Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/YkpAHKfW8GJST9yrJDOSYTYY1Ck.roa
File:                     YkpAHKfW8GJST9yrJDOSYTYY1Ck.roa (raw, json)
Hash identifier:          SM4vDzZSZTi4IK4YdBPHKG2qr5FpVmoKOG9Tevmk5fU=
Subject key identifier:   62:4A:40:1C:A7:D6:F0:62:52:4F:DC:AB:24:33:92:61:36:18:D4:29
Certificate issuer:       /CN=7021d7528be713a4ba2cb4db5e58d64d882eb555
Certificate serial:       0190161EC84336402E319CF057939B290FA8
Authority key identifier: 70:21:D7:52:8B:E7:13:A4:BA:2C:B4:DB:5E:58:D6:4D:88:2E:B5:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/YkpAHKfW8GJST9yrJDOSYTYY1Ck.roa
Signing time:             Fri 14 Jun 2024 09:40:34 +0000
ROA not before:           Fri 14 Jun 2024 09:40:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49217
IP address blocks:        2a0f:bf01::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:16:1e:c8:43:36:40:2e:31:9c:f0:57:93:9b:29:0f:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7021d7528be713a4ba2cb4db5e58d64d882eb555
        Validity
            Not Before: Jun 14 09:40:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=624a401ca7d6f062524fdcab243392613618d429
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d8:5f:e8:40:9b:44:59:38:70:12:ac:fa:04:
                    8c:71:15:e7:02:b5:c5:2f:20:a7:0a:48:81:26:56:
                    a1:af:4e:8a:4e:9a:fa:8a:16:00:e8:60:ce:a8:9a:
                    f3:e1:3d:cb:62:39:36:c5:c5:06:5a:63:49:36:a2:
                    71:f7:f2:0a:55:95:5a:b8:65:4b:ed:75:d1:72:9e:
                    54:06:22:b7:d0:a4:33:89:54:01:3e:57:8f:e9:a4:
                    07:7f:7b:57:21:49:e4:99:20:30:21:7f:57:a6:ca:
                    db:10:d4:82:15:66:0f:17:5d:1a:35:05:84:45:f9:
                    ac:e0:1a:c9:42:d3:99:8c:a2:d3:2e:97:3d:66:1c:
                    30:c8:f3:13:74:9e:ac:14:32:d0:8b:12:e0:9e:e5:
                    ca:c0:7e:f5:1f:9f:4e:6e:5f:76:0c:2c:10:b2:f9:
                    f1:45:3f:62:9a:c6:de:41:b6:48:f7:c6:d6:98:0a:
                    b3:80:e5:78:0d:0c:94:da:a8:37:c3:d0:26:82:44:
                    77:da:b4:cd:b5:ec:6c:10:46:12:36:2a:fd:2a:2a:
                    1e:04:22:81:8c:82:ad:8d:27:6d:ef:4b:1b:87:98:
                    a6:84:45:83:34:d4:f1:11:6c:a6:37:a2:31:d2:3e:
                    34:d2:47:37:38:1d:08:47:7a:31:51:9f:fe:25:0f:
                    50:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:4A:40:1C:A7:D6:F0:62:52:4F:DC:AB:24:33:92:61:36:18:D4:29
            X509v3 Authority Key Identifier:
                keyid:70:21:D7:52:8B:E7:13:A4:BA:2C:B4:DB:5E:58:D6:4D:88:2E:B5:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/YkpAHKfW8GJST9yrJDOSYTYY1Ck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:bf01::/32

    Signature Algorithm: sha256WithRSAEncryption
         95:d8:09:1f:ba:e3:ad:a7:2f:b5:60:f9:a8:5b:42:85:e3:a2:
         08:7e:04:39:f0:1f:93:04:ac:e3:38:cc:1f:4d:ec:e1:22:d8:
         3d:80:11:f0:4f:ac:ac:23:5a:5b:19:c8:a2:78:f5:d3:11:40:
         94:fe:b8:43:4f:6b:2f:aa:77:6c:6a:66:f6:2d:5f:4e:86:2d:
         ad:b0:fe:06:50:13:d4:f3:a0:45:7d:b9:55:30:58:e5:ba:36:
         ea:7b:b0:af:2f:61:a2:f3:00:33:58:b1:c4:be:fe:11:04:84:
         56:aa:a6:cb:0b:0e:39:77:24:41:10:3c:43:a6:23:36:d1:67:
         a6:48:01:aa:03:09:94:55:a6:b4:08:8b:df:98:c0:4a:8c:a8:
         2f:74:05:11:3e:0e:cf:40:b6:78:0b:26:e7:62:68:b8:3e:e9:
         82:b2:75:82:4d:31:a4:74:0c:34:3b:21:72:cb:63:09:07:ec:
         59:3e:ef:f2:bb:1d:d0:95:c8:09:07:13:ba:fe:74:78:8a:d1:
         4e:8d:6d:bf:d1:db:26:22:af:7f:02:d7:86:68:78:af:20:c8:
         3a:b1:e0:83:20:c0:bd:11:48:f6:0f:c2:6f:21:4b:ff:9d:05:
         4e:bd:78:5a:b5:93:45:d9:03:c1:a6:38:c3:67:a2:37:ea:7f:
         a6:4f:7b:b8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZAWHshDNkAuMZzwV5ObKQ+oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMjFkNzUyOGJlNzEzYTRiYTJjYjRkYjVlNThkNjRkODgy
ZWI1NTUwHhcNMjQwNjE0MDk0MDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjRhNDAxY2E3ZDZmMDYyNTI0ZmRjYWIyNDMzOTI2MTM2MThkNDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0thf6ECbRFk4cBKs+gSMcRXnArXF
LyCnCkiBJlahr06KTpr6ihYA6GDOqJrz4T3LYjk2xcUGWmNJNqJx9/IKVZVauGVL
7XXRcp5UBiK30KQziVQBPleP6aQHf3tXIUnkmSAwIX9XpsrbENSCFWYPF10aNQWE
Rfms4BrJQtOZjKLTLpc9ZhwwyPMTdJ6sFDLQixLgnuXKwH71H59Obl92DCwQsvnx
RT9imsbeQbZI98bWmAqzgOV4DQyU2qg3w9AmgkR32rTNtexsEEYSNir9KioeBCKB
jIKtjSdt70sbh5imhEWDNNTxEWymN6Ix0j400kc3OB0IR3oxUZ/+JQ9QjQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGJKQByn1vBiUk/cqyQzkmE2GNQpMB8GA1UdIwQY
MBaAFHAh11KL5xOkuiy0215Y1k2ILrVVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0NIWFVvdm5FNlM2TExUYlhsaldUWWd1dFZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8wMWIwYzAtMWI4Ny00ZDZmLTllOTAt
OTI4MWYwZDIzZGJmLzEvWWtwQUhLZlc4R0pTVDl5ckpET1NZVFlZMUNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8wMWIwYzAtMWI4Ny00ZDZmLTllOTAtOTI4MWYwZDIzZGJm
LzEvY0NIWFVvdm5FNlM2TExUYlhsaldUWWd1dFZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg+/ATAN
BgkqhkiG9w0BAQsFAAOCAQEAldgJH7rjracvtWD5qFtCheOiCH4EOfAfkwSs4zjM
H03s4SLYPYAR8E+srCNaWxnIonj10xFAlP64Q09rL6p3bGpm9i1fToYtrbD+BlAT
1POgRX25VTBY5bo26nuwry9hovMAM1ixxL7+EQSEVqqmywsOOXckQRA8Q6YjNtFn
pkgBqgMJlFWmtAiL35jASoyoL3QFET4Oz0C2eAsm52JouD7pgrJ1gk0xpHQMNDsh
cstjCQfsWT7v8rsd0JXICQcTuv50eIrRTo1tv9HbJiKvfwLXhmh4ryDIOrHggyDA
vRFI9g/CbyFL/50FTr14WrWTRdkDwaY4w2eiN+p/pk97uA==
-----END CERTIFICATE-----