Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/yM3IRnvsVQVfaGh4bes_TlKjlic.roa
File:                     yM3IRnvsVQVfaGh4bes_TlKjlic.roa (raw, json)
Hash identifier:          Ai2whMkSWct+/Cd37V9VJxG3UgOrBqKuSmIu+0n7ZdA=
Subject key identifier:   C8:CD:C8:46:7B:EC:55:05:5F:68:68:78:6D:EB:3F:4E:52:A3:96:27
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018E9E2FA0AE7AECA7FE3C57DA3071E1E275
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/yM3IRnvsVQVfaGh4bes_TlKjlic.roa
Signing time:             Tue 02 Apr 2024 09:41:45 +0000
ROA not before:           Tue 02 Apr 2024 09:41:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a07:e345:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 02:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9e:2f:a0:ae:7a:ec:a7:fe:3c:57:da:30:71:e1:e2:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Apr  2 09:41:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8cdc8467bec55055f6868786deb3f4e52a39627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:47:d8:82:e3:44:d2:c3:5e:0a:23:38:d0:bc:
                    24:ff:65:3a:a9:e3:17:a6:e1:b4:a1:78:46:e1:2c:
                    3b:91:0d:04:3b:e8:63:83:75:4f:a1:e5:62:86:19:
                    aa:bc:f2:bd:ea:3e:1a:3e:98:de:25:ce:f4:27:57:
                    2b:66:6b:ed:9e:2a:c1:04:f5:3a:06:66:5e:2c:1c:
                    65:f4:98:f3:4a:27:e2:7b:98:8e:cc:95:64:8a:b5:
                    b8:75:bb:17:96:4c:6e:d9:9f:09:96:ca:1e:06:de:
                    4d:1f:9a:01:d5:85:04:1c:5a:02:c1:01:b6:90:35:
                    ff:06:2e:32:d0:b0:d5:ed:46:f2:a0:df:e0:90:f2:
                    02:d4:8d:fb:65:7a:00:8c:ab:33:71:51:88:64:c4:
                    d2:42:7a:25:35:7b:8c:28:66:e1:d0:18:dc:87:f8:
                    a0:03:7b:20:9f:ec:0a:13:25:7d:24:cf:91:51:dd:
                    37:c7:79:a9:44:5a:55:36:08:5f:47:63:38:94:f6:
                    94:aa:da:48:15:3f:69:70:4f:90:7d:cf:5a:04:07:
                    30:bb:c7:f1:4b:52:7c:16:b8:a4:a6:12:83:64:1b:
                    d0:ff:02:d2:a6:21:35:39:d6:ae:d7:22:a8:e9:d5:
                    02:86:0b:f5:86:b2:18:fb:dd:c5:38:a2:4f:60:c8:
                    b3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:CD:C8:46:7B:EC:55:05:5F:68:68:78:6D:EB:3F:4E:52:A3:96:27
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/yM3IRnvsVQVfaGh4bes_TlKjlic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:e345:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         6a:42:19:8c:55:3c:cf:b8:e3:66:ec:f5:ed:7c:7d:8f:f9:82:
         77:b6:92:6e:f2:76:f9:32:1d:49:3c:a4:bc:96:2b:8a:59:44:
         81:39:3d:55:7e:2b:1a:8c:80:09:0e:01:dd:9b:cf:a9:28:81:
         15:9b:a3:19:56:2c:6c:af:8c:2b:c0:5b:62:fc:fc:ae:55:80:
         9a:d0:62:c3:a1:3a:12:dd:8d:a9:0d:f7:bd:74:b7:40:11:4d:
         0d:1e:5f:d2:3b:bd:0c:69:40:81:88:c5:ff:d6:a2:7d:d9:43:
         6d:3c:d8:8e:37:2b:64:cb:66:0e:04:1b:0b:58:30:bf:bd:5f:
         19:14:5a:df:7f:e2:62:7b:e6:a8:22:30:74:7f:5f:8c:75:9c:
         05:61:94:9c:3e:46:7b:6e:90:54:70:d7:52:84:41:6e:99:68:
         ed:56:86:c7:1f:4d:9a:8f:c4:6b:9e:8a:fb:60:c9:15:6a:b7:
         17:43:01:20:f4:03:ef:64:3f:d0:eb:64:c0:f1:3c:f4:fa:e4:
         a6:8e:8b:dc:cc:53:c7:64:27:56:9d:45:1c:34:7c:4c:08:9b:
         6b:69:a9:6d:e8:af:ef:e4:47:c9:8c:40:bc:bf:6a:e1:05:fd:
         24:33:03:1f:fd:aa:e2:b1:b0:0c:25:66:96:7d:d4:16:86:09:
         17:c4:2a:d2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY6eL6Cueuyn/jxX2jBx4eJ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwNDAyMDk0MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGNkYzg0NjdiZWM1NTA1NWY2ODY4Nzg2ZGViM2Y0ZTUyYTM5NjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0fYguNE0sNeCiM40Lwk/2U6qeMX
puG0oXhG4Sw7kQ0EO+hjg3VPoeVihhmqvPK96j4aPpjeJc70J1crZmvtnirBBPU6
BmZeLBxl9JjzSifie5iOzJVkirW4dbsXlkxu2Z8JlsoeBt5NH5oB1YUEHFoCwQG2
kDX/Bi4y0LDV7UbyoN/gkPIC1I37ZXoAjKszcVGIZMTSQnolNXuMKGbh0Bjch/ig
A3sgn+wKEyV9JM+RUd03x3mpRFpVNghfR2M4lPaUqtpIFT9pcE+Qfc9aBAcwu8fx
S1J8FrikphKDZBvQ/wLSpiE1Odau1yKo6dUChgv1hrIY+93FOKJPYMizSQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMjNyEZ77FUFX2hoeG3rP05So5YnMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEveU0zSVJudnNWUVZmYUdoNGJlc19UbEtqbGljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgfjRQEw
DQYJKoZIhvcNAQELBQADggEBAGpCGYxVPM+442bs9e18fY/5gne2km7ydvkyHUk8
pLyWK4pZRIE5PVV+KxqMgAkOAd2bz6kogRWboxlWLGyvjCvAW2L8/K5VgJrQYsOh
OhLdjakN9710t0ARTQ0eX9I7vQxpQIGIxf/Won3ZQ2082I43K2TLZg4EGwtYML+9
XxkUWt9/4mJ75qgiMHR/X4x1nAVhlJw+RntukFRw11KEQW6ZaO1WhscfTZqPxGue
ivtgyRVqtxdDASD0A+9kP9DrZMDxPPT65KaOi9zMU8dkJ1adRRw0fEwIm2tpqW3o
r+/kR8mMQLy/auEF/SQzAx/9quKxsAwlZpZ91BaGCRfEKtI=
-----END CERTIFICATE-----