Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/y-IYkE8avubTT7Duw5xLLJ6PjqU.roa
File:                     y-IYkE8avubTT7Duw5xLLJ6PjqU.roa (raw, json)
Hash identifier:          ROYIoO11ImJP87quyjlFwBB/86fea+omm1duWFyfGyc=
Subject key identifier:   CB:E2:18:90:4F:1A:BE:E6:D3:4F:B0:EE:C3:9C:4B:2C:9E:8F:8E:A5
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       018CC5DC08260884032CAC1C656259441C08
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/y-IYkE8avubTT7Duw5xLLJ6PjqU.roa
Signing time:             Mon 01 Jan 2024 16:29:40 +0000
ROA not before:           Mon 01 Jan 2024 16:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8100
IP address blocks:        2a05:b0c6:300::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:04:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:08:26:08:84:03:2c:ac:1c:65:62:59:44:1c:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Jan  1 16:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbe218904f1abee6d34fb0eec39c4b2c9e8f8ea5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:94:63:12:e5:b3:65:2f:26:a6:21:ff:7b:84:
                    fe:65:d7:45:c0:23:cb:55:61:c8:5c:9e:4d:1d:18:
                    bd:83:af:21:64:c1:85:59:13:3d:fd:72:42:bd:f0:
                    9c:8a:64:a7:a5:7f:e6:33:d4:43:d8:aa:03:86:9c:
                    6f:fa:45:1d:41:c9:c8:a0:df:5b:f2:51:ba:a1:25:
                    a3:ca:46:bd:39:3a:2c:7c:5d:8a:e9:3e:52:11:11:
                    09:bf:76:d5:66:ca:c7:46:41:fc:10:e6:95:b0:bf:
                    8d:64:7e:7f:a2:03:61:ba:6c:87:3c:3f:d9:dc:34:
                    e2:f8:9a:9d:c6:7d:44:33:5b:b2:43:cd:cd:24:35:
                    aa:1a:06:f0:1f:ed:02:d1:75:34:be:94:9d:d6:27:
                    33:3b:6f:20:a0:d1:27:9b:0e:8a:c1:0e:ea:f8:7b:
                    fc:08:7e:10:74:14:59:f0:65:08:95:a9:c2:32:42:
                    c6:d4:03:de:98:d4:ee:e0:7c:ab:11:5b:d0:58:ce:
                    85:c9:fc:c6:fc:22:51:c0:5f:76:15:cb:e0:a0:93:
                    c8:c2:fb:c8:2a:01:70:04:07:89:9a:56:14:5f:09:
                    30:7a:1b:01:26:22:8a:3c:9b:31:8d:49:e8:48:98:
                    64:9f:40:38:ff:85:2a:0c:73:b8:81:29:23:00:39:
                    dd:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:E2:18:90:4F:1A:BE:E6:D3:4F:B0:EE:C3:9C:4B:2C:9E:8F:8E:A5
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/y-IYkE8avubTT7Duw5xLLJ6PjqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b0c6:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         93:0e:22:db:b2:0e:21:a6:33:9e:c5:81:a4:7b:c8:6c:5e:e4:
         47:7c:43:0d:86:da:8a:18:cc:57:33:15:a2:61:f1:8a:93:63:
         54:fe:07:fb:a7:3c:03:4e:d2:02:63:ec:ee:e2:6d:57:f2:43:
         9e:62:11:ed:e4:6f:7b:ac:bc:8c:c0:f5:43:49:40:30:2c:b0:
         f9:72:53:c2:f2:14:6e:9f:38:70:cd:bf:b2:0b:64:9f:df:2b:
         6e:40:b2:e6:48:90:37:72:d4:d0:9f:a0:a0:ca:31:95:ec:d0:
         32:24:e4:c7:d9:c5:c1:77:1a:3a:ef:78:ca:7f:84:3c:62:c3:
         84:d5:9b:c2:7c:b7:02:f6:72:93:73:17:23:f1:48:4f:11:9c:
         90:db:34:62:3e:f1:74:a6:b1:36:f7:d1:7d:cf:87:9d:fa:55:
         fb:e1:eb:b7:4b:7f:7a:72:53:a9:0f:66:9d:9d:50:06:ac:ee:
         cb:f7:5a:3a:33:f3:c3:35:ce:87:f3:d1:dd:ac:74:61:0a:79:
         fe:d7:a8:ee:5b:15:95:4b:da:88:e1:80:00:1f:1d:6c:7d:a9:
         5c:ab:6f:8e:e7:b3:2d:13:3a:63:19:e5:1f:3a:9c:d9:fa:40:
         a0:de:66:e8:bd:32:c9:5d:08:db:ab:14:25:74:79:d8:59:19:
         8e:bd:29:67
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzF3AgmCIQDLKwcZWJZRBwIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmUyMTg5MDRmMWFiZWU2ZDM0ZmIwZWVjMzljNGIyYzllOGY4ZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5RjEuWzZS8mpiH/e4T+ZddFwCPL
VWHIXJ5NHRi9g68hZMGFWRM9/XJCvfCcimSnpX/mM9RD2KoDhpxv+kUdQcnIoN9b
8lG6oSWjyka9OTosfF2K6T5SEREJv3bVZsrHRkH8EOaVsL+NZH5/ogNhumyHPD/Z
3DTi+Jqdxn1EM1uyQ83NJDWqGgbwH+0C0XU0vpSd1iczO28goNEnmw6KwQ7q+Hv8
CH4QdBRZ8GUIlanCMkLG1APemNTu4HyrEVvQWM6FyfzG/CJRwF92FcvgoJPIwvvI
KgFwBAeJmlYUXwkwehsBJiKKPJsxjUnoSJhkn0A4/4UqDHO4gSkjADndBQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMviGJBPGr7m00+w7sOcSyyej46lMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEveS1JWWtFOGF2dWJUVDdEdXc1eExMSjZQanFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgWwxgMw
DQYJKoZIhvcNAQELBQADggEBAJMOItuyDiGmM57FgaR7yGxe5Ed8Qw2G2ooYzFcz
FaJh8YqTY1T+B/unPANO0gJj7O7ibVfyQ55iEe3kb3usvIzA9UNJQDAssPlyU8Ly
FG6fOHDNv7ILZJ/fK25AsuZIkDdy1NCfoKDKMZXs0DIk5MfZxcF3GjrveMp/hDxi
w4TVm8J8twL2cpNzFyPxSE8RnJDbNGI+8XSmsTb30X3Ph536Vfvh67dLf3pyU6kP
Zp2dUAas7sv3Wjoz88M1zofz0d2sdGEKef7XqO5bFZVL2ojhgAAfHWx9qVyrb47n
sy0TOmMZ5R86nNn6QKDeZui9MsldCNurFCV0edhZGY69KWc=
-----END CERTIFICATE-----