Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/04ef71-f122-47ce-8a40-cc0f9707140e/1/yxcAa88C4fDvrPgfLGVac5AT0p0.roa
File:                     yxcAa88C4fDvrPgfLGVac5AT0p0.roa (raw, json)
Hash identifier:          fntuugOz+3akrKBWRer5Ua4hUZf97mfltkHqaFB+jrw=
Subject key identifier:   CB:17:00:6B:CF:02:E1:F0:EF:AC:F8:1F:2C:65:5A:73:90:13:D2:9D
Certificate issuer:       /CN=87de085975de6588e07fed135513aa38acedb763
Certificate serial:       018CC5DBE472E159F075760AC9FCBCAD729D
Authority key identifier: 87:DE:08:59:75:DE:65:88:E0:7F:ED:13:55:13:AA:38:AC:ED:B7:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h94IWXXeZYjgf-0TVROqOKztt2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/04ef71-f122-47ce-8a40-cc0f9707140e/1/yxcAa88C4fDvrPgfLGVac5AT0p0.roa
Signing time:             Mon 01 Jan 2024 16:29:31 +0000
ROA not before:           Mon 01 Jan 2024 16:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        2001:67c:2350::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/04ef71-f122-47ce-8a40-cc0f9707140e/1/h94IWXXeZYjgf-0TVROqOKztt2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/04ef71-f122-47ce-8a40-cc0f9707140e/1/h94IWXXeZYjgf-0TVROqOKztt2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h94IWXXeZYjgf-0TVROqOKztt2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e4:72:e1:59:f0:75:76:0a:c9:fc:bc:ad:72:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87de085975de6588e07fed135513aa38acedb763
        Validity
            Not Before: Jan  1 16:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb17006bcf02e1f0efacf81f2c655a739013d29d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5c:a1:a2:92:5e:c2:64:04:e6:47:f3:01:f6:
                    6c:1b:eb:94:70:25:d5:30:95:cd:8e:94:0c:c2:a4:
                    69:69:e7:d1:a0:c8:2d:07:ed:8e:5a:90:6c:2c:e1:
                    63:9b:61:0b:25:64:6e:b4:9e:10:5a:56:1b:9d:1d:
                    60:05:ff:ee:09:cb:8c:b1:d2:aa:a9:47:78:9f:b8:
                    20:dc:20:c3:ae:4c:d4:e4:7a:6e:27:3c:98:ff:bd:
                    45:1d:31:31:75:fe:f7:04:9a:dc:14:2c:00:da:4b:
                    4c:a3:58:b6:ec:1c:8c:28:a2:0e:8f:64:f7:51:ba:
                    23:b8:c9:2c:f2:34:f5:d4:8a:10:5d:ec:12:70:be:
                    49:00:9f:a2:f5:24:1e:af:1e:2a:4d:a8:be:29:8d:
                    94:95:cf:ae:5c:51:e3:56:3b:d7:23:e4:9e:b1:4b:
                    c8:d1:53:55:1d:3f:ee:c4:d9:4c:de:46:19:97:da:
                    50:50:08:71:7c:6a:5f:f6:5f:e7:0c:6e:04:ef:b5:
                    f7:08:58:4f:6b:e6:82:02:36:4f:80:1e:18:63:46:
                    84:43:b0:de:53:52:3a:19:23:62:da:ee:02:27:91:
                    73:c1:b3:ed:d3:05:b2:fd:58:4d:d5:fc:67:71:ac:
                    41:df:8e:05:de:fc:f2:fc:82:33:ed:e2:c3:10:ea:
                    d3:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:17:00:6B:CF:02:E1:F0:EF:AC:F8:1F:2C:65:5A:73:90:13:D2:9D
            X509v3 Authority Key Identifier:
                keyid:87:DE:08:59:75:DE:65:88:E0:7F:ED:13:55:13:AA:38:AC:ED:B7:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h94IWXXeZYjgf-0TVROqOKztt2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/04ef71-f122-47ce-8a40-cc0f9707140e/1/yxcAa88C4fDvrPgfLGVac5AT0p0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/04ef71-f122-47ce-8a40-cc0f9707140e/1/h94IWXXeZYjgf-0TVROqOKztt2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2350::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:9b:76:f7:11:cd:cd:ab:4c:eb:48:a2:c0:d8:4a:eb:d4:fb:
         4e:fd:09:11:c2:6d:41:a7:5d:be:cb:89:b4:de:60:91:94:90:
         f1:0f:6f:9f:6b:34:cb:02:47:16:c8:98:dc:93:10:75:9a:91:
         ea:d1:63:9b:39:8f:af:85:dd:0c:e8:66:8b:d1:c7:7d:0c:a8:
         e8:cf:e7:1e:f6:8e:e8:8f:e8:71:43:5e:a2:fb:3d:22:0f:a5:
         dc:96:03:3a:b4:b3:dd:81:a3:5a:a3:8d:05:95:7e:93:b8:c6:
         ce:47:3a:1d:6e:44:00:28:ce:c0:db:66:bc:c7:e5:ae:1d:c7:
         02:ea:e5:ce:4c:16:ae:e6:9f:f6:b1:e8:d8:f2:b9:9d:b7:32:
         20:fa:aa:56:ca:08:26:8f:05:66:5f:34:44:ee:5c:68:28:3b:
         4f:e0:ce:16:94:31:ca:28:cd:7e:90:8b:62:1b:76:ba:c9:93:
         66:f1:44:20:98:66:79:11:76:b0:f0:79:ba:58:25:58:44:e5:
         1f:76:d7:b5:fc:01:bc:a6:04:b7:4d:e6:82:44:e3:5a:74:34:
         8b:15:f3:07:af:40:3b:0e:de:1e:28:ea:5c:21:6c:7e:f5:46:
         2e:58:15:69:a5:9e:3f:29:2f:5f:df:80:46:70:51:49:12:2a:
         cc:aa:72:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF2+Ry4VnwdXYKyfy8rXKdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZGUwODU5NzVkZTY1ODhlMDdmZWQxMzU1MTNhYTM4YWNl
ZGI3NjMwHhcNMjQwMTAxMTYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjE3MDA2YmNmMDJlMWYwZWZhY2Y4MWYyYzY1NWE3MzkwMTNkMjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1yhopJewmQE5kfzAfZsG+uUcCXV
MJXNjpQMwqRpaefRoMgtB+2OWpBsLOFjm2ELJWRutJ4QWlYbnR1gBf/uCcuMsdKq
qUd4n7gg3CDDrkzU5HpuJzyY/71FHTExdf73BJrcFCwA2ktMo1i27ByMKKIOj2T3
UbojuMks8jT11IoQXewScL5JAJ+i9SQerx4qTai+KY2Ulc+uXFHjVjvXI+SesUvI
0VNVHT/uxNlM3kYZl9pQUAhxfGpf9l/nDG4E77X3CFhPa+aCAjZPgB4YY0aEQ7De
U1I6GSNi2u4CJ5FzwbPt0wWy/VhN1fxncaxB344F3vzy/IIz7eLDEOrTJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMsXAGvPAuHw76z4HyxlWnOQE9KdMB8GA1UdIwQY
MBaAFIfeCFl13mWI4H/tE1UTqjis7bdjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDk0SVdYWGVaWWpnZi0wVFZST3FPS3p0dDJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wNGVmNzEtZjEyMi00N2NlLThhNDAt
Y2MwZjk3MDcxNDBlLzEveXhjQWE4OEM0ZkR2clBnZkxHVmFjNUFUMHAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wNGVmNzEtZjEyMi00N2NlLThhNDAtY2MwZjk3MDcxNDBl
LzEvaDk0SVdYWGVaWWpnZi0wVFZST3FPS3p0dDJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCNQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA5m3b3Ec3Nq0zrSKLA2Err1PtO/QkRwm1Bp12+
y4m03mCRlJDxD2+fazTLAkcWyJjckxB1mpHq0WObOY+vhd0M6GaL0cd9DKjoz+ce
9o7oj+hxQ16i+z0iD6XclgM6tLPdgaNao40FlX6TuMbORzodbkQAKM7A22a8x+Wu
HccC6uXOTBau5p/2sejY8rmdtzIg+qpWyggmjwVmXzRE7lxoKDtP4M4WlDHKKM1+
kItiG3a6yZNm8UQgmGZ5EXaw8Hm6WCVYROUfdte1/AG8pgS3TeaCRONadDSLFfMH
r0A7Dt4eKOpcIWx+9UYuWBVppZ4/KS9f34BGcFFJEirMqnJa
-----END CERTIFICATE-----