Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/YMRgontEWx9ftd6C-GfvXVzVo8M.roa
File:                     YMRgontEWx9ftd6C-GfvXVzVo8M.roa (raw, json)
Hash identifier:          wNs/zt+fUYot2kavmSkyau5TYcEd08+RG0SfvPgkW/w=
Subject key identifier:   60:C4:60:A2:7B:44:5B:1F:5F:B5:DE:82:F8:67:EF:5D:5C:D5:A3:C3
Certificate issuer:       /CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
Certificate serial:       018CC64B7B53E32271E6E04C9087B62BB3BA
Authority key identifier: ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/YMRgontEWx9ftd6C-GfvXVzVo8M.roa
Signing time:             Mon 01 Jan 2024 18:31:24 +0000
ROA not before:           Mon 01 Jan 2024 18:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207960
IP address blocks:        2a0d:1a40:7900::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:7b:53:e3:22:71:e6:e0:4c:90:87:b6:2b:b3:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
        Validity
            Not Before: Jan  1 18:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60c460a27b445b1f5fb5de82f867ef5d5cd5a3c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:fc:3d:8f:f3:fa:2c:d2:2b:de:1b:08:7b:df:
                    ed:1b:09:40:19:a7:31:26:4e:64:d2:6d:19:2b:22:
                    2b:f5:2b:2d:6e:99:21:42:7a:51:6c:25:e4:27:04:
                    5f:67:de:14:a2:6a:87:99:75:97:f3:1d:4e:f3:1a:
                    10:c2:87:dd:a8:7f:69:a2:ea:e8:ae:a1:1b:db:21:
                    05:8c:3b:55:91:fe:a3:8f:55:d2:66:30:e4:8f:61:
                    fe:93:d2:3c:86:36:e8:7f:60:22:e7:6a:3e:98:cd:
                    77:79:d6:ac:16:82:44:d1:79:8f:75:f6:c3:62:b8:
                    90:f1:8a:ba:b7:c1:5d:d1:9f:0b:e9:d2:15:4e:5f:
                    1f:54:3a:f1:32:20:1f:f3:e5:dd:62:9d:5f:65:bb:
                    a6:53:da:22:96:60:8a:c7:9e:32:c8:d6:ee:99:75:
                    d5:39:14:18:1f:d5:38:8c:bb:4a:d5:82:b2:a6:de:
                    10:1d:47:e4:7c:24:01:de:22:23:3a:09:54:ae:76:
                    8f:04:0e:61:b3:71:0c:fc:e5:7b:43:e1:3a:59:29:
                    b5:2f:be:91:8b:a8:07:a5:c1:11:f4:52:0e:d4:95:
                    5b:b6:b1:f2:f8:3a:24:77:13:47:53:ed:d7:9f:31:
                    b7:ea:af:98:9c:65:9f:52:de:de:ca:53:c2:70:da:
                    74:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:C4:60:A2:7B:44:5B:1F:5F:B5:DE:82:F8:67:EF:5D:5C:D5:A3:C3
            X509v3 Authority Key Identifier:
                keyid:ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/YMRgontEWx9ftd6C-GfvXVzVo8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:1a40:7900::/40

    Signature Algorithm: sha256WithRSAEncryption
         7d:01:b1:90:9c:da:ea:89:e8:2c:5a:3d:10:a6:bd:dc:0a:b3:
         25:88:28:15:64:84:fc:51:2e:21:55:ea:fe:ca:02:63:fa:01:
         13:72:52:50:3d:08:c6:84:28:b1:5a:7e:f7:f1:1d:29:5d:d8:
         9b:25:25:ba:3c:a3:f0:83:98:77:32:87:7f:7f:bd:21:ac:83:
         a8:74:38:da:54:f2:7b:92:00:2c:25:41:19:0d:79:e7:48:55:
         8f:eb:67:c1:4e:ea:72:0c:a0:02:a8:45:36:f9:ec:7b:80:60:
         08:a5:cc:df:06:16:3b:27:21:aa:11:ed:12:94:7f:06:8d:09:
         92:e2:8a:f3:8f:37:70:41:3d:02:8e:45:fd:9b:18:bc:8d:ec:
         77:c7:9d:39:a7:88:ff:96:11:e0:50:7d:16:cd:02:8b:c7:91:
         a9:6c:19:9e:82:75:0e:df:77:c5:8f:fd:fc:00:82:46:4e:0f:
         89:8a:bb:32:42:3c:55:b5:62:44:32:c4:99:dc:0d:bc:7e:46:
         c9:88:1d:f0:a7:0a:f2:1c:3c:fc:c5:62:6d:f8:d7:a3:8f:67:
         74:63:65:f3:41:38:7a:09:cc:9a:31:b2:f6:25:bd:b0:15:5a:
         91:54:2e:7c:e0:bd:ed:38:f8:10:cb:a7:66:57:fc:e7:63:f0:
         b3:40:c6:0b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGS3tT4yJx5uBMkIe2K7O6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNzdlNmI5MjViM2I3YTdhYmI5Mjg4NWQ1NWQ3MzNkYzVm
YTYyZDIwHhcNMjQwMTAxMTgzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGM0NjBhMjdiNDQ1YjFmNWZiNWRlODJmODY3ZWY1ZDVjZDVhM2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfw9j/P6LNIr3hsIe9/tGwlAGacx
Jk5k0m0ZKyIr9SstbpkhQnpRbCXkJwRfZ94UomqHmXWX8x1O8xoQwofdqH9pouro
rqEb2yEFjDtVkf6jj1XSZjDkj2H+k9I8hjbof2Ai52o+mM13edasFoJE0XmPdfbD
YriQ8Yq6t8Fd0Z8L6dIVTl8fVDrxMiAf8+XdYp1fZbumU9oilmCKx54yyNbumXXV
ORQYH9U4jLtK1YKypt4QHUfkfCQB3iIjOglUrnaPBA5hs3EM/OV7Q+E6WSm1L76R
i6gHpcER9FIO1JVbtrHy+DokdxNHU+3XnzG36q+YnGWfUt7eylPCcNp0dwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGDEYKJ7RFsfX7Xegvhn711c1aPDMB8GA1UdIwQY
MBaAFO135rkls7enq7kohdVdcz3F+mLSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMt
OTI4MTlkZThhMDM2LzEvWU1SZ29udEVXeDlmdGQ2Qy1HZnZYVnpWbzhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMtOTI4MTlkZThhMDM2
LzEvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg0aQHkw
DQYJKoZIhvcNAQELBQADggEBAH0BsZCc2uqJ6CxaPRCmvdwKsyWIKBVkhPxRLiFV
6v7KAmP6ARNyUlA9CMaEKLFafvfxHSld2JslJbo8o/CDmHcyh39/vSGsg6h0ONpU
8nuSACwlQRkNeedIVY/rZ8FO6nIMoAKoRTb57HuAYAilzN8GFjsnIaoR7RKUfwaN
CZLiivOPN3BBPQKORf2bGLyN7HfHnTmniP+WEeBQfRbNAovHkalsGZ6CdQ7fd8WP
/fwAgkZOD4mKuzJCPFW1YkQyxJncDbx+RsmIHfCnCvIcPPzFYm3416OPZ3RjZfNB
OHoJzJoxsvYlvbAVWpFULnzgve04+BDLp2ZX/Odj8LNAxgs=
-----END CERTIFICATE-----