Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/yjnWEHz99qRXQaiuOj3eX-lZUxQ.roa
File:                     yjnWEHz99qRXQaiuOj3eX-lZUxQ.roa (raw, json)
Hash identifier:          0t04om9xaUU0t9kKinFX4XEsDKCPL9C2scRotBNspks=
Subject key identifier:   CA:39:D6:10:7C:FD:F6:A4:57:41:A8:AE:3A:3D:DE:5F:E9:59:53:14
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       018CC2DB5FA9597B62DB301284D2E241C533
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/yjnWEHz99qRXQaiuOj3eX-lZUxQ.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212856
IP address blocks:        2a07:22c1:11::/48 maxlen: 48
                          2a07:22c1:10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5f:a9:59:7b:62:db:30:12:84:d2:e2:41:c5:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca39d6107cfdf6a45741a8ae3a3dde5fe9595314
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:1a:cc:2a:09:ab:87:5e:a5:dc:c7:70:48:79:
                    aa:53:e7:c8:37:a4:e9:9e:35:75:8a:72:b6:24:a7:
                    69:16:74:bc:ad:64:17:4a:87:57:70:84:af:ef:28:
                    aa:2f:07:39:28:70:7b:9c:29:0d:90:f9:75:70:07:
                    c5:e4:68:f9:f9:90:75:e3:a6:3d:09:d1:b6:27:79:
                    2d:a9:a0:64:94:03:5c:52:c3:53:f3:06:83:94:55:
                    d5:ee:11:a0:85:60:8e:d6:57:82:aa:22:c6:3a:7f:
                    07:fd:26:d3:21:8d:9b:fe:97:35:a3:b9:0a:d3:a2:
                    2a:fe:69:c3:c9:66:d8:1b:5f:d6:83:4a:74:4f:56:
                    06:4d:e4:88:c7:72:8d:37:c3:fb:aa:d0:b4:0f:99:
                    81:a3:f0:b5:95:39:19:a3:2b:19:74:7b:9d:ba:0c:
                    b2:92:cc:6c:83:0c:43:1c:d4:44:e9:b2:b8:5d:d3:
                    f9:96:bb:11:73:17:0b:94:9c:34:ef:97:27:7f:72:
                    72:29:53:07:67:f6:ca:b5:ec:36:87:b2:45:d7:5b:
                    d1:78:dd:01:58:d7:bc:60:68:e8:c9:26:c8:08:60:
                    ef:1d:24:f4:d5:b5:d8:a3:d5:71:0c:48:9b:ce:7f:
                    61:79:bc:e4:1f:75:06:f5:55:ae:96:3c:ed:2b:0e:
                    99:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:39:D6:10:7C:FD:F6:A4:57:41:A8:AE:3A:3D:DE:5F:E9:59:53:14
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/yjnWEHz99qRXQaiuOj3eX-lZUxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:22c1:10::/47

    Signature Algorithm: sha256WithRSAEncryption
         8d:00:3c:cc:0e:7d:62:21:07:7e:98:d9:47:20:e2:59:f0:d1:
         0e:a7:f1:30:91:5c:31:32:0c:d1:78:bd:ac:4c:09:34:45:92:
         78:65:0c:c3:52:12:07:60:ad:4e:fc:7f:2b:6d:a0:e4:fd:15:
         ad:42:86:1a:14:a4:6b:80:e1:de:66:09:ac:bb:18:80:12:40:
         37:13:da:f4:ee:05:10:15:26:14:04:81:37:fd:a5:d6:ee:bd:
         0e:82:2f:4f:9c:d1:66:3c:48:7a:21:d0:f6:35:f0:00:d7:f6:
         98:bd:c6:3d:6e:3e:d8:27:be:86:26:e6:2d:b8:0d:34:c3:bd:
         ed:69:1c:ad:43:87:c5:7a:28:9a:63:a4:ef:9d:0e:5d:44:a8:
         9a:32:13:37:80:59:81:67:9f:13:fe:11:09:55:67:07:63:1c:
         69:70:a1:62:cb:af:3c:42:a8:52:31:a2:b3:83:06:73:26:54:
         9f:d1:2d:a2:d6:27:c1:e7:54:16:13:bd:91:f1:0b:10:e5:ed:
         c3:68:49:7d:7e:78:85:0b:33:bb:32:d0:eb:f6:c0:5c:f4:5e:
         1c:91:79:74:96:1f:92:50:d7:ae:91:27:7d:04:22:cb:2f:e6:
         c1:be:1c:03:c2:08:49:7e:47:31:62:17:91:55:e2:ad:d3:06:
         66:e4:38:47
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC21+pWXti2zAShNLiQcUzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTM5ZDYxMDdjZmRmNmE0NTc0MWE4YWUzYTNkZGU1ZmU5NTk1MzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBrMKgmrh16l3MdwSHmqU+fIN6Tp
njV1inK2JKdpFnS8rWQXSodXcISv7yiqLwc5KHB7nCkNkPl1cAfF5Gj5+ZB146Y9
CdG2J3ktqaBklANcUsNT8waDlFXV7hGghWCO1leCqiLGOn8H/SbTIY2b/pc1o7kK
06Iq/mnDyWbYG1/Wg0p0T1YGTeSIx3KNN8P7qtC0D5mBo/C1lTkZoysZdHudugyy
ksxsgwxDHNRE6bK4XdP5lrsRcxcLlJw075cnf3JyKVMHZ/bKtew2h7JF11vReN0B
WNe8YGjoySbICGDvHST01bXYo9VxDEibzn9hebzkH3UG9VWuljztKw6ZfwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMo51hB8/fakV0Gorjo93l/pWVMUMB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEveWpuV0VIejk5cVJYUWFpdU9qM2VYLWxaVXhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgciwQAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCNADzMDn1iIQd+mNlHIOJZ8NEOp/EwkVwxMgzR
eL2sTAk0RZJ4ZQzDUhIHYK1O/H8rbaDk/RWtQoYaFKRrgOHeZgmsuxiAEkA3E9r0
7gUQFSYUBIE3/aXW7r0Ogi9PnNFmPEh6IdD2NfAA1/aYvcY9bj7YJ76GJuYtuA00
w73taRytQ4fFeiiaY6TvnQ5dRKiaMhM3gFmBZ58T/hEJVWcHYxxpcKFiy688QqhS
MaKzgwZzJlSf0S2i1ifB51QWE72R8QsQ5e3DaEl9fniFCzO7MtDr9sBc9F4ckXl0
lh+SUNeukSd9BCLLL+bBvhwDwghJfkcxYheRVeKt0wZm5DhH
-----END CERTIFICATE-----