Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/pzRyDYsSZJv8LWDeYPaiz8cgCuM.roa
File:                     pzRyDYsSZJv8LWDeYPaiz8cgCuM.roa (raw, json)
Hash identifier:          xXCdHGJ9zGQUoCHq51+MESjAcT3CZX3VXzUWm0umwK4=
Subject key identifier:   A7:34:72:0D:8B:12:64:9B:FC:2D:60:DE:60:F6:A2:CF:C7:20:0A:E3
Certificate issuer:       /CN=7a938a935f8baf9cd933906416590d782e7287c7
Certificate serial:       018CCA2AF9D33C04F3C9171FEAE968657A21
Authority key identifier: 7A:93:8A:93:5F:8B:AF:9C:D9:33:90:64:16:59:0D:78:2E:72:87:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/epOKk1-Lr5zZM5BkFlkNeC5yh8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/pzRyDYsSZJv8LWDeYPaiz8cgCuM.roa
Signing time:             Tue 02 Jan 2024 12:34:23 +0000
ROA not before:           Tue 02 Jan 2024 12:34:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8792
IP address blocks:        2001:67c:1170::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/epOKk1-Lr5zZM5BkFlkNeC5yh8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/epOKk1-Lr5zZM5BkFlkNeC5yh8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/epOKk1-Lr5zZM5BkFlkNeC5yh8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:f9:d3:3c:04:f3:c9:17:1f:ea:e9:68:65:7a:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a938a935f8baf9cd933906416590d782e7287c7
        Validity
            Not Before: Jan  2 12:34:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a734720d8b12649bfc2d60de60f6a2cfc7200ae3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d2:fb:e6:dd:b2:21:f5:5d:75:19:e6:70:39:
                    1c:ac:e2:92:60:c7:69:19:77:00:5a:74:17:8e:32:
                    f7:fa:91:f4:3c:2c:99:2e:3f:d0:b4:ce:7f:bc:07:
                    7d:9b:62:42:38:30:42:a8:60:92:74:53:7c:e9:a1:
                    4a:3e:fe:27:2d:6f:66:a3:49:0c:32:b2:b1:09:47:
                    a3:26:c7:0b:8e:2a:c0:fc:0d:d2:0a:c9:ac:15:72:
                    28:39:a2:53:30:91:b3:93:2c:41:e7:41:d7:58:f0:
                    b7:4c:8d:73:54:b3:b7:bf:1c:78:4f:76:ce:38:4e:
                    0b:dc:61:89:66:12:a8:2f:40:d8:24:c5:40:0a:79:
                    01:57:4b:8c:b8:de:2c:54:d1:ab:f7:ac:ab:70:51:
                    7f:15:84:ed:cf:d6:fb:7c:b3:57:c8:93:4a:32:50:
                    fc:51:63:27:51:02:f5:d3:48:01:c1:c9:d8:69:46:
                    5a:ec:43:46:50:f0:d8:e4:62:7a:25:fa:8f:3f:d8:
                    64:b1:f0:5c:ac:ac:39:c2:6e:d0:bb:b5:8f:48:24:
                    81:da:00:95:30:37:dd:dd:c7:57:fe:41:d7:f0:5f:
                    25:3e:29:6e:ae:66:11:fb:c4:d4:16:86:46:2d:75:
                    0b:81:ce:91:59:aa:4b:56:41:c2:8a:46:57:6e:94:
                    c6:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:34:72:0D:8B:12:64:9B:FC:2D:60:DE:60:F6:A2:CF:C7:20:0A:E3
            X509v3 Authority Key Identifier:
                keyid:7A:93:8A:93:5F:8B:AF:9C:D9:33:90:64:16:59:0D:78:2E:72:87:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/epOKk1-Lr5zZM5BkFlkNeC5yh8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/pzRyDYsSZJv8LWDeYPaiz8cgCuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/epOKk1-Lr5zZM5BkFlkNeC5yh8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1170::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:17:0a:d3:dc:b9:e8:60:16:69:82:52:1c:21:18:7e:d3:3f:
         80:cc:b3:4c:f1:66:d4:c7:b5:ef:cf:a9:53:06:8d:a8:d3:95:
         88:9d:d1:53:7f:73:e7:63:9c:08:25:3b:8a:98:92:b4:bb:cf:
         cd:fe:65:a3:c4:65:04:0c:c3:c9:47:94:fc:75:29:3a:07:b6:
         34:bf:ac:c5:97:db:7c:9e:5e:aa:7e:52:e3:b2:4b:90:d3:a0:
         ca:9a:1e:4b:1f:82:9e:a7:c5:df:82:0a:18:8a:fd:49:c9:fb:
         68:32:22:e3:bb:9d:8c:68:c3:4d:55:7e:9d:67:42:37:13:34:
         58:65:80:8e:43:4c:0f:26:07:ff:7b:94:f8:61:0b:f0:6c:da:
         b5:ab:92:8f:93:2c:f8:2e:f2:b7:8a:60:d9:95:a5:4b:ea:86:
         15:96:78:e7:a1:f7:6d:de:fb:7d:35:5a:63:ea:8b:37:7e:c0:
         4a:35:d5:90:ba:39:49:78:4d:cc:d2:58:9e:6c:df:e1:06:49:
         79:4d:35:a8:03:33:41:e2:dd:d5:91:0c:b5:b6:59:4f:b2:c5:
         e5:21:ed:24:0d:4e:52:ae:c7:30:76:57:b2:ae:58:e4:8c:c3:
         0e:b4:15:a7:51:af:dc:13:15:74:cb:2d:af:b8:8d:61:f9:c5:
         33:27:1f:a6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKvnTPATzyRcf6uloZXohMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhOTM4YTkzNWY4YmFmOWNkOTMzOTA2NDE2NTkwZDc4MmU3
Mjg3YzcwHhcNMjQwMTAyMTIzNDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzM0NzIwZDhiMTI2NDliZmMyZDYwZGU2MGY2YTJjZmM3MjAwYWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNL75t2yIfVddRnmcDkcrOKSYMdp
GXcAWnQXjjL3+pH0PCyZLj/QtM5/vAd9m2JCODBCqGCSdFN86aFKPv4nLW9mo0kM
MrKxCUejJscLjirA/A3SCsmsFXIoOaJTMJGzkyxB50HXWPC3TI1zVLO3vxx4T3bO
OE4L3GGJZhKoL0DYJMVACnkBV0uMuN4sVNGr96yrcFF/FYTtz9b7fLNXyJNKMlD8
UWMnUQL100gBwcnYaUZa7ENGUPDY5GJ6JfqPP9hksfBcrKw5wm7Qu7WPSCSB2gCV
MDfd3cdX/kHX8F8lPilurmYR+8TUFoZGLXULgc6RWapLVkHCikZXbpTGywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKc0cg2LEmSb/C1g3mD2os/HIArjMB8GA1UdIwQY
MBaAFHqTipNfi6+c2TOQZBZZDXgucofHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXBPS2sxLUxyNXpaTTVCa0Zsa05lQzV5aDhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9mZjBiZmMtMjZmZS00NDEyLWEyMzIt
MzE5OTlmM2FkZDM2LzEvcHpSeURZc1NaSnY4TFdEZVlQYWl6OGNnQ3VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9mZjBiZmMtMjZmZS00NDEyLWEyMzItMzE5OTlmM2FkZDM2
LzEvZXBPS2sxLUxyNXpaTTVCa0Zsa05lQzV5aDhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBFw
MA0GCSqGSIb3DQEBCwUAA4IBAQAwFwrT3LnoYBZpglIcIRh+0z+AzLNM8WbUx7Xv
z6lTBo2o05WIndFTf3PnY5wIJTuKmJK0u8/N/mWjxGUEDMPJR5T8dSk6B7Y0v6zF
l9t8nl6qflLjskuQ06DKmh5LH4Kep8XfggoYiv1JyftoMiLju52MaMNNVX6dZ0I3
EzRYZYCOQ0wPJgf/e5T4YQvwbNq1q5KPkyz4LvK3imDZlaVL6oYVlnjnofdt3vt9
NVpj6os3fsBKNdWQujlJeE3M0liebN/hBkl5TTWoAzNB4t3VkQy1tllPssXlIe0k
DU5SrscwdleyrljkjMMOtBWnUa/cExV0yy2vuI1h+cUzJx+m
-----END CERTIFICATE-----