Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3257d9-3fb8-4cdf-98aa-93e9403eb019/1/C0zqOv4Nu_NNdoeNNn0q-FBejLU.roa
File:                     C0zqOv4Nu_NNdoeNNn0q-FBejLU.roa (raw, json)
Hash identifier:          X8wc0Kas88GJ4N1WF8qgiP2g/LFT+h3CEIEaAA0XREw=
Subject key identifier:   0B:4C:EA:3A:FE:0D:BB:F3:4D:76:87:8D:36:7D:2A:F8:50:5E:8C:B5
Certificate issuer:       /CN=3aea4dae3e994fd9fe7be7433e42f96f67159378
Certificate serial:       018CC56E3D19A550D5838C7D9285A4B0A89A
Authority key identifier: 3A:EA:4D:AE:3E:99:4F:D9:FE:7B:E7:43:3E:42:F9:6F:67:15:93:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OupNrj6ZT9n-e-dDPkL5b2cVk3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3257d9-3fb8-4cdf-98aa-93e9403eb019/1/C0zqOv4Nu_NNdoeNNn0q-FBejLU.roa
Signing time:             Mon 01 Jan 2024 14:29:45 +0000
ROA not before:           Mon 01 Jan 2024 14:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209460
IP address blocks:        2001:67c:918::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3257d9-3fb8-4cdf-98aa-93e9403eb019/1/OupNrj6ZT9n-e-dDPkL5b2cVk3g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3257d9-3fb8-4cdf-98aa-93e9403eb019/1/OupNrj6ZT9n-e-dDPkL5b2cVk3g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OupNrj6ZT9n-e-dDPkL5b2cVk3g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:3d:19:a5:50:d5:83:8c:7d:92:85:a4:b0:a8:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aea4dae3e994fd9fe7be7433e42f96f67159378
        Validity
            Not Before: Jan  1 14:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b4cea3afe0dbbf34d76878d367d2af8505e8cb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:36:a9:29:db:10:03:8a:9f:dd:18:12:88:91:
                    95:eb:dd:a0:4e:f1:8f:73:44:b1:e1:64:49:e1:72:
                    a0:24:07:56:20:2e:b5:22:00:d0:7c:0c:c0:07:2b:
                    bb:e7:da:f1:11:ef:46:12:4d:ea:64:b0:7d:70:f8:
                    72:d8:d1:ab:27:ca:22:e9:68:5e:b5:b2:2f:02:73:
                    33:10:c8:91:74:91:19:fa:29:61:67:c7:7e:b9:9f:
                    a9:04:2e:77:23:63:fe:99:23:c1:52:51:eb:52:32:
                    b7:a1:6d:73:b1:e1:40:c7:e4:88:cc:7d:2c:e8:7d:
                    31:42:85:93:0b:d9:88:e2:6d:ea:a1:ee:d9:1f:71:
                    ea:6a:13:97:89:dd:60:80:f1:25:78:f2:6c:12:4d:
                    c1:7d:2a:27:cb:f6:80:01:75:70:d9:13:57:55:87:
                    c2:75:d3:99:03:24:f5:9d:b3:b4:a3:de:e8:dc:e5:
                    13:c1:87:5d:43:fd:62:03:8b:3f:40:3c:15:6b:c0:
                    4e:63:a6:78:ff:5b:e4:30:5c:d9:f4:1d:f5:83:99:
                    af:80:de:d3:0a:96:a5:c5:44:a6:83:d8:1b:9f:24:
                    5e:ac:02:9a:1c:fe:1b:6b:7a:ff:50:d9:44:33:f3:
                    e1:b6:33:e9:75:b3:e2:77:6d:4d:64:b8:91:77:e0:
                    dd:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:4C:EA:3A:FE:0D:BB:F3:4D:76:87:8D:36:7D:2A:F8:50:5E:8C:B5
            X509v3 Authority Key Identifier:
                keyid:3A:EA:4D:AE:3E:99:4F:D9:FE:7B:E7:43:3E:42:F9:6F:67:15:93:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OupNrj6ZT9n-e-dDPkL5b2cVk3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3257d9-3fb8-4cdf-98aa-93e9403eb019/1/C0zqOv4Nu_NNdoeNNn0q-FBejLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3257d9-3fb8-4cdf-98aa-93e9403eb019/1/OupNrj6ZT9n-e-dDPkL5b2cVk3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:918::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:ce:08:e7:a2:e0:c3:59:d8:2f:ea:7d:8b:b1:4a:d6:99:0d:
         11:4b:05:a0:8d:de:16:6a:ce:40:83:a7:7b:dd:9c:b1:7b:c1:
         e3:d4:60:aa:da:de:c0:77:d2:93:0b:42:51:f4:25:52:21:88:
         a7:b2:fb:6c:b8:34:75:13:85:1b:1b:49:e3:80:9a:1f:92:5f:
         34:62:6a:8b:44:7a:f3:9a:17:fb:c3:f1:d2:40:98:d5:80:61:
         24:91:14:87:58:37:0f:7e:54:67:ba:10:b4:33:a1:d0:24:d7:
         fd:9d:fd:71:25:f1:ad:a9:27:c9:0a:49:79:12:08:41:22:d2:
         d4:cc:32:0a:f7:ef:25:47:7a:52:f9:a1:4c:4b:f3:1e:3f:2d:
         cf:e6:86:f5:76:7e:84:b7:65:be:dd:04:93:02:78:2d:1b:e2:
         a4:5a:1a:e9:ad:ea:29:05:66:a1:d0:74:36:f2:ae:58:c8:78:
         17:f9:e2:67:4d:ef:03:53:61:39:7e:6e:bc:dc:bb:c0:f1:40:
         d4:24:6c:9d:ec:ae:a4:9b:a7:7a:29:25:bb:a5:9f:ed:9d:0c:
         0d:bc:bc:9f:a2:42:54:67:10:27:2c:d4:14:3b:5f:d0:12:6c:
         76:68:41:f5:98:21:54:4c:c1:f6:36:78:b1:ca:50:df:eb:57:
         44:2b:f0:60
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbj0ZpVDVg4x9koWksKiaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZWE0ZGFlM2U5OTRmZDlmZTdiZTc0MzNlNDJmOTZmNjcx
NTkzNzgwHhcNMjQwMTAxMTQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjRjZWEzYWZlMGRiYmYzNGQ3Njg3OGQzNjdkMmFmODUwNWU4Y2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjapKdsQA4qf3RgSiJGV692gTvGP
c0Sx4WRJ4XKgJAdWIC61IgDQfAzAByu759rxEe9GEk3qZLB9cPhy2NGrJ8oi6Whe
tbIvAnMzEMiRdJEZ+ilhZ8d+uZ+pBC53I2P+mSPBUlHrUjK3oW1zseFAx+SIzH0s
6H0xQoWTC9mI4m3qoe7ZH3HqahOXid1ggPElePJsEk3BfSony/aAAXVw2RNXVYfC
ddOZAyT1nbO0o97o3OUTwYddQ/1iA4s/QDwVa8BOY6Z4/1vkMFzZ9B31g5mvgN7T
CpalxUSmg9gbnyRerAKaHP4ba3r/UNlEM/PhtjPpdbPid21NZLiRd+DdAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAtM6jr+DbvzTXaHjTZ9KvhQXoy1MB8GA1UdIwQY
MBaAFDrqTa4+mU/Z/nvnQz5C+W9nFZN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3VwTnJqNlpUOW4tZS1kRFBrTDViMmNWazNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zMjU3ZDktM2ZiOC00Y2RmLTk4YWEt
OTNlOTQwM2ViMDE5LzEvQzB6cU92NE51X05OZG9lTk5uMHEtRkJlakxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zMjU3ZDktM2ZiOC00Y2RmLTk4YWEtOTNlOTQwM2ViMDE5
LzEvT3VwTnJqNlpUOW4tZS1kRFBrTDViMmNWazNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAkY
MA0GCSqGSIb3DQEBCwUAA4IBAQB0zgjnouDDWdgv6n2LsUrWmQ0RSwWgjd4Was5A
g6d73Zyxe8Hj1GCq2t7Ad9KTC0JR9CVSIYinsvtsuDR1E4UbG0njgJofkl80YmqL
RHrzmhf7w/HSQJjVgGEkkRSHWDcPflRnuhC0M6HQJNf9nf1xJfGtqSfJCkl5EghB
ItLUzDIK9+8lR3pS+aFMS/MePy3P5ob1dn6Et2W+3QSTAngtG+KkWhrpreopBWah
0HQ28q5YyHgX+eJnTe8DU2E5fm683LvA8UDUJGyd7K6km6d6KSW7pZ/tnQwNvLyf
okJUZxAnLNQUO1/QEmx2aEH1mCFUTMH2NnixylDf61dEK/Bg
-----END CERTIFICATE-----