Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/YenQr5nH_V3kb3uSF9W13TFvB5Q.roa
File:                     YenQr5nH_V3kb3uSF9W13TFvB5Q.roa (raw, json)
Hash identifier:          GpHupGsKceamB9tAnqXoExG/BKA3+rfzw7wdC7Z1p8s=
Subject key identifier:   61:E9:D0:AF:99:C7:FD:5D:E4:6F:7B:92:17:D5:B5:DD:31:6F:07:94
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       01941F8C603BE6ED4F69AFF4904EC806AD41
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/YenQr5nH_V3kb3uSF9W13TFvB5Q.roa
Signing time:             Wed 01 Jan 2025 01:48:00 +0000
ROA not before:           Wed 01 Jan 2025 01:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42682
IP address blocks:        2a02:2698:4c00::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:60:3b:e6:ed:4f:69:af:f4:90:4e:c8:06:ad:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  1 01:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61e9d0af99c7fd5de46f7b9217d5b5dd316f0794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:84:08:09:b0:34:60:9f:90:a9:f6:cf:17:5f:
                    3c:d2:60:10:c6:73:3d:7c:a0:78:be:b1:52:dd:84:
                    47:03:b2:7e:e8:5b:3f:0c:69:8d:d0:42:1c:f6:2b:
                    3f:a4:cc:ac:3e:05:60:0f:28:ab:da:0f:0f:b7:d9:
                    79:ee:e8:91:6e:19:96:df:af:06:d7:3d:bf:cb:2c:
                    c6:ee:6f:3f:26:ab:16:ff:12:90:5b:87:96:b7:53:
                    91:dd:2c:d8:6e:ab:66:eb:f4:fe:08:85:8a:1a:5a:
                    ec:00:8f:e0:de:8e:17:43:63:89:dd:4b:9f:26:e7:
                    55:bc:f8:00:a7:c2:6f:58:d9:af:14:ed:77:96:d8:
                    25:3f:c9:65:48:21:51:2a:9e:50:bb:68:5e:f4:5b:
                    3f:cf:65:05:53:7c:09:a9:30:67:af:d0:25:5c:6e:
                    3b:05:60:c9:6d:46:f6:5b:82:33:5c:97:02:49:cb:
                    bf:09:3d:22:73:56:75:ff:dd:f7:6c:1f:c6:3a:7d:
                    1d:d9:45:77:33:6c:98:09:e3:c8:b3:0e:1f:f3:ed:
                    a3:29:24:8a:b0:7d:24:9c:cf:55:48:7c:31:78:18:
                    7c:a4:e6:6c:91:fb:43:aa:ea:ac:a5:f0:a0:49:78:
                    67:20:96:96:83:1b:28:56:42:3c:f3:a7:80:0f:5b:
                    c6:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:E9:D0:AF:99:C7:FD:5D:E4:6F:7B:92:17:D5:B5:DD:31:6F:07:94
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/YenQr5nH_V3kb3uSF9W13TFvB5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:4c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         26:67:02:6e:73:98:fc:10:ec:90:ce:9a:23:5b:4d:68:bd:02:
         b9:c9:76:4a:5d:a0:9d:9a:e4:a4:e8:54:72:3f:3d:99:e0:e7:
         36:12:63:3d:9b:1c:cb:9a:4a:7f:44:ca:0d:46:15:d7:a7:49:
         2e:5e:8c:c0:c3:47:09:dd:30:cf:c1:25:3f:74:5a:29:e8:7a:
         bb:81:b0:c1:33:94:91:87:86:7a:c1:38:3c:5e:d2:55:63:12:
         9a:f3:88:88:a2:cb:88:fc:e9:7a:5b:23:70:7d:65:f1:34:d6:
         9f:4a:b4:52:a0:cd:85:ea:6e:ca:bb:86:df:dd:6a:39:1d:ab:
         22:30:df:bc:c6:cf:d6:c7:62:52:34:da:bd:d5:a1:07:ef:88:
         7d:2f:30:52:21:ad:57:8f:9a:85:20:7d:5b:65:b8:a0:a5:25:
         d7:58:b3:57:3c:7d:78:fb:c9:b9:2f:15:26:6f:c7:ac:c1:8a:
         35:bb:81:08:cd:03:76:3d:16:9a:f8:65:e5:4b:43:ae:03:84:
         ca:41:ad:49:f6:d9:ff:f8:0c:43:a0:ec:d9:2f:4e:d0:82:39:
         fc:76:62:a4:9d:bb:51:b6:5b:0e:fe:01:18:af:d4:03:5d:95:
         19:85:fe:7c:7f:ea:bc:8a:9d:79:fe:1a:51:3c:1f:48:3d:5e:
         08:8d:e8:87
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQfjGA75u1Paa/0kE7IBq1BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjUwMTAxMDE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWU5ZDBhZjk5YzdmZDVkZTQ2ZjdiOTIxN2Q1YjVkZDMxNmYwNzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4QICbA0YJ+QqfbPF1880mAQxnM9
fKB4vrFS3YRHA7J+6Fs/DGmN0EIc9is/pMysPgVgDyir2g8Pt9l57uiRbhmW368G
1z2/yyzG7m8/JqsW/xKQW4eWt1OR3SzYbqtm6/T+CIWKGlrsAI/g3o4XQ2OJ3Uuf
JudVvPgAp8JvWNmvFO13ltglP8llSCFRKp5Qu2he9Fs/z2UFU3wJqTBnr9AlXG47
BWDJbUb2W4IzXJcCScu/CT0ic1Z1/933bB/GOn0d2UV3M2yYCePIsw4f8+2jKSSK
sH0knM9VSHwxeBh8pOZskftDquqspfCgSXhnIJaWgxsoVkI886eAD1vGXwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGHp0K+Zx/1d5G97khfVtd0xbweUMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvWWVuUXI1bkhfVjNrYjN1U0Y5VzEzVEZ2QjVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmEww
DQYJKoZIhvcNAQELBQADggEBACZnAm5zmPwQ7JDOmiNbTWi9ArnJdkpdoJ2a5KTo
VHI/PZng5zYSYz2bHMuaSn9Eyg1GFdenSS5ejMDDRwndMM/BJT90WinoeruBsMEz
lJGHhnrBODxe0lVjEprziIiiy4j86XpbI3B9ZfE01p9KtFKgzYXqbsq7ht/dajkd
qyIw37zGz9bHYlI02r3VoQfviH0vMFIhrVePmoUgfVtluKClJddYs1c8fXj7ybkv
FSZvx6zBijW7gQjNA3Y9Fpr4ZeVLQ64DhMpBrUn22f/4DEOg7NkvTtCCOfx2YqSd
u1G2Ww7+ARiv1ANdlRmF/nx/6ryKnXn+GlE8H0g9XgiN6Ic=
-----END CERTIFICATE-----