Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/YJxBPcbL2KropNEniMdBnt4wcFQ.roa
File:                     YJxBPcbL2KropNEniMdBnt4wcFQ.roa (raw, json)
Hash identifier:          0SIuNT/tu1pEsxQtg67Spwm/8iC/D7S/XJe3DErvo38=
Subject key identifier:   60:9C:41:3D:C6:CB:D8:AA:E8:A4:D1:27:88:C7:41:9E:DE:30:70:54
Certificate issuer:       /CN=bea649ef6030fc80848fdfe21d4321ac8011fd10
Certificate serial:       018CC8706728B029A15270BCB24B7D858C9B
Authority key identifier: BE:A6:49:EF:60:30:FC:80:84:8F:DF:E2:1D:43:21:AC:80:11:FD:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/YJxBPcbL2KropNEniMdBnt4wcFQ.roa
Signing time:             Tue 02 Jan 2024 04:30:58 +0000
ROA not before:           Tue 02 Jan 2024 04:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211935
IP address blocks:        2a0e:f43::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:67:28:b0:29:a1:52:70:bc:b2:4b:7d:85:8c:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bea649ef6030fc80848fdfe21d4321ac8011fd10
        Validity
            Not Before: Jan  2 04:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=609c413dc6cbd8aae8a4d12788c7419ede307054
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e6:2d:03:8e:c2:cb:87:d1:ed:0c:0d:5c:a9:
                    4f:6f:79:29:9c:3c:5d:82:55:93:ac:0b:ea:e2:b1:
                    e6:66:00:37:e9:97:7c:66:c1:f3:2e:08:9a:77:61:
                    2f:81:cc:c4:65:ad:3f:9e:79:5c:83:24:03:1d:e7:
                    e5:83:f4:46:ca:f2:fb:f6:c0:72:c2:b0:14:a8:f6:
                    9a:5e:70:ec:18:54:ec:fd:ed:c9:07:67:48:82:c5:
                    7f:05:dc:06:97:4d:2f:f0:bb:af:01:b8:fa:99:fd:
                    14:aa:00:54:c9:01:94:4e:d8:26:c2:52:2d:66:33:
                    7f:c0:46:7b:f5:52:1f:da:33:fe:62:11:fa:1d:17:
                    6d:c7:f4:0b:ec:39:e4:79:d5:fb:24:33:0f:11:0f:
                    a2:2d:db:d2:3c:90:b9:11:f0:48:6a:5f:0c:11:fe:
                    8f:f4:44:fb:eb:5b:13:65:bb:06:36:6e:2d:9f:7c:
                    4c:fc:cf:88:6b:15:78:80:0d:88:c6:96:5c:27:89:
                    1f:8f:1b:e7:69:81:ef:a7:5b:32:c8:4b:6e:35:10:
                    b5:7b:14:62:51:95:b1:01:79:d9:72:33:14:a2:b8:
                    8c:a7:77:0a:5f:9a:5d:e7:d2:e7:48:1f:78:52:38:
                    4a:3b:75:96:78:86:0b:49:f7:c4:fd:74:24:c7:ba:
                    6c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:9C:41:3D:C6:CB:D8:AA:E8:A4:D1:27:88:C7:41:9E:DE:30:70:54
            X509v3 Authority Key Identifier:
                keyid:BE:A6:49:EF:60:30:FC:80:84:8F:DF:E2:1D:43:21:AC:80:11:FD:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/YJxBPcbL2KropNEniMdBnt4wcFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:f43::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:6f:96:02:f3:da:f7:b4:d6:2d:9e:16:cd:41:03:10:b2:72:
         28:08:c1:16:ae:71:90:6f:2e:e4:71:3f:22:19:6b:93:47:88:
         96:5c:8c:b8:a0:98:1a:48:ad:04:fd:15:f8:40:ed:74:18:f9:
         c6:da:e5:ba:92:9a:37:d7:ba:70:93:05:92:0b:22:a8:9c:e7:
         f5:b1:81:bf:21:03:6e:de:40:1b:ce:6c:01:7e:23:b6:bc:d7:
         6c:09:a2:b9:92:ca:c6:de:36:6b:9f:7b:4d:47:d1:27:2f:17:
         31:51:ae:e0:82:2e:cf:86:43:ab:47:a8:1a:4f:fa:13:b1:ca:
         66:ca:62:42:f2:58:e4:3a:d3:76:0a:02:a6:ee:8d:b8:33:26:
         f8:b5:67:78:1f:c5:af:6b:77:64:64:45:15:4a:88:df:71:c5:
         29:40:da:40:ba:8d:43:89:10:cf:2b:96:b4:8f:41:ef:5b:0f:
         95:d1:11:8f:25:ae:38:e2:8d:75:54:3c:89:98:01:c3:a2:e8:
         c0:43:cd:83:d5:41:d2:be:84:79:bf:76:56:42:57:4b:e7:ab:
         9d:b7:ba:90:6f:f3:a2:97:b7:28:da:3c:fd:3b:a6:f0:80:7c:
         e1:33:c8:c1:76:fe:d9:eb:2e:28:5e:56:f8:8b:2f:11:aa:f7:
         15:1c:0a:f6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIcGcosCmhUnC8skt9hYybMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYTY0OWVmNjAzMGZjODA4NDhmZGZlMjFkNDMyMWFjODAx
MWZkMTAwHhcNMjQwMTAyMDQzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDljNDEzZGM2Y2JkOGFhZThhNGQxMjc4OGM3NDE5ZWRlMzA3MDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOYtA47Cy4fR7QwNXKlPb3kpnDxd
glWTrAvq4rHmZgA36Zd8ZsHzLgiad2EvgczEZa0/nnlcgyQDHeflg/RGyvL79sBy
wrAUqPaaXnDsGFTs/e3JB2dIgsV/BdwGl00v8LuvAbj6mf0UqgBUyQGUTtgmwlIt
ZjN/wEZ79VIf2jP+YhH6HRdtx/QL7DnkedX7JDMPEQ+iLdvSPJC5EfBIal8MEf6P
9ET761sTZbsGNm4tn3xM/M+IaxV4gA2IxpZcJ4kfjxvnaYHvp1syyEtuNRC1exRi
UZWxAXnZcjMUoriMp3cKX5pd59LnSB94UjhKO3WWeIYLSffE/XQkx7pszwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGCcQT3Gy9iq6KTRJ4jHQZ7eMHBUMB8GA1UdIwQY
MBaAFL6mSe9gMPyAhI/f4h1DIayAEf0QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnFaSjcyQXdfSUNFajlfaUhVTWhySUFSX1JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8xOTQ1NWItZDJjZi00ZTVmLWJmNTgt
MjFkZjU1YmE5ZWJmLzEvWUp4QlBjYkwyS3JvcE5FbmlNZEJudDR3Y0ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8xOTQ1NWItZDJjZi00ZTVmLWJmNTgtMjFkZjU1YmE5ZWJm
LzEvdnFaSjcyQXdfSUNFajlfaUhVTWhySUFSX1JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg4PQwAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBEb5YC89r3tNYtnhbNQQMQsnIoCMEWrnGQby7k
cT8iGWuTR4iWXIy4oJgaSK0E/RX4QO10GPnG2uW6kpo317pwkwWSCyKonOf1sYG/
IQNu3kAbzmwBfiO2vNdsCaK5ksrG3jZrn3tNR9EnLxcxUa7ggi7PhkOrR6gaT/oT
scpmymJC8ljkOtN2CgKm7o24Myb4tWd4H8Wva3dkZEUVSojfccUpQNpAuo1DiRDP
K5a0j0HvWw+V0RGPJa444o11VDyJmAHDoujAQ82D1UHSvoR5v3ZWQldL56udt7qQ
b/Oil7co2jz9O6bwgHzhM8jBdv7Z6y4oXlb4iy8RqvcVHAr2
-----END CERTIFICATE-----