Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/YpznINkcN3TI7omik4rG8x5XMgw.roa
File:                     YpznINkcN3TI7omik4rG8x5XMgw.roa (raw, json)
Hash identifier:          pfnUpw6UA2dv0BEiDRfqa+dmB3VS5mjmkVHa104xw1o=
Subject key identifier:   62:9C:E7:20:D9:1C:37:74:C8:EE:89:A2:93:8A:C6:F3:1E:57:32:0C
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D0763F5331C28F6EB0E046147409E
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/YpznINkcN3TI7omik4rG8x5XMgw.roa
Signing time:             Tue 02 Jan 2024 08:31:57 +0000
ROA not before:           Tue 02 Jan 2024 08:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200879
IP address blocks:        2a0a:280:1d00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:07:63:f5:33:1c:28:f6:eb:0e:04:61:47:40:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=629ce720d91c3774c8ee89a2938ac6f31e57320c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2d:e8:bd:54:4a:99:09:fc:6a:eb:aa:33:60:
                    16:33:a4:ad:68:52:43:b9:d6:0d:28:47:45:78:b9:
                    de:be:6d:81:ed:ec:74:68:54:ed:ff:44:e9:d3:16:
                    b6:fc:26:ba:fb:77:a9:f6:02:f7:9a:77:bb:e0:2a:
                    45:16:3d:0d:bc:2c:8d:8e:31:d8:ae:d8:b5:33:44:
                    94:15:a0:0c:88:f0:49:be:11:b2:12:22:ba:34:9a:
                    3f:0b:1e:8c:c3:a7:1e:6b:e5:5c:72:70:66:6d:af:
                    ba:b3:0d:d2:22:e8:49:d9:e3:5c:69:2b:88:b0:4b:
                    26:be:bc:b5:73:92:32:a5:45:4c:3b:d7:1c:37:6a:
                    9f:67:f1:7d:4c:a2:ab:f0:cd:e9:07:f4:fe:01:bc:
                    cd:5f:1b:37:90:c4:12:d2:17:0b:70:ee:e9:f6:d1:
                    f9:90:80:cf:da:86:83:67:88:4b:27:2e:92:d0:db:
                    ad:08:6f:db:bb:25:69:bb:fc:27:c0:04:39:07:90:
                    ee:fc:93:70:11:7b:d0:2b:f7:25:8f:12:ca:0f:c5:
                    db:ad:0a:11:12:3a:fc:41:05:71:3f:dc:26:e9:be:
                    0c:38:fe:83:d9:f4:0c:bf:48:3c:49:d3:63:66:48:
                    48:43:56:c7:8a:65:41:7b:78:bc:9c:2c:ca:9c:c5:
                    20:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:9C:E7:20:D9:1C:37:74:C8:EE:89:A2:93:8A:C6:F3:1E:57:32:0C
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/YpznINkcN3TI7omik4rG8x5XMgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:1d00::/40

    Signature Algorithm: sha256WithRSAEncryption
         90:77:38:7f:e5:52:a7:50:02:49:47:af:3a:15:ba:62:4c:6a:
         69:72:48:26:a8:d7:93:e7:d6:25:c8:1a:85:0a:43:1a:3a:7f:
         5f:e1:f0:e2:aa:24:7b:af:92:dc:92:ce:0a:ea:78:c9:b0:c8:
         23:07:21:9f:07:b0:5e:84:ee:82:51:0a:d0:54:06:db:ed:2b:
         b6:1e:3e:0a:37:2c:73:98:97:7b:ae:33:b4:b9:ba:7a:05:a6:
         61:2a:db:69:67:fd:35:53:f2:98:a6:6c:d5:b9:c1:63:cd:b1:
         59:d5:e3:ee:ae:26:e6:af:4c:79:04:80:e6:6a:5b:b6:20:97:
         8d:c8:69:35:a9:6e:3c:f5:bf:ae:7c:27:14:af:a2:11:17:61:
         b6:8a:32:08:6c:67:c6:5d:ab:7d:4e:20:43:bc:69:cf:63:d1:
         b0:5f:68:76:74:64:c0:f1:ce:29:c8:40:30:54:e6:3f:c9:54:
         10:87:67:ff:02:d3:61:84:c8:d3:9f:3e:56:0f:97:24:f4:65:
         1b:22:7f:36:1d:a7:79:03:4f:c1:d7:79:c5:47:39:12:1d:bd:
         32:d9:ca:f7:45:17:b8:a8:f7:6d:95:6c:c3:30:23:8c:cc:b5:
         21:f3:72:08:61:bf:cb:93:e2:9b:dc:80:b6:68:bc:49:7a:86:
         94:3a:17:89
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQdj9TMcKPbrDgRhR0CeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjljZTcyMGQ5MWMzNzc0YzhlZTg5YTI5MzhhYzZmMzFlNTczMjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxy3ovVRKmQn8auuqM2AWM6StaFJD
udYNKEdFeLnevm2B7ex0aFTt/0Tp0xa2/Ca6+3ep9gL3mne74CpFFj0NvCyNjjHY
rti1M0SUFaAMiPBJvhGyEiK6NJo/Cx6Mw6cea+VccnBmba+6sw3SIuhJ2eNcaSuI
sEsmvry1c5IypUVMO9ccN2qfZ/F9TKKr8M3pB/T+AbzNXxs3kMQS0hcLcO7p9tH5
kIDP2oaDZ4hLJy6S0NutCG/buyVpu/wnwAQ5B5Du/JNwEXvQK/cljxLKD8XbrQoR
Ejr8QQVxP9wm6b4MOP6D2fQMv0g8SdNjZkhIQ1bHimVBe3i8nCzKnMUgSwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGKc5yDZHDd0yO6JopOKxvMeVzIMMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvWXB6bklOa2NOM1RJN29taWs0ckc4eDVYTWd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgB0w
DQYJKoZIhvcNAQELBQADggEBAJB3OH/lUqdQAklHrzoVumJMamlySCao15Pn1iXI
GoUKQxo6f1/h8OKqJHuvktySzgrqeMmwyCMHIZ8HsF6E7oJRCtBUBtvtK7YePgo3
LHOYl3uuM7S5unoFpmEq22ln/TVT8pimbNW5wWPNsVnV4+6uJuavTHkEgOZqW7Yg
l43IaTWpbjz1v658JxSvohEXYbaKMghsZ8Zdq31OIEO8ac9j0bBfaHZ0ZMDxzinI
QDBU5j/JVBCHZ/8C02GEyNOfPlYPlyT0ZRsifzYdp3kDT8HXecVHORIdvTLZyvdF
F7io922VbMMwI4zMtSHzcghhv8uT4pvcgLZovEl6hpQ6F4k=
-----END CERTIFICATE-----