Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/366830-c634-4644-a752-820914022158/1/bPlQ4rorv04UuRkNDeoJ7b9Ze04.roa
File:                     bPlQ4rorv04UuRkNDeoJ7b9Ze04.roa (raw, json)
Hash identifier:          vquYVwnYYWpoRn+dyjcEMwewql711vYaSp7z+u4hifg=
Subject key identifier:   6C:F9:50:E2:BA:2B:BF:4E:14:B9:19:0D:0D:EA:09:ED:BF:59:7B:4E
Certificate issuer:       /CN=9ea73fb87c87b6ff8462016147764e7e4f0ead29
Certificate serial:       018CC801E41B0B44F7FADCCB571A01338DB5
Authority key identifier: 9E:A7:3F:B8:7C:87:B6:FF:84:62:01:61:47:76:4E:7E:4F:0E:AD:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nqc_uHyHtv-EYgFhR3ZOfk8OrSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/366830-c634-4644-a752-820914022158/1/bPlQ4rorv04UuRkNDeoJ7b9Ze04.roa
Signing time:             Tue 02 Jan 2024 02:30:16 +0000
ROA not before:           Tue 02 Jan 2024 02:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198453
IP address blocks:        2001:67c:13e0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/366830-c634-4644-a752-820914022158/1/nqc_uHyHtv-EYgFhR3ZOfk8OrSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/366830-c634-4644-a752-820914022158/1/nqc_uHyHtv-EYgFhR3ZOfk8OrSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nqc_uHyHtv-EYgFhR3ZOfk8OrSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:e4:1b:0b:44:f7:fa:dc:cb:57:1a:01:33:8d:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ea73fb87c87b6ff8462016147764e7e4f0ead29
        Validity
            Not Before: Jan  2 02:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cf950e2ba2bbf4e14b9190d0dea09edbf597b4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:3e:fb:79:84:10:b8:e9:b5:b2:8f:2d:c2:92:
                    86:cd:90:28:75:28:b7:c5:fd:0a:58:e0:1b:10:59:
                    91:c7:39:78:eb:0a:4d:e8:1f:92:35:fa:14:45:64:
                    24:8d:15:c6:cd:7e:8d:20:36:fc:6e:d0:19:5b:34:
                    3c:b3:f6:66:b2:ed:65:b9:7f:f5:e5:97:63:c9:f9:
                    0e:64:f0:ca:0b:df:a2:aa:49:0c:b2:2b:7e:a3:d3:
                    6a:fb:aa:9a:71:4f:44:e4:54:6b:80:1f:2f:2b:34:
                    18:c7:be:90:71:39:f2:68:60:14:65:3c:62:61:02:
                    3d:b9:e1:79:6b:1f:bc:24:de:0c:90:1e:2f:56:eb:
                    9f:73:2c:5d:5d:b5:3b:48:fa:5d:9a:d5:34:ac:38:
                    c3:ac:7d:2c:2f:81:c9:fb:42:66:17:13:a4:ae:77:
                    e1:dc:11:54:c8:6e:ab:c4:5e:37:e6:0f:99:47:c5:
                    62:eb:28:62:06:c4:22:ca:02:df:36:26:6d:7a:8e:
                    ab:ce:9f:8b:44:3c:36:5c:c8:7a:a0:d5:b8:a1:a4:
                    4f:99:94:f4:8b:b6:0c:39:52:56:1f:3c:0d:62:b0:
                    71:f5:ce:21:73:a4:2b:db:ff:ea:52:70:43:4a:b4:
                    4b:a8:8b:cb:1b:3c:bf:f8:07:c1:ed:c0:96:6e:11:
                    6d:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:F9:50:E2:BA:2B:BF:4E:14:B9:19:0D:0D:EA:09:ED:BF:59:7B:4E
            X509v3 Authority Key Identifier:
                keyid:9E:A7:3F:B8:7C:87:B6:FF:84:62:01:61:47:76:4E:7E:4F:0E:AD:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nqc_uHyHtv-EYgFhR3ZOfk8OrSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/366830-c634-4644-a752-820914022158/1/bPlQ4rorv04UuRkNDeoJ7b9Ze04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/366830-c634-4644-a752-820914022158/1/nqc_uHyHtv-EYgFhR3ZOfk8OrSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:13e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:62:cc:17:42:d2:f3:5c:c8:11:bb:f9:27:c0:2c:5d:ba:be:
         0f:d5:cd:3a:e8:5e:32:71:16:ca:38:75:e0:b9:39:a6:2c:dc:
         bf:a4:b5:b1:61:cf:9a:c5:ce:a3:f8:1b:0b:16:c0:79:af:14:
         2a:1d:bf:64:49:b6:a3:00:ab:de:12:c6:12:22:36:df:0d:7d:
         58:95:df:d7:0e:b4:d4:86:ee:8c:d4:f3:cc:59:9a:02:22:e8:
         27:ad:fd:15:60:d5:12:d5:5d:f9:de:1f:5a:c6:6d:b8:0c:77:
         06:9f:a2:e2:bc:a0:3a:92:bd:51:e8:55:5b:e2:54:8b:4b:ea:
         d0:1e:47:95:e9:21:55:e3:c7:96:2f:bb:94:cb:2f:f2:dc:70:
         b0:5b:d4:7a:4c:bf:cb:2b:7e:61:30:98:d9:f6:12:ff:25:0a:
         b9:8f:33:6e:74:37:c9:70:42:7f:11:23:95:a2:f0:58:40:0b:
         6c:aa:99:91:ac:b4:15:3a:9d:d4:9b:f9:43:bb:e1:88:15:20:
         34:c6:21:95:a2:c6:52:41:de:51:17:76:7a:9e:0b:77:f8:2f:
         a0:5f:5f:f9:de:6c:6b:6d:c1:40:62:97:1a:be:4f:89:a2:f7:
         55:67:d7:0d:4b:5e:c8:ea:95:ef:5b:32:1a:33:99:d7:b9:63:
         c1:bd:4f:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAeQbC0T3+tzLVxoBM421MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYTczZmI4N2M4N2I2ZmY4NDYyMDE2MTQ3NzY0ZTdlNGYw
ZWFkMjkwHhcNMjQwMTAyMDIzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2Y5NTBlMmJhMmJiZjRlMTRiOTE5MGQwZGVhMDllZGJmNTk3YjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoz77eYQQuOm1so8twpKGzZAodSi3
xf0KWOAbEFmRxzl46wpN6B+SNfoURWQkjRXGzX6NIDb8btAZWzQ8s/Zmsu1luX/1
5ZdjyfkOZPDKC9+iqkkMsit+o9Nq+6qacU9E5FRrgB8vKzQYx76QcTnyaGAUZTxi
YQI9ueF5ax+8JN4MkB4vVuufcyxdXbU7SPpdmtU0rDjDrH0sL4HJ+0JmFxOkrnfh
3BFUyG6rxF435g+ZR8Vi6yhiBsQiygLfNiZteo6rzp+LRDw2XMh6oNW4oaRPmZT0
i7YMOVJWHzwNYrBx9c4hc6Qr2//qUnBDSrRLqIvLGzy/+AfB7cCWbhFtWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGz5UOK6K79OFLkZDQ3qCe2/WXtOMB8GA1UdIwQY
MBaAFJ6nP7h8h7b/hGIBYUd2Tn5PDq0pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnFjX3VIeUh0di1FWWdGaFIzWk9mazhPclNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8zNjY4MzAtYzYzNC00NjQ0LWE3NTIt
ODIwOTE0MDIyMTU4LzEvYlBsUTRyb3J2MDRVdVJrTkRlb0o3YjlaZTA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8zNjY4MzAtYzYzNC00NjQ0LWE3NTItODIwOTE0MDIyMTU4
LzEvbnFjX3VIeUh0di1FWWdGaFIzWk9mazhPclNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBPg
MA0GCSqGSIb3DQEBCwUAA4IBAQC1YswXQtLzXMgRu/knwCxdur4P1c066F4ycRbK
OHXguTmmLNy/pLWxYc+axc6j+BsLFsB5rxQqHb9kSbajAKveEsYSIjbfDX1Yld/X
DrTUhu6M1PPMWZoCIugnrf0VYNUS1V353h9axm24DHcGn6LivKA6kr1R6FVb4lSL
S+rQHkeV6SFV48eWL7uUyy/y3HCwW9R6TL/LK35hMJjZ9hL/JQq5jzNudDfJcEJ/
ESOVovBYQAtsqpmRrLQVOp3Um/lDu+GIFSA0xiGVosZSQd5RF3Z6ngt3+C+gX1/5
3mxrbcFAYpcavk+JovdVZ9cNS17I6pXvWzIaM5nXuWPBvU9P
-----END CERTIFICATE-----