Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/3d2894-32e9-4f02-a8b9-532ed2567e9b/1/0z0tKWHmziSfSEQt0eBtjDzH60k.roa
File:                     0z0tKWHmziSfSEQt0eBtjDzH60k.roa (raw, json)
Hash identifier:          jWPb5Vkgnt8XfN29aHUgoM6yf3pzpUEiLTu8PCha0iA=
Subject key identifier:   D3:3D:2D:29:61:E6:CE:24:9F:48:44:2D:D1:E0:6D:8C:3C:C7:EB:49
Certificate issuer:       /CN=06a4c18d2e20db64ff9db5292b379f538b76a151
Certificate serial:       018CC94DC405993D84B2E7E3376117B7DDF4
Authority key identifier: 06:A4:C1:8D:2E:20:DB:64:FF:9D:B5:29:2B:37:9F:53:8B:76:A1:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BqTBjS4g22T_nbUpKzefU4t2oVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/3d2894-32e9-4f02-a8b9-532ed2567e9b/1/0z0tKWHmziSfSEQt0eBtjDzH60k.roa
Signing time:             Tue 02 Jan 2024 08:32:46 +0000
ROA not before:           Tue 02 Jan 2024 08:32:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206402
IP address blocks:        2001:67c:990::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/3d2894-32e9-4f02-a8b9-532ed2567e9b/1/BqTBjS4g22T_nbUpKzefU4t2oVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/3d2894-32e9-4f02-a8b9-532ed2567e9b/1/BqTBjS4g22T_nbUpKzefU4t2oVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BqTBjS4g22T_nbUpKzefU4t2oVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 20:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:c4:05:99:3d:84:b2:e7:e3:37:61:17:b7:dd:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06a4c18d2e20db64ff9db5292b379f538b76a151
        Validity
            Not Before: Jan  2 08:32:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d33d2d2961e6ce249f48442dd1e06d8c3cc7eb49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:cb:c4:1a:13:f4:25:8a:f0:db:6a:cd:2a:fc:
                    1a:53:99:ae:f0:31:35:fc:98:ae:5b:14:9b:93:3e:
                    c8:57:7c:8e:66:28:91:ea:a3:95:6a:3e:a4:87:6b:
                    ce:7a:b0:6a:a1:b4:b9:80:bf:eb:f7:ce:9f:2e:3f:
                    88:4c:6c:1b:34:a8:64:33:41:05:e2:fb:25:a9:07:
                    84:5c:cb:12:92:f2:49:40:cc:13:17:da:3e:74:87:
                    06:30:e3:57:94:af:b1:d1:64:a8:67:0d:af:b9:af:
                    8a:55:f7:d0:fa:e2:0d:91:c5:be:b7:22:5c:d1:51:
                    a5:0f:76:1c:ca:af:1a:92:c5:28:91:f6:04:60:99:
                    24:c6:dd:b0:9a:09:6a:b0:78:d7:5f:20:ce:61:ba:
                    b8:65:61:54:4b:13:9c:2c:c5:3e:0f:93:a4:25:de:
                    f1:d7:48:03:e5:9a:c1:9e:ff:3d:05:49:a0:07:91:
                    2f:38:b8:36:69:1c:99:a1:fd:69:fb:6c:26:71:07:
                    a6:1b:a7:57:26:ed:8b:53:65:f4:73:9c:36:38:62:
                    ba:d3:60:e1:0e:ef:fd:e6:fb:b3:6b:fd:f1:71:6f:
                    32:54:0f:af:de:cc:c5:30:85:d9:60:9a:a2:c5:84:
                    39:1f:1a:9b:dc:93:43:39:56:b2:8e:7a:99:46:2d:
                    17:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:3D:2D:29:61:E6:CE:24:9F:48:44:2D:D1:E0:6D:8C:3C:C7:EB:49
            X509v3 Authority Key Identifier:
                keyid:06:A4:C1:8D:2E:20:DB:64:FF:9D:B5:29:2B:37:9F:53:8B:76:A1:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BqTBjS4g22T_nbUpKzefU4t2oVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/3d2894-32e9-4f02-a8b9-532ed2567e9b/1/0z0tKWHmziSfSEQt0eBtjDzH60k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/3d2894-32e9-4f02-a8b9-532ed2567e9b/1/BqTBjS4g22T_nbUpKzefU4t2oVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:990::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:c4:83:d5:93:dd:ee:55:64:b4:c4:93:2d:d7:3c:e1:8c:9b:
         b4:03:75:58:78:19:5e:80:60:49:58:62:88:a6:bf:48:b7:e2:
         19:98:86:0f:05:a8:6b:0d:6a:ca:fb:72:5b:5e:8b:28:3c:3e:
         6d:61:82:ec:df:7f:b9:35:a3:bf:03:85:92:70:37:c6:ff:3b:
         28:ac:27:d5:e9:c7:72:d3:3c:22:05:32:33:31:ea:41:af:a1:
         47:72:84:f2:d5:b8:8c:3f:51:4a:e4:66:03:00:8d:1a:e8:aa:
         af:87:88:b6:d7:e4:33:8c:f4:f6:f9:39:7f:ec:4b:14:1d:fa:
         d4:10:f6:0f:9f:4b:6b:71:57:58:7d:39:a0:96:16:ee:74:bc:
         ac:7b:74:bf:e8:78:f7:8b:0d:60:7f:d0:06:40:59:fe:4a:0a:
         c4:cf:12:05:e9:f8:3d:0c:41:ae:1a:81:d7:fc:2b:6e:37:4e:
         c6:d2:d1:95:06:4e:71:b1:32:73:c1:17:c1:e6:e6:7f:eb:2f:
         1f:62:14:c2:d4:b8:9e:c6:0c:5e:d5:23:bc:bb:26:77:1f:5c:
         4a:d1:be:2e:75:db:f0:be:bb:62:37:52:78:6c:bd:ef:42:7f:
         d1:b3:a5:2f:31:c2:28:0f:8f:fb:07:af:98:40:40:b4:b1:d5:
         83:17:be:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTcQFmT2EsufjN2EXt930MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YTRjMThkMmUyMGRiNjRmZjlkYjUyOTJiMzc5ZjUzOGI3
NmExNTEwHhcNMjQwMTAyMDgzMjQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzNkMmQyOTYxZTZjZTI0OWY0ODQ0MmRkMWUwNmQ4YzNjYzdlYjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtsvEGhP0JYrw22rNKvwaU5mu8DE1
/JiuWxSbkz7IV3yOZiiR6qOVaj6kh2vOerBqobS5gL/r986fLj+ITGwbNKhkM0EF
4vslqQeEXMsSkvJJQMwTF9o+dIcGMONXlK+x0WSoZw2vua+KVffQ+uINkcW+tyJc
0VGlD3Ycyq8aksUokfYEYJkkxt2wmglqsHjXXyDOYbq4ZWFUSxOcLMU+D5OkJd7x
10gD5ZrBnv89BUmgB5EvOLg2aRyZof1p+2wmcQemG6dXJu2LU2X0c5w2OGK602Dh
Du/95vuza/3xcW8yVA+v3szFMIXZYJqixYQ5Hxqb3JNDOVayjnqZRi0XAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNM9LSlh5s4kn0hELdHgbYw8x+tJMB8GA1UdIwQY
MBaAFAakwY0uINtk/521KSs3n1OLdqFRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnFUQmpTNGcyMlRfbmJVcEt6ZWZVNHQyb1ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8zZDI4OTQtMzJlOS00ZjAyLWE4Yjkt
NTMyZWQyNTY3ZTliLzEvMHowdEtXSG16aVNmU0VRdDBlQnRqRHpINjBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8zZDI4OTQtMzJlOS00ZjAyLWE4YjktNTMyZWQyNTY3ZTli
LzEvQnFUQmpTNGcyMlRfbmJVcEt6ZWZVNHQyb1ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAmQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAcxIPVk93uVWS0xJMt1zzhjJu0A3VYeBlegGBJ
WGKIpr9It+IZmIYPBahrDWrK+3JbXosoPD5tYYLs33+5NaO/A4WScDfG/zsorCfV
6cdy0zwiBTIzMepBr6FHcoTy1biMP1FK5GYDAI0a6Kqvh4i21+QzjPT2+Tl/7EsU
HfrUEPYPn0trcVdYfTmglhbudLyse3S/6Hj3iw1gf9AGQFn+SgrEzxIF6fg9DEGu
GoHX/CtuN07G0tGVBk5xsTJzwRfB5uZ/6y8fYhTC1Liexgxe1SO8uyZ3H1xK0b4u
ddvwvrtiN1J4bL3vQn/Rs6UvMcIoD4/7B6+YQEC0sdWDF76z
-----END CERTIFICATE-----