Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/093fcb-fe77-449b-a1af-21bc48ef1660/1/zl580nsrv7s5VPrw6V4GObrB3io.roa
File:                     zl580nsrv7s5VPrw6V4GObrB3io.roa (raw, json)
Hash identifier:          E2ulSdvyYERWO6+rnsZxH7zxNCtgDe7kfODcghpehHI=
Subject key identifier:   CE:5E:7C:D2:7B:2B:BF:BB:39:54:FA:F0:E9:5E:06:39:BA:C1:DE:2A
Certificate issuer:       /CN=4978a8641ce785be34685030527723e5fdce562a
Certificate serial:       018CC6B8B325C0F1C6CC6BDF4D4D7465AC9C
Authority key identifier: 49:78:A8:64:1C:E7:85:BE:34:68:50:30:52:77:23:E5:FD:CE:56:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SXioZBznhb40aFAwUncj5f3OVio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/093fcb-fe77-449b-a1af-21bc48ef1660/1/zl580nsrv7s5VPrw6V4GObrB3io.roa
Signing time:             Mon 01 Jan 2024 20:30:42 +0000
ROA not before:           Mon 01 Jan 2024 20:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215912
IP address blocks:        2001:67c:d60::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/093fcb-fe77-449b-a1af-21bc48ef1660/1/SXioZBznhb40aFAwUncj5f3OVio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/093fcb-fe77-449b-a1af-21bc48ef1660/1/SXioZBznhb40aFAwUncj5f3OVio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SXioZBznhb40aFAwUncj5f3OVio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:b3:25:c0:f1:c6:cc:6b:df:4d:4d:74:65:ac:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4978a8641ce785be34685030527723e5fdce562a
        Validity
            Not Before: Jan  1 20:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce5e7cd27b2bbfbb3954faf0e95e0639bac1de2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:64:56:61:91:3f:da:8a:81:9f:a0:31:5c:ed:
                    18:fa:3e:cf:ae:91:fa:11:0e:b5:b2:17:f9:db:8d:
                    d3:a3:b3:d1:9e:8f:e5:54:e4:ff:d7:18:80:d6:02:
                    0f:f2:1f:8f:07:a2:66:ba:84:16:8a:f0:60:f5:6a:
                    bc:9f:2e:77:f7:2b:2c:5e:d0:17:09:bd:46:9b:7b:
                    a3:f6:58:2c:ea:66:84:99:b8:21:d9:ac:62:c6:65:
                    63:49:d4:5c:0a:fc:5b:d0:ab:17:5d:4d:75:a7:58:
                    9e:94:4b:4d:34:ed:00:9c:b2:af:a7:73:9a:34:62:
                    73:00:04:ca:52:7e:3a:20:9f:7f:ca:a3:66:52:bd:
                    ab:4f:83:37:a2:eb:d6:34:bb:49:a9:8e:eb:ba:7c:
                    b7:87:be:aa:93:8a:a8:38:a0:37:ac:88:25:22:82:
                    0d:ff:91:16:20:b0:b4:25:c5:7d:70:fe:e6:1e:6c:
                    75:5c:a7:2a:37:ce:26:50:1c:4a:3f:e0:59:89:36:
                    3b:ad:21:2a:83:5a:c3:81:82:c9:91:0e:7b:02:c6:
                    03:0d:c9:32:de:fa:64:21:0e:88:96:2a:98:f4:7b:
                    d4:f3:40:5c:b6:b9:2b:ec:2d:c7:4c:03:db:b7:83:
                    cd:3d:ac:55:54:be:ac:f7:73:b8:d5:fb:20:40:5c:
                    e8:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:5E:7C:D2:7B:2B:BF:BB:39:54:FA:F0:E9:5E:06:39:BA:C1:DE:2A
            X509v3 Authority Key Identifier:
                keyid:49:78:A8:64:1C:E7:85:BE:34:68:50:30:52:77:23:E5:FD:CE:56:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SXioZBznhb40aFAwUncj5f3OVio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/093fcb-fe77-449b-a1af-21bc48ef1660/1/zl580nsrv7s5VPrw6V4GObrB3io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/093fcb-fe77-449b-a1af-21bc48ef1660/1/SXioZBznhb40aFAwUncj5f3OVio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d60::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:f3:0e:85:01:6b:1e:63:2b:b9:52:35:60:87:9e:06:eb:e1:
         64:51:43:68:56:01:4b:e1:be:0d:04:e4:14:53:b0:1f:3d:5f:
         16:63:21:50:ed:bc:e4:ab:49:ee:b9:4d:05:b2:a2:6c:55:4e:
         52:ae:fc:ae:fb:12:32:3f:eb:29:1c:c9:05:ef:69:3b:3e:65:
         77:44:10:e9:f1:fa:e1:9a:ed:97:2a:01:0f:de:d4:bc:01:8e:
         cc:13:e5:0c:dd:d2:2d:bb:de:77:aa:9d:9e:83:00:1f:8a:ce:
         96:26:38:40:1e:58:10:4e:cd:b6:eb:a2:54:94:5e:e3:27:cc:
         b9:a2:51:9c:d1:07:39:e3:60:6a:d0:62:cb:54:f0:fc:25:1c:
         d9:1e:b0:a5:70:9a:ed:ea:ef:7f:f6:db:fd:38:bc:51:12:36:
         a8:03:3a:fd:d8:87:40:03:ae:9f:73:c5:5d:8b:55:95:dd:0f:
         3d:6c:de:8a:e9:71:06:ab:1c:1b:53:0f:a4:6f:4b:ca:00:3f:
         4d:6c:51:18:5f:90:fc:b6:64:d9:fb:91:a3:8d:4a:c2:96:4d:
         ac:5f:3d:46:43:0b:9e:aa:68:66:67:61:d9:aa:aa:11:1a:79:
         f6:c3:cb:54:20:46:c9:b4:f6:9b:88:dc:52:f4:c8:45:83:3c:
         41:e7:b1:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuLMlwPHGzGvfTU10ZaycMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NzhhODY0MWNlNzg1YmUzNDY4NTAzMDUyNzcyM2U1ZmRj
ZTU2MmEwHhcNMjQwMTAxMjAzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTVlN2NkMjdiMmJiZmJiMzk1NGZhZjBlOTVlMDYzOWJhYzFkZTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmRWYZE/2oqBn6AxXO0Y+j7PrpH6
EQ61shf5243To7PRno/lVOT/1xiA1gIP8h+PB6JmuoQWivBg9Wq8ny539yssXtAX
Cb1Gm3uj9lgs6maEmbgh2axixmVjSdRcCvxb0KsXXU11p1ielEtNNO0AnLKvp3Oa
NGJzAATKUn46IJ9/yqNmUr2rT4M3ouvWNLtJqY7runy3h76qk4qoOKA3rIglIoIN
/5EWILC0JcV9cP7mHmx1XKcqN84mUBxKP+BZiTY7rSEqg1rDgYLJkQ57AsYDDcky
3vpkIQ6IliqY9HvU80Bctrkr7C3HTAPbt4PNPaxVVL6s93O41fsgQFzo5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM5efNJ7K7+7OVT68OleBjm6wd4qMB8GA1UdIwQY
MBaAFEl4qGQc54W+NGhQMFJ3I+X9zlYqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1hpb1pCem5oYjQwYUZBd1VuY2o1ZjNPVmlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wOTNmY2ItZmU3Ny00NDliLWExYWYt
MjFiYzQ4ZWYxNjYwLzEvemw1ODBuc3J2N3M1VlBydzZWNEdPYnJCM2lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wOTNmY2ItZmU3Ny00NDliLWExYWYtMjFiYzQ4ZWYxNjYw
LzEvU1hpb1pCem5oYjQwYUZBd1VuY2o1ZjNPVmlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA1g
MA0GCSqGSIb3DQEBCwUAA4IBAQCb8w6FAWseYyu5UjVgh54G6+FkUUNoVgFL4b4N
BOQUU7AfPV8WYyFQ7bzkq0nuuU0FsqJsVU5Srvyu+xIyP+spHMkF72k7PmV3RBDp
8frhmu2XKgEP3tS8AY7ME+UM3dItu953qp2egwAfis6WJjhAHlgQTs2266JUlF7j
J8y5olGc0Qc542Bq0GLLVPD8JRzZHrClcJrt6u9/9tv9OLxREjaoAzr92IdAA66f
c8Vdi1WV3Q89bN6K6XEGqxwbUw+kb0vKAD9NbFEYX5D8tmTZ+5GjjUrClk2sXz1G
QwueqmhmZ2HZqqoRGnn2w8tUIEbJtPabiNxS9MhFgzxB57Fr
-----END CERTIFICATE-----