Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/yL9s5mwShdQIVybYAiDh3Mh8ej8.roa
File:                     yL9s5mwShdQIVybYAiDh3Mh8ej8.roa (raw, json)
Hash identifier:          2nH3ZZWHimz560g4h9zsP1cJYnyzOnQAKqZjg6rUaaY=
Subject key identifier:   C8:BF:6C:E6:6C:12:85:D4:08:57:26:D8:02:20:E1:DC:C8:7C:7A:3F
Certificate issuer:       /CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
Certificate serial:       018CC26D2F6D7D10A7DA0BDE364B39D8A266
Authority key identifier: 29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/yL9s5mwShdQIVybYAiDh3Mh8ej8.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50926
IP address blocks:        2a0b:8f80:202::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2f:6d:7d:10:a7:da:0b:de:36:4b:39:d8:a2:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8bf6ce66c1285d4085726d80220e1dcc87c7a3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:5e:d6:3a:98:cb:89:21:d7:78:0d:70:13:2c:
                    4e:a3:ea:67:1f:20:b9:e6:c4:a4:e2:c2:9a:e9:f4:
                    57:92:bc:00:92:52:6a:45:7c:f2:0a:64:ea:a0:e6:
                    c5:89:ae:df:1d:95:dc:e1:91:63:62:f7:c7:7b:5c:
                    bb:c4:f4:db:de:1a:b2:e3:a6:d6:f5:51:f8:42:1f:
                    0c:de:9d:a9:32:68:3d:64:94:64:fa:13:8c:84:29:
                    03:fa:50:38:29:ea:08:d0:30:e2:00:b0:5a:19:4d:
                    a4:62:f8:6d:f0:f5:ca:a5:25:69:8b:9d:79:13:86:
                    b9:1c:ae:c3:4e:30:63:25:04:b4:1f:68:ed:19:9e:
                    c2:6a:45:c2:7c:51:90:27:4c:2c:43:0d:19:9f:6d:
                    f1:e6:fe:b7:68:fa:9e:92:71:9b:26:fc:45:d1:b6:
                    1c:de:1b:c9:a8:3b:e7:4d:e2:d8:4c:03:c2:a3:5f:
                    8b:28:6b:f0:df:9d:38:b8:b2:bf:ea:51:13:eb:56:
                    29:fa:d0:79:10:cd:87:5c:1e:23:29:7c:fb:a7:2f:
                    48:80:f2:90:bb:de:6a:bb:20:dd:fe:27:3d:d0:ae:
                    5d:87:41:6a:c8:4d:68:55:ee:2d:d2:0b:9d:17:dc:
                    8c:50:27:72:be:65:2f:df:09:74:8c:c2:9d:59:1f:
                    26:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:BF:6C:E6:6C:12:85:D4:08:57:26:D8:02:20:E1:DC:C8:7C:7A:3F
            X509v3 Authority Key Identifier:
                keyid:29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/yL9s5mwShdQIVybYAiDh3Mh8ej8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:8f80:202::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:ea:f5:f5:2d:49:c0:10:16:75:e7:44:f3:e0:ab:bf:be:cd:
         cf:e3:16:2b:0e:a2:da:f3:3f:76:ad:cb:05:c6:7a:52:db:c7:
         c7:ef:6f:0c:1b:48:5d:9e:c5:3f:3b:7b:d6:1d:a6:fd:69:27:
         34:a2:d4:31:63:8a:c7:4a:d7:a6:93:fa:2f:70:40:5c:2f:65:
         d2:4e:09:33:94:de:c5:fe:3b:fa:a8:cf:80:7d:9c:40:39:ae:
         89:c6:ec:df:c8:4f:de:5e:dc:71:73:b2:fa:59:90:7e:50:49:
         fc:44:fc:1b:aa:3b:86:20:24:89:21:9f:97:1d:3d:63:b9:a5:
         6d:f8:fc:8a:c3:f4:5c:51:fd:59:c4:44:7d:a0:0c:cc:e5:4c:
         70:d2:0a:b4:8b:a8:f7:cf:37:5c:fa:f0:ab:bb:48:6f:32:c6:
         34:4d:34:93:a2:a9:2c:f6:2a:df:94:f8:a5:8b:26:af:84:f9:
         8c:fd:63:85:b2:5c:52:bc:4e:46:6a:ce:79:9a:15:b5:d1:58:
         e5:4b:c7:37:9b:a0:42:9e:45:b7:1c:b1:99:c2:10:3a:ca:b3:
         f6:31:23:a3:45:f1:04:c7:7e:aa:3a:06:f2:5d:82:02:52:c6:
         3e:39:d8:d1:65:68:b8:66:52:7c:51:c6:83:a4:2d:05:49:2d:
         9e:ae:81:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbS9tfRCn2gveNks52KJmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDlmZmZjZDgxYTY2YmM5OGI2MjlkNGMwNTc5MjQ3NjQ1
ZjBmZTQwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGJmNmNlNjZjMTI4NWQ0MDg1NzI2ZDgwMjIwZTFkY2M4N2M3YTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg17WOpjLiSHXeA1wEyxOo+pnHyC5
5sSk4sKa6fRXkrwAklJqRXzyCmTqoObFia7fHZXc4ZFjYvfHe1y7xPTb3hqy46bW
9VH4Qh8M3p2pMmg9ZJRk+hOMhCkD+lA4KeoI0DDiALBaGU2kYvht8PXKpSVpi515
E4a5HK7DTjBjJQS0H2jtGZ7CakXCfFGQJ0wsQw0Zn23x5v63aPqeknGbJvxF0bYc
3hvJqDvnTeLYTAPCo1+LKGvw3504uLK/6lET61Yp+tB5EM2HXB4jKXz7py9IgPKQ
u95quyDd/ic90K5dh0FqyE1oVe4t0gudF9yMUCdyvmUv3wl0jMKdWR8m0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMi/bOZsEoXUCFcm2AIg4dzIfHo/MB8GA1UdIwQY
MBaAFCkJ//zYGma8mLYp1MBXkkdkXw/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2Qt
ZjJhZTdiYzdlY2M1LzEveUw5czVtd1NoZFFJVnliWUFpRGgzTWg4ZWo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2QtZjJhZTdiYzdlY2M1
LzEvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKguPgAIC
MA0GCSqGSIb3DQEBCwUAA4IBAQBx6vX1LUnAEBZ150Tz4Ku/vs3P4xYrDqLa8z92
rcsFxnpS28fH728MG0hdnsU/O3vWHab9aSc0otQxY4rHStemk/ovcEBcL2XSTgkz
lN7F/jv6qM+AfZxAOa6JxuzfyE/eXtxxc7L6WZB+UEn8RPwbqjuGICSJIZ+XHT1j
uaVt+PyKw/RcUf1ZxER9oAzM5Uxw0gq0i6j3zzdc+vCru0hvMsY0TTSToqks9irf
lPiliyavhPmM/WOFslxSvE5Gas55mhW10VjlS8c3m6BCnkW3HLGZwhA6yrP2MSOj
RfEEx36qOgbyXYICUsY+OdjRZWi4ZlJ8UcaDpC0FSS2eroFC
-----END CERTIFICATE-----