Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/YVksFtrmnTPx-evJSY94-sg6FIA.roa
File:                     YVksFtrmnTPx-evJSY94-sg6FIA.roa (raw, json)
Hash identifier:          MDF3IqCLIaWzqBuKC+SEc3ihfNtAa3WrEomSiv+EDwU=
Subject key identifier:   61:59:2C:16:DA:E6:9D:33:F1:F9:EB:C9:49:8F:78:FA:C8:3A:14:80
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018E9DF249D4A619D146F67E88EBDBC8956A
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/YVksFtrmnTPx-evJSY94-sg6FIA.roa
Signing time:             Tue 02 Apr 2024 08:34:45 +0000
ROA not before:           Tue 02 Apr 2024 08:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28753
IP address blocks:        2a0f:2ec0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 21:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9d:f2:49:d4:a6:19:d1:46:f6:7e:88:eb:db:c8:95:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr  2 08:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61592c16dae69d33f1f9ebc9498f78fac83a1480
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:83:67:42:1e:70:b9:f9:36:2f:16:05:fe:64:
                    1c:de:3a:dd:27:0a:fb:a2:4a:d0:a3:ab:73:94:26:
                    05:ba:9d:e9:23:f4:93:54:5b:6a:22:5b:17:24:37:
                    5a:45:57:9e:42:39:5c:6e:12:bd:38:e2:2a:ad:b6:
                    80:c0:47:01:1f:53:62:89:d9:87:e9:09:47:32:a4:
                    8e:e7:15:39:bf:d6:bb:d9:40:8e:d5:7c:af:05:37:
                    20:85:30:16:5d:11:4a:83:7d:ea:84:4f:8b:1c:d3:
                    5a:c8:7b:18:79:26:db:3b:8a:18:86:c9:6e:dd:27:
                    a3:64:f2:d7:c8:ba:31:68:f4:c2:43:9d:b4:d5:84:
                    66:6e:32:06:66:47:7c:8d:ff:41:46:67:e0:50:29:
                    8c:54:6e:9e:35:8c:b4:90:51:a1:fe:0b:a2:0f:e4:
                    d4:ef:d1:3f:d1:e9:89:fb:37:51:9a:51:a1:e4:a5:
                    24:3c:56:20:21:c6:56:e5:a0:6d:a6:28:90:07:d5:
                    96:12:15:a2:14:91:66:3f:8f:6a:f8:07:0d:f3:5f:
                    8f:d1:fc:0c:49:87:55:8e:92:41:5c:f8:0b:cf:da:
                    9d:7e:23:6d:86:ad:a0:ed:9a:24:43:2d:ab:61:69:
                    3a:df:2d:93:09:c6:2f:c6:56:f8:bb:2f:b9:af:7b:
                    4b:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:59:2C:16:DA:E6:9D:33:F1:F9:EB:C9:49:8F:78:FA:C8:3A:14:80
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/YVksFtrmnTPx-evJSY94-sg6FIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:2ec0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:79:58:bd:58:5f:ed:a6:e9:95:f1:a1:9c:86:f4:08:e3:2e:
         54:03:0f:2e:0d:38:c3:a5:1a:43:66:a5:83:4b:a2:81:61:ce:
         b1:7a:fb:44:59:79:80:24:2b:ff:bd:28:5f:6d:ad:60:38:71:
         5a:74:6e:9b:ab:f4:60:74:7f:d0:6d:d3:93:3a:3b:d4:0c:b2:
         5c:81:17:cf:81:16:b0:d5:e9:c3:75:ff:3b:cf:ac:dc:53:23:
         c7:b9:96:25:8b:8e:e6:5d:a5:1c:f2:0f:50:1e:fd:a7:b8:7d:
         cb:5f:6c:f7:78:e4:c0:65:e5:60:62:a8:9e:f1:b0:d2:21:ae:
         30:1a:a0:09:0a:7a:01:18:69:29:ea:0c:1e:90:d0:21:0b:15:
         1e:83:fc:55:bd:e7:80:2f:ab:7a:88:be:19:21:d5:46:91:bc:
         ad:43:7f:92:25:ea:5f:fd:d9:c4:2b:d8:dc:86:17:70:0e:b2:
         a6:ab:6c:9a:1a:15:58:eb:94:fe:fa:98:6e:bd:f6:8b:2d:7b:
         3b:44:7c:2d:79:b0:7f:10:bf:20:0e:8c:8e:3e:26:73:d7:94:
         39:6d:df:93:bd:b3:b7:6e:e7:06:22:be:a8:49:e8:fa:3c:3c:
         80:3f:6e:50:23:1e:d2:5c:da:0d:8d:d3:88:2e:22:bd:80:7b:
         ff:77:a2:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY6d8knUphnRRvZ+iOvbyJVqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwNDAyMDgzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTU5MmMxNmRhZTY5ZDMzZjFmOWViYzk0OThmNzhmYWM4M2ExNDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1YNnQh5wufk2LxYF/mQc3jrdJwr7
okrQo6tzlCYFup3pI/STVFtqIlsXJDdaRVeeQjlcbhK9OOIqrbaAwEcBH1NiidmH
6QlHMqSO5xU5v9a72UCO1XyvBTcghTAWXRFKg33qhE+LHNNayHsYeSbbO4oYhslu
3SejZPLXyLoxaPTCQ5201YRmbjIGZkd8jf9BRmfgUCmMVG6eNYy0kFGh/guiD+TU
79E/0emJ+zdRmlGh5KUkPFYgIcZW5aBtpiiQB9WWEhWiFJFmP49q+AcN81+P0fwM
SYdVjpJBXPgLz9qdfiNthq2g7ZokQy2rYWk63y2TCcYvxlb4uy+5r3tLnwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGFZLBba5p0z8fnryUmPePrIOhSAMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvWVZrc0Z0cm1uVFB4LWV2SlNZOTQtc2c2RklBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg8uwAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBBeVi9WF/tpumV8aGchvQI4y5UAw8uDTjDpRpD
ZqWDS6KBYc6xevtEWXmAJCv/vShfba1gOHFadG6bq/RgdH/QbdOTOjvUDLJcgRfP
gRaw1enDdf87z6zcUyPHuZYli47mXaUc8g9QHv2nuH3LX2z3eOTAZeVgYqie8bDS
Ia4wGqAJCnoBGGkp6gwekNAhCxUeg/xVveeAL6t6iL4ZIdVGkbytQ3+SJepf/dnE
K9jchhdwDrKmq2yaGhVY65T++phuvfaLLXs7RHwtebB/EL8gDoyOPiZz15Q5bd+T
vbO3bucGIr6oSej6PDyAP25QIx7SXNoNjdOILiK9gHv/d6KM
-----END CERTIFICATE-----