Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/o9ZWShHpTaTN6K7vC_LcEl-TyY8.roa
File:                     o9ZWShHpTaTN6K7vC_LcEl-TyY8.roa (raw, json)
Hash identifier:          edV2yoUbG/Va+Vyndu7fihYIZVGEGq/5ywY9YSsJgFM=
Subject key identifier:   A3:D6:56:4A:11:E9:4D:A4:CD:E8:AE:EF:0B:F2:DC:12:5F:93:C9:8F
Certificate issuer:       /CN=77e8bbf8643abd62ff3f42bec4c0b2db977596d7
Certificate serial:       018CC7275BB179FF5127515EB9D84C2F5DF8
Authority key identifier: 77:E8:BB:F8:64:3A:BD:62:FF:3F:42:BE:C4:C0:B2:DB:97:75:96:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d-i7-GQ6vWL_P0K-xMCy25d1ltc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/o9ZWShHpTaTN6K7vC_LcEl-TyY8.roa
Signing time:             Mon 01 Jan 2024 22:31:34 +0000
ROA not before:           Mon 01 Jan 2024 22:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56595
IP address blocks:        2001:67c:74c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/d-i7-GQ6vWL_P0K-xMCy25d1ltc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/d-i7-GQ6vWL_P0K-xMCy25d1ltc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d-i7-GQ6vWL_P0K-xMCy25d1ltc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5b:b1:79:ff:51:27:51:5e:b9:d8:4c:2f:5d:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77e8bbf8643abd62ff3f42bec4c0b2db977596d7
        Validity
            Not Before: Jan  1 22:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3d6564a11e94da4cde8aeef0bf2dc125f93c98f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7d:af:d5:cf:3a:12:d9:23:d7:b3:35:9e:11:
                    38:f7:a6:d4:75:a8:a4:d0:3d:9a:78:46:0f:8b:3a:
                    7b:2c:1b:4b:8f:d3:d0:d4:51:9a:f7:0d:ce:c9:9a:
                    c2:96:90:92:62:59:2f:23:6b:59:47:51:b1:f5:49:
                    75:5f:a1:5a:24:e9:72:e5:6c:b4:30:e5:9d:0e:7e:
                    f9:7f:e1:fc:f5:98:c4:40:8d:dd:ba:71:6e:6d:3f:
                    49:4f:26:a9:1d:d1:2f:1c:d2:be:59:44:e5:4e:f1:
                    d3:4f:b9:cf:67:80:b9:9c:70:63:53:ff:2f:f2:96:
                    cc:8a:4d:bf:e5:f5:0c:a1:84:f1:64:b2:23:7c:9c:
                    12:d4:d3:db:1c:b3:d7:e3:f6:0a:24:c6:15:72:8d:
                    9c:d8:52:1f:35:b6:90:12:2f:b7:62:2e:b2:43:06:
                    63:42:20:14:60:b5:ae:a5:af:f2:47:1e:2f:ca:36:
                    b1:b8:5c:27:57:0b:07:c6:6a:2f:bd:0e:a7:64:4d:
                    c8:64:11:9b:ac:01:ca:f2:2c:0f:13:33:92:f0:e4:
                    6a:a5:63:65:92:8d:b0:ba:8e:e1:68:dd:75:b3:ca:
                    4a:24:ee:b3:73:53:a3:d3:ab:c1:a9:a8:77:9e:b9:
                    d0:d1:e3:0e:d3:2f:7a:d9:56:e7:52:c4:05:88:6a:
                    22:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:D6:56:4A:11:E9:4D:A4:CD:E8:AE:EF:0B:F2:DC:12:5F:93:C9:8F
            X509v3 Authority Key Identifier:
                keyid:77:E8:BB:F8:64:3A:BD:62:FF:3F:42:BE:C4:C0:B2:DB:97:75:96:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d-i7-GQ6vWL_P0K-xMCy25d1ltc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/o9ZWShHpTaTN6K7vC_LcEl-TyY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/b870e7-7f1e-49ce-b1f9-44ccd1b51f10/1/d-i7-GQ6vWL_P0K-xMCy25d1ltc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:74c::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:10:90:d7:ac:c4:55:75:60:29:44:6f:d8:61:d9:38:06:b5:
         01:f1:1a:86:9c:4e:d9:88:e3:02:31:32:d6:32:f2:e6:55:ec:
         f4:94:f9:93:46:87:f5:c6:43:1a:91:73:26:15:3c:a0:13:5f:
         20:f4:d4:f6:07:11:d1:ba:ab:f8:6a:61:66:15:fa:af:18:77:
         6f:f7:20:5b:14:1d:d2:a8:01:96:62:6f:97:d5:67:6c:72:96:
         f8:b6:b0:ad:75:b4:6c:f9:ba:c3:b4:49:ae:28:bd:c2:ab:c6:
         df:d2:d0:8a:ff:ce:0f:73:f6:b1:3c:b5:dc:41:12:52:79:f7:
         84:55:9a:c3:39:9b:22:76:2b:e9:a3:7b:42:fa:a1:2a:47:37:
         ec:57:ff:28:c6:06:c2:88:29:6c:2b:48:f9:78:b2:5b:2e:94:
         3a:2f:8b:14:ea:12:7c:64:50:dd:18:03:ac:0e:84:b8:d7:50:
         f1:f7:0e:38:68:be:60:e2:3b:7f:4b:76:16:2c:1a:3e:28:e5:
         9a:de:2d:e1:78:0e:25:ef:e3:cd:32:ba:f3:c3:68:ac:fa:86:
         78:bb:e1:a2:5b:ce:14:80:24:b0:79:2d:95:ac:2d:ae:16:36:
         81:15:cf:54:a3:b0:92:af:86:5b:ae:a2:16:88:bc:bc:66:2d:
         39:85:f7:f3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJ1uxef9RJ1FeudhML134MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZThiYmY4NjQzYWJkNjJmZjNmNDJiZWM0YzBiMmRiOTc3
NTk2ZDcwHhcNMjQwMTAxMjIzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2Q2NTY0YTExZTk0ZGE0Y2RlOGFlZWYwYmYyZGMxMjVmOTNjOThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApH2v1c86Etkj17M1nhE496bUdaik
0D2aeEYPizp7LBtLj9PQ1FGa9w3OyZrClpCSYlkvI2tZR1Gx9Ul1X6FaJOly5Wy0
MOWdDn75f+H89ZjEQI3dunFubT9JTyapHdEvHNK+WUTlTvHTT7nPZ4C5nHBjU/8v
8pbMik2/5fUMoYTxZLIjfJwS1NPbHLPX4/YKJMYVco2c2FIfNbaQEi+3Yi6yQwZj
QiAUYLWupa/yRx4vyjaxuFwnVwsHxmovvQ6nZE3IZBGbrAHK8iwPEzOS8ORqpWNl
ko2wuo7haN11s8pKJO6zc1Oj06vBqah3nrnQ0eMO0y962VbnUsQFiGoibQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKPWVkoR6U2kzeiu7wvy3BJfk8mPMB8GA1UdIwQY
MBaAFHfou/hkOr1i/z9CvsTAstuXdZbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZC1pNy1HUTZ2V0xfUDBLLXhNQ3kyNWQxbHRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9iODcwZTctN2YxZS00OWNlLWIxZjkt
NDRjY2QxYjUxZjEwLzEvbzlaV1NoSHBUYVRONks3dkNfTGNFbC1UeVk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9iODcwZTctN2YxZS00OWNlLWIxZjktNDRjY2QxYjUxZjEw
LzEvZC1pNy1HUTZ2V0xfUDBLLXhNQ3kyNWQxbHRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAdM
MA0GCSqGSIb3DQEBCwUAA4IBAQA6EJDXrMRVdWApRG/YYdk4BrUB8RqGnE7ZiOMC
MTLWMvLmVez0lPmTRof1xkMakXMmFTygE18g9NT2BxHRuqv4amFmFfqvGHdv9yBb
FB3SqAGWYm+X1Wdscpb4trCtdbRs+brDtEmuKL3Cq8bf0tCK/84Pc/axPLXcQRJS
efeEVZrDOZsidivpo3tC+qEqRzfsV/8oxgbCiClsK0j5eLJbLpQ6L4sU6hJ8ZFDd
GAOsDoS411Dx9w44aL5g4jt/S3YWLBo+KOWa3i3heA4l7+PNMrrzw2is+oZ4u+Gi
W84UgCSweS2VrC2uFjaBFc9Uo7CSr4ZbrqIWiLy8Zi05hffz
-----END CERTIFICATE-----