Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/lYf-Yvai0JBkfpKyX2a4pUhxLiE.roa
File:                     lYf-Yvai0JBkfpKyX2a4pUhxLiE.roa (raw, json)
Hash identifier:          UEI3GQ1RE2fBXSQHywKVGQ5eaWZKz8TWjwuiaMHOYe0=
Subject key identifier:   95:87:FE:62:F6:A2:D0:90:64:7E:92:B2:5F:66:B8:A5:48:71:2E:21
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D0794FA8866D9C2B5E8E9C4DC2334
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/lYf-Yvai0JBkfpKyX2a4pUhxLiE.roa
Signing time:             Tue 02 Jan 2024 08:31:57 +0000
ROA not before:           Tue 02 Jan 2024 08:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201097
IP address blocks:        2a0a:280:1f00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:07:94:fa:88:66:d9:c2:b5:e8:e9:c4:dc:23:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9587fe62f6a2d090647e92b25f66b8a548712e21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:05:d9:2c:79:83:ec:06:b5:26:b6:3b:16:3a:
                    8b:85:21:13:51:c4:24:5d:35:d3:39:77:70:4d:50:
                    1a:9c:11:d0:10:77:2f:95:d9:a2:c6:01:b4:f5:af:
                    fd:a9:e1:ed:28:67:6a:4a:f5:1d:56:79:27:67:97:
                    3e:f5:e3:e5:60:e9:27:5c:8c:6e:81:fc:b3:30:5c:
                    78:6f:78:64:8c:56:20:13:7d:ff:18:31:79:38:99:
                    bb:2e:a5:3d:b8:66:85:07:36:fb:ba:bf:33:25:13:
                    98:36:d8:38:24:b0:3d:3d:f8:7d:7c:8f:e1:9e:da:
                    4d:59:10:3c:af:52:dd:2c:1f:28:57:4c:a1:8a:c1:
                    45:46:60:73:7d:75:3e:73:27:4c:d3:fe:fc:b4:5b:
                    91:dc:6e:29:8d:95:2a:dd:91:2f:06:e5:62:dc:94:
                    11:51:30:3b:c1:74:65:df:a2:94:3d:cb:9b:5e:3d:
                    24:82:f3:c9:da:54:ce:af:73:e1:dc:2e:84:d6:49:
                    38:07:e2:15:84:67:3c:d4:de:35:a6:27:92:0d:e8:
                    d2:3a:88:bb:7e:8a:f1:a4:bb:a5:c6:78:ed:ea:97:
                    de:67:4a:5a:b8:08:df:60:24:47:68:29:30:ef:9c:
                    76:ff:7d:0f:88:f7:08:ea:d0:0b:2f:2c:a0:35:6b:
                    a1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:87:FE:62:F6:A2:D0:90:64:7E:92:B2:5F:66:B8:A5:48:71:2E:21
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/lYf-Yvai0JBkfpKyX2a4pUhxLiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:1f00::/40

    Signature Algorithm: sha256WithRSAEncryption
         a3:09:ce:d8:80:b0:a2:b1:17:1b:77:5c:3d:c4:1e:2d:4b:2a:
         c0:ff:61:68:d2:e5:35:d1:fc:c3:f6:d5:e7:6c:fa:89:a5:bb:
         fc:0d:27:cc:98:33:f3:c5:3e:8a:2d:5e:dc:f5:85:19:ba:7c:
         5d:a7:cf:07:0f:16:9f:78:e2:3d:26:f3:75:c0:8d:62:35:65:
         d7:d6:30:b1:3d:c7:0b:22:c0:d2:4c:96:ea:ef:c7:2f:b0:d8:
         3e:f6:29:fc:e9:0a:95:33:de:a7:21:cc:5e:db:11:88:36:7c:
         62:87:69:77:13:a2:c8:2b:83:c5:34:63:9e:4f:3b:0b:8d:d2:
         6a:c9:0d:75:4e:d5:0a:93:45:29:11:79:7d:7b:6f:6b:16:11:
         b1:ef:71:48:88:4d:52:ed:70:2c:45:b2:43:03:92:85:63:3f:
         10:8b:38:0d:90:34:0e:17:d1:b7:6b:90:de:6e:a3:28:4e:38:
         08:1b:31:89:39:bc:32:02:c6:4b:33:c7:05:ac:b1:29:2c:c4:
         ec:dc:8e:05:30:92:bd:19:c9:a4:d3:ff:44:eb:f1:b5:33:47:
         96:ee:9b:ba:6c:be:70:6d:c1:8d:d9:d3:79:05:49:f8:9f:3f:
         c2:60:45:00:85:35:21:1d:8d:dc:fe:57:83:84:a1:09:20:70:
         e5:39:75:db
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQeU+ohm2cK16OnE3CM0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTg3ZmU2MmY2YTJkMDkwNjQ3ZTkyYjI1ZjY2YjhhNTQ4NzEyZTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQXZLHmD7Aa1JrY7FjqLhSETUcQk
XTXTOXdwTVAanBHQEHcvldmixgG09a/9qeHtKGdqSvUdVnknZ5c+9ePlYOknXIxu
gfyzMFx4b3hkjFYgE33/GDF5OJm7LqU9uGaFBzb7ur8zJROYNtg4JLA9Pfh9fI/h
ntpNWRA8r1LdLB8oV0yhisFFRmBzfXU+cydM0/78tFuR3G4pjZUq3ZEvBuVi3JQR
UTA7wXRl36KUPcubXj0kgvPJ2lTOr3Ph3C6E1kk4B+IVhGc81N41pieSDejSOoi7
forxpLulxnjt6pfeZ0pauAjfYCRHaCkw75x2/30PiPcI6tALLyygNWuhbQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJWH/mL2otCQZH6Ssl9muKVIcS4hMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvbFlmLVl2YWkwSkJrZnBLeVgyYTRwVWh4TGlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgB8w
DQYJKoZIhvcNAQELBQADggEBAKMJztiAsKKxFxt3XD3EHi1LKsD/YWjS5TXR/MP2
1eds+omlu/wNJ8yYM/PFPootXtz1hRm6fF2nzwcPFp944j0m83XAjWI1ZdfWMLE9
xwsiwNJMlurvxy+w2D72KfzpCpUz3qchzF7bEYg2fGKHaXcTosgrg8U0Y55POwuN
0mrJDXVO1QqTRSkReX17b2sWEbHvcUiITVLtcCxFskMDkoVjPxCLOA2QNA4X0bdr
kN5uoyhOOAgbMYk5vDICxkszxwWssSksxOzcjgUwkr0ZyaTT/0Tr8bUzR5bum7ps
vnBtwY3Z03kFSfifP8JgRQCFNSEdjdz+V4OEoQkgcOU5dds=
-----END CERTIFICATE-----