Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/5f113c-ffcb-498c-b04e-91de9f1dec2d/1/CCcqkF1Sdfcm7VcAN4Yhcrth0zg.roa
File:                     CCcqkF1Sdfcm7VcAN4Yhcrth0zg.roa (raw, json)
Hash identifier:          4npCwAiaBERfZADIT2iUlOb348ckfj0B7lXGGzoyxgA=
Subject key identifier:   08:27:2A:90:5D:52:75:F7:26:ED:57:00:37:86:21:72:BB:61:D3:38
Certificate issuer:       /CN=08315aad59b4a161a63f925bd714f56c7dec6a8e
Certificate serial:       018CC726FFD612061878B9E1ADD68CA5073D
Authority key identifier: 08:31:5A:AD:59:B4:A1:61:A6:3F:92:5B:D7:14:F5:6C:7D:EC:6A:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDFarVm0oWGmP5Jb1xT1bH3sao4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/5f113c-ffcb-498c-b04e-91de9f1dec2d/1/CCcqkF1Sdfcm7VcAN4Yhcrth0zg.roa
Signing time:             Mon 01 Jan 2024 22:31:10 +0000
ROA not before:           Mon 01 Jan 2024 22:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199591
IP address blocks:        2001:67c:bf4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/5f113c-ffcb-498c-b04e-91de9f1dec2d/1/CDFarVm0oWGmP5Jb1xT1bH3sao4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/5f113c-ffcb-498c-b04e-91de9f1dec2d/1/CDFarVm0oWGmP5Jb1xT1bH3sao4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDFarVm0oWGmP5Jb1xT1bH3sao4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 04:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ff:d6:12:06:18:78:b9:e1:ad:d6:8c:a5:07:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08315aad59b4a161a63f925bd714f56c7dec6a8e
        Validity
            Not Before: Jan  1 22:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08272a905d5275f726ed570037862172bb61d338
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:5e:61:6b:f4:28:73:22:54:ce:a7:cb:fb:09:
                    19:47:b4:ea:60:09:b0:35:b8:71:6e:68:61:5f:62:
                    12:dc:57:cf:a5:c9:d8:a9:4b:77:49:2e:41:24:69:
                    0f:3d:b2:8a:6a:c6:dd:d3:f0:73:6c:85:fa:89:9f:
                    e9:3b:e8:35:f6:60:8c:2b:d0:d6:57:d2:e5:58:03:
                    24:1f:ac:44:5b:0f:0e:55:b3:29:0f:50:3b:fe:71:
                    11:b9:8c:43:43:65:cf:47:d1:a0:34:25:dd:85:77:
                    11:7e:21:46:2c:30:1f:12:b5:66:4f:70:38:8a:9b:
                    69:68:19:2b:f0:06:ed:e9:5e:65:1e:c1:f3:4c:a6:
                    80:b1:0d:81:cb:92:5b:6e:a3:03:b2:f3:3b:c3:3a:
                    6f:57:66:44:b4:9d:3d:56:f7:25:c5:a8:93:71:6d:
                    c6:6e:b0:fa:3c:75:cd:ce:ed:e4:ac:33:a8:93:9c:
                    51:65:08:2a:9b:13:08:88:42:6a:ce:cb:b4:92:f7:
                    51:9f:df:65:ec:2e:f2:c3:e6:ef:cb:c3:98:11:90:
                    e3:81:b5:91:0f:e4:17:9f:2a:a0:a9:9f:5e:4d:77:
                    85:0a:73:ab:bb:9a:83:db:fa:04:15:29:b8:15:66:
                    1e:9d:7f:86:09:10:e0:9a:30:4f:d8:06:00:58:4a:
                    1e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:27:2A:90:5D:52:75:F7:26:ED:57:00:37:86:21:72:BB:61:D3:38
            X509v3 Authority Key Identifier:
                keyid:08:31:5A:AD:59:B4:A1:61:A6:3F:92:5B:D7:14:F5:6C:7D:EC:6A:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDFarVm0oWGmP5Jb1xT1bH3sao4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/5f113c-ffcb-498c-b04e-91de9f1dec2d/1/CCcqkF1Sdfcm7VcAN4Yhcrth0zg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/5f113c-ffcb-498c-b04e-91de9f1dec2d/1/CDFarVm0oWGmP5Jb1xT1bH3sao4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:bf4::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:3f:41:35:52:8b:bd:74:62:50:aa:45:4a:2a:de:ea:f3:cf:
         bd:a2:09:27:76:5e:ae:44:5c:31:11:c9:54:e0:d8:5f:75:91:
         7f:43:8c:5c:00:04:42:91:43:36:f3:ed:34:e4:64:2f:34:e5:
         b9:63:b9:a7:b2:e2:ee:3c:8c:f7:30:13:bf:9d:c8:0b:47:7c:
         e0:d3:8d:44:fd:0b:d0:9c:ae:da:f2:60:a9:30:c5:2a:cb:3a:
         ec:7b:6f:c4:e3:2b:10:38:ea:b0:ce:13:07:30:0e:ef:ec:a8:
         57:09:bd:88:7c:c1:2b:12:a3:e5:f0:f9:0d:9d:c0:7e:01:8b:
         2c:65:9b:c2:a6:9e:3b:2a:38:35:43:2b:20:3c:c9:cc:35:20:
         01:5e:dd:a8:85:f8:f0:46:ab:f6:ff:de:d5:9d:59:7b:d2:a1:
         21:4f:57:22:6c:dc:42:d1:7f:b8:42:5f:0a:94:47:51:34:a2:
         8d:e9:be:db:91:bc:a6:a5:84:ca:19:dc:ec:4a:c1:f4:88:46:
         a3:91:26:d7:96:5d:e0:04:e2:b4:2c:b5:01:b3:6d:fb:2a:40:
         a3:40:e6:0b:e6:31:85:79:7b:05:55:ad:8e:2a:b7:ea:e6:fd:
         9d:b7:15:03:74:cf:a4:9c:db:cc:13:7b:e6:63:05:30:ab:e9:
         22:5f:23:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJv/WEgYYeLnhrdaMpQc9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzE1YWFkNTliNGExNjFhNjNmOTI1YmQ3MTRmNTZjN2Rl
YzZhOGUwHhcNMjQwMTAxMjIzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODI3MmE5MDVkNTI3NWY3MjZlZDU3MDAzNzg2MjE3MmJiNjFkMzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnl5ha/QocyJUzqfL+wkZR7TqYAmw
NbhxbmhhX2IS3FfPpcnYqUt3SS5BJGkPPbKKasbd0/BzbIX6iZ/pO+g19mCMK9DW
V9LlWAMkH6xEWw8OVbMpD1A7/nERuYxDQ2XPR9GgNCXdhXcRfiFGLDAfErVmT3A4
iptpaBkr8Abt6V5lHsHzTKaAsQ2By5JbbqMDsvM7wzpvV2ZEtJ09VvclxaiTcW3G
brD6PHXNzu3krDOok5xRZQgqmxMIiEJqzsu0kvdRn99l7C7yw+bvy8OYEZDjgbWR
D+QXnyqgqZ9eTXeFCnOru5qD2/oEFSm4FWYenX+GCRDgmjBP2AYAWEoeqQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAgnKpBdUnX3Ju1XADeGIXK7YdM4MB8GA1UdIwQY
MBaAFAgxWq1ZtKFhpj+SW9cU9Wx97GqOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RGYXJWbTBvV0dtUDVKYjF4VDFiSDNzYW80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS81ZjExM2MtZmZjYi00OThjLWIwNGUt
OTFkZTlmMWRlYzJkLzEvQ0NjcWtGMVNkZmNtN1ZjQU40WWhjcnRoMHpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS81ZjExM2MtZmZjYi00OThjLWIwNGUtOTFkZTlmMWRlYzJk
LzEvQ0RGYXJWbTBvV0dtUDVKYjF4VDFiSDNzYW80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAv0
MA0GCSqGSIb3DQEBCwUAA4IBAQB8P0E1Uou9dGJQqkVKKt7q88+9ogkndl6uRFwx
EclU4NhfdZF/Q4xcAARCkUM28+005GQvNOW5Y7mnsuLuPIz3MBO/ncgLR3zg041E
/QvQnK7a8mCpMMUqyzrse2/E4ysQOOqwzhMHMA7v7KhXCb2IfMErEqPl8PkNncB+
AYssZZvCpp47Kjg1QysgPMnMNSABXt2ohfjwRqv2/97VnVl70qEhT1cibNxC0X+4
Ql8KlEdRNKKN6b7bkbympYTKGdzsSsH0iEajkSbXll3gBOK0LLUBs237KkCjQOYL
5jGFeXsFVa2OKrfq5v2dtxUDdM+knNvME3vmYwUwq+kiXyMb
-----END CERTIFICATE-----