Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/1383aa-108b-46ef-ac9e-9cee23a60566/1/KZZa85m8al-qtS4ZqFjyiCdj7-A.roa
File:                     KZZa85m8al-qtS4ZqFjyiCdj7-A.roa (raw, json)
Hash identifier:          MnXipwiCBwZ4iTm/qORZBhrosrO0FH5e3AtOUYg6Myc=
Subject key identifier:   29:96:5A:F3:99:BC:6A:5F:AA:B5:2E:19:A8:58:F2:88:27:63:EF:E0
Certificate issuer:       /CN=9e94d5bf3db7d6734dcf1be622d5fdee2fec3b8f
Certificate serial:       018CC86F2819AAE2F276D31148339A8730F4
Authority key identifier: 9E:94:D5:BF:3D:B7:D6:73:4D:CF:1B:E6:22:D5:FD:EE:2F:EC:3B:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npTVvz231nNNzxvmItX97i_sO48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/1383aa-108b-46ef-ac9e-9cee23a60566/1/KZZa85m8al-qtS4ZqFjyiCdj7-A.roa
Signing time:             Tue 02 Jan 2024 04:29:37 +0000
ROA not before:           Tue 02 Jan 2024 04:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206292
IP address blocks:        2001:67c:994::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/1383aa-108b-46ef-ac9e-9cee23a60566/1/npTVvz231nNNzxvmItX97i_sO48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/1383aa-108b-46ef-ac9e-9cee23a60566/1/npTVvz231nNNzxvmItX97i_sO48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npTVvz231nNNzxvmItX97i_sO48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:28:19:aa:e2:f2:76:d3:11:48:33:9a:87:30:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e94d5bf3db7d6734dcf1be622d5fdee2fec3b8f
        Validity
            Not Before: Jan  2 04:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29965af399bc6a5faab52e19a858f2882763efe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d3:13:68:ad:4a:4a:d6:c1:f6:dd:95:0f:32:
                    1f:50:77:f5:30:5d:5e:fd:ed:8b:97:8a:4e:c5:5d:
                    fe:1e:15:c7:14:e2:41:b9:91:4e:1a:09:93:67:0e:
                    4f:a2:1f:54:01:2a:ef:ce:5b:32:c5:2b:8a:45:ba:
                    37:d4:5e:7a:39:c0:81:06:d3:87:6a:aa:92:74:45:
                    9f:bf:bb:ad:61:02:c2:ca:69:8c:18:d5:df:fa:b1:
                    af:79:bc:25:2b:3d:6f:9e:a0:8a:a4:ca:72:f8:2d:
                    9e:da:d0:09:32:bc:22:97:a5:64:2a:d9:b4:27:fe:
                    0d:fb:7d:77:11:00:c2:d8:d6:01:62:5a:8c:ab:ef:
                    75:5e:2e:aa:db:d3:94:c6:1f:a0:21:4b:97:86:00:
                    a7:2c:d3:35:90:66:52:4b:01:76:8b:e5:c9:34:a1:
                    79:7f:1d:e0:be:55:b3:2d:7a:f2:35:e2:a1:58:68:
                    b5:b2:a3:3d:24:45:1d:83:bc:bd:28:9d:a1:e2:93:
                    78:40:96:9f:25:6b:da:34:37:a2:e4:9f:94:03:07:
                    7a:30:32:a4:b1:d9:30:3a:5e:06:6e:33:12:02:fd:
                    60:ba:c9:2e:6e:08:02:bb:d6:33:11:fb:a1:05:12:
                    b5:4b:37:3a:ab:ba:d6:ad:39:fd:aa:3c:ed:2a:be:
                    aa:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:96:5A:F3:99:BC:6A:5F:AA:B5:2E:19:A8:58:F2:88:27:63:EF:E0
            X509v3 Authority Key Identifier:
                keyid:9E:94:D5:BF:3D:B7:D6:73:4D:CF:1B:E6:22:D5:FD:EE:2F:EC:3B:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npTVvz231nNNzxvmItX97i_sO48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/1383aa-108b-46ef-ac9e-9cee23a60566/1/KZZa85m8al-qtS4ZqFjyiCdj7-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/1383aa-108b-46ef-ac9e-9cee23a60566/1/npTVvz231nNNzxvmItX97i_sO48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:994::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:ef:01:aa:e2:b2:91:b6:19:71:ee:95:ef:61:c0:c3:c7:fa:
         ea:75:93:5f:af:e5:f7:82:08:c2:ea:e8:2c:72:30:a7:6d:f4:
         f1:2b:8c:e4:89:82:85:05:e9:ef:34:22:60:a9:54:ed:ae:39:
         3f:11:31:77:1c:c7:b7:84:a5:ca:17:dc:d2:04:55:4f:1e:53:
         b8:47:ef:88:f6:fe:e4:1a:be:c4:f9:64:73:e2:08:5a:ed:81:
         c3:39:d1:32:d4:1b:7a:e7:3a:7a:18:87:17:98:2a:34:9f:2a:
         39:24:4a:e8:b4:96:ff:de:c3:52:94:66:8e:5a:50:9f:8e:cc:
         de:0e:d7:87:15:05:fd:40:ff:3e:0e:18:64:b8:1b:8d:82:31:
         05:e4:08:d5:b4:f2:31:2b:8a:16:34:40:07:69:d8:e3:11:0d:
         85:1a:3c:1c:5d:a1:21:16:33:1f:b1:4f:ae:ec:78:02:0d:72:
         17:ee:9d:44:d1:e1:a6:73:98:45:bb:a4:bc:f9:23:05:eb:ca:
         68:5b:7f:17:d0:ef:e8:e5:c5:11:2d:d2:01:9e:7f:0f:76:2b:
         56:24:72:43:6f:08:a5:2f:1c:97:0b:27:1d:fa:07:ac:ee:76:
         84:f7:ad:c3:ec:b3:92:e4:65:43:57:fd:d5:93:52:25:d4:f3:
         35:1d:b2:9e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIbygZquLydtMRSDOahzD0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTRkNWJmM2RiN2Q2NzM0ZGNmMWJlNjIyZDVmZGVlMmZl
YzNiOGYwHhcNMjQwMTAyMDQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTk2NWFmMzk5YmM2YTVmYWFiNTJlMTlhODU4ZjI4ODI3NjNlZmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktMTaK1KStbB9t2VDzIfUHf1MF1e
/e2Ll4pOxV3+HhXHFOJBuZFOGgmTZw5Poh9UASrvzlsyxSuKRbo31F56OcCBBtOH
aqqSdEWfv7utYQLCymmMGNXf+rGvebwlKz1vnqCKpMpy+C2e2tAJMrwil6VkKtm0
J/4N+313EQDC2NYBYlqMq+91Xi6q29OUxh+gIUuXhgCnLNM1kGZSSwF2i+XJNKF5
fx3gvlWzLXryNeKhWGi1sqM9JEUdg7y9KJ2h4pN4QJafJWvaNDei5J+UAwd6MDKk
sdkwOl4GbjMSAv1guskubggCu9YzEfuhBRK1Szc6q7rWrTn9qjztKr6qHwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCmWWvOZvGpfqrUuGahY8ognY+/gMB8GA1UdIwQY
MBaAFJ6U1b89t9ZzTc8b5iLV/e4v7DuPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBUVnZ6MjMxbk5Oenh2bUl0WDk3aV9zTzQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8xMzgzYWEtMTA4Yi00NmVmLWFjOWUt
OWNlZTIzYTYwNTY2LzEvS1paYTg1bThhbC1xdFM0WnFGanlpQ2RqNy1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8xMzgzYWEtMTA4Yi00NmVmLWFjOWUtOWNlZTIzYTYwNTY2
LzEvbnBUVnZ6MjMxbk5Oenh2bUl0WDk3aV9zTzQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAmU
MA0GCSqGSIb3DQEBCwUAA4IBAQBI7wGq4rKRthlx7pXvYcDDx/rqdZNfr+X3ggjC
6ugscjCnbfTxK4zkiYKFBenvNCJgqVTtrjk/ETF3HMe3hKXKF9zSBFVPHlO4R++I
9v7kGr7E+WRz4gha7YHDOdEy1Bt65zp6GIcXmCo0nyo5JErotJb/3sNSlGaOWlCf
jszeDteHFQX9QP8+DhhkuBuNgjEF5AjVtPIxK4oWNEAHadjjEQ2FGjwcXaEhFjMf
sU+u7HgCDXIX7p1E0eGmc5hFu6S8+SMF68poW38X0O/o5cURLdIBnn8PditWJHJD
bwilLxyXCycd+ges7naE963D7LOS5GVDV/3Vk1Il1PM1HbKe
-----END CERTIFICATE-----