16:a0:92:60:15:78:6a:f3:f8:
                    ef:20:c6:3a:55:91:7c:7a:ff:49:16:f4:13:45:99:
                    84:6d:27:71:ab:40:e3:48:b4:52:9a:76:14:40:0d:
                    bc:c2:3d:ae:f0:32:7f:fd:2c:81:37:6b:e6:1a:08:
                    64:be:78:f7:b9:3f:75:27:9d:b9:ca:b4:91:a0:31:
                    43:26:43:56:da:17:b6:3d:ee:cc:c5:68:0a:27:95:
                    4c:a9:58:b7:0d:0c:cc:44:65:ad:b4:db:16:ad:36:
                    b6:bd:3c:6f:cd:0d:b6:dd:a0:63:1c:9a:e2:e0:13:
                    0f:bb:25:f3:fc:0a:87:fd:5e:4a:38:5b:39:a8:7c:
                    99:db:ab:ff:4a:93:03:64:46:db:03:c3:23:60:09:
                    20:81:e1:c0:9b:8b:34:98:59:44:81:0b:8c:bf:ed:
                    6f:ac:85:10:60:b6:c3:8c:7b:40:b2:97:d8:b3:02:
                    1c:a0:26:85:2f:aa:57:dd:97:eb:02:df:d2:9b:bc:
                    86:78:a5:02:48:88:cf:f6:20:d4:91:f9:93:07:e1:
                    63:30:d1:97:34:da:da:d3:40:4b:f8:49:73:33:82:
                    78:94:46:9f:b9:03:6a:28:5f:80:52:2b:32:c8:7f:
                    5b:9f:78:b1:b1:57:aa:10:13:3c:b7:69:a9:23:81:
                    59:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:ED:66:86:14:F4:54:F5:9E:19:07:8A:A7:7C:3A:5B:E0:19:CE:5D
            X509v3 Authority Key Identifier:
                keyid:78:0D:E1:6E:EE:94:7B:0A:8C:75:71:4F:C5:DA:6A:02:59:CA:1B:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eA3hbu6UewqMdXFPxdpqAlnKG5A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/_-1mhhT0VPWeGQeKp3w6W-AZzl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/eA3hbu6UewqMdXFPxdpqAlnKG5A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2854::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:49:90:99:b7:db:45:5a:4c:21:6a:d3:8d:49:46:57:a8:2d:
         95:28:20:32:fc:60:22:5f:82:76:fe:64:2b:27:43:81:1b:f2:
         a9:af:42:ab:1e:8d:8e:18:dc:be:b0:41:ad:e0:6a:4e:34:0b:
         6a:f0:3e:8f:43:3a:94:03:b4:1d:28:9a:b5:61:19:8e:0d:17:
         ff:a1:0e:80:02:55:69:55:8a:cc:fd:24:0f:61:db:5e:a9:7e:
         3c:30:bf:34:17:79:72:b9:72:ac:ab:e6:54:fb:2b:79:17:ed:
         83:89:5c:36:10:f7:b7:3f:5f:1a:5f:a4:9c:81:e1:df:2a:75:
         de:34:26:c3:36:97:79:6c:4f:c2:6b:5d:ac:58:ff:d2:75:99:
         6f:69:5c:cd:f1:f0:a0:b3:81:b1:53:0d:36:28:b5:58:c4:34:
         8c:28:56:c3:2e:ff:d8:33:d9:48:9a:9f:c0:2f:da:ed:41:7d:
         35:4a:f7:79:c4:5e:94:04:c5:a7:5f:d0:97:e0:f0:2b:41:19:
         17:65:48:ea:55:0b:ca:53:b1:83:fa:04:4f:1a:3f:ce:a2:b3:
         a2:68:86:fe:8c:7b:cd:ad:80:45:1d:00:4e:fd:27:68:b5:fe:
         42:89:2a:23:b3:89:87:5d:c2:6b:24:47:c3:9b:fe:28:0d:38:
         71:e0:2f:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3ybFKoEAWQ+ocvWi/nFbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MGRlMTZlZWU5NDdiMGE4Yzc1NzE0ZmM1ZGE2YTAyNTlj
YTFiOTAwHhcNMjQwMTAyMDYzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmVkNjY4NjE0ZjQ1NGY1OWUxOTA3OGFhNzdjM2E1YmUwMTljZTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKvOvooWoJJgFXhq8/jvIMY6VZF8
ev9JFvQTRZmEbSdxq0DjSLRSmnYUQA28wj2u8DJ//SyBN2vmGghkvnj3uT91J525
yrSRoDFDJkNW2he2Pe7MxWgKJ5VMqVi3DQzMRGWttNsWrTa2vTxvzQ223aBjHJri
4BMPuyXz/AqH/V5KOFs5qHyZ26v/SpMDZEbbA8MjYAkggeHAm4s0mFlEgQuMv+1v
rIUQYLbDjHtAspfYswIcoCaFL6pX3ZfrAt/Sm7yGeKUCSIjP9iDUkfmTB+FjMNGX
NNra00BL+ElzM4J4lEafuQNqKF+AUisyyH9bn3ixsVeqEBM8t2mpI4FZ6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP/tZoYU9FT1nhkHiqd8OlvgGc5dMB8GA1UdIwQY
MBaAFHgN4W7ulHsKjHVxT8XaagJZyhuQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUEzaGJ1NlVld3FNZFhGUHhkcHFBbG5LRzVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8xMDcxOTUtY2M1MS00NzFiLThkYTIt
ZTAwNTU0M2YwMzc0LzEvXy0xbWhoVDBWUFdlR1FlS3AzdzZXLUFaemwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8xMDcxOTUtY2M1MS00NzFiLThkYTItZTAwNTU0M2YwMzc0
LzEvZUEzaGJ1NlVld3FNZFhGUHhkcHFBbG5LRzVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfChU
MA0GCSqGSIb3DQEBCwUAA4IBAQAySZCZt9tFWkwhatONSUZXqC2VKCAy/GAiX4J2
/mQrJ0OBG/Kpr0KrHo2OGNy+sEGt4GpONAtq8D6PQzqUA7QdKJq1YRmODRf/oQ6A
AlVpVYrM/SQPYdteqX48ML80F3lyuXKsq+ZU+yt5F+2DiVw2EPe3P18aX6ScgeHf
KnXeNCbDNpd5bE/Ca12sWP/SdZlvaVzN8fCgs4GxUw02KLVYxDSMKFbDLv/YM9lI
mp/AL9rtQX01Svd5xF6UBMWnX9CX4PArQRkXZUjqVQvKU7GD+gRPGj/OorOiaIb+
jHvNrYBFHQBO/Sdotf5CiSojs4mHXcJrJEfDm/4oDThx4C/D
-----END CERTIFICATE-----