Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/c4bdae-09f0-4334-853e-3626b8ffd1e5/1/zAlwyJLQJlEzsYUX_jVI23cr_Oc.roa
File:                     zAlwyJLQJlEzsYUX_jVI23cr_Oc.roa (raw, json)
Hash identifier:          iUHXYf3qyjRe6F3kjZlzTrLtdkLmE6qo0y61Wo+VWPk=
Subject key identifier:   CC:09:70:C8:92:D0:26:51:33:B1:85:17:FE:35:48:DB:77:2B:FC:E7
Certificate issuer:       /CN=29d59e889f99aefdde5e949fe8079d337b57f447
Certificate serial:       018CC80182DBB2B67DB0EF1FE19789ACCA6A
Authority key identifier: 29:D5:9E:88:9F:99:AE:FD:DE:5E:94:9F:E8:07:9D:33:7B:57:F4:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdWeiJ-Zrv3eXpSf6AedM3tX9Ec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/c4bdae-09f0-4334-853e-3626b8ffd1e5/1/zAlwyJLQJlEzsYUX_jVI23cr_Oc.roa
Signing time:             Tue 02 Jan 2024 02:29:51 +0000
ROA not before:           Tue 02 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62396
IP address blocks:        2001:67c:2c68::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/c4bdae-09f0-4334-853e-3626b8ffd1e5/1/KdWeiJ-Zrv3eXpSf6AedM3tX9Ec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/c4bdae-09f0-4334-853e-3626b8ffd1e5/1/KdWeiJ-Zrv3eXpSf6AedM3tX9Ec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdWeiJ-Zrv3eXpSf6AedM3tX9Ec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:82:db:b2:b6:7d:b0:ef:1f:e1:97:89:ac:ca:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d59e889f99aefdde5e949fe8079d337b57f447
        Validity
            Not Before: Jan  2 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc0970c892d0265133b18517fe3548db772bfce7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:56:f3:79:e0:81:b5:12:3c:33:2d:10:91:1c:
                    d2:84:e4:3c:44:fa:77:e7:3c:61:92:64:bb:f5:34:
                    55:4a:f7:e4:2a:98:db:32:db:db:f2:91:87:69:55:
                    d2:0f:57:85:bf:9c:80:05:11:85:a3:c7:13:7f:0f:
                    72:29:82:0b:4e:09:32:83:1e:38:65:45:bf:11:9f:
                    49:14:d9:cb:d6:19:25:58:d1:24:5f:56:d7:79:62:
                    a6:b8:05:26:67:6e:2f:26:fc:f1:29:b9:e8:0c:4b:
                    f9:08:95:97:55:df:42:9a:ff:a5:77:d8:0d:a1:ee:
                    67:bd:51:7f:36:b6:43:05:70:a0:83:77:de:22:7d:
                    c5:2d:a0:c5:13:24:bd:95:0d:39:24:03:d0:d9:da:
                    0f:6a:f2:61:db:55:62:d5:e0:2b:aa:8a:58:e6:0c:
                    97:85:3f:29:6b:de:77:26:3d:cd:5d:0a:60:d2:bd:
                    37:b9:ea:d9:4f:42:e6:b2:c3:54:12:ef:c0:fc:50:
                    2a:4b:e4:2d:57:b8:69:d4:48:26:71:4f:e9:87:57:
                    fe:f6:19:d4:4c:a9:30:ad:ba:01:ac:4c:44:9f:03:
                    81:55:f8:49:c3:76:6d:5d:a4:f2:48:33:80:1b:07:
                    69:59:70:7a:96:34:15:51:c2:08:7e:56:70:dc:8b:
                    c4:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:09:70:C8:92:D0:26:51:33:B1:85:17:FE:35:48:DB:77:2B:FC:E7
            X509v3 Authority Key Identifier:
                keyid:29:D5:9E:88:9F:99:AE:FD:DE:5E:94:9F:E8:07:9D:33:7B:57:F4:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdWeiJ-Zrv3eXpSf6AedM3tX9Ec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/c4bdae-09f0-4334-853e-3626b8ffd1e5/1/zAlwyJLQJlEzsYUX_jVI23cr_Oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/c4bdae-09f0-4334-853e-3626b8ffd1e5/1/KdWeiJ-Zrv3eXpSf6AedM3tX9Ec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2c68::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:18:45:b8:f4:ad:be:45:38:4c:75:61:c6:a4:48:32:a1:59:
         1b:1a:b6:22:be:b6:cd:78:e7:e7:da:bb:a5:ac:71:3e:af:ba:
         e2:bf:09:76:95:d8:53:4b:5a:72:6c:22:62:e4:c0:74:97:4d:
         6b:37:d2:27:b8:29:2c:9c:52:59:23:da:6f:2b:9e:71:7e:2e:
         24:e3:22:ae:ce:24:f5:f7:b2:2c:83:94:08:f9:b2:c1:61:ec:
         98:c0:60:85:8f:1d:49:1a:52:f9:9c:d9:40:b5:e0:28:f0:85:
         19:3e:e8:f1:d3:e0:fc:1a:cd:c3:71:eb:3f:01:61:f2:7e:b3:
         f2:56:6c:6f:35:d8:1c:88:c2:8f:39:17:fe:47:7e:b8:43:f8:
         ed:1d:3e:58:93:ea:db:dd:08:31:34:4e:d4:2e:16:f9:1d:73:
         19:c8:45:50:f3:8a:03:d5:79:c3:4d:fd:cb:0d:6b:ad:3e:d4:
         4e:b5:13:4d:d5:ab:86:9d:2d:cd:41:1e:f8:ca:36:c8:fc:c5:
         8f:55:f3:af:07:08:11:8d:c3:c1:d9:f2:58:85:6c:fc:14:00:
         f1:1e:f0:d7:b2:13:6b:df:47:a7:f3:26:a3:45:1b:d5:28:66:
         13:40:31:e3:c2:ed:45:72:c9:66:e2:32:05:01:8c:79:d1:27:
         dc:3a:6c:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAYLbsrZ9sO8f4ZeJrMpqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDU5ZTg4OWY5OWFlZmRkZTVlOTQ5ZmU4MDc5ZDMzN2I1
N2Y0NDcwHhcNMjQwMTAyMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzA5NzBjODkyZDAyNjUxMzNiMTg1MTdmZTM1NDhkYjc3MmJmY2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVbzeeCBtRI8My0QkRzShOQ8RPp3
5zxhkmS79TRVSvfkKpjbMtvb8pGHaVXSD1eFv5yABRGFo8cTfw9yKYILTgkygx44
ZUW/EZ9JFNnL1hklWNEkX1bXeWKmuAUmZ24vJvzxKbnoDEv5CJWXVd9Cmv+ld9gN
oe5nvVF/NrZDBXCgg3feIn3FLaDFEyS9lQ05JAPQ2doPavJh21Vi1eArqopY5gyX
hT8pa953Jj3NXQpg0r03uerZT0LmssNUEu/A/FAqS+QtV7hp1EgmcU/ph1f+9hnU
TKkwrboBrExEnwOBVfhJw3ZtXaTySDOAGwdpWXB6ljQVUcIIflZw3IvEKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMwJcMiS0CZRM7GFF/41SNt3K/znMB8GA1UdIwQY
MBaAFCnVnoifma793l6Un+gHnTN7V/RHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RXZWlKLVpydjNlWHBTZjZBZWRNM3RYOUVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9jNGJkYWUtMDlmMC00MzM0LTg1M2Ut
MzYyNmI4ZmZkMWU1LzEvekFsd3lKTFFKbEV6c1lVWF9qVkkyM2NyX09jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9jNGJkYWUtMDlmMC00MzM0LTg1M2UtMzYyNmI4ZmZkMWU1
LzEvS2RXZWlKLVpydjNlWHBTZjZBZWRNM3RYOUVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCxo
MA0GCSqGSIb3DQEBCwUAA4IBAQBQGEW49K2+RThMdWHGpEgyoVkbGrYivrbNeOfn
2rulrHE+r7rivwl2ldhTS1pybCJi5MB0l01rN9InuCksnFJZI9pvK55xfi4k4yKu
ziT197Isg5QI+bLBYeyYwGCFjx1JGlL5nNlAteAo8IUZPujx0+D8Gs3Dces/AWHy
frPyVmxvNdgciMKPORf+R364Q/jtHT5Yk+rb3QgxNE7ULhb5HXMZyEVQ84oD1XnD
Tf3LDWutPtROtRNN1auGnS3NQR74yjbI/MWPVfOvBwgRjcPB2fJYhWz8FADxHvDX
shNr30en8yajRRvVKGYTQDHjwu1Fcslm4jIFAYx50SfcOmx3
-----END CERTIFICATE-----