Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/4883d4-8479-4447-af67-1e6ca2f0d155/1/m0R9KLee_er6BfYP9fOa19Am09Q.roa
File:                     m0R9KLee_er6BfYP9fOa19Am09Q.roa (raw, json)
Hash identifier:          n07y2hm9F84eB4ecT6BOSljMMYm0bIf94NhtQrjBCvg=
Subject key identifier:   9B:44:7D:28:B7:9E:FD:EA:FA:05:F6:0F:F5:F3:9A:D7:D0:26:D3:D4
Certificate issuer:       /CN=cc9fa0b30d5455ad67fb07e099f0fa95f8b6c19e
Certificate serial:       018CC86F1A95060C2222AA9DB134DF2350A7
Authority key identifier: CC:9F:A0:B3:0D:54:55:AD:67:FB:07:E0:99:F0:FA:95:F8:B6:C1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zJ-gsw1UVa1n-wfgmfD6lfi2wZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/4883d4-8479-4447-af67-1e6ca2f0d155/1/m0R9KLee_er6BfYP9fOa19Am09Q.roa
Signing time:             Tue 02 Jan 2024 04:29:33 +0000
ROA not before:           Tue 02 Jan 2024 04:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206253
IP address blocks:        2001:678:968::/48 maxlen: 48
                          2001:678:968::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/4883d4-8479-4447-af67-1e6ca2f0d155/1/zJ-gsw1UVa1n-wfgmfD6lfi2wZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/4883d4-8479-4447-af67-1e6ca2f0d155/1/zJ-gsw1UVa1n-wfgmfD6lfi2wZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zJ-gsw1UVa1n-wfgmfD6lfi2wZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1a:95:06:0c:22:22:aa:9d:b1:34:df:23:50:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc9fa0b30d5455ad67fb07e099f0fa95f8b6c19e
        Validity
            Not Before: Jan  2 04:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b447d28b79efdeafa05f60ff5f39ad7d026d3d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:fd:5d:c8:2e:3c:e8:0c:c6:4d:2b:98:e9:90:
                    b5:8a:6f:a2:08:2e:39:fa:7f:7d:5d:6e:fa:0b:4f:
                    b4:cb:d4:5a:0b:fb:9f:63:b1:9f:f6:3e:c6:68:77:
                    c8:6e:85:80:e8:58:4b:6d:00:60:57:b5:7f:be:15:
                    28:c7:2c:61:7a:c8:35:77:e6:c8:a4:3a:8a:ce:e3:
                    27:3c:82:7e:d5:44:eb:0c:52:51:9a:61:e9:9d:12:
                    5c:53:d6:87:0c:ab:5f:66:86:41:b6:b9:00:37:93:
                    72:b8:93:45:fc:c7:1a:5c:75:13:3b:ec:68:2a:dc:
                    1d:24:5c:6b:d1:cb:91:8a:0b:d2:a8:5e:02:0d:85:
                    40:af:93:b5:40:4d:a2:00:9d:6a:31:cd:63:60:5b:
                    26:42:a4:e9:25:a7:2a:71:a4:e5:c8:23:8f:f7:58:
                    e2:b5:3b:74:b2:49:e0:91:d2:9e:4c:08:87:75:a7:
                    52:76:a3:99:20:ae:0e:38:bf:02:d7:0d:f0:39:18:
                    ce:e6:cc:d0:ee:f8:e7:f2:3b:4e:0c:66:4b:53:11:
                    cc:62:c8:ba:f5:5d:fa:b4:c4:8b:29:43:b2:93:9c:
                    90:68:6a:a9:d2:cf:59:11:64:ac:ef:2c:8a:a7:04:
                    75:d7:ad:b4:c2:f9:ae:cb:02:a6:37:ad:42:bc:3f:
                    75:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:44:7D:28:B7:9E:FD:EA:FA:05:F6:0F:F5:F3:9A:D7:D0:26:D3:D4
            X509v3 Authority Key Identifier:
                keyid:CC:9F:A0:B3:0D:54:55:AD:67:FB:07:E0:99:F0:FA:95:F8:B6:C1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zJ-gsw1UVa1n-wfgmfD6lfi2wZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/4883d4-8479-4447-af67-1e6ca2f0d155/1/m0R9KLee_er6BfYP9fOa19Am09Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/4883d4-8479-4447-af67-1e6ca2f0d155/1/zJ-gsw1UVa1n-wfgmfD6lfi2wZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:968::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:03:c7:92:b0:3c:e1:b8:13:41:80:c2:e5:84:a9:bd:6b:bc:
         d1:8b:44:3c:3e:db:c6:5b:e2:27:c3:ef:06:00:09:e7:15:76:
         fb:89:30:6e:b7:c2:b8:49:93:67:9d:37:f9:3a:d9:2c:e9:8b:
         97:51:dd:a6:d1:60:03:d9:de:08:52:30:18:e8:be:0c:59:93:
         00:40:dc:74:41:3c:15:a9:13:fa:a6:4e:19:db:fb:49:ae:eb:
         73:32:28:6b:1e:65:5e:42:0c:45:1b:79:d5:d1:4a:88:bf:94:
         4f:ce:40:e7:79:ba:4b:1e:dc:a9:16:24:64:d6:88:7a:c1:5d:
         f2:a5:13:ae:e2:31:d2:23:78:79:42:c3:56:6b:94:51:f0:7f:
         3a:59:99:55:9d:ca:ae:e5:b4:90:1a:5e:ca:f7:b7:ba:39:15:
         a4:6c:c0:66:a0:cb:1b:d5:60:b4:0f:f4:e3:08:6c:63:91:36:
         dc:4e:ae:8b:11:78:70:f3:a7:80:3a:73:df:5b:62:a4:95:64:
         91:d8:7a:b6:db:d7:d3:db:4e:cb:f4:35:38:e2:96:52:6f:a1:
         ab:09:53:d1:aa:9d:95:46:fa:31:34:5e:84:73:67:74:b3:15:
         19:1c:1d:3f:50:8b:f6:9a:ce:14:1a:58:29:98:5c:44:12:f9:
         85:3c:73:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIbxqVBgwiIqqdsTTfI1CnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjOWZhMGIzMGQ1NDU1YWQ2N2ZiMDdlMDk5ZjBmYTk1Zjhi
NmMxOWUwHhcNMjQwMTAyMDQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjQ0N2QyOGI3OWVmZGVhZmEwNWY2MGZmNWYzOWFkN2QwMjZkM2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqv1dyC486AzGTSuY6ZC1im+iCC45
+n99XW76C0+0y9RaC/ufY7Gf9j7GaHfIboWA6FhLbQBgV7V/vhUoxyxhesg1d+bI
pDqKzuMnPIJ+1UTrDFJRmmHpnRJcU9aHDKtfZoZBtrkAN5NyuJNF/McaXHUTO+xo
KtwdJFxr0cuRigvSqF4CDYVAr5O1QE2iAJ1qMc1jYFsmQqTpJacqcaTlyCOP91ji
tTt0skngkdKeTAiHdadSdqOZIK4OOL8C1w3wORjO5szQ7vjn8jtODGZLUxHMYsi6
9V36tMSLKUOyk5yQaGqp0s9ZEWSs7yyKpwR11620wvmuywKmN61CvD91LwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJtEfSi3nv3q+gX2D/XzmtfQJtPUMB8GA1UdIwQY
MBaAFMyfoLMNVFWtZ/sH4Jnw+pX4tsGeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekotZ3N3MVVWYTFuLXdmZ21mRDZsZmkyd1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC80ODgzZDQtODQ3OS00NDQ3LWFmNjct
MWU2Y2EyZjBkMTU1LzEvbTBSOUtMZWVfZXI2QmZZUDlmT2ExOUFtMDlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC80ODgzZDQtODQ3OS00NDQ3LWFmNjctMWU2Y2EyZjBkMTU1
LzEvekotZ3N3MVVWYTFuLXdmZ21mRDZsZmkyd1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAlo
MA0GCSqGSIb3DQEBCwUAA4IBAQAwA8eSsDzhuBNBgMLlhKm9a7zRi0Q8PtvGW+In
w+8GAAnnFXb7iTBut8K4SZNnnTf5Otks6YuXUd2m0WAD2d4IUjAY6L4MWZMAQNx0
QTwVqRP6pk4Z2/tJrutzMihrHmVeQgxFG3nV0UqIv5RPzkDnebpLHtypFiRk1oh6
wV3ypROu4jHSI3h5QsNWa5RR8H86WZlVncqu5bSQGl7K97e6ORWkbMBmoMsb1WC0
D/TjCGxjkTbcTq6LEXhw86eAOnPfW2KklWSR2Hq229fT207L9DU44pZSb6GrCVPR
qp2VRvoxNF6Ec2d0sxUZHB0/UIv2ms4UGlgpmFxEEvmFPHNr
-----END CERTIFICATE-----