Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/8990c1-1d0f-4541-846e-c9bdce9c1a49/1/n7oDDAcR7lNmLsTSCgyoZrOJDwI.roa
File:                     n7oDDAcR7lNmLsTSCgyoZrOJDwI.roa (raw, json)
Hash identifier:          LIWrWe5On5UuQIBRg2Et33d5mexQqrFaN8zhJugjh7E=
Subject key identifier:   9F:BA:03:0C:07:11:EE:53:66:2E:C4:D2:0A:0C:A8:66:B3:89:0F:02
Certificate issuer:       /CN=66dac8a8f314ee879a6aa843b67ea47ab1e75def
Certificate serial:       018CC4922C99514C80636A7B796501D305CA
Authority key identifier: 66:DA:C8:A8:F3:14:EE:87:9A:6A:A8:43:B6:7E:A4:7A:B1:E7:5D:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZtrIqPMU7oeaaqhDtn6kerHnXe8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/8990c1-1d0f-4541-846e-c9bdce9c1a49/1/n7oDDAcR7lNmLsTSCgyoZrOJDwI.roa
Signing time:             Mon 01 Jan 2024 10:29:23 +0000
ROA not before:           Mon 01 Jan 2024 10:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52016
IP address blocks:        2001:67c:29c8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/8990c1-1d0f-4541-846e-c9bdce9c1a49/1/ZtrIqPMU7oeaaqhDtn6kerHnXe8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/8990c1-1d0f-4541-846e-c9bdce9c1a49/1/ZtrIqPMU7oeaaqhDtn6kerHnXe8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZtrIqPMU7oeaaqhDtn6kerHnXe8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:2c:99:51:4c:80:63:6a:7b:79:65:01:d3:05:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66dac8a8f314ee879a6aa843b67ea47ab1e75def
        Validity
            Not Before: Jan  1 10:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fba030c0711ee53662ec4d20a0ca866b3890f02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:2a:b5:05:34:c7:93:61:79:9d:db:61:e1:74:
                    3e:f7:8d:1e:43:9c:0f:fa:68:15:d1:56:d3:9d:c5:
                    09:d7:2a:fb:c0:cf:09:17:82:6f:96:42:6c:10:c8:
                    82:dd:bc:d0:2d:ec:0b:6a:cd:85:15:5f:d7:66:7e:
                    0f:03:b3:47:c9:48:f5:7b:6c:56:ea:fa:00:50:e4:
                    f2:a0:86:c7:5c:1f:49:25:aa:2e:69:22:5d:33:2c:
                    54:eb:f1:d4:7e:2c:f3:ec:41:ee:69:1d:18:5c:43:
                    28:1e:2c:f7:7d:a4:62:18:f8:7b:41:d1:98:f0:02:
                    49:bd:fc:f4:6f:fd:d3:51:a4:bf:db:75:df:c1:11:
                    2d:f8:3e:5b:ec:68:2d:ae:80:f7:12:1d:ee:56:47:
                    95:9a:46:ba:ac:ca:39:49:c0:4f:e2:d7:55:b5:ec:
                    2a:51:86:2e:47:77:19:27:d4:ad:67:7f:d4:59:05:
                    f5:75:7e:3c:ff:43:7d:7e:5c:a2:ec:ff:fc:5b:10:
                    d2:92:80:02:a9:98:68:74:c4:18:9f:3a:6d:6c:f5:
                    ac:2b:06:9b:19:93:aa:97:cd:6e:51:fd:03:5d:8f:
                    bb:f0:aa:27:39:05:2f:6d:68:92:36:e5:4b:07:c1:
                    c6:ac:23:40:e4:7b:1c:db:0a:ab:74:8c:76:93:89:
                    c1:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:BA:03:0C:07:11:EE:53:66:2E:C4:D2:0A:0C:A8:66:B3:89:0F:02
            X509v3 Authority Key Identifier:
                keyid:66:DA:C8:A8:F3:14:EE:87:9A:6A:A8:43:B6:7E:A4:7A:B1:E7:5D:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZtrIqPMU7oeaaqhDtn6kerHnXe8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/8990c1-1d0f-4541-846e-c9bdce9c1a49/1/n7oDDAcR7lNmLsTSCgyoZrOJDwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/8990c1-1d0f-4541-846e-c9bdce9c1a49/1/ZtrIqPMU7oeaaqhDtn6kerHnXe8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:29c8::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:19:99:05:86:b4:31:ef:44:8a:e4:8a:af:94:c5:43:d5:6f:
         ba:7d:3d:bb:6c:4e:cd:d3:e3:d3:01:8f:6f:07:1b:38:ec:58:
         06:17:68:b2:c2:e4:15:86:ce:51:01:1c:c5:26:ae:cf:dd:c8:
         57:8f:a4:c1:22:74:40:68:c5:31:d5:dc:7f:5b:b6:1b:0e:af:
         a5:87:2b:2c:eb:a8:26:3a:9c:01:10:0e:31:74:b5:e4:c1:89:
         d6:b9:80:35:6f:da:c8:62:7c:eb:9b:b0:01:16:c8:89:bb:33:
         3f:f8:86:ff:8b:ae:c5:fa:88:93:f4:1e:3a:e5:3c:1e:5a:30:
         27:0f:00:5c:9b:d8:4a:a0:13:31:03:a3:29:21:9e:48:05:50:
         ea:4d:2c:3d:ce:2e:4d:23:e0:47:46:a4:e9:13:8c:60:c3:66:
         4f:4a:d8:be:6c:c5:64:90:b5:17:b4:e8:d2:7b:ff:ff:e1:50:
         e6:35:5e:bd:4c:14:85:dc:8c:e3:15:69:c2:0a:93:30:3e:13:
         c2:5c:80:4b:6a:e6:78:42:ee:18:f3:a5:2f:da:4b:70:4e:4d:
         a6:6f:92:c7:0a:37:c7:b4:13:ea:bf:5e:1a:24:70:62:b0:40:
         9a:3e:a2:2e:0a:b8:63:45:b8:2d:a1:84:ec:6f:14:c1:10:58:
         9e:45:38:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkiyZUUyAY2p7eWUB0wXKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGFjOGE4ZjMxNGVlODc5YTZhYTg0M2I2N2VhNDdhYjFl
NzVkZWYwHhcNMjQwMTAxMTAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmJhMDMwYzA3MTFlZTUzNjYyZWM0ZDIwYTBjYTg2NmIzODkwZjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSq1BTTHk2F5ndth4XQ+940eQ5wP
+mgV0VbTncUJ1yr7wM8JF4JvlkJsEMiC3bzQLewLas2FFV/XZn4PA7NHyUj1e2xW
6voAUOTyoIbHXB9JJaouaSJdMyxU6/HUfizz7EHuaR0YXEMoHiz3faRiGPh7QdGY
8AJJvfz0b/3TUaS/23XfwREt+D5b7GgtroD3Eh3uVkeVmka6rMo5ScBP4tdVtewq
UYYuR3cZJ9StZ3/UWQX1dX48/0N9flyi7P/8WxDSkoACqZhodMQYnzptbPWsKwab
GZOql81uUf0DXY+78KonOQUvbWiSNuVLB8HGrCNA5Hsc2wqrdIx2k4nBcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ+6AwwHEe5TZi7E0goMqGaziQ8CMB8GA1UdIwQY
MBaAFGbayKjzFO6HmmqoQ7Z+pHqx513vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnRySXFQTVU3b2VhYXFoRHRuNmtlckhuWGU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC84OTkwYzEtMWQwZi00NTQxLTg0NmUt
YzliZGNlOWMxYTQ5LzEvbjdvRERBY1I3bE5tTHNUU0NneW9ack9KRHdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC84OTkwYzEtMWQwZi00NTQxLTg0NmUtYzliZGNlOWMxYTQ5
LzEvWnRySXFQTVU3b2VhYXFoRHRuNmtlckhuWGU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCnI
MA0GCSqGSIb3DQEBCwUAA4IBAQAgGZkFhrQx70SK5IqvlMVD1W+6fT27bE7N0+PT
AY9vBxs47FgGF2iywuQVhs5RARzFJq7P3chXj6TBInRAaMUx1dx/W7YbDq+lhyss
66gmOpwBEA4xdLXkwYnWuYA1b9rIYnzrm7ABFsiJuzM/+Ib/i67F+oiT9B465Twe
WjAnDwBcm9hKoBMxA6MpIZ5IBVDqTSw9zi5NI+BHRqTpE4xgw2ZPSti+bMVkkLUX
tOjSe///4VDmNV69TBSF3IzjFWnCCpMwPhPCXIBLauZ4Qu4Y86Uv2ktwTk2mb5LH
CjfHtBPqv14aJHBisECaPqIuCrhjRbgtoYTsbxTBEFieRTiF
-----END CERTIFICATE-----