Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/zKkpkc3vffLxReXhpQqWrIPDqDA.roa
File:                     zKkpkc3vffLxReXhpQqWrIPDqDA.roa (raw, json)
Hash identifier:          5V/G6/I4iLz/gcAVL2N2itsdtDC8qcDa9emBQWrsE2I=
Subject key identifier:   CC:A9:29:91:CD:EF:7D:F2:F1:45:E5:E1:A5:0A:96:AC:83:C3:A8:30
Certificate issuer:       /CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
Certificate serial:       018CC348F3A6F64718A6CB5BD9D7EA510BBF
Authority key identifier: 5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/zKkpkc3vffLxReXhpQqWrIPDqDA.roa
Signing time:             Mon 01 Jan 2024 04:29:47 +0000
ROA not before:           Mon 01 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8522
IP address blocks:        2001:648:2c30::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f3:a6:f6:47:18:a6:cb:5b:d9:d7:ea:51:0b:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
        Validity
            Not Before: Jan  1 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cca92991cdef7df2f145e5e1a50a96ac83c3a830
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e1:4c:b8:61:91:0d:29:8e:82:8e:eb:0c:3d:
                    8a:d9:b3:be:a6:92:b4:2a:01:2b:1a:a8:9b:95:38:
                    69:6b:a4:67:ad:da:d5:c1:55:e6:a5:2e:b7:f5:90:
                    e0:1a:cf:56:00:19:c1:4f:87:e3:fd:d4:41:2c:da:
                    5d:b5:4f:c0:7f:d0:38:53:83:cb:cd:8f:00:54:21:
                    62:0f:7d:bf:e6:4f:53:3f:fe:d5:af:33:d4:4b:80:
                    8d:c2:69:b0:19:69:da:8d:08:2b:2b:ab:30:70:11:
                    85:d0:bc:10:b3:52:dc:0c:8b:6d:eb:8e:31:75:de:
                    71:0d:3d:a6:56:38:ad:7b:45:01:86:85:b8:44:d0:
                    9b:96:b5:bf:21:9d:ae:47:dc:85:ce:57:fd:04:b1:
                    b8:7a:45:b2:9e:21:57:89:81:6c:2c:93:ba:67:f2:
                    e3:33:de:0d:38:2b:56:25:93:37:6b:46:ac:2b:5a:
                    d9:40:d7:00:14:53:79:2d:c7:5a:8f:93:44:26:9f:
                    5b:bc:80:45:1b:86:b3:28:93:15:c4:08:33:c6:49:
                    f6:9a:bd:6b:8c:b1:ae:3f:b8:22:55:f6:20:a2:41:
                    45:c7:9f:fc:ae:22:e3:fa:74:36:34:e3:40:3b:5a:
                    c3:b2:05:ff:c8:b5:67:0e:9d:fe:3b:6e:d9:69:f9:
                    06:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:A9:29:91:CD:EF:7D:F2:F1:45:E5:E1:A5:0A:96:AC:83:C3:A8:30
            X509v3 Authority Key Identifier:
                keyid:5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/zKkpkc3vffLxReXhpQqWrIPDqDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:648:2c30::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:20:01:89:ba:3c:e6:ac:fc:01:00:f9:9f:1b:7f:7a:72:3d:
         15:80:ee:f9:ff:55:41:1a:1e:db:bd:a0:df:2d:64:2d:65:36:
         90:b5:99:03:52:9f:a3:6a:51:57:27:ba:91:c8:f6:9b:ee:cb:
         e0:90:f2:b2:4e:53:d1:38:55:f4:64:bc:62:5b:64:9b:a7:1e:
         67:3d:b7:2f:cc:b4:ae:fc:81:4c:90:0b:d7:b4:4b:51:38:ed:
         eb:14:ca:f7:9a:bd:ff:e0:ca:64:58:f0:97:c9:21:46:54:b0:
         95:43:de:2d:36:12:6b:e9:0e:81:2c:e0:14:3b:dd:40:cd:80:
         77:b4:86:02:fb:94:f2:2a:cd:ca:96:91:c3:2c:6a:2b:65:90:
         1a:c1:c7:7d:e0:32:34:7f:b5:3f:b1:cb:b7:ac:5c:37:9d:e3:
         7f:6c:ee:17:b8:07:f7:64:69:26:d1:3b:ed:69:f6:f3:80:b6:
         b5:8f:e0:4f:bb:42:fa:e7:46:e5:8b:b7:8f:e4:08:03:eb:0e:
         68:d7:51:90:56:12:f5:10:e2:45:b8:8f:39:d4:23:fa:fc:fe:
         d7:07:31:e1:eb:b2:ea:b4:24:88:fb:86:11:b6:74:fb:30:8e:
         a8:0f:c1:74:8c:6d:b9:7a:2c:33:55:56:c0:f7:75:ed:13:77:
         a2:71:6e:49
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSPOm9kcYpstb2dfqUQu/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNmY5Mjk1NTIxZGYzMGExNThmNTA2YmE3Y2I4NzNhYjk1
MjlkYzMwHhcNMjQwMTAxMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2E5Mjk5MWNkZWY3ZGYyZjE0NWU1ZTFhNTBhOTZhYzgzYzNhODMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOFMuGGRDSmOgo7rDD2K2bO+ppK0
KgErGqiblThpa6RnrdrVwVXmpS639ZDgGs9WABnBT4fj/dRBLNpdtU/Af9A4U4PL
zY8AVCFiD32/5k9TP/7VrzPUS4CNwmmwGWnajQgrK6swcBGF0LwQs1LcDItt644x
dd5xDT2mVjite0UBhoW4RNCblrW/IZ2uR9yFzlf9BLG4ekWyniFXiYFsLJO6Z/Lj
M94NOCtWJZM3a0asK1rZQNcAFFN5Lcdaj5NEJp9bvIBFG4azKJMVxAgzxkn2mr1r
jLGuP7giVfYgokFFx5/8riLj+nQ2NONAO1rDsgX/yLVnDp3+O27ZafkG0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMypKZHN733y8UXl4aUKlqyDw6gwMB8GA1UdIwQY
MBaAFFpvkpVSHfMKFY9Qa6fLhzq5Up3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2Ut
YWFhNDU1M2QyYWJkLzEvektrcGtjM3ZmZkx4UmVYaHBRcVdySVBEcURBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2UtYWFhNDU1M2QyYWJk
LzEvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGSCww
MA0GCSqGSIb3DQEBCwUAA4IBAQCkIAGJujzmrPwBAPmfG396cj0VgO75/1VBGh7b
vaDfLWQtZTaQtZkDUp+jalFXJ7qRyPab7svgkPKyTlPROFX0ZLxiW2Sbpx5nPbcv
zLSu/IFMkAvXtEtROO3rFMr3mr3/4MpkWPCXySFGVLCVQ94tNhJr6Q6BLOAUO91A
zYB3tIYC+5TyKs3KlpHDLGorZZAawcd94DI0f7U/scu3rFw3neN/bO4XuAf3ZGkm
0TvtafbzgLa1j+BPu0L650bli7eP5AgD6w5o11GQVhL1EOJFuI851CP6/P7XBzHh
67LqtCSI+4YRtnT7MI6oD8F0jG25eiwzVVbA93XtE3eicW5J
-----END CERTIFICATE-----