Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/YlIv1sH4I8yIvo_KHQdztopyqfs.roa
File:                     YlIv1sH4I8yIvo_KHQdztopyqfs.roa (raw, json)
Hash identifier:          X6a1VMK2auThLOjqkHyYJDf/IfZpypAUQkYXmyhrYFk=
Subject key identifier:   62:52:2F:D6:C1:F8:23:CC:88:BE:8F:CA:1D:07:73:B6:8A:72:A9:FB
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747F1FE902AE38C3510FF0C4C464459
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/YlIv1sH4I8yIvo_KHQdztopyqfs.roa
Signing time:             Thu 02 Jan 2025 13:50:13 +0000
ROA not before:           Thu 02 Jan 2025 13:50:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212831
IP address blocks:        2a0b:b87:ffbb::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 12:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:f1:fe:90:2a:e3:8c:35:10:ff:0c:4c:46:44:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62522fd6c1f823cc88be8fca1d0773b68a72a9fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:ff:09:d7:86:0a:57:1c:37:db:0d:51:61:b8:
                    f4:c8:9c:0d:c0:8c:e4:13:9e:3b:fd:97:32:2d:e8:
                    55:f3:35:61:33:f3:60:e4:49:6d:36:df:60:2d:4f:
                    6e:83:20:0d:81:72:e4:9b:c1:3e:a5:42:a4:93:89:
                    ba:c9:4d:30:c2:c1:fa:45:4d:43:87:1e:09:7e:52:
                    80:c6:f3:20:00:74:d6:3a:8b:ff:9a:05:de:ca:a9:
                    76:c3:fa:5d:22:36:d9:02:70:cd:39:e0:22:76:17:
                    41:b5:06:fa:2c:14:b6:c2:b3:c8:26:db:6e:c0:19:
                    7f:90:d8:d2:08:be:12:36:07:34:0b:5d:af:f6:29:
                    e7:42:25:db:e3:1a:62:7f:37:e9:14:13:8d:1c:9e:
                    41:73:9e:9f:18:7e:44:fb:f4:aa:3a:64:2e:1c:1e:
                    10:bc:6b:b1:3f:0b:c6:47:a9:ae:1e:fb:20:da:46:
                    02:65:2c:c4:29:c2:20:03:7f:b1:a5:ac:e7:6c:09:
                    6a:25:69:70:4c:8c:64:0b:fd:07:81:b1:60:9b:9d:
                    d4:75:a6:44:d5:f2:0d:a1:14:ab:18:94:83:bf:8b:
                    bf:28:eb:eb:e5:08:d9:66:a6:07:00:eb:45:29:85:
                    8a:5b:b7:a2:4c:54:fa:dc:a8:bb:b1:5e:07:8c:d6:
                    fe:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:52:2F:D6:C1:F8:23:CC:88:BE:8F:CA:1D:07:73:B6:8A:72:A9:FB
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/YlIv1sH4I8yIvo_KHQdztopyqfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffbb::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:96:6d:e5:57:a5:1b:65:a4:b9:c8:e4:a4:7c:0a:49:4f:69:
         bb:6e:90:36:71:77:bd:29:f7:11:d6:3a:3d:bf:53:63:a7:dc:
         bb:39:cc:83:79:80:07:2d:96:ee:42:3e:e4:3d:7b:c1:4b:0b:
         3f:a9:a3:97:43:a6:f0:0e:0f:8e:88:ad:6f:5b:78:0d:a1:ae:
         0b:b8:9a:b9:dd:fc:fa:38:7d:34:6d:15:ef:ea:10:f2:68:d3:
         81:e8:92:0a:ec:65:41:48:55:1f:5e:c4:e1:8d:38:d4:64:9e:
         d0:7b:6d:02:20:0c:1f:04:cb:ee:78:eb:45:17:03:d4:ab:b1:
         9c:98:7e:20:ad:33:1e:10:ac:5a:8a:a9:1a:7c:79:e2:9f:ce:
         30:c4:fc:23:b6:9c:c5:a8:15:27:48:4a:49:6f:98:69:bb:a7:
         de:bb:99:cc:a4:45:79:fd:07:42:7a:03:73:c5:8a:ce:9d:f6:
         27:f4:8c:f7:fa:31:2c:9e:d7:cf:2b:ec:e1:57:bf:0c:a0:21:
         3e:9d:3e:6f:07:b1:b9:53:36:c3:60:e2:ef:47:e4:e0:d5:28:
         2b:96:4b:89:df:de:b6:ef:0c:c2:19:dd:e3:7b:8b:b1:a9:09:
         a0:78:61:c2:33:f1:de:55:c4:df:f4:39:0c:44:91:f4:c4:6d:
         0d:ef:8a:a6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR/H+kCrjjDUQ/wxMRkRZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjUyMmZkNmMxZjgyM2NjODhiZThmY2ExZDA3NzNiNjhhNzJhOWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3P8J14YKVxw32w1RYbj0yJwNwIzk
E547/ZcyLehV8zVhM/Ng5EltNt9gLU9ugyANgXLkm8E+pUKkk4m6yU0wwsH6RU1D
hx4JflKAxvMgAHTWOov/mgXeyql2w/pdIjbZAnDNOeAidhdBtQb6LBS2wrPIJttu
wBl/kNjSCL4SNgc0C12v9innQiXb4xpifzfpFBONHJ5Bc56fGH5E+/SqOmQuHB4Q
vGuxPwvGR6muHvsg2kYCZSzEKcIgA3+xpaznbAlqJWlwTIxkC/0HgbFgm53UdaZE
1fINoRSrGJSDv4u/KOvr5QjZZqYHAOtFKYWKW7eiTFT63Ki7sV4HjNb+YwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGJSL9bB+CPMiL6Pyh0Hc7aKcqn7MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvWWxJdjFzSDRJOHlJdm9fS0hRZHp0b3B5cWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/+7
MA0GCSqGSIb3DQEBCwUAA4IBAQCalm3lV6UbZaS5yOSkfApJT2m7bpA2cXe9KfcR
1jo9v1Njp9y7OcyDeYAHLZbuQj7kPXvBSws/qaOXQ6bwDg+OiK1vW3gNoa4LuJq5
3fz6OH00bRXv6hDyaNOB6JIK7GVBSFUfXsThjTjUZJ7Qe20CIAwfBMvueOtFFwPU
q7GcmH4grTMeEKxaiqkafHnin84wxPwjtpzFqBUnSEpJb5hpu6feu5nMpEV5/QdC
egNzxYrOnfYn9Iz3+jEsntfPK+zhV78MoCE+nT5vB7G5UzbDYOLvR+Tg1SgrlkuJ
39627wzCGd3je4uxqQmgeGHCM/HeVcTf9DkMRJH0xG0N74qm
-----END CERTIFICATE-----