Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/uxG-b3QZ80TLApnpnmHrSD1tDHo.roa
File:                     uxG-b3QZ80TLApnpnmHrSD1tDHo.roa (raw, json)
Hash identifier:          VuzzT8/WuEPexiApupjdN/wLmBI477F/XQ+wOt8Bua0=
Subject key identifier:   BB:11:BE:6F:74:19:F3:44:CB:02:99:E9:9E:61:EB:48:3D:6D:0C:7A
Certificate issuer:       /CN=a7ddfaf13b7dbe05daa32b5878b8b68024045971
Certificate serial:       018CC500D1CFA5A5D3BD80BFA2D2A76B8F78
Authority key identifier: A7:DD:FA:F1:3B:7D:BE:05:DA:A3:2B:58:78:B8:B6:80:24:04:59:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p9368Tt9vgXaoytYeLi2gCQEWXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/uxG-b3QZ80TLApnpnmHrSD1tDHo.roa
Signing time:             Mon 01 Jan 2024 12:30:14 +0000
ROA not before:           Mon 01 Jan 2024 12:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35684
IP address blocks:        2001:67c:74::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/p9368Tt9vgXaoytYeLi2gCQEWXE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/p9368Tt9vgXaoytYeLi2gCQEWXE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p9368Tt9vgXaoytYeLi2gCQEWXE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:d1:cf:a5:a5:d3:bd:80:bf:a2:d2:a7:6b:8f:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7ddfaf13b7dbe05daa32b5878b8b68024045971
        Validity
            Not Before: Jan  1 12:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb11be6f7419f344cb0299e99e61eb483d6d0c7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:89:04:33:9a:f6:05:da:bc:f5:4b:37:35:bd:
                    e3:70:bd:ad:dc:1d:25:a2:22:70:27:49:4d:ad:80:
                    ac:09:a2:f4:fd:78:96:6f:ae:9f:ef:96:27:c5:c3:
                    c2:c3:7a:c1:dd:e7:e3:2b:38:8f:6b:dd:5f:e1:60:
                    a1:c5:b7:2b:ff:7b:83:7d:65:78:fa:4b:a2:a1:0a:
                    45:0d:c7:f0:fc:4a:65:83:e1:e0:d8:5f:b9:0c:cb:
                    7a:af:2d:28:6f:02:57:28:2e:01:a7:01:5b:0b:c7:
                    eb:97:95:9e:21:8a:b6:1f:56:ce:1f:15:40:95:e5:
                    2f:1d:1a:30:58:a5:e1:a6:cc:b4:f5:fa:ff:29:d1:
                    61:a2:4b:e5:01:69:05:26:3c:1f:34:08:73:37:65:
                    2f:bf:01:bd:05:84:54:e1:c4:31:e0:32:12:4f:7b:
                    18:9d:61:58:fa:bb:da:f9:0a:90:a0:76:1f:9c:fb:
                    ad:53:70:1f:d5:50:c5:45:02:d5:e6:38:3d:05:16:
                    18:b4:9e:ea:83:70:c8:fe:68:52:57:c9:4e:e4:29:
                    92:97:d6:91:f2:ac:7e:55:ad:dd:01:af:28:db:b6:
                    95:66:95:05:62:db:47:4b:91:c3:2a:f1:76:ec:bb:
                    90:8c:48:77:71:7a:71:ee:af:80:1d:79:02:f9:1c:
                    8c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:11:BE:6F:74:19:F3:44:CB:02:99:E9:9E:61:EB:48:3D:6D:0C:7A
            X509v3 Authority Key Identifier:
                keyid:A7:DD:FA:F1:3B:7D:BE:05:DA:A3:2B:58:78:B8:B6:80:24:04:59:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p9368Tt9vgXaoytYeLi2gCQEWXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/uxG-b3QZ80TLApnpnmHrSD1tDHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/p9368Tt9vgXaoytYeLi2gCQEWXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:74::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:fb:2a:fe:b9:2a:bd:55:3d:a0:c8:a8:f1:99:a9:53:9d:b7:
         9a:3b:72:75:32:96:d7:24:d9:2a:49:78:95:43:ec:78:83:83:
         ac:db:27:5a:c7:bd:6b:0e:4e:be:cd:83:48:c3:2f:1c:a4:7f:
         ca:c8:8e:57:f4:93:b9:e8:86:79:73:fa:9d:94:1a:0a:10:8b:
         b8:e3:43:e1:c4:10:26:04:e8:ea:71:52:a0:ea:14:8f:19:c7:
         23:eb:51:2a:b5:fb:34:c4:5e:72:6e:cb:d6:72:93:a2:e6:5e:
         66:9c:d4:98:38:2e:1a:37:8b:52:28:1b:f8:a4:16:82:aa:de:
         34:28:93:eb:34:f0:71:a2:09:0e:a8:4f:58:81:a5:33:9c:8b:
         d6:4b:49:6a:42:25:96:88:18:28:04:b6:ab:3b:fa:d4:f8:68:
         2f:6e:97:93:8f:0f:10:46:fc:b8:7e:0d:a7:1c:0d:30:e4:d0:
         8c:4c:1d:b2:d8:09:fa:d8:20:5d:66:a2:b0:4c:10:de:c6:2c:
         22:32:63:00:0c:3f:4d:73:21:74:03:5a:80:50:32:c0:fd:24:
         56:8c:e1:7c:24:f5:c0:8a:7d:35:16:41:68:ee:e0:9a:03:a3:
         dd:88:92:04:fe:5d:1d:d9:c2:b1:09:93:c2:25:59:4a:ee:96:
         35:91:9f:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFANHPpaXTvYC/otKna494MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZGRmYWYxM2I3ZGJlMDVkYWEzMmI1ODc4YjhiNjgwMjQw
NDU5NzEwHhcNMjQwMTAxMTIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjExYmU2Zjc0MTlmMzQ0Y2IwMjk5ZTk5ZTYxZWI0ODNkNmQwYzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYkEM5r2Bdq89Us3Nb3jcL2t3B0l
oiJwJ0lNrYCsCaL0/XiWb66f75YnxcPCw3rB3efjKziPa91f4WChxbcr/3uDfWV4
+kuioQpFDcfw/Eplg+Hg2F+5DMt6ry0obwJXKC4BpwFbC8frl5WeIYq2H1bOHxVA
leUvHRowWKXhpsy09fr/KdFhokvlAWkFJjwfNAhzN2UvvwG9BYRU4cQx4DIST3sY
nWFY+rva+QqQoHYfnPutU3Af1VDFRQLV5jg9BRYYtJ7qg3DI/mhSV8lO5CmSl9aR
8qx+Va3dAa8o27aVZpUFYttHS5HDKvF27LuQjEh3cXpx7q+AHXkC+RyMswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLsRvm90GfNEywKZ6Z5h60g9bQx6MB8GA1UdIwQY
MBaAFKfd+vE7fb4F2qMrWHi4toAkBFlxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDkzNjhUdDl2Z1hhb3l0WWVMaTJnQ1FFV1hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mMmIwODMtYjNiOS00YWE2LWExNDkt
ZmJiNTUzYjg0NjQxLzEvdXhHLWIzUVo4MFRMQXBucG5tSHJTRDF0REhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mMmIwODMtYjNiOS00YWE2LWExNDktZmJiNTUzYjg0NjQx
LzEvcDkzNjhUdDl2Z1hhb3l0WWVMaTJnQ1FFV1hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAB0
MA0GCSqGSIb3DQEBCwUAA4IBAQCM+yr+uSq9VT2gyKjxmalTnbeaO3J1MpbXJNkq
SXiVQ+x4g4Os2ydax71rDk6+zYNIwy8cpH/KyI5X9JO56IZ5c/qdlBoKEIu440Ph
xBAmBOjqcVKg6hSPGccj61Eqtfs0xF5ybsvWcpOi5l5mnNSYOC4aN4tSKBv4pBaC
qt40KJPrNPBxogkOqE9YgaUznIvWS0lqQiWWiBgoBLarO/rU+GgvbpeTjw8QRvy4
fg2nHA0w5NCMTB2y2An62CBdZqKwTBDexiwiMmMADD9NcyF0A1qAUDLA/SRWjOF8
JPXAin01FkFo7uCaA6PdiJIE/l0d2cKxCZPCJVlK7pY1kZ/j
-----END CERTIFICATE-----