Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/yaLhtD9GDBdsMn4TLJE14-3OD1w.roa
File:                     yaLhtD9GDBdsMn4TLJE14-3OD1w.roa (raw, json)
Hash identifier:          tbsz1q2vH63UPTmGP7606bsMSUng+s2d6t0J5+JyGkc=
Subject key identifier:   C9:A2:E1:B4:3F:46:0C:17:6C:32:7E:13:2C:91:35:E3:ED:CE:0F:5C
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       01917009E6364D6995B78B810E3FB8D3BBE5
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/yaLhtD9GDBdsMn4TLJE14-3OD1w.roa
Signing time:             Tue 20 Aug 2024 13:46:22 +0000
ROA not before:           Tue 20 Aug 2024 13:46:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61330
IP address blocks:        2a05:c441::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:70:09:e6:36:4d:69:95:b7:8b:81:0e:3f:b8:d3:bb:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Aug 20 13:46:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9a2e1b43f460c176c327e132c9135e3edce0f5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:8a:44:22:e8:c9:a9:f9:77:53:94:7f:0a:8a:
                    98:98:a7:84:83:fb:2a:77:a4:b2:1d:16:72:ff:0f:
                    49:f8:79:7b:65:26:bd:a5:7c:be:a4:9f:4a:a6:a3:
                    a4:80:36:07:f5:e6:53:26:0f:dd:be:34:93:4e:0f:
                    a9:ad:d3:fd:50:fe:dd:d2:a5:0f:93:d3:81:da:36:
                    7c:03:b7:3d:a8:c5:ac:53:d2:84:94:0a:58:41:2e:
                    17:c4:1b:de:7e:8e:1a:7f:91:36:e2:89:83:16:a7:
                    1f:d3:01:6f:b3:2a:fc:fc:88:e0:8f:7c:03:2a:65:
                    b1:24:98:50:6b:0b:d9:d4:bf:56:63:8b:10:2e:12:
                    09:3b:19:ef:b4:d9:02:16:90:60:d2:07:d5:0b:68:
                    3e:fe:d4:dd:09:25:13:fc:ff:38:af:07:60:89:a2:
                    b5:d7:46:0f:da:ef:6f:7b:a7:f1:b0:93:c7:f4:35:
                    1d:e7:59:e1:03:95:a9:2e:8e:9e:c4:dc:ea:23:c8:
                    9b:b2:a1:39:a0:67:53:30:9d:5a:26:3f:f1:99:0c:
                    ad:9b:65:49:9c:53:f9:aa:1c:fc:ea:be:fa:97:91:
                    2b:95:30:0b:3f:f5:a8:a9:d1:4f:e3:3f:fb:e4:d9:
                    36:49:1b:95:d7:de:33:a5:e4:e6:ed:96:bd:dd:86:
                    02:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:A2:E1:B4:3F:46:0C:17:6C:32:7E:13:2C:91:35:E3:ED:CE:0F:5C
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/yaLhtD9GDBdsMn4TLJE14-3OD1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:c441::/32

    Signature Algorithm: sha256WithRSAEncryption
         74:00:6e:27:5a:ff:64:9c:d5:58:27:5d:d1:0f:64:e3:a5:c8:
         e3:99:8c:5b:5d:51:88:22:af:de:70:b8:c0:c8:82:12:fe:b8:
         50:27:51:19:54:d4:9d:3d:5c:01:94:6c:22:7d:03:6e:e9:91:
         40:26:ab:42:29:a3:85:f3:a6:84:45:aa:be:54:60:60:6b:66:
         83:d3:54:b0:44:84:3e:a0:c7:6f:ba:b5:22:fa:9c:2f:cf:0b:
         b1:c2:86:6b:86:d5:47:38:9e:d6:34:01:48:d2:ff:a1:a2:c1:
         64:5a:54:56:4a:dc:3c:85:6b:36:70:b2:0c:a1:32:06:79:8d:
         75:cc:85:73:1e:cb:28:75:21:08:79:1b:52:f8:64:7e:be:45:
         c6:9f:a3:67:5e:88:3f:ce:fd:4d:e4:80:17:e0:ea:9d:7b:18:
         a2:68:f0:51:d3:df:fa:8c:e7:3e:c1:ee:48:ff:86:4d:39:d3:
         c4:32:b1:11:92:6e:e1:67:db:8a:9c:11:b1:b8:24:9a:56:fe:
         44:aa:73:2e:41:3a:33:5f:ef:84:74:a7:01:c0:f5:7f:b9:5f:
         c1:aa:89:36:4b:ef:18:20:7b:ae:d4:71:4f:d9:dd:6c:af:d0:
         13:dc:8c:39:f0:1a:d8:f6:95:9c:a0:c4:06:8a:fb:7a:92:1f:
         95:6d:90:84
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZFwCeY2TWmVt4uBDj+407vlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjQwODIwMTM0NjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWEyZTFiNDNmNDYwYzE3NmMzMjdlMTMyYzkxMzVlM2VkY2UwZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIpEIujJqfl3U5R/CoqYmKeEg/sq
d6SyHRZy/w9J+Hl7ZSa9pXy+pJ9KpqOkgDYH9eZTJg/dvjSTTg+prdP9UP7d0qUP
k9OB2jZ8A7c9qMWsU9KElApYQS4XxBvefo4af5E24omDFqcf0wFvsyr8/Ijgj3wD
KmWxJJhQawvZ1L9WY4sQLhIJOxnvtNkCFpBg0gfVC2g+/tTdCSUT/P84rwdgiaK1
10YP2u9ve6fxsJPH9DUd51nhA5WpLo6exNzqI8ibsqE5oGdTMJ1aJj/xmQytm2VJ
nFP5qhz86r76l5ErlTALP/WoqdFP4z/75Nk2SRuV194zpeTm7Za93YYCawIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMmi4bQ/RgwXbDJ+EyyRNePtzg9cMB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEveWFMaHREOUdEQmRzTW40VExKRTE0LTNPRDF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgXEQTAN
BgkqhkiG9w0BAQsFAAOCAQEAdABuJ1r/ZJzVWCdd0Q9k46XI45mMW11RiCKv3nC4
wMiCEv64UCdRGVTUnT1cAZRsIn0DbumRQCarQimjhfOmhEWqvlRgYGtmg9NUsESE
PqDHb7q1IvqcL88LscKGa4bVRzie1jQBSNL/oaLBZFpUVkrcPIVrNnCyDKEyBnmN
dcyFcx7LKHUhCHkbUvhkfr5Fxp+jZ16IP879TeSAF+DqnXsYomjwUdPf+oznPsHu
SP+GTTnTxDKxEZJu4WfbipwRsbgkmlb+RKpzLkE6M1/vhHSnAcD1f7lfwaqJNkvv
GCB7rtRxT9ndbK/QE9yMOfAa2PaVnKDEBor7epIflW2QhA==
-----END CERTIFICATE-----