Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/6bcf3f-5cac-4470-8aab-541f9fcba742/1/zaYpTznbFw3h_-BXj1tPJ0vcc3c.roa
File:                     zaYpTznbFw3h_-BXj1tPJ0vcc3c.roa (raw, json)
Hash identifier:          wS0CL09i5yZ0k7drx/R6W+lWelUKvjPFmVYkxU9zzok=
Subject key identifier:   CD:A6:29:4F:39:DB:17:0D:E1:FF:E0:57:8F:5B:4F:27:4B:DC:73:77
Certificate issuer:       /CN=decbef352cac71ad5bae0e8b1c02246e3b650250
Certificate serial:       018CC9BBC3259905FD3EBBA2557D5739A2B8
Authority key identifier: DE:CB:EF:35:2C:AC:71:AD:5B:AE:0E:8B:1C:02:24:6E:3B:65:02:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3svvNSysca1brg6LHAIkbjtlAlA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/6bcf3f-5cac-4470-8aab-541f9fcba742/1/zaYpTznbFw3h_-BXj1tPJ0vcc3c.roa
Signing time:             Tue 02 Jan 2024 10:32:54 +0000
ROA not before:           Tue 02 Jan 2024 10:32:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50340
IP address blocks:        2001:67c:6d0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/6bcf3f-5cac-4470-8aab-541f9fcba742/1/3svvNSysca1brg6LHAIkbjtlAlA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/6bcf3f-5cac-4470-8aab-541f9fcba742/1/3svvNSysca1brg6LHAIkbjtlAlA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3svvNSysca1brg6LHAIkbjtlAlA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:c3:25:99:05:fd:3e:bb:a2:55:7d:57:39:a2:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=decbef352cac71ad5bae0e8b1c02246e3b650250
        Validity
            Not Before: Jan  2 10:32:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cda6294f39db170de1ffe0578f5b4f274bdc7377
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:08:8a:2e:5b:45:ff:31:d7:34:9e:46:0a:59:
                    99:6d:84:00:d2:a6:0a:ed:d3:05:cf:c5:af:7a:31:
                    d7:5b:91:46:a8:49:8b:f8:74:8b:f4:8a:b4:d3:ae:
                    28:51:55:88:69:29:96:35:f8:88:ba:d6:30:bc:a1:
                    81:10:56:88:ec:0f:42:b2:c0:69:9d:aa:10:c3:24:
                    e5:a6:b0:fc:e4:b8:47:14:09:ff:a9:ad:c4:57:21:
                    a0:da:93:0a:6c:55:b7:b4:74:0a:ce:f6:ad:68:f5:
                    7f:20:42:07:47:f2:55:b3:60:b1:ac:51:c6:81:26:
                    73:65:2a:c5:92:ee:a1:86:43:92:fb:48:5c:db:0d:
                    30:ca:e4:72:da:c5:02:8c:d7:95:79:08:5a:24:62:
                    88:29:f8:ee:eb:96:5b:22:39:db:2b:ef:72:69:6e:
                    50:03:de:ff:63:ff:8a:10:26:af:ea:f6:ea:a9:6a:
                    62:38:46:0f:33:2d:3a:7b:5b:ad:f7:3d:ea:0b:f3:
                    1a:e6:03:e6:d2:32:67:a0:1b:90:e8:e7:31:0b:85:
                    65:ea:76:37:f4:31:14:2a:29:f7:3e:61:24:5c:17:
                    a2:b3:3a:b9:62:c3:a3:14:08:ec:ac:ab:08:fa:bb:
                    29:bd:ce:75:7c:d0:3a:5d:42:34:06:f5:5e:5b:b2:
                    ec:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:A6:29:4F:39:DB:17:0D:E1:FF:E0:57:8F:5B:4F:27:4B:DC:73:77
            X509v3 Authority Key Identifier:
                keyid:DE:CB:EF:35:2C:AC:71:AD:5B:AE:0E:8B:1C:02:24:6E:3B:65:02:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3svvNSysca1brg6LHAIkbjtlAlA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/6bcf3f-5cac-4470-8aab-541f9fcba742/1/zaYpTznbFw3h_-BXj1tPJ0vcc3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/6bcf3f-5cac-4470-8aab-541f9fcba742/1/3svvNSysca1brg6LHAIkbjtlAlA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:6d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:e5:97:c4:49:c4:8c:4a:14:4c:e8:12:58:3d:af:f7:fe:da:
         48:c9:47:06:3e:af:5c:9c:17:e1:5c:75:7d:73:cf:8c:97:90:
         e3:9d:0f:b2:5a:e6:b7:65:a5:b6:e6:b0:74:4d:fc:b5:54:f4:
         28:3f:74:75:d6:69:63:59:40:3d:8e:98:24:05:91:0b:9f:3b:
         71:ae:59:4f:85:b6:9f:cd:0d:2b:5a:a8:e9:6c:99:32:c6:b6:
         41:a5:a1:8f:d5:c7:c4:68:8f:ba:09:97:6a:6a:a5:d8:df:e5:
         f3:5e:4f:85:c9:1e:2d:e4:d9:74:09:b1:97:e2:06:8b:f6:d4:
         5c:38:61:72:9b:59:73:66:fd:2f:62:74:14:76:33:32:86:51:
         31:ae:e4:78:1f:bc:4b:c3:87:4e:49:f3:54:05:1f:62:b6:c5:
         7f:54:3b:f6:9f:4f:5d:58:5e:7a:8b:b1:ba:df:3a:b6:2a:85:
         a3:5a:63:92:6c:15:ef:63:d9:ef:fc:f4:8b:bb:5f:b6:a6:7b:
         5a:8a:a6:09:9c:2e:4e:e3:be:ed:88:1d:1a:c5:3b:97:b6:09:
         1a:cf:e4:6c:5e:b0:ed:d5:07:c4:c1:ec:6d:55:66:f6:d3:2e:
         2f:b4:71:ea:e1:33:cf:e6:cd:92:fa:11:e0:65:79:26:c7:cf:
         96:d3:03:f3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJu8MlmQX9PruiVX1XOaK4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlY2JlZjM1MmNhYzcxYWQ1YmFlMGU4YjFjMDIyNDZlM2I2
NTAyNTAwHhcNMjQwMTAyMTAzMjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGE2Mjk0ZjM5ZGIxNzBkZTFmZmUwNTc4ZjViNGYyNzRiZGM3Mzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAiKLltF/zHXNJ5GClmZbYQA0qYK
7dMFz8WvejHXW5FGqEmL+HSL9Iq0064oUVWIaSmWNfiIutYwvKGBEFaI7A9CssBp
naoQwyTlprD85LhHFAn/qa3EVyGg2pMKbFW3tHQKzvataPV/IEIHR/JVs2CxrFHG
gSZzZSrFku6hhkOS+0hc2w0wyuRy2sUCjNeVeQhaJGKIKfju65ZbIjnbK+9yaW5Q
A97/Y/+KECav6vbqqWpiOEYPMy06e1ut9z3qC/Ma5gPm0jJnoBuQ6OcxC4Vl6nY3
9DEUKin3PmEkXBeiszq5YsOjFAjsrKsI+rspvc51fNA6XUI0BvVeW7LsawIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM2mKU852xcN4f/gV49bTydL3HN3MB8GA1UdIwQY
MBaAFN7L7zUsrHGtW64OixwCJG47ZQJQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3N2dk5TeXNjYTFicmc2TEhBSWtianRsQWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC82YmNmM2YtNWNhYy00NDcwLThhYWIt
NTQxZjlmY2JhNzQyLzEvemFZcFR6bmJGdzNoXy1CWGoxdFBKMHZjYzNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC82YmNmM2YtNWNhYy00NDcwLThhYWItNTQxZjlmY2JhNzQy
LzEvM3N2dk5TeXNjYTFicmc2TEhBSWtianRsQWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAbQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBW5ZfEScSMShRM6BJYPa/3/tpIyUcGPq9cnBfh
XHV9c8+Ml5DjnQ+yWua3ZaW25rB0Tfy1VPQoP3R11mljWUA9jpgkBZELnztxrllP
hbafzQ0rWqjpbJkyxrZBpaGP1cfEaI+6CZdqaqXY3+XzXk+FyR4t5Nl0CbGX4gaL
9tRcOGFym1lzZv0vYnQUdjMyhlExruR4H7xLw4dOSfNUBR9itsV/VDv2n09dWF56
i7G63zq2KoWjWmOSbBXvY9nv/PSLu1+2pntaiqYJnC5O477tiB0axTuXtgkaz+Rs
XrDt1QfEwextVWb20y4vtHHq4TPP5s2S+hHgZXkmx8+W0wPz
-----END CERTIFICATE-----