Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/ba559d-e1bc-4727-82dc-4ad8da47c9a6/1/Yd8IswtfuzLeAT8ETNrbuRrWv20.roa
File:                     Yd8IswtfuzLeAT8ETNrbuRrWv20.roa (raw, json)
Hash identifier:          45zsai8Uu6CqDTYrbhQQTSeGegKgx1ycOcfZJrBAWzY=
Subject key identifier:   61:DF:08:B3:0B:5F:BB:32:DE:01:3F:04:4C:DA:DB:B9:1A:D6:BF:6D
Certificate issuer:       /CN=88b2cb04932060569c9720687ded891c34ebb6d5
Certificate serial:       019175629C91B1B5D1517487FE5EE2979AFE
Authority key identifier: 88:B2:CB:04:93:20:60:56:9C:97:20:68:7D:ED:89:1C:34:EB:B6:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLLLBJMgYFaclyBofe2JHDTrttU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/ba559d-e1bc-4727-82dc-4ad8da47c9a6/1/Yd8IswtfuzLeAT8ETNrbuRrWv20.roa
Signing time:             Wed 21 Aug 2024 14:41:22 +0000
ROA not before:           Wed 21 Aug 2024 14:41:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203415
IP address blocks:        2001:67c:228c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/ba559d-e1bc-4727-82dc-4ad8da47c9a6/1/iLLLBJMgYFaclyBofe2JHDTrttU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/ba559d-e1bc-4727-82dc-4ad8da47c9a6/1/iLLLBJMgYFaclyBofe2JHDTrttU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iLLLBJMgYFaclyBofe2JHDTrttU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:75:62:9c:91:b1:b5:d1:51:74:87:fe:5e:e2:97:9a:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b2cb04932060569c9720687ded891c34ebb6d5
        Validity
            Not Before: Aug 21 14:41:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61df08b30b5fbb32de013f044cdadbb91ad6bf6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:22:ab:44:15:26:86:1d:6f:72:d3:24:2a:80:
                    9b:da:af:45:08:db:2b:bb:24:ba:aa:19:b8:78:c4:
                    d2:13:05:02:ab:a8:85:07:40:e8:c8:b1:76:b9:71:
                    d0:ba:0d:5a:6c:fa:af:07:41:5f:8a:1e:2b:4b:a7:
                    ff:4b:2e:75:69:3f:73:0d:09:44:b5:c9:3d:52:f3:
                    34:03:b4:3c:3b:00:cd:53:4f:dc:55:7f:c1:29:f9:
                    81:0b:b6:e5:d7:8c:c1:54:15:b5:1f:8a:23:8e:0d:
                    6c:e7:af:e6:e1:90:89:3b:ee:02:e8:f4:7c:05:68:
                    cd:00:30:56:08:90:a4:92:8b:ea:0b:00:d1:c2:ee:
                    3f:b3:b5:f5:c7:71:1e:4b:7a:4d:cc:5a:15:8f:d4:
                    73:34:5d:12:b8:1e:6a:d2:27:09:39:db:53:5c:45:
                    41:eb:9f:8d:31:54:42:12:19:b2:21:cd:96:e9:25:
                    05:39:e4:9f:55:0c:67:13:87:2c:c7:76:46:93:81:
                    f8:07:ae:30:b8:a2:f4:44:83:38:52:73:1e:e9:e4:
                    d3:87:08:e2:a2:f8:c7:12:ff:b5:67:70:73:24:84:
                    58:61:a4:92:2c:f8:a4:3f:04:12:3e:0f:49:fe:00:
                    d0:49:10:03:a3:a3:a3:a5:9e:f0:fb:93:0e:20:65:
                    32:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:DF:08:B3:0B:5F:BB:32:DE:01:3F:04:4C:DA:DB:B9:1A:D6:BF:6D
            X509v3 Authority Key Identifier:
                keyid:88:B2:CB:04:93:20:60:56:9C:97:20:68:7D:ED:89:1C:34:EB:B6:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLLLBJMgYFaclyBofe2JHDTrttU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ba559d-e1bc-4727-82dc-4ad8da47c9a6/1/Yd8IswtfuzLeAT8ETNrbuRrWv20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ba559d-e1bc-4727-82dc-4ad8da47c9a6/1/iLLLBJMgYFaclyBofe2JHDTrttU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:228c::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:65:3c:ea:9e:7f:87:c9:fc:df:57:17:40:12:3a:d9:25:54:
         ed:c5:02:d3:eb:b7:39:a1:99:57:68:05:c8:fd:0d:5a:5f:f9:
         06:d8:37:bc:ae:8e:31:5c:ec:8d:f0:21:eb:b6:26:bc:aa:b2:
         c4:ed:a3:48:89:42:cc:48:66:e4:85:48:18:37:ae:dd:58:0c:
         1c:a2:0b:9f:22:27:32:94:7b:2e:74:4a:87:60:83:35:2a:fa:
         6b:7d:f1:57:da:e8:40:57:3d:e4:cb:95:03:c2:fc:45:82:1d:
         ed:08:32:76:7b:83:19:ac:3e:5d:22:69:e5:84:56:75:97:87:
         ea:6c:5c:91:74:7b:f3:32:8c:1c:97:fd:e7:9d:cb:d7:bf:25:
         8b:a5:6f:1e:4c:0c:dc:b3:1f:51:c1:19:d9:71:5c:f0:16:5b:
         fe:a0:68:1e:7c:bf:34:ff:11:a9:49:2d:44:2e:88:71:dc:6e:
         3e:76:d9:30:f5:f6:9e:96:e2:de:bd:90:e5:5f:75:1e:58:65:
         d8:e6:59:14:c3:e8:1d:b1:73:74:f2:46:76:0d:44:b3:7d:b0:
         ed:63:3f:4b:d2:be:3c:a3:ee:8a:f4:bb:97:b8:ad:c9:3b:a4:
         f1:59:b9:39:bb:eb:ac:31:8f:ea:97:44:0e:57:1a:2a:5a:da:
         90:45:f1:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZF1YpyRsbXRUXSH/l7il5r+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjJjYjA0OTMyMDYwNTY5Yzk3MjA2ODdkZWQ4OTFjMzRl
YmI2ZDUwHhcNMjQwODIxMTQ0MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWRmMDhiMzBiNWZiYjMyZGUwMTNmMDQ0Y2RhZGJiOTFhZDZiZjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviKrRBUmhh1vctMkKoCb2q9FCNsr
uyS6qhm4eMTSEwUCq6iFB0DoyLF2uXHQug1abPqvB0Ffih4rS6f/Sy51aT9zDQlE
tck9UvM0A7Q8OwDNU0/cVX/BKfmBC7bl14zBVBW1H4ojjg1s56/m4ZCJO+4C6PR8
BWjNADBWCJCkkovqCwDRwu4/s7X1x3EeS3pNzFoVj9RzNF0SuB5q0icJOdtTXEVB
65+NMVRCEhmyIc2W6SUFOeSfVQxnE4csx3ZGk4H4B64wuKL0RIM4UnMe6eTThwji
ovjHEv+1Z3BzJIRYYaSSLPikPwQSPg9J/gDQSRADo6OjpZ7w+5MOIGUymQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGHfCLMLX7sy3gE/BEza27ka1r9tMB8GA1UdIwQY
MBaAFIiyywSTIGBWnJcgaH3tiRw067bVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxMTEJKTWdZRmFjbHlCb2ZlMkpIRFRydHRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iYTU1OWQtZTFiYy00NzI3LTgyZGMt
NGFkOGRhNDdjOWE2LzEvWWQ4SXN3dGZ1ekxlQVQ4RVROcmJ1UnJXdjIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iYTU1OWQtZTFiYy00NzI3LTgyZGMtNGFkOGRhNDdjOWE2
LzEvaUxMTEJKTWdZRmFjbHlCb2ZlMkpIRFRydHRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCKM
MA0GCSqGSIb3DQEBCwUAA4IBAQCHZTzqnn+HyfzfVxdAEjrZJVTtxQLT67c5oZlX
aAXI/Q1aX/kG2De8ro4xXOyN8CHrtia8qrLE7aNIiULMSGbkhUgYN67dWAwcoguf
IicylHsudEqHYIM1KvprffFX2uhAVz3ky5UDwvxFgh3tCDJ2e4MZrD5dImnlhFZ1
l4fqbFyRdHvzMowcl/3nncvXvyWLpW8eTAzcsx9RwRnZcVzwFlv+oGgefL80/xGp
SS1ELohx3G4+dtkw9faeluLevZDlX3UeWGXY5lkUw+gdsXN08kZ2DUSzfbDtYz9L
0r48o+6K9LuXuK3JO6TxWbk5u+usMY/ql0QOVxoqWtqQRfEs
-----END CERTIFICATE-----