Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/fabba9-eeaa-42e3-8776-851a1f8bf180/1/RA7o9VaOmk4c7C0N34vxYqd8HLU.roa
File:                     RA7o9VaOmk4c7C0N34vxYqd8HLU.roa (raw, json)
Hash identifier:          8GkDsvnLbjWCWhtW2LiWmvGGjXBq+aX67xT40WiyzDc=
Subject key identifier:   44:0E:E8:F5:56:8E:9A:4E:1C:EC:2D:0D:DF:8B:F1:62:A7:7C:1C:B5
Certificate issuer:       /CN=5aa67ff34f94aefc3a54d5487c0b48b4dfba0c82
Certificate serial:       018CC727157332DE08234A4244F322571CB9
Authority key identifier: 5A:A6:7F:F3:4F:94:AE:FC:3A:54:D5:48:7C:0B:48:B4:DF:BA:0C:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WqZ_80-Urvw6VNVIfAtItN-6DII.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/fabba9-eeaa-42e3-8776-851a1f8bf180/1/RA7o9VaOmk4c7C0N34vxYqd8HLU.roa
Signing time:             Mon 01 Jan 2024 22:31:16 +0000
ROA not before:           Mon 01 Jan 2024 22:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210833
IP address blocks:        2001:67c:828::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/fabba9-eeaa-42e3-8776-851a1f8bf180/1/WqZ_80-Urvw6VNVIfAtItN-6DII.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/fabba9-eeaa-42e3-8776-851a1f8bf180/1/WqZ_80-Urvw6VNVIfAtItN-6DII.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WqZ_80-Urvw6VNVIfAtItN-6DII.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:15:73:32:de:08:23:4a:42:44:f3:22:57:1c:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5aa67ff34f94aefc3a54d5487c0b48b4dfba0c82
        Validity
            Not Before: Jan  1 22:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=440ee8f5568e9a4e1cec2d0ddf8bf162a77c1cb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:4f:6b:36:3f:f5:c7:e4:35:b1:c3:22:b1:af:
                    a9:dc:0d:b0:4e:cb:23:7c:67:91:bd:b6:b5:cb:bc:
                    79:dd:ed:fd:c2:cb:c9:4d:e0:b3:1e:d8:2d:19:68:
                    f7:53:53:e2:c6:07:40:2a:40:65:5d:49:e8:f7:f2:
                    1d:02:81:e0:3c:ce:91:39:65:48:03:0d:ae:0f:48:
                    b3:85:5a:aa:dd:2a:07:f7:23:e6:55:b6:29:a0:e6:
                    39:35:f5:b0:40:ae:06:67:43:29:d0:b8:9b:cd:0b:
                    fa:5f:e3:77:17:78:f4:1f:a9:d4:fa:60:7e:06:0d:
                    27:ae:a1:77:c2:bf:2e:38:d5:14:d7:38:19:b6:d7:
                    5b:fa:e6:9e:54:c2:3b:76:f7:38:1c:0b:82:5f:af:
                    f8:1f:71:3a:47:45:7f:fc:74:fc:40:45:51:1c:ab:
                    ea:96:aa:99:49:64:88:7e:43:4f:8e:47:3c:6b:9d:
                    07:19:a2:87:cd:3d:14:cf:94:22:99:16:1a:5a:45:
                    1b:82:4e:0c:80:a7:01:39:30:69:5a:6d:b5:95:c3:
                    33:84:7f:2b:23:cb:a9:72:80:01:2d:08:52:a6:b0:
                    ae:fd:50:be:ef:b2:d9:6d:d7:c4:54:01:4f:1d:c0:
                    4b:7c:44:57:d8:a8:a1:22:ab:7f:58:80:72:1c:d6:
                    41:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:0E:E8:F5:56:8E:9A:4E:1C:EC:2D:0D:DF:8B:F1:62:A7:7C:1C:B5
            X509v3 Authority Key Identifier:
                keyid:5A:A6:7F:F3:4F:94:AE:FC:3A:54:D5:48:7C:0B:48:B4:DF:BA:0C:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WqZ_80-Urvw6VNVIfAtItN-6DII.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/fabba9-eeaa-42e3-8776-851a1f8bf180/1/RA7o9VaOmk4c7C0N34vxYqd8HLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/fabba9-eeaa-42e3-8776-851a1f8bf180/1/WqZ_80-Urvw6VNVIfAtItN-6DII.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:828::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:6c:8e:35:72:a8:f8:ac:28:30:d6:f2:22:1f:27:6d:28:85:
         42:21:29:98:a3:eb:75:28:1f:18:c5:e6:82:17:79:67:34:ba:
         26:ba:fd:38:e7:14:2a:a7:30:a0:40:e6:11:14:53:3e:52:4e:
         5c:c2:22:04:70:d1:8c:95:dd:00:e0:9d:ff:c1:f7:86:9e:f3:
         b1:a4:d5:20:a0:87:d4:07:04:58:2f:21:56:ac:ad:9a:b2:dc:
         ec:51:4f:ab:1e:14:1b:74:9b:e7:3d:41:73:aa:e4:58:c7:44:
         cf:93:81:11:6d:a3:7b:8a:71:74:7d:0f:4d:82:75:1e:1a:8a:
         dd:cf:ef:cc:9a:7f:34:e8:9b:ad:bc:43:e4:b8:50:36:46:ef:
         b3:f7:62:c7:1b:e6:96:bf:79:49:22:35:6a:ae:46:bc:89:7a:
         b9:4a:0d:f4:3b:5c:d9:76:02:bb:a5:27:b0:d4:6d:f9:b1:71:
         ab:e3:c3:a9:88:d0:3e:b8:d3:6b:a9:ce:db:b3:76:4c:4a:54:
         02:f0:4a:3b:c7:46:a3:fd:48:a8:df:20:88:6d:48:56:4b:41:
         3b:24:58:fa:44:e2:d1:c9:0f:9f:42:0e:37:45:b7:ec:de:39:
         05:86:c5:a9:4e:b2:e3:4b:83:22:b0:e8:29:2a:4a:8e:1d:24:
         e2:84:54:d8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJxVzMt4II0pCRPMiVxy5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYTY3ZmYzNGY5NGFlZmMzYTU0ZDU0ODdjMGI0OGI0ZGZi
YTBjODIwHhcNMjQwMTAxMjIzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDBlZThmNTU2OGU5YTRlMWNlYzJkMGRkZjhiZjE2MmE3N2MxY2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2U9rNj/1x+Q1scMisa+p3A2wTssj
fGeRvba1y7x53e39wsvJTeCzHtgtGWj3U1PixgdAKkBlXUno9/IdAoHgPM6ROWVI
Aw2uD0izhVqq3SoH9yPmVbYpoOY5NfWwQK4GZ0Mp0LibzQv6X+N3F3j0H6nU+mB+
Bg0nrqF3wr8uONUU1zgZttdb+uaeVMI7dvc4HAuCX6/4H3E6R0V//HT8QEVRHKvq
lqqZSWSIfkNPjkc8a50HGaKHzT0Uz5QimRYaWkUbgk4MgKcBOTBpWm21lcMzhH8r
I8upcoABLQhSprCu/VC+77LZbdfEVAFPHcBLfERX2KihIqt/WIByHNZBrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEQO6PVWjppOHOwtDd+L8WKnfBy1MB8GA1UdIwQY
MBaAFFqmf/NPlK78OlTVSHwLSLTfugyCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3FaXzgwLVVydnc2Vk5WSWZBdEl0Ti02RElJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9mYWJiYTktZWVhYS00MmUzLTg3NzYt
ODUxYTFmOGJmMTgwLzEvUkE3bzlWYU9tazRjN0MwTjM0dnhZcWQ4SExVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9mYWJiYTktZWVhYS00MmUzLTg3NzYtODUxYTFmOGJmMTgw
LzEvV3FaXzgwLVVydnc2Vk5WSWZBdEl0Ti02RElJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAgo
MA0GCSqGSIb3DQEBCwUAA4IBAQA/bI41cqj4rCgw1vIiHydtKIVCISmYo+t1KB8Y
xeaCF3lnNLomuv045xQqpzCgQOYRFFM+Uk5cwiIEcNGMld0A4J3/wfeGnvOxpNUg
oIfUBwRYLyFWrK2astzsUU+rHhQbdJvnPUFzquRYx0TPk4ERbaN7inF0fQ9NgnUe
Gordz+/Mmn806JutvEPkuFA2Ru+z92LHG+aWv3lJIjVqrka8iXq5Sg30O1zZdgK7
pSew1G35sXGr48OpiNA+uNNrqc7bs3ZMSlQC8Eo7x0aj/Uio3yCIbUhWS0E7JFj6
ROLRyQ+fQg43Rbfs3jkFhsWpTrLjS4MisOgpKkqOHSTihFTY
-----END CERTIFICATE-----