Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/Va7HfjQgjvpr1-zTYcSX8ALm15Q.roa
File:                     Va7HfjQgjvpr1-zTYcSX8ALm15Q.roa (raw, json)
Hash identifier:          HaI9aVULYHJHysqttMQswrrutX8anZqzCbASvQkw/S4=
Subject key identifier:   55:AE:C7:7E:34:20:8E:FA:6B:D7:EC:D3:61:C4:97:F0:02:E6:D7:94
Certificate issuer:       /CN=0bac82804700ad36538bf86f34c073e971430da5
Certificate serial:       018CC56E42BABAFE166EF04E5EAA468F1DF4
Authority key identifier: 0B:AC:82:80:47:00:AD:36:53:8B:F8:6F:34:C0:73:E9:71:43:0D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C6yCgEcArTZTi_hvNMBz6XFDDaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/Va7HfjQgjvpr1-zTYcSX8ALm15Q.roa
Signing time:             Mon 01 Jan 2024 14:29:46 +0000
ROA not before:           Mon 01 Jan 2024 14:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39840
IP address blocks:        2001:67c:2554::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/C6yCgEcArTZTi_hvNMBz6XFDDaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/C6yCgEcArTZTi_hvNMBz6XFDDaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C6yCgEcArTZTi_hvNMBz6XFDDaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:42:ba:ba:fe:16:6e:f0:4e:5e:aa:46:8f:1d:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bac82804700ad36538bf86f34c073e971430da5
        Validity
            Not Before: Jan  1 14:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55aec77e34208efa6bd7ecd361c497f002e6d794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:24:ae:51:a7:26:43:82:8a:63:2f:7d:da:f7:
                    51:b9:a5:c1:93:4d:db:c0:34:cd:12:a9:b2:af:60:
                    89:9e:65:30:ab:9d:fc:99:0c:80:e9:33:be:96:ca:
                    e9:48:29:85:1c:68:c1:f2:f1:f2:5e:19:44:88:fa:
                    4f:c9:31:9c:7f:3d:d5:02:b6:b1:1d:0d:03:e1:9a:
                    5a:ed:ea:c0:33:6b:83:63:a0:32:49:64:c9:61:d3:
                    32:b1:8f:64:ee:d5:41:82:e8:1b:ac:ce:31:9f:9f:
                    85:4f:7f:f1:f0:a6:e1:62:9c:7b:be:d2:ab:00:c2:
                    f6:93:bb:69:4d:e1:b4:97:a7:ea:9b:17:8b:3e:fb:
                    be:e9:fc:fd:9f:67:b0:74:a8:16:ee:d3:c5:82:e6:
                    62:d2:ab:e5:1b:82:ba:e6:4c:d6:2b:11:32:8f:6d:
                    5f:99:a6:65:49:ac:23:74:c7:e2:c3:f9:43:7f:e8:
                    a7:59:8d:12:70:92:cd:e6:92:b8:c6:84:cb:bf:28:
                    2c:b7:6a:93:84:67:b4:a6:05:3b:a7:95:a9:87:2f:
                    b0:50:21:17:1c:05:48:ea:63:90:b1:bb:ec:32:39:
                    3f:db:c3:e2:99:9e:7d:a5:f8:d2:d8:62:41:89:3b:
                    46:a3:dd:3b:ef:c8:df:77:ab:df:ca:23:07:78:96:
                    40:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:AE:C7:7E:34:20:8E:FA:6B:D7:EC:D3:61:C4:97:F0:02:E6:D7:94
            X509v3 Authority Key Identifier:
                keyid:0B:AC:82:80:47:00:AD:36:53:8B:F8:6F:34:C0:73:E9:71:43:0D:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C6yCgEcArTZTi_hvNMBz6XFDDaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/Va7HfjQgjvpr1-zTYcSX8ALm15Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/C6yCgEcArTZTi_hvNMBz6XFDDaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2554::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:97:3d:a5:bc:2f:99:59:c0:a0:40:8e:d8:3a:93:86:7f:bd:
         c6:42:56:30:cc:c0:6a:ae:b6:a6:b5:9c:c8:52:88:83:a6:69:
         1f:e0:7e:fe:49:57:21:c7:fa:cb:49:12:ec:bb:a0:85:f3:bd:
         0e:9e:16:ae:67:05:5c:26:e1:2c:f4:72:cd:6f:54:22:71:be:
         f3:b4:7f:3a:16:56:ea:cd:90:97:62:74:de:35:3b:37:34:13:
         c2:97:d0:29:b3:ec:fa:15:44:68:bd:9e:a6:20:23:f5:89:36:
         52:4a:36:00:a0:26:66:6f:23:bd:af:0d:a2:65:26:c0:81:42:
         23:91:dd:89:52:c6:1c:c7:27:b5:39:1b:0b:f4:1a:67:f9:cd:
         73:31:1f:51:17:06:48:0c:87:63:8c:f1:d1:93:17:96:05:b6:
         b0:05:ea:2f:ba:38:97:7f:ea:65:9c:a7:ae:fe:5f:8a:e3:6d:
         a0:b0:72:96:87:2b:5f:04:91:b6:cf:0c:bb:9e:22:ba:2e:f1:
         e3:e6:c2:ca:a1:14:5a:b2:5a:8c:05:e0:e9:af:23:55:a3:1c:
         10:17:e0:f5:10:ba:96:e1:1f:7e:44:ac:de:1b:46:39:be:1b:
         c0:46:af:45:b3:4e:06:46:59:94:8f:6d:34:55:8e:d4:83:ef:
         d9:22:d8:d9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbkK6uv4WbvBOXqpGjx30MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYWM4MjgwNDcwMGFkMzY1MzhiZjg2ZjM0YzA3M2U5NzE0
MzBkYTUwHhcNMjQwMTAxMTQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWFlYzc3ZTM0MjA4ZWZhNmJkN2VjZDM2MWM0OTdmMDAyZTZkNzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgySuUacmQ4KKYy992vdRuaXBk03b
wDTNEqmyr2CJnmUwq538mQyA6TO+lsrpSCmFHGjB8vHyXhlEiPpPyTGcfz3VArax
HQ0D4Zpa7erAM2uDY6AySWTJYdMysY9k7tVBgugbrM4xn5+FT3/x8KbhYpx7vtKr
AML2k7tpTeG0l6fqmxeLPvu+6fz9n2ewdKgW7tPFguZi0qvlG4K65kzWKxEyj21f
maZlSawjdMfiw/lDf+inWY0ScJLN5pK4xoTLvygst2qThGe0pgU7p5Wphy+wUCEX
HAVI6mOQsbvsMjk/28PimZ59pfjS2GJBiTtGo90778jfd6vfyiMHeJZAmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFWux340II76a9fs02HEl/AC5teUMB8GA1UdIwQY
MBaAFAusgoBHAK02U4v4bzTAc+lxQw2lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzZ5Q2dFY0FyVFpUaV9odk5NQno2WEZERGFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9hNzI4OTEtZGUyZi00MTU2LWEwMTEt
NDNmNjRiY2VhOTlkLzEvVmE3SGZqUWdqdnByMS16VFljU1g4QUxtMTVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9hNzI4OTEtZGUyZi00MTU2LWEwMTEtNDNmNjRiY2VhOTlk
LzEvQzZ5Q2dFY0FyVFpUaV9odk5NQno2WEZERGFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCVU
MA0GCSqGSIb3DQEBCwUAA4IBAQB+lz2lvC+ZWcCgQI7YOpOGf73GQlYwzMBqrram
tZzIUoiDpmkf4H7+SVchx/rLSRLsu6CF870OnhauZwVcJuEs9HLNb1Qicb7ztH86
FlbqzZCXYnTeNTs3NBPCl9Aps+z6FURovZ6mICP1iTZSSjYAoCZmbyO9rw2iZSbA
gUIjkd2JUsYcxye1ORsL9Bpn+c1zMR9RFwZIDIdjjPHRkxeWBbawBeovujiXf+pl
nKeu/l+K422gsHKWhytfBJG2zwy7niK6LvHj5sLKoRRaslqMBeDpryNVoxwQF+D1
ELqW4R9+RKzeG0Y5vhvARq9Fs04GRlmUj200VY7Ug+/ZItjZ
-----END CERTIFICATE-----