Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/853ee3-3a4f-4d95-9bdb-b03c2fbdc644/1/UxQQ9SYXXIdOObljXXdHtZVkPFU.roa
File:                     UxQQ9SYXXIdOObljXXdHtZVkPFU.roa (raw, json)
Hash identifier:          Df7g7g8+AwzfMs0S5tYaMpm2kSRIcFemjFuwb93Arcs=
Subject key identifier:   53:14:10:F5:26:17:5C:87:4E:39:B9:63:5D:77:47:B5:95:64:3C:55
Certificate issuer:       /CN=ee0739d0528dcb4fce578d11f7ec34b0e37452cf
Certificate serial:       018CC4936A58DADA0FD04B66C8805E4B1584
Authority key identifier: EE:07:39:D0:52:8D:CB:4F:CE:57:8D:11:F7:EC:34:B0:E3:74:52:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7gc50FKNy0_OV40R9-w0sON0Us8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/853ee3-3a4f-4d95-9bdb-b03c2fbdc644/1/UxQQ9SYXXIdOObljXXdHtZVkPFU.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        2001:67c:17fc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/853ee3-3a4f-4d95-9bdb-b03c2fbdc644/1/7gc50FKNy0_OV40R9-w0sON0Us8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/853ee3-3a4f-4d95-9bdb-b03c2fbdc644/1/7gc50FKNy0_OV40R9-w0sON0Us8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7gc50FKNy0_OV40R9-w0sON0Us8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6a:58:da:da:0f:d0:4b:66:c8:80:5e:4b:15:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee0739d0528dcb4fce578d11f7ec34b0e37452cf
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=531410f526175c874e39b9635d7747b595643c55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e5:d5:18:a0:ba:5a:b6:0c:87:1a:67:31:90:
                    88:cb:61:b6:9d:c4:a4:d1:01:21:9a:4c:6a:0e:a3:
                    19:14:9a:80:82:7c:04:b7:25:d5:1f:a4:b5:f5:51:
                    b5:66:24:24:3f:16:9a:d0:85:27:65:0e:45:8f:6c:
                    11:fa:26:38:93:d6:46:05:e1:d9:ad:21:e1:0b:21:
                    2f:4a:cb:4d:c3:3e:d3:cd:83:fb:09:be:b4:6e:c5:
                    b4:e6:f8:e0:71:e8:f2:0c:20:74:ee:26:23:45:c8:
                    b9:17:60:b5:13:5e:f0:e4:03:b8:80:61:da:c0:f0:
                    5e:6d:b8:8e:b1:ac:b0:66:74:c5:f6:23:46:04:89:
                    de:c7:4a:cf:19:94:ff:93:c3:07:7e:72:ae:8c:2c:
                    54:21:72:d5:81:36:d1:79:28:0f:1f:38:e0:d3:b8:
                    bb:f6:21:f1:75:87:4a:8b:90:7b:34:4e:3b:3a:22:
                    c0:d7:5f:d5:50:a8:a4:d1:6d:78:48:51:a0:16:18:
                    ec:84:76:ae:83:61:1b:ca:30:ce:e2:1a:3e:81:1d:
                    bb:37:ef:e8:46:8b:9b:64:48:56:17:24:68:47:cd:
                    29:b9:b8:bc:98:b7:15:36:10:44:43:c7:9e:28:9e:
                    d0:8b:b8:46:ba:66:0c:f7:b0:4a:32:5a:38:b1:92:
                    23:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:14:10:F5:26:17:5C:87:4E:39:B9:63:5D:77:47:B5:95:64:3C:55
            X509v3 Authority Key Identifier:
                keyid:EE:07:39:D0:52:8D:CB:4F:CE:57:8D:11:F7:EC:34:B0:E3:74:52:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7gc50FKNy0_OV40R9-w0sON0Us8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/853ee3-3a4f-4d95-9bdb-b03c2fbdc644/1/UxQQ9SYXXIdOObljXXdHtZVkPFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/853ee3-3a4f-4d95-9bdb-b03c2fbdc644/1/7gc50FKNy0_OV40R9-w0sON0Us8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:17fc::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:50:5c:54:42:08:d0:78:ec:1b:c5:5a:a9:c9:8f:30:a3:cd:
         f4:01:13:72:1b:cd:e3:21:7f:64:8b:20:d7:21:d7:cf:3f:2e:
         fc:c1:3f:b3:ff:a8:63:a2:1a:94:cd:76:ae:c7:1b:8a:ff:d7:
         f6:53:27:d3:9b:98:e8:f8:24:93:d9:66:c7:02:a2:91:0f:55:
         4f:59:dd:e9:f1:02:55:f9:59:ec:29:34:30:6a:19:8b:35:c2:
         94:21:c9:ac:96:0e:d0:a7:0c:07:26:86:72:90:af:bd:07:72:
         a6:c5:84:01:42:25:9d:80:e2:11:64:01:e1:bf:3b:28:0e:9a:
         fd:e7:28:d9:47:65:7d:eb:fb:49:62:62:d7:07:92:f9:93:0f:
         56:22:9d:b2:ce:f8:5f:b1:f9:a2:6f:fa:e0:57:d4:98:9c:39:
         34:1d:fb:25:59:56:a0:44:e4:9a:b8:7a:a0:6c:43:b2:b0:33:
         de:a9:39:1b:ac:6a:3e:b2:b7:58:27:c8:ca:83:50:7c:70:7d:
         26:bb:83:f7:92:b4:c5:7e:2a:78:51:27:03:d8:8a:c3:86:a0:
         c8:d6:dd:13:c6:92:b0:0d:b2:a1:59:b0:e6:69:63:de:97:0a:
         3f:34:d1:e9:0d:e0:eb:d7:08:4b:a6:20:f5:48:e8:01:8f:d1:
         3f:19:ca:c7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk2pY2toP0EtmyIBeSxWEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMDczOWQwNTI4ZGNiNGZjZTU3OGQxMWY3ZWMzNGIwZTM3
NDUyY2YwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzE0MTBmNTI2MTc1Yzg3NGUzOWI5NjM1ZDc3NDdiNTk1NjQzYzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAneXVGKC6WrYMhxpnMZCIy2G2ncSk
0QEhmkxqDqMZFJqAgnwEtyXVH6S19VG1ZiQkPxaa0IUnZQ5Fj2wR+iY4k9ZGBeHZ
rSHhCyEvSstNwz7TzYP7Cb60bsW05vjgcejyDCB07iYjRci5F2C1E17w5AO4gGHa
wPBebbiOsaywZnTF9iNGBInex0rPGZT/k8MHfnKujCxUIXLVgTbReSgPHzjg07i7
9iHxdYdKi5B7NE47OiLA11/VUKik0W14SFGgFhjshHaug2EbyjDO4ho+gR27N+/o
RoubZEhWFyRoR80pubi8mLcVNhBEQ8eeKJ7Qi7hGumYM97BKMlo4sZIjBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFMUEPUmF1yHTjm5Y113R7WVZDxVMB8GA1UdIwQY
MBaAFO4HOdBSjctPzleNEffsNLDjdFLPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2djNTBGS055MF9PVjQwUjktdzBzT04wVXM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni84NTNlZTMtM2E0Zi00ZDk1LTliZGIt
YjAzYzJmYmRjNjQ0LzEvVXhRUTlTWVhYSWRPT2JsalhYZEh0WlZrUEZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni84NTNlZTMtM2E0Zi00ZDk1LTliZGItYjAzYzJmYmRjNjQ0
LzEvN2djNTBGS055MF9PVjQwUjktdzBzT04wVXM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBf8
MA0GCSqGSIb3DQEBCwUAA4IBAQA+UFxUQgjQeOwbxVqpyY8wo830ARNyG83jIX9k
iyDXIdfPPy78wT+z/6hjohqUzXauxxuK/9f2UyfTm5jo+CST2WbHAqKRD1VPWd3p
8QJV+VnsKTQwahmLNcKUIcmslg7QpwwHJoZykK+9B3KmxYQBQiWdgOIRZAHhvzso
Dpr95yjZR2V96/tJYmLXB5L5kw9WIp2yzvhfsfmib/rgV9SYnDk0HfslWVagROSa
uHqgbEOysDPeqTkbrGo+srdYJ8jKg1B8cH0mu4P3krTFfip4UScD2IrDhqDI1t0T
xpKwDbKhWbDmaWPelwo/NNHpDeDr1whLpiD1SOgBj9E/GcrH
-----END CERTIFICATE-----