Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/08c4a7-4d2a-4d1c-8b8e-56c5d76ddcd8/1/A-DZBVaUWIDr7jNNmD64yzgH0Uo.roa
File:                     A-DZBVaUWIDr7jNNmD64yzgH0Uo.roa (raw, json)
Hash identifier:          AJsmmwnMnc7Y+2eUCtvF92EzMnG8kJBtTWsCxd9tcX8=
Subject key identifier:   03:E0:D9:05:56:94:58:80:EB:EE:33:4D:98:3E:B8:CB:38:07:D1:4A
Certificate issuer:       /CN=c8e90b172f88be21bb99d573fd75b27f5bf745c2
Certificate serial:       018CC801E2B7F85725D7C336590B1A3FC1A6
Authority key identifier: C8:E9:0B:17:2F:88:BE:21:BB:99:D5:73:FD:75:B2:7F:5B:F7:45:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yOkLFy-IviG7mdVz_XWyf1v3RcI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/08c4a7-4d2a-4d1c-8b8e-56c5d76ddcd8/1/A-DZBVaUWIDr7jNNmD64yzgH0Uo.roa
Signing time:             Tue 02 Jan 2024 02:30:15 +0000
ROA not before:           Tue 02 Jan 2024 02:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212002
IP address blocks:        2001:67c:229c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/08c4a7-4d2a-4d1c-8b8e-56c5d76ddcd8/1/yOkLFy-IviG7mdVz_XWyf1v3RcI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/08c4a7-4d2a-4d1c-8b8e-56c5d76ddcd8/1/yOkLFy-IviG7mdVz_XWyf1v3RcI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yOkLFy-IviG7mdVz_XWyf1v3RcI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:e2:b7:f8:57:25:d7:c3:36:59:0b:1a:3f:c1:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8e90b172f88be21bb99d573fd75b27f5bf745c2
        Validity
            Not Before: Jan  2 02:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03e0d90556945880ebee334d983eb8cb3807d14a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:3b:5a:91:6f:43:3b:5c:ab:11:19:4c:69:e6:
                    b5:61:09:80:52:76:a8:b0:68:08:8a:b4:49:ea:77:
                    22:7e:28:31:a1:a3:bc:ba:92:7b:0d:6d:70:46:6d:
                    0c:85:16:e5:6f:bc:3f:59:41:e1:f6:63:86:5d:63:
                    f8:ad:0e:39:09:ff:73:fc:c4:a6:97:9f:61:62:c4:
                    d9:2b:51:1f:af:3f:24:03:42:bd:d1:2d:ea:ff:00:
                    09:92:b6:74:3f:a8:a5:44:b6:0e:1a:25:37:b9:56:
                    93:c6:bf:c3:a9:8b:f1:e2:59:13:85:b6:be:f9:e8:
                    16:01:44:22:69:a2:69:ce:a5:4e:f2:94:11:47:68:
                    16:1d:ac:6d:6c:cf:60:31:ca:e0:a1:b2:61:33:cf:
                    f5:bb:47:28:e6:37:be:71:c5:03:44:84:c2:68:7a:
                    3b:fe:52:35:75:d5:7d:e5:da:d4:b7:4e:01:00:ed:
                    81:07:73:b4:cc:6b:27:88:4d:02:16:6a:72:75:8e:
                    6d:c6:2f:06:2a:33:a7:65:a5:65:bf:8a:00:e4:45:
                    30:92:5e:da:46:64:ad:9f:e0:b7:2a:8d:e0:5e:79:
                    74:78:6e:a5:14:56:26:27:9f:67:30:64:7a:70:fe:
                    e5:eb:09:a0:58:01:98:57:1c:a1:fd:4a:49:09:7b:
                    5e:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:E0:D9:05:56:94:58:80:EB:EE:33:4D:98:3E:B8:CB:38:07:D1:4A
            X509v3 Authority Key Identifier:
                keyid:C8:E9:0B:17:2F:88:BE:21:BB:99:D5:73:FD:75:B2:7F:5B:F7:45:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yOkLFy-IviG7mdVz_XWyf1v3RcI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/08c4a7-4d2a-4d1c-8b8e-56c5d76ddcd8/1/A-DZBVaUWIDr7jNNmD64yzgH0Uo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/08c4a7-4d2a-4d1c-8b8e-56c5d76ddcd8/1/yOkLFy-IviG7mdVz_XWyf1v3RcI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:229c::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:94:a5:8f:f2:e7:e8:d2:d3:20:4c:2d:30:8a:32:cd:1d:10:
         4d:ee:bc:92:c9:6f:e3:69:da:09:c0:15:d9:32:00:26:9c:16:
         b5:25:0f:bc:ad:54:3e:da:e5:ff:d5:41:9d:d7:9f:b3:5e:9f:
         df:55:01:2d:e5:cc:29:48:2f:ec:2c:d9:27:e7:3d:7b:a3:24:
         b3:30:89:1f:f8:f1:54:48:fc:7b:60:a4:83:32:62:10:57:f4:
         63:35:b2:c5:7f:86:de:a9:db:9e:41:72:4b:2e:20:e4:b1:2f:
         83:bf:e0:b2:c3:f7:df:de:8f:d8:03:91:e8:d8:8a:c1:f2:70:
         b6:01:04:04:c3:fd:e7:4d:78:1c:f2:6c:7a:8a:c4:da:b9:5b:
         e4:df:e8:61:13:ec:b5:5b:a9:7e:7b:14:e8:74:b5:be:61:b1:
         02:95:67:56:0c:20:80:65:f6:b7:54:90:18:27:15:a5:90:59:
         30:a0:44:ec:c3:20:ef:98:08:b1:5b:d5:96:79:9a:1c:4e:cb:
         82:38:ad:6f:c0:4f:4f:c4:19:66:8d:d7:74:f6:c1:78:14:0d:
         70:fd:a8:7d:68:ae:2f:cf:ea:e4:db:06:1b:00:a6:27:17:58:
         0c:62:24:c4:1f:ad:58:bc:f2:7b:09:59:ad:8e:4b:0b:15:00:
         2e:6f:74:69
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAeK3+Fcl18M2WQsaP8GmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZTkwYjE3MmY4OGJlMjFiYjk5ZDU3M2ZkNzViMjdmNWJm
NzQ1YzIwHhcNMjQwMTAyMDIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2UwZDkwNTU2OTQ1ODgwZWJlZTMzNGQ5ODNlYjhjYjM4MDdkMTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDtakW9DO1yrERlMaea1YQmAUnao
sGgIirRJ6ncifigxoaO8upJ7DW1wRm0MhRblb7w/WUHh9mOGXWP4rQ45Cf9z/MSm
l59hYsTZK1Efrz8kA0K90S3q/wAJkrZ0P6ilRLYOGiU3uVaTxr/DqYvx4lkThba+
+egWAUQiaaJpzqVO8pQRR2gWHaxtbM9gMcrgobJhM8/1u0co5je+ccUDRITCaHo7
/lI1ddV95drUt04BAO2BB3O0zGsniE0CFmpydY5txi8GKjOnZaVlv4oA5EUwkl7a
RmStn+C3Ko3gXnl0eG6lFFYmJ59nMGR6cP7l6wmgWAGYVxyh/UpJCXte/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAPg2QVWlFiA6+4zTZg+uMs4B9FKMB8GA1UdIwQY
MBaAFMjpCxcviL4hu5nVc/11sn9b90XCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU9rTEZ5LUl2aUc3bWRWel9YV3lmMXYzUmNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wOGM0YTctNGQyYS00ZDFjLThiOGUt
NTZjNWQ3NmRkY2Q4LzEvQS1EWkJWYVVXSURyN2pOTm1ENjR5emdIMFVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wOGM0YTctNGQyYS00ZDFjLThiOGUtNTZjNWQ3NmRkY2Q4
LzEveU9rTEZ5LUl2aUc3bWRWel9YV3lmMXYzUmNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCKc
MA0GCSqGSIb3DQEBCwUAA4IBAQBylKWP8ufo0tMgTC0wijLNHRBN7rySyW/jadoJ
wBXZMgAmnBa1JQ+8rVQ+2uX/1UGd15+zXp/fVQEt5cwpSC/sLNkn5z17oySzMIkf
+PFUSPx7YKSDMmIQV/RjNbLFf4beqdueQXJLLiDksS+Dv+Cyw/ff3o/YA5Ho2IrB
8nC2AQQEw/3nTXgc8mx6isTauVvk3+hhE+y1W6l+exTodLW+YbEClWdWDCCAZfa3
VJAYJxWlkFkwoETswyDvmAixW9WWeZocTsuCOK1vwE9PxBlmjdd09sF4FA1w/ah9
aK4vz+rk2wYbAKYnF1gMYiTEH61YvPJ7CVmtjksLFQAub3Rp
-----END CERTIFICATE-----