Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/yfT9kkoNwIzIcRDg2_lrXf3g6_0.roa
File:                     yfT9kkoNwIzIcRDg2_lrXf3g6_0.roa (raw, json)
Hash identifier:          volTLphbbPvNPFGQJttBbSlX35iWhaZ21hozqq/X4Z4=
Subject key identifier:   C9:F4:FD:92:4A:0D:C0:8C:C8:71:10:E0:DB:F9:6B:5D:FD:E0:EB:FD
Certificate issuer:       /CN=1da97cae7de6b29e56f0259af53c95926034a502
Certificate serial:       018CC94D8B3A40238F9B054B57E0B2283E2E
Authority key identifier: 1D:A9:7C:AE:7D:E6:B2:9E:56:F0:25:9A:F5:3C:95:92:60:34:A5:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hal8rn3msp5W8CWa9TyVkmA0pQI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/yfT9kkoNwIzIcRDg2_lrXf3g6_0.roa
Signing time:             Tue 02 Jan 2024 08:32:31 +0000
ROA not before:           Tue 02 Jan 2024 08:32:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44394
IP address blocks:        2a03:8600:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/Hal8rn3msp5W8CWa9TyVkmA0pQI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/Hal8rn3msp5W8CWa9TyVkmA0pQI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hal8rn3msp5W8CWa9TyVkmA0pQI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:8b:3a:40:23:8f:9b:05:4b:57:e0:b2:28:3e:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1da97cae7de6b29e56f0259af53c95926034a502
        Validity
            Not Before: Jan  2 08:32:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9f4fd924a0dc08cc87110e0dbf96b5dfde0ebfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:96:63:97:48:a2:c6:bc:25:30:b5:59:3b:03:
                    70:fa:32:43:75:21:47:8e:b1:b4:5f:10:ac:03:d9:
                    00:6b:30:1d:3d:f7:ab:be:cd:d5:55:45:22:19:63:
                    1d:e4:03:b1:bc:95:62:3c:a1:a7:82:ba:0b:5c:e0:
                    92:75:fd:6d:8e:ad:ec:83:7b:a5:04:0e:39:b6:3b:
                    97:de:c2:59:bb:09:f8:db:ff:28:cd:7b:cc:0e:c3:
                    43:bc:8f:7d:c0:07:2f:5c:78:e4:ef:53:f3:9f:f4:
                    d8:8b:2c:e5:fb:71:57:a5:03:60:91:c4:c4:68:67:
                    d0:cd:da:f4:19:f5:ab:0d:cf:5c:0b:26:9e:3e:c6:
                    a8:6d:a3:e5:11:a8:16:b4:ae:c1:69:d2:84:9c:ab:
                    73:ee:d0:b7:57:f5:a7:3b:95:53:70:4c:da:aa:ee:
                    38:93:7f:61:77:d2:b9:42:91:74:e8:85:f2:21:d8:
                    8d:59:e3:cb:57:85:38:6f:bb:5e:12:00:cb:94:28:
                    fc:b1:17:61:bd:93:ff:3d:72:a1:9c:ad:3c:8c:18:
                    96:b4:be:1a:74:0a:af:71:99:45:03:56:5a:ba:93:
                    96:97:c4:34:70:43:a1:bf:eb:a3:b1:83:af:f3:d2:
                    ec:0b:25:9c:c5:66:91:b8:45:fe:b5:6d:00:46:2a:
                    38:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:F4:FD:92:4A:0D:C0:8C:C8:71:10:E0:DB:F9:6B:5D:FD:E0:EB:FD
            X509v3 Authority Key Identifier:
                keyid:1D:A9:7C:AE:7D:E6:B2:9E:56:F0:25:9A:F5:3C:95:92:60:34:A5:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hal8rn3msp5W8CWa9TyVkmA0pQI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/yfT9kkoNwIzIcRDg2_lrXf3g6_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/Hal8rn3msp5W8CWa9TyVkmA0pQI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:8600:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:d1:29:c9:27:10:59:23:12:48:f7:7e:a1:2e:3d:3a:64:93:
         47:a8:c7:9f:de:3d:6a:5a:fe:c1:00:85:29:eb:3b:74:b3:7b:
         ca:84:c4:81:c1:e1:f1:ee:f1:ea:a5:78:0b:61:27:3b:31:48:
         b8:d7:44:11:ce:fb:04:5e:56:f1:42:73:ad:e2:d7:ce:77:f4:
         ba:7e:17:1d:13:4d:b5:d7:ac:08:a0:44:20:7d:1f:59:36:83:
         43:80:fa:38:90:d6:35:cc:04:d2:df:38:9c:ca:10:34:f2:fe:
         d5:e0:c5:7e:ce:64:8c:a8:c8:63:73:e5:e8:0f:10:52:3c:1e:
         94:8b:e1:b3:8d:f0:43:38:7f:44:2b:a7:0f:32:57:b8:d4:82:
         93:b6:29:b4:d1:1d:7b:a0:3b:74:b0:02:a2:9b:23:ef:16:0f:
         f6:cc:39:f9:fa:f8:c3:32:25:1f:26:c5:60:7f:20:79:ae:f8:
         c9:43:79:3d:5a:1a:0a:3b:6a:ac:64:3d:89:b4:13:c8:08:cd:
         fe:a0:17:1e:bf:0a:0f:a5:62:05:d5:e7:e7:8d:2c:31:ae:c8:
         12:ee:d4:ac:a9:4b:65:1e:f5:81:b7:e6:77:99:93:04:d6:cc:
         5c:92:b6:0d:f2:58:c9:65:9e:ed:7e:ec:de:02:ae:e5:14:fb:
         47:a2:8e:7d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTYs6QCOPmwVLV+CyKD4uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYTk3Y2FlN2RlNmIyOWU1NmYwMjU5YWY1M2M5NTkyNjAz
NGE1MDIwHhcNMjQwMTAyMDgzMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWY0ZmQ5MjRhMGRjMDhjYzg3MTEwZTBkYmY5NmI1ZGZkZTBlYmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZZjl0iixrwlMLVZOwNw+jJDdSFH
jrG0XxCsA9kAazAdPfervs3VVUUiGWMd5AOxvJViPKGngroLXOCSdf1tjq3sg3ul
BA45tjuX3sJZuwn42/8ozXvMDsNDvI99wAcvXHjk71Pzn/TYiyzl+3FXpQNgkcTE
aGfQzdr0GfWrDc9cCyaePsaobaPlEagWtK7BadKEnKtz7tC3V/WnO5VTcEzaqu44
k39hd9K5QpF06IXyIdiNWePLV4U4b7teEgDLlCj8sRdhvZP/PXKhnK08jBiWtL4a
dAqvcZlFA1ZaupOWl8Q0cEOhv+ujsYOv89LsCyWcxWaRuEX+tW0ARio4IwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMn0/ZJKDcCMyHEQ4Nv5a1394Ov9MB8GA1UdIwQY
MBaAFB2pfK595rKeVvAlmvU8lZJgNKUCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGFsOHJuM21zcDVXOENXYTlUeVZrbUEwcFFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC84NWI2NzMtZjFhZC00M2UyLWJmZTct
MGNkNzIzNmIyOWI2LzEveWZUOWtrb053SXpJY1JEZzJfbHJYZjNnNl8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC84NWI2NzMtZjFhZC00M2UyLWJmZTctMGNkNzIzNmIyOWI2
LzEvSGFsOHJuM21zcDVXOENXYTlUeVZrbUEwcFFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgOGAAAG
MA0GCSqGSIb3DQEBCwUAA4IBAQCH0SnJJxBZIxJI936hLj06ZJNHqMef3j1qWv7B
AIUp6zt0s3vKhMSBweHx7vHqpXgLYSc7MUi410QRzvsEXlbxQnOt4tfOd/S6fhcd
E02116wIoEQgfR9ZNoNDgPo4kNY1zATS3zicyhA08v7V4MV+zmSMqMhjc+XoDxBS
PB6Ui+GzjfBDOH9EK6cPMle41IKTtim00R17oDt0sAKimyPvFg/2zDn5+vjDMiUf
JsVgfyB5rvjJQ3k9WhoKO2qsZD2JtBPICM3+oBcevwoPpWIF1efnjSwxrsgS7tSs
qUtlHvWBt+Z3mZME1sxckrYN8ljJZZ7tfuzeAq7lFPtHoo59
-----END CERTIFICATE-----