Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/yTtcVU9ChNydH2mKs4iN5Ah2HPs.roa
File:                     yTtcVU9ChNydH2mKs4iN5Ah2HPs.roa (raw, json)
Hash identifier:          ro/KjPOdv9iitLmrbKrmD5i/eJZ/0hcJVF+hmNRnyAs=
Subject key identifier:   C9:3B:5C:55:4F:42:84:DC:9D:1F:69:8A:B3:88:8D:E4:08:76:1C:FB
Certificate issuer:       /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial:       019423D7BD6949096D3E86159651FEFA276B
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/yTtcVU9ChNydH2mKs4iN5Ah2HPs.roa
Signing time:             Wed 01 Jan 2025 21:48:48 +0000
ROA not before:           Wed 01 Jan 2025 21:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63023
IP address blocks:        2a0f:f400::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:bd:69:49:09:6d:3e:86:15:96:51:fe:fa:27:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
        Validity
            Not Before: Jan  1 21:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c93b5c554f4284dc9d1f698ab3888de408761cfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:74:cd:a7:d4:10:45:cd:31:5b:8a:bc:be:cd:
                    a1:19:a6:08:07:54:cc:a1:ad:93:e0:26:aa:37:51:
                    f9:b2:9c:f0:cf:31:56:cd:b6:82:1d:d7:e4:c0:fd:
                    88:eb:70:41:39:5c:7a:c3:01:35:ca:73:8c:ff:0e:
                    1c:20:72:4b:0a:d0:d9:ea:cf:13:60:c1:69:87:87:
                    1c:bf:32:54:23:9a:ed:61:1b:54:06:bb:a5:1a:32:
                    29:37:c4:77:fd:bc:0a:00:21:47:5d:42:57:e4:0e:
                    1f:05:5c:5f:df:a7:17:4b:59:77:92:e3:d9:1d:45:
                    15:55:be:6f:c7:8f:ed:bb:fd:9f:ae:f8:0c:e2:75:
                    93:6f:c2:8c:27:af:fd:46:b1:f5:03:ef:78:38:9a:
                    ba:74:01:26:4e:f5:09:5f:d5:4a:ef:00:65:29:fa:
                    47:05:a1:2d:f5:41:ff:5c:8a:3f:48:fd:bf:b5:0a:
                    99:58:ce:c4:b5:97:16:45:de:1c:87:1b:5b:77:32:
                    76:9b:78:02:be:9e:58:d1:21:67:71:73:b3:63:d2:
                    fa:15:ea:44:77:b0:6c:46:18:de:75:65:7c:97:60:
                    56:5f:46:a6:cc:c9:14:44:c4:08:a7:93:3b:35:0a:
                    7f:a6:e8:95:df:a3:76:dd:1e:c2:62:af:ed:26:43:
                    45:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:3B:5C:55:4F:42:84:DC:9D:1F:69:8A:B3:88:8D:E4:08:76:1C:FB
            X509v3 Authority Key Identifier:
                keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/yTtcVU9ChNydH2mKs4iN5Ah2HPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:f400::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:a6:98:7d:1f:9c:e0:9b:31:ff:39:bf:01:7d:b5:2b:12:c9:
         24:1a:aa:e7:34:52:01:7e:64:bd:37:7a:58:76:72:78:58:d5:
         b6:ae:11:02:b8:15:7a:dd:0f:bb:97:50:15:ef:d4:75:da:33:
         7f:32:97:c3:d6:3a:f7:c6:61:18:27:85:64:d2:db:c6:72:f5:
         8f:77:0f:af:97:0d:a1:a8:8c:60:43:e3:2b:4f:65:50:e7:eb:
         0b:13:16:1f:0a:bb:70:40:4f:fd:35:d7:bc:6c:f1:17:2d:e0:
         67:e4:e3:c9:56:8c:36:32:9c:bf:90:a3:78:f5:2d:5c:5a:01:
         95:0c:91:23:25:72:69:a2:e1:c2:e1:0c:9a:52:f7:54:69:5e:
         bd:c7:d5:d4:7d:f6:35:cb:87:b2:b8:5f:94:6f:ce:45:1e:60:
         18:bd:10:64:a3:45:83:01:60:6b:28:01:49:97:66:c5:e0:da:
         aa:e7:5d:da:bf:f9:b9:1d:22:8c:d2:d3:3c:06:a2:06:9b:90:
         91:4d:c0:85:49:80:6b:b1:88:d7:78:c5:e6:e9:50:8d:91:86:
         72:9c:db:d6:d4:8c:15:5a:3d:00:80:71:66:46:31:6f:c3:e0:
         06:6f:c4:af:62:f5:a3:f8:3a:40:74:33:78:25:86:e1:24:d0:
         38:2c:21:0f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQj171pSQltPoYVllH++idrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjUwMTAxMjE0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTNiNWM1NTRmNDI4NGRjOWQxZjY5OGFiMzg4OGRlNDA4NzYxY2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHTNp9QQRc0xW4q8vs2hGaYIB1TM
oa2T4CaqN1H5spzwzzFWzbaCHdfkwP2I63BBOVx6wwE1ynOM/w4cIHJLCtDZ6s8T
YMFph4ccvzJUI5rtYRtUBrulGjIpN8R3/bwKACFHXUJX5A4fBVxf36cXS1l3kuPZ
HUUVVb5vx4/tu/2frvgM4nWTb8KMJ6/9RrH1A+94OJq6dAEmTvUJX9VK7wBlKfpH
BaEt9UH/XIo/SP2/tQqZWM7EtZcWRd4chxtbdzJ2m3gCvp5Y0SFncXOzY9L6FepE
d7BsRhjedWV8l2BWX0amzMkURMQIp5M7NQp/puiV36N23R7CYq/tJkNFKQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMk7XFVPQoTcnR9pirOIjeQIdhz7MB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEveVR0Y1ZVOUNoTnlkSDJtS3M0aU41QWgySFBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUtYTJhNGM2YTYyMWNk
LzEvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg/0ADAN
BgkqhkiG9w0BAQsFAAOCAQEAE6aYfR+c4Jsx/zm/AX21KxLJJBqq5zRSAX5kvTd6
WHZyeFjVtq4RArgVet0Pu5dQFe/UddozfzKXw9Y698ZhGCeFZNLbxnL1j3cPr5cN
oaiMYEPjK09lUOfrCxMWHwq7cEBP/TXXvGzxFy3gZ+TjyVaMNjKcv5CjePUtXFoB
lQyRIyVyaaLhwuEMmlL3VGlevcfV1H32NcuHsrhflG/ORR5gGL0QZKNFgwFgaygB
SZdmxeDaqudd2r/5uR0ijNLTPAaiBpuQkU3AhUmAa7GI13jF5ulQjZGGcpzb1tSM
FVo9AIBxZkYxb8PgBm/Er2L1o/g6QHQzeCWG4STQOCwhDw==
-----END CERTIFICATE-----