Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/RY7YMyxrHOr2CB8wHzShA96G9HY.roa
File:                     RY7YMyxrHOr2CB8wHzShA96G9HY.roa (raw, json)
Hash identifier:          KlFcdX9qijQE40j4qVfMdHWUleYIWM3rYMw97YQcNtU=
Subject key identifier:   45:8E:D8:33:2C:6B:1C:EA:F6:08:1F:30:1F:34:A1:03:DE:86:F4:76
Certificate issuer:       /CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
Certificate serial:       018CC64ACBEDBEBE8B524FE838D1109DA754
Authority key identifier: 12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/RY7YMyxrHOr2CB8wHzShA96G9HY.roa
Signing time:             Mon 01 Jan 2024 18:30:39 +0000
ROA not before:           Mon 01 Jan 2024 18:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        2a06:4c00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 19:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:cb:ed:be:be:8b:52:4f:e8:38:d1:10:9d:a7:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
        Validity
            Not Before: Jan  1 18:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=458ed8332c6b1ceaf6081f301f34a103de86f476
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:2f:18:d0:e3:48:23:71:6c:9e:26:12:3c:fc:
                    d0:75:18:2f:83:61:17:54:ee:a6:aa:b0:60:da:eb:
                    f4:76:09:36:ff:6e:47:f3:50:25:3a:d3:65:b9:91:
                    fb:3a:1b:1e:cb:ec:d1:6f:e8:1e:c2:50:ba:46:0a:
                    1d:48:52:98:db:7e:91:6d:dc:42:4e:b7:a0:bd:48:
                    7b:b4:97:68:5e:57:33:a6:82:24:a4:dc:c3:00:b2:
                    b9:8e:ab:1f:03:f7:c7:94:38:cf:59:04:9b:93:da:
                    c5:0a:b2:2f:a4:19:47:58:48:96:3b:87:11:76:6d:
                    ca:f7:9c:5a:cb:15:d6:b8:9d:7a:0b:ca:a5:98:e1:
                    c9:21:34:0a:c9:2e:a6:f8:b7:8d:b5:5b:b5:35:77:
                    22:5e:74:d1:52:f1:a6:e6:98:f8:b8:6d:56:fe:14:
                    6a:7d:03:bb:5f:91:2a:c9:fb:0f:9b:fc:3f:e6:cd:
                    67:84:ca:c2:a3:82:8c:7f:c4:65:27:41:71:d6:17:
                    40:35:12:1f:42:3f:7e:16:54:1f:d9:e3:00:cb:e1:
                    b7:0a:12:dc:f7:b0:f7:65:21:fd:15:e2:06:11:db:
                    e1:05:47:c8:b4:99:1c:1d:e8:6b:e6:48:65:bf:2a:
                    b9:87:35:6d:e4:f6:53:61:35:ec:58:95:55:2b:b6:
                    bc:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:8E:D8:33:2C:6B:1C:EA:F6:08:1F:30:1F:34:A1:03:DE:86:F4:76
            X509v3 Authority Key Identifier:
                keyid:12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/RY7YMyxrHOr2CB8wHzShA96G9HY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:4c00::/32

    Signature Algorithm: sha256WithRSAEncryption
         d2:78:28:cc:87:bc:32:38:70:44:f9:d8:9a:42:53:49:0d:45:
         bd:ff:c1:68:57:71:18:5c:b8:50:52:a6:58:ca:dd:99:ae:91:
         d5:71:54:65:28:55:6b:04:12:1c:35:4b:b9:35:06:15:cb:7f:
         28:0d:e0:5b:32:cb:ea:b3:cb:c1:ac:b3:8f:77:47:50:ea:bf:
         6f:ba:2d:55:12:c9:b7:2b:4c:df:a3:b4:27:2f:6a:f5:a8:f7:
         67:4e:c9:dd:72:95:f8:a1:02:26:95:36:40:a1:ab:89:f7:68:
         f1:7c:80:9d:e9:19:9e:d2:01:09:77:d1:77:d4:16:b5:58:3e:
         47:fe:e9:96:4b:00:a6:29:5c:59:01:e9:85:6c:c8:87:14:6c:
         36:3c:a1:bd:d0:05:3a:57:c8:72:47:34:59:39:48:ab:33:f2:
         6a:b0:85:e5:14:62:e4:67:78:bf:ce:44:20:2e:aa:f9:77:6c:
         c3:57:68:64:93:75:76:80:a9:23:33:3a:5b:17:e0:00:9d:6b:
         04:22:5c:84:95:df:d3:f9:b0:44:0c:ba:5f:91:59:3e:76:69:
         c0:e8:ba:2f:cf:b2:90:9c:b9:76:11:6c:74:2f:4a:65:43:df:
         02:27:18:70:8e:84:e2:3b:95:8a:18:d7:28:17:be:2c:55:a5:
         3f:fb:9d:98
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGSsvtvr6LUk/oONEQnadUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMTRhN2UyYThjNzAxMjMyNWFlOTczZWQxYTJiYmEwNWIy
YmI5YzEwHhcNMjQwMTAxMTgzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NThlZDgzMzJjNmIxY2VhZjYwODFmMzAxZjM0YTEwM2RlODZmNDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzS8Y0ONII3FsniYSPPzQdRgvg2EX
VO6mqrBg2uv0dgk2/25H81AlOtNluZH7Ohsey+zRb+gewlC6RgodSFKY236RbdxC
TregvUh7tJdoXlczpoIkpNzDALK5jqsfA/fHlDjPWQSbk9rFCrIvpBlHWEiWO4cR
dm3K95xayxXWuJ16C8qlmOHJITQKyS6m+LeNtVu1NXciXnTRUvGm5pj4uG1W/hRq
fQO7X5EqyfsPm/w/5s1nhMrCo4KMf8RlJ0Fx1hdANRIfQj9+FlQf2eMAy+G3ChLc
97D3ZSH9FeIGEdvhBUfItJkcHehr5khlvyq5hzVt5PZTYTXsWJVVK7a8XwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEWO2DMsaxzq9ggfMB80oQPehvR2MB8GA1UdIwQY
MBaAFBIUp+KoxwEjJa6XPtGiu6BbK7nBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQt
ZTljMzY0OWMxMjE4LzEvUlk3WU15eHJIT3IyQ0I4d0h6U2hBOTZHOUhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQtZTljMzY0OWMxMjE4
LzEvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgZMADAN
BgkqhkiG9w0BAQsFAAOCAQEA0ngozIe8MjhwRPnYmkJTSQ1Fvf/BaFdxGFy4UFKm
WMrdma6R1XFUZShVawQSHDVLuTUGFct/KA3gWzLL6rPLwayzj3dHUOq/b7otVRLJ
tytM36O0Jy9q9aj3Z07J3XKV+KECJpU2QKGrifdo8XyAnekZntIBCXfRd9QWtVg+
R/7plksApilcWQHphWzIhxRsNjyhvdAFOlfIckc0WTlIqzPyarCF5RRi5Gd4v85E
IC6q+Xdsw1doZJN1doCpIzM6WxfgAJ1rBCJchJXf0/mwRAy6X5FZPnZpwOi6L8+y
kJy5dhFsdC9KZUPfAicYcI6E4juVihjXKBe+LFWlP/udmA==
-----END CERTIFICATE-----