Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/qP64VpuSIppLb1vh70EOv62wZH4.roa
File:                     qP64VpuSIppLb1vh70EOv62wZH4.roa (raw, json)
Hash identifier:          7aPcDNpGWyLeskQDiuUSlVlOlmSteKrHfdRU1dsI4fQ=
Subject key identifier:   A8:FE:B8:56:9B:92:22:9A:4B:6F:5B:E1:EF:41:0E:BF:AD:B0:64:7E
Certificate issuer:       /CN=a378118db05e4c93e76fa1f1c95679c705beb208
Certificate serial:       018CC56E1B28071DF1DAE8E7695BB2A6E6A5
Authority key identifier: A3:78:11:8D:B0:5E:4C:93:E7:6F:A1:F1:C9:56:79:C7:05:BE:B2:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/qP64VpuSIppLb1vh70EOv62wZH4.roa
Signing time:             Mon 01 Jan 2024 14:29:36 +0000
ROA not before:           Mon 01 Jan 2024 14:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15435
IP address blocks:        2001:67c:2ef0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1b:28:07:1d:f1:da:e8:e7:69:5b:b2:a6:e6:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a378118db05e4c93e76fa1f1c95679c705beb208
        Validity
            Not Before: Jan  1 14:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8feb8569b92229a4b6f5be1ef410ebfadb0647e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:33:07:4c:e6:92:42:d9:c9:5a:07:d0:d4:e5:
                    ad:5e:b9:b3:12:47:7d:6a:a5:13:c1:85:a0:44:90:
                    fa:85:71:12:9d:76:f4:fe:2a:3f:90:5f:66:d5:a9:
                    53:dc:c1:c4:a3:d4:b8:df:5c:43:cc:7b:f7:c0:b4:
                    ad:2b:5c:c8:6e:1f:60:69:09:cb:41:65:ef:ba:7a:
                    bb:e3:2a:79:33:ce:97:0e:b6:98:49:33:a2:9b:0e:
                    50:6d:67:c1:55:6e:5d:d5:7a:40:63:1b:01:1d:ea:
                    cf:2a:d7:75:e6:dc:ac:5c:e3:e2:35:c5:37:9a:c7:
                    76:8b:05:c5:21:2a:b2:18:57:0e:a7:b7:39:1c:4a:
                    4f:f9:b5:0c:0b:62:26:36:44:87:77:50:7d:2a:03:
                    ac:eb:27:32:02:8e:71:a8:2c:2c:a7:95:e7:fe:5e:
                    4f:60:1e:e0:cc:b0:ba:2e:ad:89:87:13:a3:97:a9:
                    20:06:d2:a9:c2:25:d6:9f:ca:f3:9b:1a:2e:1c:46:
                    d2:1a:a2:9e:88:99:3e:23:3f:f3:2b:2f:b1:a3:db:
                    54:80:a9:8c:53:f4:ba:55:07:38:e5:81:82:15:2a:
                    0e:59:42:c7:70:43:12:83:e1:ad:f0:f8:21:a2:f8:
                    fb:54:c6:74:05:ef:f9:fb:cb:d4:28:01:f4:f9:0b:
                    45:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:FE:B8:56:9B:92:22:9A:4B:6F:5B:E1:EF:41:0E:BF:AD:B0:64:7E
            X509v3 Authority Key Identifier:
                keyid:A3:78:11:8D:B0:5E:4C:93:E7:6F:A1:F1:C9:56:79:C7:05:BE:B2:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/qP64VpuSIppLb1vh70EOv62wZH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2ef0::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:bd:84:4a:2e:d9:1e:51:99:68:69:98:90:73:a7:79:3e:7b:
         31:fc:58:23:1c:47:ef:a3:84:89:55:5f:f7:e2:15:57:a2:4d:
         e3:33:1c:38:8b:00:61:2f:e7:24:47:d0:c4:ac:0d:79:d6:2a:
         3d:a4:73:42:56:06:d5:a6:79:6c:d8:43:1f:ea:8a:23:56:42:
         2f:53:4c:f6:6f:7b:ef:ad:df:64:07:b6:86:3e:18:47:3e:4a:
         d1:b7:2f:94:28:9d:4b:6f:78:23:ce:ee:f4:25:8b:27:9b:67:
         81:4a:fb:b3:20:4c:b4:b5:8d:79:6f:bf:46:6b:38:af:6e:ae:
         2b:f1:c5:50:40:6c:68:a6:8b:79:84:2a:cd:f9:89:5e:e5:84:
         3c:ae:4b:6b:50:24:6e:f6:96:bf:53:cd:a2:83:2f:61:78:15:
         3d:d5:b7:53:50:8e:b5:00:50:04:52:c1:e7:d1:8b:d1:de:3c:
         da:f9:1b:80:5c:dc:6f:8a:54:0e:62:0e:ae:c3:81:73:86:d6:
         97:7b:68:cc:75:36:4d:6d:3c:fe:1e:09:7e:42:f3:af:de:b3:
         bb:95:b0:16:40:78:62:bf:d7:95:a0:34:7c:cb:12:e3:c2:dc:
         57:33:48:4d:71:7f:f0:1e:f0:37:37:35:c6:31:cd:af:de:c1:
         68:f8:6e:73
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbhsoBx3x2ujnaVuypualMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNzgxMThkYjA1ZTRjOTNlNzZmYTFmMWM5NTY3OWM3MDVi
ZWIyMDgwHhcNMjQwMTAxMTQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGZlYjg1NjliOTIyMjlhNGI2ZjViZTFlZjQxMGViZmFkYjA2NDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljMHTOaSQtnJWgfQ1OWtXrmzEkd9
aqUTwYWgRJD6hXESnXb0/io/kF9m1alT3MHEo9S431xDzHv3wLStK1zIbh9gaQnL
QWXvunq74yp5M86XDraYSTOimw5QbWfBVW5d1XpAYxsBHerPKtd15tysXOPiNcU3
msd2iwXFISqyGFcOp7c5HEpP+bUMC2ImNkSHd1B9KgOs6ycyAo5xqCwsp5Xn/l5P
YB7gzLC6Lq2JhxOjl6kgBtKpwiXWn8rzmxouHEbSGqKeiJk+Iz/zKy+xo9tUgKmM
U/S6VQc45YGCFSoOWULHcEMSg+Gt8Pghovj7VMZ0Be/5+8vUKAH0+QtFvQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKj+uFabkiKaS29b4e9BDr+tsGR+MB8GA1UdIwQY
MBaAFKN4EY2wXkyT52+h8clWeccFvrIIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzNnUmpiQmVUSlBuYjZIeHlWWjV4d1ctc2dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8wZjM1NWEtM2EwYS00NmVjLWIwN2Yt
ODY2NjA3YWYyZmE1LzEvcVA2NFZwdVNJcHBMYjF2aDcwRU92NjJ3Wkg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8wZjM1NWEtM2EwYS00NmVjLWIwN2YtODY2NjA3YWYyZmE1
LzEvbzNnUmpiQmVUSlBuYjZIeHlWWjV4d1ctc2dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC7w
MA0GCSqGSIb3DQEBCwUAA4IBAQCFvYRKLtkeUZloaZiQc6d5Pnsx/FgjHEfvo4SJ
VV/34hVXok3jMxw4iwBhL+ckR9DErA151io9pHNCVgbVpnls2EMf6oojVkIvU0z2
b3vvrd9kB7aGPhhHPkrRty+UKJ1Lb3gjzu70JYsnm2eBSvuzIEy0tY15b79Gaziv
bq4r8cVQQGxopot5hCrN+Yle5YQ8rktrUCRu9pa/U82igy9heBU91bdTUI61AFAE
UsHn0YvR3jza+RuAXNxvilQOYg6uw4FzhtaXe2jMdTZNbTz+Hgl+QvOv3rO7lbAW
QHhiv9eVoDR8yxLjwtxXM0hNcX/wHvA3NzXGMc2v3sFo+G5z
-----END CERTIFICATE-----