Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/2fc266-1247-4f00-b161-6eb9a22129e1/1/yTCc_HMCH7Q2zYEFTsOgCbl9bbo.roa
File:                     yTCc_HMCH7Q2zYEFTsOgCbl9bbo.roa (raw, json)
Hash identifier:          pIx8c+wQT/5xdKm8r3ndoFmFj2bvAgHUWUpl3GwWhbs=
Subject key identifier:   C9:30:9C:FC:73:02:1F:B4:36:CD:81:05:4E:C3:A0:09:B9:7D:6D:BA
Certificate issuer:       /CN=0aaaa79caacff5f0304b9ae9002e2713fbff6d52
Certificate serial:       018CC94E47619E2900E979E972BC95464719
Authority key identifier: 0A:AA:A7:9C:AA:CF:F5:F0:30:4B:9A:E9:00:2E:27:13:FB:FF:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CqqnnKrP9fAwS5rpAC4nE_v_bVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/2fc266-1247-4f00-b161-6eb9a22129e1/1/yTCc_HMCH7Q2zYEFTsOgCbl9bbo.roa
Signing time:             Tue 02 Jan 2024 08:33:19 +0000
ROA not before:           Tue 02 Jan 2024 08:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12525
IP address blocks:        2001:67c:554::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/2fc266-1247-4f00-b161-6eb9a22129e1/1/CqqnnKrP9fAwS5rpAC4nE_v_bVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/2fc266-1247-4f00-b161-6eb9a22129e1/1/CqqnnKrP9fAwS5rpAC4nE_v_bVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CqqnnKrP9fAwS5rpAC4nE_v_bVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:47:61:9e:29:00:e9:79:e9:72:bc:95:46:47:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0aaaa79caacff5f0304b9ae9002e2713fbff6d52
        Validity
            Not Before: Jan  2 08:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9309cfc73021fb436cd81054ec3a009b97d6dba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:07:ef:d5:82:18:17:02:d5:65:ee:6f:46:ae:
                    c7:d5:95:d2:b9:7c:09:b4:55:c6:3e:a6:af:e9:95:
                    0c:ec:a9:5b:01:4a:32:7d:3d:3f:77:14:1d:02:fe:
                    ed:94:08:7b:87:6e:ed:74:ec:84:40:df:a6:6a:1d:
                    c2:71:38:d4:e2:36:d7:aa:87:a4:af:bc:c5:93:1f:
                    2c:6c:a9:2e:cd:b9:73:4f:4e:29:4b:a6:87:c5:a2:
                    34:56:19:7b:e6:b4:ae:d3:71:31:f1:18:6e:a4:5b:
                    10:8a:ce:5d:c4:3c:f6:44:ae:ae:f4:06:8b:c7:0f:
                    0a:00:95:c0:66:7d:38:ad:c3:76:48:0c:92:1d:19:
                    5c:f6:3f:37:4d:d8:3d:43:f7:22:c4:75:55:17:bc:
                    89:63:d2:5e:56:89:be:e1:9e:86:cf:bd:cc:fb:f4:
                    05:ee:ce:31:06:d7:13:a4:d8:78:a8:c0:97:c8:3f:
                    cd:c5:05:c8:ef:87:9a:7d:40:b8:40:8b:1a:b6:60:
                    35:ef:8f:de:f9:22:54:d6:b5:8e:5f:14:9a:af:4d:
                    c6:11:32:73:f0:b6:99:c2:c0:a7:1a:a9:48:57:fa:
                    05:42:24:aa:2d:61:9c:94:a1:99:cb:c5:aa:dc:56:
                    de:49:94:27:5b:a3:62:ea:75:ce:ba:89:3a:4a:ee:
                    7e:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:30:9C:FC:73:02:1F:B4:36:CD:81:05:4E:C3:A0:09:B9:7D:6D:BA
            X509v3 Authority Key Identifier:
                keyid:0A:AA:A7:9C:AA:CF:F5:F0:30:4B:9A:E9:00:2E:27:13:FB:FF:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CqqnnKrP9fAwS5rpAC4nE_v_bVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/2fc266-1247-4f00-b161-6eb9a22129e1/1/yTCc_HMCH7Q2zYEFTsOgCbl9bbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/2fc266-1247-4f00-b161-6eb9a22129e1/1/CqqnnKrP9fAwS5rpAC4nE_v_bVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:554::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:e5:8e:fb:f6:7a:b7:bb:35:c9:25:84:54:bc:6e:b5:1e:f4:
         0e:ef:c3:1c:05:81:21:ac:57:b6:c9:e4:21:2b:72:b5:c1:63:
         3d:0d:02:7b:6e:9c:28:58:c8:b9:27:4d:98:af:af:2f:0c:22:
         bb:4b:7a:e4:74:f2:14:43:99:3e:99:9c:db:83:80:83:37:21:
         6b:b8:76:b1:6b:43:2f:83:cc:29:5c:bd:13:4f:19:c2:af:4a:
         13:d7:70:96:51:c2:72:1f:96:4c:ff:8e:e2:3c:69:b3:43:05:
         ed:2d:2c:1f:63:ef:39:f0:fb:09:0d:39:3c:cd:4b:d0:8b:3f:
         92:c8:fd:15:e7:9d:68:50:1c:cb:51:85:82:08:6c:30:44:85:
         15:ee:9e:40:18:28:51:6d:05:5b:2f:12:2c:36:49:f4:1a:f6:
         77:a9:db:9c:ca:de:55:5f:3b:9c:73:fc:fd:87:f7:d4:94:bb:
         60:7c:af:47:8b:ec:42:85:71:10:0d:5f:d1:26:b5:d2:52:b6:
         9a:5b:49:2c:c3:a6:e6:34:3e:67:d1:d2:3a:33:03:b2:26:60:
         ae:6d:84:81:bf:23:f6:15:21:c3:cf:ce:2a:71:21:88:68:ad:
         2e:40:29:91:ca:17:ed:6c:1a:08:e3:b1:f3:aa:9d:f9:83:15:
         0a:0c:81:9e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTkdhnikA6XnpcryVRkcZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhYWFhNzljYWFjZmY1ZjAzMDRiOWFlOTAwMmUyNzEzZmJm
ZjZkNTIwHhcNMjQwMTAyMDgzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTMwOWNmYzczMDIxZmI0MzZjZDgxMDU0ZWMzYTAwOWI5N2Q2ZGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQfv1YIYFwLVZe5vRq7H1ZXSuXwJ
tFXGPqav6ZUM7KlbAUoyfT0/dxQdAv7tlAh7h27tdOyEQN+mah3CcTjU4jbXqoek
r7zFkx8sbKkuzblzT04pS6aHxaI0Vhl75rSu03Ex8RhupFsQis5dxDz2RK6u9AaL
xw8KAJXAZn04rcN2SAySHRlc9j83Tdg9Q/cixHVVF7yJY9JeVom+4Z6Gz73M+/QF
7s4xBtcTpNh4qMCXyD/NxQXI74eafUC4QIsatmA174/e+SJU1rWOXxSar03GETJz
8LaZwsCnGqlIV/oFQiSqLWGclKGZy8Wq3FbeSZQnW6Ni6nXOuok6Su5+ewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMkwnPxzAh+0Ns2BBU7DoAm5fW26MB8GA1UdIwQY
MBaAFAqqp5yqz/XwMEua6QAuJxP7/21SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3Fxbm5LclA5ZkF3UzVycEFDNG5FX3ZfYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8yZmMyNjYtMTI0Ny00ZjAwLWIxNjEt
NmViOWEyMjEyOWUxLzEveVRDY19ITUNIN1EyellFRlRzT2dDYmw5YmJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8yZmMyNjYtMTI0Ny00ZjAwLWIxNjEtNmViOWEyMjEyOWUx
LzEvQ3Fxbm5LclA5ZkF3UzVycEFDNG5FX3ZfYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAVU
MA0GCSqGSIb3DQEBCwUAA4IBAQAI5Y779nq3uzXJJYRUvG61HvQO78McBYEhrFe2
yeQhK3K1wWM9DQJ7bpwoWMi5J02Yr68vDCK7S3rkdPIUQ5k+mZzbg4CDNyFruHax
a0Mvg8wpXL0TTxnCr0oT13CWUcJyH5ZM/47iPGmzQwXtLSwfY+858PsJDTk8zUvQ
iz+SyP0V551oUBzLUYWCCGwwRIUV7p5AGChRbQVbLxIsNkn0GvZ3qducyt5VXzuc
c/z9h/fUlLtgfK9Hi+xChXEQDV/RJrXSUraaW0ksw6bmND5n0dI6MwOyJmCubYSB
vyP2FSHDz84qcSGIaK0uQCmRyhftbBoI47Hzqp35gxUKDIGe
-----END CERTIFICATE-----