Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/db8d38-077f-4d77-9383-dc781cc2a258/1/Zj80c-jabmgqBmuwT7BHYAk2ltw.roa
File:                     Zj80c-jabmgqBmuwT7BHYAk2ltw.roa (raw, json)
Hash identifier:          nm3tNI/DFrq35tjcjDojC7wNLZ9/058qVzzK6kahNEM=
Subject key identifier:   66:3F:34:73:E8:DA:6E:68:2A:06:6B:B0:4F:B0:47:60:09:36:96:DC
Certificate issuer:       /CN=cc8df88054060df685bba9739123e8342d479e84
Certificate serial:       018CC56E3587B1080E80FF7B666CD038A53D
Authority key identifier: CC:8D:F8:80:54:06:0D:F6:85:BB:A9:73:91:23:E8:34:2D:47:9E:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zI34gFQGDfaFu6lzkSPoNC1HnoQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/db8d38-077f-4d77-9383-dc781cc2a258/1/Zj80c-jabmgqBmuwT7BHYAk2ltw.roa
Signing time:             Mon 01 Jan 2024 14:29:43 +0000
ROA not before:           Mon 01 Jan 2024 14:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200881
IP address blocks:        2001:67c:2dd0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/db8d38-077f-4d77-9383-dc781cc2a258/1/zI34gFQGDfaFu6lzkSPoNC1HnoQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/db8d38-077f-4d77-9383-dc781cc2a258/1/zI34gFQGDfaFu6lzkSPoNC1HnoQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zI34gFQGDfaFu6lzkSPoNC1HnoQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:35:87:b1:08:0e:80:ff:7b:66:6c:d0:38:a5:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc8df88054060df685bba9739123e8342d479e84
        Validity
            Not Before: Jan  1 14:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=663f3473e8da6e682a066bb04fb04760093696dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d7:d2:c0:5e:08:b7:68:d2:8d:26:f5:b0:b6:
                    40:27:a5:df:03:1c:f4:f7:30:11:04:b7:7d:e5:f4:
                    2f:4d:52:9f:2b:ba:03:13:48:4f:1d:ec:a9:e1:9a:
                    12:05:97:a2:26:39:77:5d:0a:c2:45:f3:a5:78:3e:
                    fe:ab:66:4c:a0:43:56:71:2f:ca:a9:fc:c3:dc:9b:
                    e7:90:a8:52:7a:3e:44:19:6c:b6:b2:bf:d5:86:80:
                    6a:ed:a4:56:d9:31:aa:2f:1d:f8:e5:9e:22:d6:3c:
                    29:0c:4d:7e:2b:78:47:e4:7e:e1:c2:a9:95:e7:12:
                    ec:85:79:aa:61:00:65:7f:dd:17:b9:3a:bd:90:cf:
                    b9:4c:74:13:e0:f3:8e:d4:1a:1e:7a:21:fb:26:06:
                    21:b7:21:7d:8d:b2:2e:c4:59:dd:a6:18:46:4f:fb:
                    c5:8e:3d:87:67:e9:e2:82:de:a2:58:d4:be:19:aa:
                    43:df:91:84:72:1e:15:e9:6a:10:2d:76:f0:c8:4b:
                    df:bc:b6:c5:a6:8c:fa:31:ad:3e:e2:6b:1d:53:47:
                    74:c6:0a:09:33:e7:c4:35:e2:9a:60:65:68:df:e4:
                    5f:8a:37:d6:5a:dc:3d:64:5b:22:74:c9:8f:9c:3e:
                    3b:16:0a:37:ff:da:77:83:76:d3:87:1d:a1:ba:1d:
                    8b:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:3F:34:73:E8:DA:6E:68:2A:06:6B:B0:4F:B0:47:60:09:36:96:DC
            X509v3 Authority Key Identifier:
                keyid:CC:8D:F8:80:54:06:0D:F6:85:BB:A9:73:91:23:E8:34:2D:47:9E:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zI34gFQGDfaFu6lzkSPoNC1HnoQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/db8d38-077f-4d77-9383-dc781cc2a258/1/Zj80c-jabmgqBmuwT7BHYAk2ltw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/db8d38-077f-4d77-9383-dc781cc2a258/1/zI34gFQGDfaFu6lzkSPoNC1HnoQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2dd0::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:65:3e:a3:66:c5:55:e4:71:84:62:0f:cb:7b:28:0f:36:67:
         40:b4:ac:7d:a6:b1:6c:8d:2c:b0:ec:89:8e:bb:38:72:7e:fe:
         1f:05:bc:be:6e:c5:5e:fa:15:23:3b:5a:75:d7:1c:b6:1d:2f:
         62:36:74:82:0a:6f:ae:0c:2d:fe:bb:d1:0a:14:1a:0e:08:ef:
         f1:36:ca:b3:e4:54:ac:56:03:04:6c:20:a8:51:68:e9:09:71:
         21:de:c6:cc:85:bb:df:17:20:57:cc:25:b4:0f:cf:23:b5:99:
         bc:66:6d:38:92:1a:32:32:0c:37:e8:f6:eb:1e:63:3c:8b:95:
         e9:74:be:29:68:d8:21:a0:1d:20:a3:09:74:4e:75:e6:df:fd:
         27:b7:82:db:ba:fa:83:3b:b1:59:b5:f1:9d:06:d9:08:17:75:
         ef:e4:fa:dc:77:84:cf:e0:47:f4:11:83:c6:59:61:d7:eb:ba:
         c6:90:98:69:b2:b5:f8:61:50:e8:b5:1d:0b:ae:b7:e4:2e:11:
         f3:15:e0:30:cb:27:8b:c3:91:12:f4:73:f1:44:72:5d:4c:35:
         44:ed:f1:ae:c4:61:5f:ad:e1:8f:ad:79:99:c8:e8:41:c9:69:
         d0:0f:f5:3f:08:29:32:d3:b1:0a:b6:43:98:71:13:95:c0:94:
         78:e3:74:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbjWHsQgOgP97ZmzQOKU9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjOGRmODgwNTQwNjBkZjY4NWJiYTk3MzkxMjNlODM0MmQ0
NzllODQwHhcNMjQwMTAxMTQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjNmMzQ3M2U4ZGE2ZTY4MmEwNjZiYjA0ZmIwNDc2MDA5MzY5NmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtfSwF4It2jSjSb1sLZAJ6XfAxz0
9zARBLd95fQvTVKfK7oDE0hPHeyp4ZoSBZeiJjl3XQrCRfOleD7+q2ZMoENWcS/K
qfzD3JvnkKhSej5EGWy2sr/VhoBq7aRW2TGqLx345Z4i1jwpDE1+K3hH5H7hwqmV
5xLshXmqYQBlf90XuTq9kM+5THQT4POO1BoeeiH7JgYhtyF9jbIuxFndphhGT/vF
jj2HZ+nigt6iWNS+GapD35GEch4V6WoQLXbwyEvfvLbFpoz6Ma0+4msdU0d0xgoJ
M+fENeKaYGVo3+RfijfWWtw9ZFsidMmPnD47Fgo3/9p3g3bThx2huh2LnQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGY/NHPo2m5oKgZrsE+wR2AJNpbcMB8GA1UdIwQY
MBaAFMyN+IBUBg32hbupc5Ej6DQtR56EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekkzNGdGUUdEZmFGdTZsemtTUG9OQzFIbm9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9kYjhkMzgtMDc3Zi00ZDc3LTkzODMt
ZGM3ODFjYzJhMjU4LzEvWmo4MGMtamFibWdxQm11d1Q3QkhZQWsybHR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9kYjhkMzgtMDc3Zi00ZDc3LTkzODMtZGM3ODFjYzJhMjU4
LzEvekkzNGdGUUdEZmFGdTZsemtTUG9OQzFIbm9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC3Q
MA0GCSqGSIb3DQEBCwUAA4IBAQBWZT6jZsVV5HGEYg/LeygPNmdAtKx9prFsjSyw
7ImOuzhyfv4fBby+bsVe+hUjO1p11xy2HS9iNnSCCm+uDC3+u9EKFBoOCO/xNsqz
5FSsVgMEbCCoUWjpCXEh3sbMhbvfFyBXzCW0D88jtZm8Zm04khoyMgw36PbrHmM8
i5XpdL4paNghoB0gowl0TnXm3/0nt4LbuvqDO7FZtfGdBtkIF3Xv5Prcd4TP4Ef0
EYPGWWHX67rGkJhpsrX4YVDotR0LrrfkLhHzFeAwyyeLw5ES9HPxRHJdTDVE7fGu
xGFfreGPrXmZyOhByWnQD/U/CCky07EKtkOYcROVwJR443RL
-----END CERTIFICATE-----