Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/e7d1a9-ac76-4a9f-b175-47c10a5ce534/1/zCSUjkmYpzRl6PTG2rOlRzEu5nI.roa
File:                     zCSUjkmYpzRl6PTG2rOlRzEu5nI.roa (raw, json)
Hash identifier:          kv+cl6m0WgfjQ8koba7ByooF+FeU4gxgIAQhbia7j4o=
Subject key identifier:   CC:24:94:8E:49:98:A7:34:65:E8:F4:C6:DA:B3:A5:47:31:2E:E6:72
Certificate issuer:       /CN=e12f64f7f697aa9b6e9982c0b76bb7842133876a
Certificate serial:       018CC50136D094571CD9CC4AA92AFEEF3429
Authority key identifier: E1:2F:64:F7:F6:97:AA:9B:6E:99:82:C0:B7:6B:B7:84:21:33:87:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4S9k9_aXqptumYLAt2u3hCEzh2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/e7d1a9-ac76-4a9f-b175-47c10a5ce534/1/zCSUjkmYpzRl6PTG2rOlRzEu5nI.roa
Signing time:             Mon 01 Jan 2024 12:30:40 +0000
ROA not before:           Mon 01 Jan 2024 12:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199685
IP address blocks:        2001:67c:2aa0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/e7d1a9-ac76-4a9f-b175-47c10a5ce534/1/4S9k9_aXqptumYLAt2u3hCEzh2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/e7d1a9-ac76-4a9f-b175-47c10a5ce534/1/4S9k9_aXqptumYLAt2u3hCEzh2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4S9k9_aXqptumYLAt2u3hCEzh2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:36:d0:94:57:1c:d9:cc:4a:a9:2a:fe:ef:34:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e12f64f7f697aa9b6e9982c0b76bb7842133876a
        Validity
            Not Before: Jan  1 12:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc24948e4998a73465e8f4c6dab3a547312ee672
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:2b:87:3c:96:28:06:65:5b:fc:f1:ec:33:20:
                    b7:43:7e:a8:24:8f:eb:4c:ed:65:5e:99:de:cb:72:
                    d5:6c:d6:e1:ca:e1:d1:9c:7a:19:64:ef:db:75:52:
                    c0:b3:08:64:d0:09:c0:3e:0f:3f:4f:d6:be:16:76:
                    37:33:ef:47:99:66:30:6d:f2:61:25:7d:7f:70:52:
                    4f:f3:8a:01:39:ab:3e:9e:5c:46:42:6d:48:33:b2:
                    33:a3:ff:92:be:34:7b:32:fe:a2:d5:25:02:94:e3:
                    6d:b3:95:be:32:7f:bc:9f:92:8c:c9:60:5f:d7:22:
                    9c:fd:12:8f:b1:ae:80:cc:1c:e0:33:0c:8c:8d:79:
                    c4:ef:32:b0:d1:56:ca:df:e2:73:44:87:a3:04:13:
                    6f:2f:44:5c:6c:45:f7:1f:29:9c:55:b4:28:13:29:
                    9a:4c:66:6f:da:3a:e7:b3:62:c3:e2:2a:66:cb:d8:
                    e4:55:e8:da:15:26:1b:4e:c3:26:6d:25:6e:5b:78:
                    8d:3e:15:b9:dd:e6:8d:96:76:c7:80:4a:f4:a6:f1:
                    67:2e:74:08:35:51:1c:d3:ad:60:0b:88:22:87:e9:
                    9b:ed:8f:94:03:38:11:b0:a4:06:f7:d0:4d:90:79:
                    da:7b:65:35:94:8a:9b:97:fa:07:5a:2a:d6:92:a6:
                    6c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:24:94:8E:49:98:A7:34:65:E8:F4:C6:DA:B3:A5:47:31:2E:E6:72
            X509v3 Authority Key Identifier:
                keyid:E1:2F:64:F7:F6:97:AA:9B:6E:99:82:C0:B7:6B:B7:84:21:33:87:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4S9k9_aXqptumYLAt2u3hCEzh2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/e7d1a9-ac76-4a9f-b175-47c10a5ce534/1/zCSUjkmYpzRl6PTG2rOlRzEu5nI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/e7d1a9-ac76-4a9f-b175-47c10a5ce534/1/4S9k9_aXqptumYLAt2u3hCEzh2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2aa0::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:76:2c:3a:4e:60:35:8e:34:01:11:fd:a2:6b:c7:33:e7:d1:
         55:1b:59:52:be:ea:b7:7c:41:05:1e:7e:d6:b9:0d:30:2e:7e:
         22:d6:fe:91:33:57:78:38:0a:e4:56:e1:5b:8e:04:cf:bf:95:
         f5:74:f5:8e:4d:13:2c:c8:65:87:cc:b6:0b:c6:b4:65:17:7c:
         0c:34:a1:07:c4:85:68:fe:73:d8:fc:00:15:d8:0c:d1:f9:2a:
         87:56:04:7f:7c:62:3c:e1:d0:91:42:6b:c8:f5:3a:ea:83:95:
         cb:39:11:e2:36:34:f7:7c:8a:88:23:44:f5:b2:52:cf:f5:26:
         92:81:8d:b3:f2:0b:7e:97:b1:9f:e2:04:f7:79:c6:e3:10:ce:
         69:25:15:b3:dd:ec:5e:7f:70:e8:4e:74:05:fd:70:6e:ec:62:
         1f:ec:3e:e1:9d:a1:35:9e:37:ea:6b:3a:ea:39:03:38:86:41:
         20:47:d2:6d:6a:2a:69:ab:38:bd:51:49:5b:ef:e1:2b:ae:3f:
         22:65:10:10:c9:db:d8:23:25:c6:40:fe:ff:43:91:16:a6:6b:
         ff:d9:dc:5d:bb:c4:27:3c:5b:95:ba:aa:d0:a7:94:ee:e9:43:
         76:08:65:83:d0:46:ba:43:65:8c:9d:6a:c5:aa:2b:89:e5:b5:
         f0:a1:8e:02
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFATbQlFcc2cxKqSr+7zQpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMmY2NGY3ZjY5N2FhOWI2ZTk5ODJjMGI3NmJiNzg0MjEz
Mzg3NmEwHhcNMjQwMTAxMTIzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzI0OTQ4ZTQ5OThhNzM0NjVlOGY0YzZkYWIzYTU0NzMxMmVlNjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSuHPJYoBmVb/PHsMyC3Q36oJI/r
TO1lXpney3LVbNbhyuHRnHoZZO/bdVLAswhk0AnAPg8/T9a+FnY3M+9HmWYwbfJh
JX1/cFJP84oBOas+nlxGQm1IM7Izo/+SvjR7Mv6i1SUClONts5W+Mn+8n5KMyWBf
1yKc/RKPsa6AzBzgMwyMjXnE7zKw0VbK3+JzRIejBBNvL0RcbEX3HymcVbQoEyma
TGZv2jrns2LD4ipmy9jkVejaFSYbTsMmbSVuW3iNPhW53eaNlnbHgEr0pvFnLnQI
NVEc061gC4gih+mb7Y+UAzgRsKQG99BNkHnae2U1lIqbl/oHWirWkqZsvwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMwklI5JmKc0Zej0xtqzpUcxLuZyMB8GA1UdIwQY
MBaAFOEvZPf2l6qbbpmCwLdrt4QhM4dqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFM5azlfYVhxcHR1bVlMQXQydTNoQ0V6aDJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9lN2QxYTktYWM3Ni00YTlmLWIxNzUt
NDdjMTBhNWNlNTM0LzEvekNTVWprbVlwelJsNlBURzJyT2xSekV1NW5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9lN2QxYTktYWM3Ni00YTlmLWIxNzUtNDdjMTBhNWNlNTM0
LzEvNFM5azlfYVhxcHR1bVlMQXQydTNoQ0V6aDJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCqg
MA0GCSqGSIb3DQEBCwUAA4IBAQBFdiw6TmA1jjQBEf2ia8cz59FVG1lSvuq3fEEF
Hn7WuQ0wLn4i1v6RM1d4OArkVuFbjgTPv5X1dPWOTRMsyGWHzLYLxrRlF3wMNKEH
xIVo/nPY/AAV2AzR+SqHVgR/fGI84dCRQmvI9Trqg5XLORHiNjT3fIqII0T1slLP
9SaSgY2z8gt+l7Gf4gT3ecbjEM5pJRWz3exef3DoTnQF/XBu7GIf7D7hnaE1njfq
azrqOQM4hkEgR9Jtaippqzi9UUlb7+Errj8iZRAQydvYIyXGQP7/Q5EWpmv/2dxd
u8QnPFuVuqrQp5Tu6UN2CGWD0Ea6Q2WMnWrFqiuJ5bXwoY4C
-----END CERTIFICATE-----