Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/547580-38fa-47c5-9a6c-4baf0c85fbdf/1/b2YoIvFz1gmBcayQiOG1sFBCna8.roa
File:                     b2YoIvFz1gmBcayQiOG1sFBCna8.roa (raw, json)
Hash identifier:          4+Eavwsx0FcmT+IvAlJeVTf7SpjIy89WxSmWwaLUySY=
Subject key identifier:   6F:66:28:22:F1:73:D6:09:81:71:AC:90:88:E1:B5:B0:50:42:9D:AF
Certificate issuer:       /CN=3d361ba1d6be589f9a69d5d06274caba7897b24f
Certificate serial:       018CC500E406EDE7BE78C8FA8E3A8557F141
Authority key identifier: 3D:36:1B:A1:D6:BE:58:9F:9A:69:D5:D0:62:74:CA:BA:78:97:B2:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PTYboda-WJ-aadXQYnTKuniXsk8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/547580-38fa-47c5-9a6c-4baf0c85fbdf/1/b2YoIvFz1gmBcayQiOG1sFBCna8.roa
Signing time:             Mon 01 Jan 2024 12:30:19 +0000
ROA not before:           Mon 01 Jan 2024 12:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210623
IP address blocks:        2001:67c:9e4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/547580-38fa-47c5-9a6c-4baf0c85fbdf/1/PTYboda-WJ-aadXQYnTKuniXsk8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/547580-38fa-47c5-9a6c-4baf0c85fbdf/1/PTYboda-WJ-aadXQYnTKuniXsk8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PTYboda-WJ-aadXQYnTKuniXsk8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:e4:06:ed:e7:be:78:c8:fa:8e:3a:85:57:f1:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d361ba1d6be589f9a69d5d06274caba7897b24f
        Validity
            Not Before: Jan  1 12:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f662822f173d6098171ac9088e1b5b050429daf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:94:54:09:92:48:ad:d3:ea:91:1d:3a:83:8d:
                    f6:7f:54:3c:ce:29:09:1e:90:6a:d9:d9:24:35:50:
                    df:83:a2:e1:0f:80:4a:f4:ae:32:06:ea:f6:4b:77:
                    12:e1:96:38:82:5e:e8:68:da:16:20:88:f6:21:be:
                    87:3f:ea:ac:1b:48:df:ed:4f:22:8f:91:80:d5:bb:
                    b1:25:e4:c9:26:79:b2:05:23:fa:58:3c:d5:96:96:
                    ee:fa:c9:73:90:fa:ee:75:55:a5:ee:e5:c6:6a:6f:
                    63:7a:7f:69:62:bb:85:5c:ca:be:fd:ab:d9:aa:5d:
                    34:82:69:70:f5:a8:61:88:a4:13:b9:87:a4:8d:e7:
                    6a:3d:c0:b2:f4:5f:db:a8:ab:7f:85:e6:f4:8e:74:
                    cf:9f:ce:83:b7:7f:5c:89:2b:00:78:db:06:7b:27:
                    8b:71:6f:ab:38:27:7a:22:2c:d6:ea:cb:d3:ed:7f:
                    bf:70:56:50:0b:4b:56:db:b8:85:7e:29:af:e2:84:
                    69:5d:3f:6a:6a:b7:60:0b:1b:21:0b:c3:5a:cf:be:
                    bb:24:bf:c0:18:c4:d2:75:02:70:e1:88:ba:71:77:
                    27:33:78:20:12:2d:67:8d:9f:cd:86:f3:1d:f4:4b:
                    e1:c4:3e:4e:1b:2f:27:0c:81:f0:4c:ac:fd:99:48:
                    15:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:66:28:22:F1:73:D6:09:81:71:AC:90:88:E1:B5:B0:50:42:9D:AF
            X509v3 Authority Key Identifier:
                keyid:3D:36:1B:A1:D6:BE:58:9F:9A:69:D5:D0:62:74:CA:BA:78:97:B2:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PTYboda-WJ-aadXQYnTKuniXsk8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/547580-38fa-47c5-9a6c-4baf0c85fbdf/1/b2YoIvFz1gmBcayQiOG1sFBCna8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/547580-38fa-47c5-9a6c-4baf0c85fbdf/1/PTYboda-WJ-aadXQYnTKuniXsk8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:9e4::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:b5:20:19:4d:39:e6:50:10:a7:e1:e3:59:d7:ef:03:61:e6:
         bb:05:de:e3:15:1f:82:32:ed:6d:79:bf:14:3e:a9:15:26:c7:
         e6:05:e4:38:33:75:9a:2e:5f:a2:df:89:af:07:7b:89:1c:88:
         81:32:b1:f5:ab:fb:6f:25:e0:fb:87:e7:b7:a0:67:e9:b2:d8:
         c8:1c:a2:3c:b3:e6:55:ca:db:e9:6b:b1:1c:ad:fe:25:93:bc:
         ae:70:b2:62:de:ce:d9:34:55:f4:11:d6:8a:e6:35:6d:f8:fb:
         1b:32:29:2a:bf:17:e1:75:51:64:51:1b:fc:ad:ba:55:6b:57:
         e0:aa:6b:36:b6:39:ae:7e:3a:94:9f:45:15:c1:65:51:2e:59:
         a2:15:08:ac:70:a9:a2:0c:7c:3d:e9:67:9e:d6:9e:d7:c1:56:
         d3:72:f5:b4:c2:17:b6:22:f8:ea:de:19:43:5d:1f:0e:21:52:
         5b:3d:6c:ca:0e:be:f5:c7:ec:37:70:d7:12:d3:73:51:c6:24:
         cc:66:4a:4b:34:a5:8e:ea:7a:e5:9b:a5:f9:ff:a5:7e:e2:d9:
         15:aa:84:f1:53:48:97:cc:bf:09:26:b8:cb:57:63:d0:04:ab:
         94:00:d0:96:0b:20:fe:69:2b:f1:15:99:4a:1f:fa:26:23:78:
         59:e1:20:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAOQG7ee+eMj6jjqFV/FBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMzYxYmExZDZiZTU4OWY5YTY5ZDVkMDYyNzRjYWJhNzg5
N2IyNGYwHhcNMjQwMTAxMTIzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjY2MjgyMmYxNzNkNjA5ODE3MWFjOTA4OGUxYjViMDUwNDI5ZGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpRUCZJIrdPqkR06g432f1Q8zikJ
HpBq2dkkNVDfg6LhD4BK9K4yBur2S3cS4ZY4gl7oaNoWIIj2Ib6HP+qsG0jf7U8i
j5GA1buxJeTJJnmyBSP6WDzVlpbu+slzkPrudVWl7uXGam9jen9pYruFXMq+/avZ
ql00gmlw9ahhiKQTuYekjedqPcCy9F/bqKt/heb0jnTPn86Dt39ciSsAeNsGeyeL
cW+rOCd6IizW6svT7X+/cFZQC0tW27iFfimv4oRpXT9qardgCxshC8Naz767JL/A
GMTSdQJw4Yi6cXcnM3ggEi1njZ/NhvMd9EvhxD5OGy8nDIHwTKz9mUgVBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG9mKCLxc9YJgXGskIjhtbBQQp2vMB8GA1UdIwQY
MBaAFD02G6HWvlifmmnV0GJ0yrp4l7JPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFRZYm9kYS1XSi1hYWRYUVluVEt1bmlYc2s4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi81NDc1ODAtMzhmYS00N2M1LTlhNmMt
NGJhZjBjODVmYmRmLzEvYjJZb0l2RnoxZ21CY2F5UWlPRzFzRkJDbmE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi81NDc1ODAtMzhmYS00N2M1LTlhNmMtNGJhZjBjODVmYmRm
LzEvUFRZYm9kYS1XSi1hYWRYUVluVEt1bmlYc2s4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAnk
MA0GCSqGSIb3DQEBCwUAA4IBAQBptSAZTTnmUBCn4eNZ1+8DYea7Bd7jFR+CMu1t
eb8UPqkVJsfmBeQ4M3WaLl+i34mvB3uJHIiBMrH1q/tvJeD7h+e3oGfpstjIHKI8
s+ZVytvpa7Ecrf4lk7yucLJi3s7ZNFX0EdaK5jVt+PsbMikqvxfhdVFkURv8rbpV
a1fgqms2tjmufjqUn0UVwWVRLlmiFQiscKmiDHw96Wee1p7XwVbTcvW0whe2Ivjq
3hlDXR8OIVJbPWzKDr71x+w3cNcS03NRxiTMZkpLNKWO6nrlm6X5/6V+4tkVqoTx
U0iXzL8JJrjLV2PQBKuUANCWCyD+aSvxFZlKH/omI3hZ4SBL
-----END CERTIFICATE-----