Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/364ab5-de95-4259-8927-9d2e42f7f9ac/1/qAunIZ-2m5ax0cRlumS_HtYBpuc.roa
File:                     qAunIZ-2m5ax0cRlumS_HtYBpuc.roa (raw, json)
Hash identifier:          MfIIPschRVeUqN95ntPbo3zOp9BBcAWuN0yAyEu+0vE=
Subject key identifier:   A8:0B:A7:21:9F:B6:9B:96:B1:D1:C4:65:BA:64:BF:1E:D6:01:A6:E7
Certificate issuer:       /CN=ccffe64f42a9f04b9fd6cd758372a1db5cd8b191
Certificate serial:       018CC7954D3DA9D28DC6EFDF239DA0BF0E7D
Authority key identifier: CC:FF:E6:4F:42:A9:F0:4B:9F:D6:CD:75:83:72:A1:DB:5C:D8:B1:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zP_mT0Kp8Euf1s11g3Kh21zYsZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/364ab5-de95-4259-8927-9d2e42f7f9ac/1/qAunIZ-2m5ax0cRlumS_HtYBpuc.roa
Signing time:             Tue 02 Jan 2024 00:31:39 +0000
ROA not before:           Tue 02 Jan 2024 00:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        2001:67c:2b34::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/364ab5-de95-4259-8927-9d2e42f7f9ac/1/zP_mT0Kp8Euf1s11g3Kh21zYsZE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/364ab5-de95-4259-8927-9d2e42f7f9ac/1/zP_mT0Kp8Euf1s11g3Kh21zYsZE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zP_mT0Kp8Euf1s11g3Kh21zYsZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:4d:3d:a9:d2:8d:c6:ef:df:23:9d:a0:bf:0e:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccffe64f42a9f04b9fd6cd758372a1db5cd8b191
        Validity
            Not Before: Jan  2 00:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a80ba7219fb69b96b1d1c465ba64bf1ed601a6e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:08:b0:02:53:e7:bb:33:9e:ef:68:b8:94:91:
                    b9:4c:51:1c:c6:be:c7:d3:37:5a:bc:db:60:87:75:
                    e7:75:37:67:ae:a1:a0:4e:de:b6:98:82:ac:e4:3f:
                    36:55:72:9a:56:48:c6:9f:10:2e:cf:5e:de:8c:b9:
                    20:ed:16:b8:f9:f4:92:f2:fa:f8:0b:39:80:3f:bf:
                    b4:e1:e8:d9:84:6b:85:1e:11:33:d3:07:26:99:0e:
                    73:f5:75:33:3b:ab:b6:31:a6:46:dd:88:bd:18:f7:
                    c1:ad:2f:98:17:d4:29:10:ba:3c:ab:ab:f7:58:ba:
                    bd:db:c0:64:b7:69:9f:5c:7d:bd:87:50:6f:31:f5:
                    ea:1e:05:2f:17:63:f7:2a:04:e6:e6:f6:f8:76:af:
                    e1:a8:9c:c7:0a:f2:ba:e9:e4:37:67:b4:3c:d8:28:
                    9e:b2:a3:6d:42:81:16:de:82:42:e7:74:87:b3:08:
                    15:8f:f9:c6:17:86:74:1f:c0:2b:0c:63:2d:c9:df:
                    ec:00:c9:b1:29:ab:2a:79:28:7d:e5:26:e0:f4:22:
                    2a:6b:1d:9e:ef:d9:d0:d4:a4:5e:38:68:eb:0c:aa:
                    43:8a:f4:89:55:cf:f8:50:3e:8c:a8:9f:e0:e8:d2:
                    83:0a:b9:6e:e1:df:31:d2:b8:7c:62:ce:c3:62:d8:
                    a1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:0B:A7:21:9F:B6:9B:96:B1:D1:C4:65:BA:64:BF:1E:D6:01:A6:E7
            X509v3 Authority Key Identifier:
                keyid:CC:FF:E6:4F:42:A9:F0:4B:9F:D6:CD:75:83:72:A1:DB:5C:D8:B1:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zP_mT0Kp8Euf1s11g3Kh21zYsZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/364ab5-de95-4259-8927-9d2e42f7f9ac/1/qAunIZ-2m5ax0cRlumS_HtYBpuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/364ab5-de95-4259-8927-9d2e42f7f9ac/1/zP_mT0Kp8Euf1s11g3Kh21zYsZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2b34::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:63:1b:d1:7f:4f:3d:76:b7:d5:8e:13:58:18:dd:65:6a:46:
         7c:c7:ab:c4:36:2c:b3:88:d4:de:4d:f9:12:22:d8:06:c0:2f:
         b4:12:8b:a7:93:02:2b:24:bb:98:77:8f:27:58:f4:e6:44:8b:
         b7:d2:df:49:8b:2c:91:8d:8a:44:b6:f8:4c:df:8d:f1:7b:32:
         29:63:2f:4b:b6:43:6a:3f:2f:dc:21:e6:64:41:12:06:7e:ac:
         19:d4:1a:ef:bc:21:19:60:67:19:da:f6:c7:ec:37:25:9d:aa:
         09:37:bf:65:18:06:e5:38:62:28:c1:98:fb:a1:42:ea:8e:24:
         a5:44:d1:e6:17:4c:3e:67:79:5f:e9:09:d8:22:0c:1c:32:42:
         5d:11:de:c1:85:fe:9f:cf:ae:34:98:e1:76:93:f0:23:37:15:
         eb:d0:18:99:ab:69:04:dd:cc:47:65:b6:72:c8:13:59:7c:30:
         c1:3e:ed:fe:aa:b6:5f:45:b9:64:a9:76:b7:53:41:ca:0b:dd:
         bf:da:28:73:c3:33:18:b5:52:14:3f:6b:69:3b:01:aa:70:f3:
         26:22:71:f9:47:64:0a:1c:90:58:53:71:5a:e5:c5:b8:1f:1c:
         33:36:f3:7d:ee:68:5e:fa:0a:f7:0a:74:4a:68:46:7e:af:cb:
         84:e9:e5:78
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlU09qdKNxu/fI52gvw59MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZmZlNjRmNDJhOWYwNGI5ZmQ2Y2Q3NTgzNzJhMWRiNWNk
OGIxOTEwHhcNMjQwMTAyMDAzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODBiYTcyMTlmYjY5Yjk2YjFkMWM0NjViYTY0YmYxZWQ2MDFhNmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAiwAlPnuzOe72i4lJG5TFEcxr7H
0zdavNtgh3XndTdnrqGgTt62mIKs5D82VXKaVkjGnxAuz17ejLkg7Ra4+fSS8vr4
CzmAP7+04ejZhGuFHhEz0wcmmQ5z9XUzO6u2MaZG3Yi9GPfBrS+YF9QpELo8q6v3
WLq928Bkt2mfXH29h1BvMfXqHgUvF2P3KgTm5vb4dq/hqJzHCvK66eQ3Z7Q82Cie
sqNtQoEW3oJC53SHswgVj/nGF4Z0H8ArDGMtyd/sAMmxKasqeSh95Sbg9CIqax2e
79nQ1KReOGjrDKpDivSJVc/4UD6MqJ/g6NKDCrlu4d8x0rh8Ys7DYtihCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKgLpyGftpuWsdHEZbpkvx7WAabnMB8GA1UdIwQY
MBaAFMz/5k9CqfBLn9bNdYNyodtc2LGRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelBfbVQwS3A4RXVmMXMxMWczS2gyMXpZc1pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zNjRhYjUtZGU5NS00MjU5LTg5Mjct
OWQyZTQyZjdmOWFjLzEvcUF1bklaLTJtNWF4MGNSbHVtU19IdFlCcHVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zNjRhYjUtZGU5NS00MjU5LTg5MjctOWQyZTQyZjdmOWFj
LzEvelBfbVQwS3A4RXVmMXMxMWczS2gyMXpZc1pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCs0
MA0GCSqGSIb3DQEBCwUAA4IBAQAPYxvRf089drfVjhNYGN1lakZ8x6vENiyziNTe
TfkSItgGwC+0EounkwIrJLuYd48nWPTmRIu30t9JiyyRjYpEtvhM343xezIpYy9L
tkNqPy/cIeZkQRIGfqwZ1BrvvCEZYGcZ2vbH7DclnaoJN79lGAblOGIowZj7oULq
jiSlRNHmF0w+Z3lf6QnYIgwcMkJdEd7Bhf6fz640mOF2k/AjNxXr0BiZq2kE3cxH
ZbZyyBNZfDDBPu3+qrZfRblkqXa3U0HKC92/2ihzwzMYtVIUP2tpOwGqcPMmInH5
R2QKHJBYU3Fa5cW4HxwzNvN97mhe+gr3CnRKaEZ+r8uE6eV4
-----END CERTIFICATE-----