Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/Yl_O8i6Phgd0ZXpiscHltRWejaE.roa
File:                     Yl_O8i6Phgd0ZXpiscHltRWejaE.roa (raw, json)
Hash identifier:          OTnbhrjrZJfNvY1CssHcnB33u4evkQ6MCiEFQz0p4LA=
Subject key identifier:   62:5F:CE:F2:2E:8F:86:07:74:65:7A:62:B1:C1:E5:B5:15:9E:8D:A1
Certificate issuer:       /CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
Certificate serial:       0192E3F9566BCF2B78FBC9E3949239C0D086
Authority key identifier: CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/Yl_O8i6Phgd0ZXpiscHltRWejaE.roa
Signing time:             Thu 31 Oct 2024 19:07:01 +0000
ROA not before:           Thu 31 Oct 2024 19:07:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0f:4301::/32 maxlen: 32
                          2a0f:4304::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e3:f9:56:6b:cf:2b:78:fb:c9:e3:94:92:39:c0:d0:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
        Validity
            Not Before: Oct 31 19:07:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=625fcef22e8f860774657a62b1c1e5b5159e8da1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a2:55:aa:d5:ec:9e:89:ab:3c:11:dd:a1:8f:
                    f3:ad:38:18:88:c2:02:4c:f2:2f:97:51:7b:ab:31:
                    3a:13:c8:d9:39:97:07:d8:06:bd:6e:c2:c7:95:0e:
                    2b:be:65:38:e1:37:04:c6:9e:0c:13:35:00:34:39:
                    8a:54:0c:f6:8a:e6:21:90:ae:e8:6f:61:c5:25:58:
                    2e:17:ce:de:b7:a2:a3:79:28:f9:90:3e:2c:47:05:
                    ee:9b:75:7e:2d:e3:e7:7e:ba:d2:57:53:2b:06:81:
                    42:18:13:0d:b7:df:44:c5:c9:6b:da:3d:cf:44:72:
                    0d:32:79:0b:0e:8b:4c:22:a2:c1:53:1d:a3:6e:dd:
                    94:08:ea:58:b0:8e:cd:64:e0:16:2c:56:43:3b:99:
                    95:21:3a:aa:d2:92:32:c3:e1:e6:6b:1d:fb:ac:73:
                    b3:c6:36:28:25:a3:e8:ff:56:9b:61:a9:d0:61:51:
                    a5:79:39:47:9a:ca:cd:a1:96:a4:7a:0d:2d:62:fa:
                    ad:d0:dc:b3:f7:15:3e:5d:51:fa:6b:11:de:37:cf:
                    5a:d1:ae:cb:0d:90:0a:d1:4b:9d:3b:91:7d:33:24:
                    3b:00:43:b3:74:ad:fa:87:eb:08:79:bf:e5:47:fa:
                    69:89:5a:c1:7d:56:a2:57:a8:39:e7:d0:0b:8d:0b:
                    c7:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:5F:CE:F2:2E:8F:86:07:74:65:7A:62:B1:C1:E5:B5:15:9E:8D:A1
            X509v3 Authority Key Identifier:
                keyid:CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/Yl_O8i6Phgd0ZXpiscHltRWejaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:4301::/32
                  2a0f:4304::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:64:40:21:6a:e4:db:40:6f:6b:6d:e4:7a:e1:ce:1b:32:99:
         74:2e:27:41:c3:47:e0:3e:17:fc:85:1c:11:fa:e2:44:85:04:
         bb:b0:ee:73:6c:6b:a7:16:5f:42:6b:02:6e:ea:8f:a6:d5:3e:
         bc:ba:fd:41:33:48:ee:e3:a7:26:67:75:af:ca:27:68:2b:e0:
         a3:79:b8:f6:ab:b3:e4:41:89:fa:d9:99:ad:ae:8d:ac:ab:a6:
         58:3a:9b:ea:f0:52:3d:4c:d0:24:ba:75:9e:36:03:35:a0:12:
         fa:5d:63:2a:2e:e1:48:cd:51:53:92:4c:42:44:cf:ee:67:59:
         0d:10:08:2d:7e:f9:ef:e6:c1:c6:57:84:e9:c4:f7:95:59:1c:
         58:0b:fa:9d:46:fe:42:6d:be:54:49:a6:45:27:6a:ab:04:d7:
         f0:0c:55:a5:35:9d:83:75:ce:41:06:45:6f:c1:32:74:5d:fa:
         42:8b:92:ac:3e:a6:d5:1c:55:76:bf:8d:66:26:d2:cb:a2:fe:
         1b:1f:b3:34:4c:9b:4f:da:49:11:2f:1d:70:64:cc:98:bc:d9:
         21:45:e6:16:91:88:f0:44:ec:08:67:49:97:0a:50:a1:92:1a:
         1d:3b:14:44:34:30:6d:0e:2f:99:cc:57:e0:bb:71:28:fc:09:
         09:c6:1e:66
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZLj+VZrzyt4+8njlJI5wNCGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZGJlZmJhOGZlM2MxZjY2OGM4NDQ0Mzg0ZmU0YTNhOWY0
ZDg3ZjEwHhcNMjQxMDMxMTkwNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjVmY2VmMjJlOGY4NjA3NzQ2NTdhNjJiMWMxZTViNTE1OWU4ZGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6JVqtXsnomrPBHdoY/zrTgYiMIC
TPIvl1F7qzE6E8jZOZcH2Aa9bsLHlQ4rvmU44TcExp4MEzUANDmKVAz2iuYhkK7o
b2HFJVguF87et6KjeSj5kD4sRwXum3V+LePnfrrSV1MrBoFCGBMNt99Exclr2j3P
RHINMnkLDotMIqLBUx2jbt2UCOpYsI7NZOAWLFZDO5mVITqq0pIyw+Hmax37rHOz
xjYoJaPo/1abYanQYVGleTlHmsrNoZakeg0tYvqt0Nyz9xU+XVH6axHeN89a0a7L
DZAK0UudO5F9MyQ7AEOzdK36h+sIeb/lR/ppiVrBfVaiV6g559ALjQvHzQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGJfzvIuj4YHdGV6YrHB5bUVno2hMB8GA1UdIwQY
MBaAFM3b77qP48H2aMhEQ4T+SjqfTYfxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMt
MWEzOWU2YTZkZTkzLzEvWWxfTzhpNlBoZ2QwWlhwaXNjSGx0UldlamFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMtMWEzOWU2YTZkZTkz
LzEvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg9DAQMF
ACoPQwQwDQYJKoZIhvcNAQELBQADggEBAGpkQCFq5NtAb2tt5HrhzhsymXQuJ0HD
R+A+F/yFHBH64kSFBLuw7nNsa6cWX0JrAm7qj6bVPry6/UEzSO7jpyZnda/KJ2gr
4KN5uPars+RBifrZma2ujayrplg6m+rwUj1M0CS6dZ42AzWgEvpdYyou4UjNUVOS
TEJEz+5nWQ0QCC1++e/mwcZXhOnE95VZHFgL+p1G/kJtvlRJpkUnaqsE1/AMVaU1
nYN1zkEGRW/BMnRd+kKLkqw+ptUcVXa/jWYm0sui/hsfszRMm0/aSREvHXBkzJi8
2SFF5haRiPBE7AhnSZcKUKGSGh07FEQ0MG0OL5nMV+C7cSj8CQnGHmY=
-----END CERTIFICATE-----