Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/91641b-fc66-4e6d-b9dc-7ef54afc4372/1/yqy1JAxZG7vL2nytX0vIwglk5xQ.roa
File:                     yqy1JAxZG7vL2nytX0vIwglk5xQ.roa (raw, json)
Hash identifier:          vUhCROpMQo9gesGN1m/Oks4FRHNdh0PlCNyiPu1ngH8=
Subject key identifier:   CA:AC:B5:24:0C:59:1B:BB:CB:DA:7C:AD:5F:4B:C8:C2:09:64:E7:14
Certificate issuer:       /CN=fce2fd8df1a266ce13457fbe0f938b9abe3aa761
Certificate serial:       018CC72668BE36F706AE7558FEAA529A43C1
Authority key identifier: FC:E2:FD:8D:F1:A2:66:CE:13:45:7F:BE:0F:93:8B:9A:BE:3A:A7:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_OL9jfGiZs4TRX--D5OLmr46p2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/91641b-fc66-4e6d-b9dc-7ef54afc4372/1/yqy1JAxZG7vL2nytX0vIwglk5xQ.roa
Signing time:             Mon 01 Jan 2024 22:30:32 +0000
ROA not before:           Mon 01 Jan 2024 22:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52114
IP address blocks:        2a03:e500:5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/91641b-fc66-4e6d-b9dc-7ef54afc4372/1/_OL9jfGiZs4TRX--D5OLmr46p2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/91641b-fc66-4e6d-b9dc-7ef54afc4372/1/_OL9jfGiZs4TRX--D5OLmr46p2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_OL9jfGiZs4TRX--D5OLmr46p2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:68:be:36:f7:06:ae:75:58:fe:aa:52:9a:43:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fce2fd8df1a266ce13457fbe0f938b9abe3aa761
        Validity
            Not Before: Jan  1 22:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=caacb5240c591bbbcbda7cad5f4bc8c20964e714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:8f:47:05:81:2e:8b:eb:75:a5:23:f1:ea:fe:
                    36:5b:6a:29:b4:2b:73:a7:a6:fc:fc:be:e6:b3:8d:
                    e7:89:cd:9b:ef:80:52:ac:0a:6c:d3:46:26:47:b5:
                    ef:04:56:fe:a7:59:bb:12:3f:96:38:bf:ff:08:bb:
                    a5:a1:04:1b:d6:6d:35:3a:dc:45:14:66:18:83:c9:
                    3e:ac:1c:50:98:d8:07:f2:e3:b0:e3:38:e6:68:d8:
                    b9:c7:ac:42:23:12:08:6c:61:13:96:90:41:03:59:
                    fe:7c:0c:29:ca:ff:42:28:59:18:d4:5e:f2:fa:49:
                    23:18:a4:eb:a2:62:69:14:3d:78:42:dc:ad:45:56:
                    f3:e2:61:f8:92:98:f8:b0:c5:f8:ce:69:29:1d:20:
                    6c:df:e3:d6:16:e8:bc:c5:bf:b8:91:47:e6:f2:53:
                    ce:b9:3f:e9:f5:71:ac:c6:ed:52:64:86:89:e1:d2:
                    c5:01:ad:c3:c9:04:b5:fa:ef:4f:c1:70:8b:db:a2:
                    bb:5f:41:bb:c2:e3:07:84:d0:56:8f:b3:fa:f0:51:
                    97:63:c1:55:ff:3b:f0:66:8e:a3:2c:dd:2e:89:2c:
                    6b:bc:9e:fb:8a:de:8a:d8:c6:20:1d:58:ce:c8:b6:
                    0b:d9:52:4c:fb:7b:6b:58:58:8c:63:ca:33:17:81:
                    0f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:AC:B5:24:0C:59:1B:BB:CB:DA:7C:AD:5F:4B:C8:C2:09:64:E7:14
            X509v3 Authority Key Identifier:
                keyid:FC:E2:FD:8D:F1:A2:66:CE:13:45:7F:BE:0F:93:8B:9A:BE:3A:A7:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_OL9jfGiZs4TRX--D5OLmr46p2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/91641b-fc66-4e6d-b9dc-7ef54afc4372/1/yqy1JAxZG7vL2nytX0vIwglk5xQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/91641b-fc66-4e6d-b9dc-7ef54afc4372/1/_OL9jfGiZs4TRX--D5OLmr46p2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:e500:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:eb:95:95:1b:b2:4e:d2:a9:35:fa:a4:e4:dd:d8:a6:64:8d:
         4f:1f:64:ff:d4:7d:cd:b5:23:48:1e:76:07:07:da:98:cb:0b:
         22:fe:c3:53:e8:3e:09:1d:aa:65:1d:70:fd:dc:b1:68:fc:d1:
         00:e6:0a:2e:e8:da:10:0e:99:5f:38:83:31:3e:d4:7a:20:e1:
         6f:88:56:e4:4b:83:65:05:b6:5f:85:72:89:dc:e7:0d:cc:fe:
         a6:87:ee:4e:9e:29:25:de:cf:20:80:4a:8c:5b:e4:3d:d3:c7:
         38:46:0c:c7:f7:b2:1d:27:6e:2f:2c:e0:27:d7:2c:f2:ca:8c:
         58:d5:1e:98:a0:78:ec:72:37:a1:a9:6d:8f:d6:17:78:41:61:
         fb:6d:b2:1b:7b:35:0e:68:7d:1a:0e:a4:55:46:cc:a0:41:fa:
         f3:ce:4b:75:76:9c:5b:7e:17:67:28:b4:b6:1f:e5:c1:19:04:
         d7:ce:7c:7c:da:25:8f:f9:7f:85:d0:be:f7:6f:00:42:5f:fe:
         f1:0b:47:66:21:d8:0e:e8:d1:b1:dc:4c:09:67:d8:d6:89:a6:
         a2:d3:97:a5:b1:d4:a3:35:17:93:40:fa:e4:3b:ec:69:5e:2f:
         bc:d9:e5:0f:0b:8f:55:c1:67:7a:56:a9:c1:22:b5:f3:6c:9b:
         d3:8b:76:91
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJmi+NvcGrnVY/qpSmkPBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjZTJmZDhkZjFhMjY2Y2UxMzQ1N2ZiZTBmOTM4YjlhYmUz
YWE3NjEwHhcNMjQwMTAxMjIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWFjYjUyNDBjNTkxYmJiY2JkYTdjYWQ1ZjRiYzhjMjA5NjRlNzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxo9HBYEui+t1pSPx6v42W2optCtz
p6b8/L7ms43nic2b74BSrAps00YmR7XvBFb+p1m7Ej+WOL//CLuloQQb1m01OtxF
FGYYg8k+rBxQmNgH8uOw4zjmaNi5x6xCIxIIbGETlpBBA1n+fAwpyv9CKFkY1F7y
+kkjGKTromJpFD14QtytRVbz4mH4kpj4sMX4zmkpHSBs3+PWFui8xb+4kUfm8lPO
uT/p9XGsxu1SZIaJ4dLFAa3DyQS1+u9PwXCL26K7X0G7wuMHhNBWj7P68FGXY8FV
/zvwZo6jLN0uiSxrvJ77it6K2MYgHVjOyLYL2VJM+3trWFiMY8ozF4EPYQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMqstSQMWRu7y9p8rV9LyMIJZOcUMB8GA1UdIwQY
MBaAFPzi/Y3xombOE0V/vg+Ti5q+OqdhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX09MOWpmR2laczRUUlgtLUQ1T0xtcjQ2cDJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi85MTY0MWItZmM2Ni00ZTZkLWI5ZGMt
N2VmNTRhZmM0MzcyLzEveXF5MUpBeFpHN3ZMMm55dFgwdkl3Z2xrNXhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi85MTY0MWItZmM2Ni00ZTZkLWI5ZGMtN2VmNTRhZmM0Mzcy
LzEvX09MOWpmR2laczRUUlgtLUQ1T0xtcjQ2cDJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgPlAAAF
MA0GCSqGSIb3DQEBCwUAA4IBAQCL65WVG7JO0qk1+qTk3dimZI1PH2T/1H3NtSNI
HnYHB9qYywsi/sNT6D4JHaplHXD93LFo/NEA5gou6NoQDplfOIMxPtR6IOFviFbk
S4NlBbZfhXKJ3OcNzP6mh+5Onikl3s8ggEqMW+Q908c4RgzH97IdJ24vLOAn1yzy
yoxY1R6YoHjscjehqW2P1hd4QWH7bbIbezUOaH0aDqRVRsygQfrzzkt1dpxbfhdn
KLS2H+XBGQTXznx82iWP+X+F0L73bwBCX/7xC0dmIdgO6NGx3EwJZ9jWiaai05el
sdSjNReTQPrkO+xpXi+82eUPC49VwWd6VqnBIrXzbJvTi3aR
-----END CERTIFICATE-----