Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/y5SQBIzXUd_XkiF86LGqbjCnn8M.roa
File:                     y5SQBIzXUd_XkiF86LGqbjCnn8M.roa (raw, json)
Hash identifier:          K0Z3w7CUG61Ffi2/MK55JaiqP7YZRFhXJdKeCFiLTdw=
Subject key identifier:   CB:94:90:04:8C:D7:51:DF:D7:92:21:7C:E8:B1:AA:6E:30:A7:9F:C3
Certificate issuer:       /CN=458d12f095053c35876b88b47685d6435421fcf2
Certificate serial:       018CC8DF96094571B9E353BD0713DE50BF32
Authority key identifier: 45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/y5SQBIzXUd_XkiF86LGqbjCnn8M.roa
Signing time:             Tue 02 Jan 2024 06:32:25 +0000
ROA not before:           Tue 02 Jan 2024 06:32:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62904
IP address blocks:        2a0b:7140:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:96:09:45:71:b9:e3:53:bd:07:13:de:50:bf:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458d12f095053c35876b88b47685d6435421fcf2
        Validity
            Not Before: Jan  2 06:32:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb9490048cd751dfd792217ce8b1aa6e30a79fc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e3:c5:15:a3:07:85:9e:d0:99:3d:a3:cd:6e:
                    06:71:cf:24:16:f7:be:ef:a1:73:fa:46:c8:c9:04:
                    00:ee:9a:52:1b:78:d3:cd:df:e9:0d:bd:61:7c:1d:
                    1f:e7:e4:46:97:f1:13:ca:26:31:4f:0e:b3:2f:e4:
                    4b:e4:c1:ea:3b:f1:eb:0e:aa:be:17:c0:dd:d4:ad:
                    46:de:e2:af:4c:63:d0:3d:21:c2:6f:19:d6:30:c4:
                    1d:68:ef:85:a9:3e:96:9d:96:c5:dd:20:49:ce:18:
                    88:26:d6:aa:7f:74:16:1b:4e:fe:d7:5f:ea:de:3c:
                    d5:e3:b0:e9:9f:e5:d9:d9:73:6d:95:6c:ac:2d:a5:
                    3f:f1:b0:73:36:29:11:db:89:e9:24:e7:9d:e2:a1:
                    94:1f:4e:c9:97:2e:97:34:35:f6:af:6d:30:9a:c2:
                    1a:7e:75:3c:16:e8:e8:cd:9c:dc:fd:c7:39:a6:8e:
                    f3:9a:31:5a:2a:b6:e5:8b:bc:b5:97:e4:23:4c:c0:
                    fd:31:ee:a8:3b:60:7c:23:cc:63:da:c8:c0:46:f0:
                    7f:f6:27:b7:6f:ba:dd:85:2b:5c:fa:82:50:98:5e:
                    68:b4:d6:19:bc:bf:42:31:a3:52:c3:28:d4:d4:01:
                    0f:7d:dd:1d:e4:81:43:15:ce:c4:6a:ec:38:b7:fd:
                    4e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:94:90:04:8C:D7:51:DF:D7:92:21:7C:E8:B1:AA:6E:30:A7:9F:C3
            X509v3 Authority Key Identifier:
                keyid:45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/y5SQBIzXUd_XkiF86LGqbjCnn8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:7140:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:92:c5:86:ab:88:db:80:ae:24:d2:40:08:42:77:7a:82:af:
         c1:3b:3e:09:f7:e8:87:db:70:69:0c:a1:93:00:5a:e2:d0:0a:
         14:3f:f5:06:22:b1:57:f0:08:44:5b:a5:bb:a1:a0:80:e5:64:
         4d:d1:d9:c4:dc:1b:35:a4:98:24:a1:9a:c2:c7:57:95:0a:b6:
         72:e6:40:1c:b8:89:34:6c:2e:82:91:03:d9:a5:cd:c6:5d:7b:
         5c:0b:92:67:f0:50:84:29:6b:ad:fd:07:c8:91:01:2c:66:77:
         3c:bf:da:65:22:bf:44:ff:07:46:7a:73:40:f4:66:ef:ac:a4:
         a8:c4:dc:b2:ec:9a:f8:20:6e:9f:87:3f:af:29:1a:2b:74:2d:
         3a:33:07:63:55:34:ef:7b:34:5f:da:cb:24:a5:41:f0:d9:ee:
         da:20:18:06:03:87:2e:28:8a:db:bc:76:22:08:1f:f1:41:2e:
         0d:00:c8:3e:42:59:06:da:c2:2c:51:c6:92:35:7c:f4:ad:25:
         46:36:22:47:18:5e:56:aa:ca:80:f7:78:e2:53:64:71:53:51:
         8f:46:9a:fa:78:00:67:e1:a2:3c:fc:f9:0d:4b:7b:e6:26:37:
         63:2c:ed:43:7d:7d:0c:29:d8:d2:42:5f:78:3f:dd:0e:bc:a7:
         3a:04:8c:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI35YJRXG541O9BxPeUL8yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGQxMmYwOTUwNTNjMzU4NzZiODhiNDc2ODVkNjQzNTQy
MWZjZjIwHhcNMjQwMTAyMDYzMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjk0OTAwNDhjZDc1MWRmZDc5MjIxN2NlOGIxYWE2ZTMwYTc5ZmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuPFFaMHhZ7QmT2jzW4Gcc8kFve+
76Fz+kbIyQQA7ppSG3jTzd/pDb1hfB0f5+RGl/ETyiYxTw6zL+RL5MHqO/HrDqq+
F8Dd1K1G3uKvTGPQPSHCbxnWMMQdaO+FqT6WnZbF3SBJzhiIJtaqf3QWG07+11/q
3jzV47Dpn+XZ2XNtlWysLaU/8bBzNikR24npJOed4qGUH07Jly6XNDX2r20wmsIa
fnU8FujozZzc/cc5po7zmjFaKrbli7y1l+QjTMD9Me6oO2B8I8xj2sjARvB/9ie3
b7rdhStc+oJQmF5otNYZvL9CMaNSwyjU1AEPfd0d5IFDFc7Eauw4t/1O9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMuUkASM11Hf15IhfOixqm4wp5/DMB8GA1UdIwQY
MBaAFEWNEvCVBTw1h2uItHaF1kNUIfzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTkt
Mzk1NTk1OWVhZjgxLzEveTVTUUJJelhVZF9Ya2lGODZMR3FiakNubjhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTktMzk1NTk1OWVhZjgx
LzEvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgtxQAAI
MA0GCSqGSIb3DQEBCwUAA4IBAQAfksWGq4jbgK4k0kAIQnd6gq/BOz4J9+iH23Bp
DKGTAFri0AoUP/UGIrFX8AhEW6W7oaCA5WRN0dnE3Bs1pJgkoZrCx1eVCrZy5kAc
uIk0bC6CkQPZpc3GXXtcC5Jn8FCEKWut/QfIkQEsZnc8v9plIr9E/wdGenNA9Gbv
rKSoxNyy7Jr4IG6fhz+vKRordC06MwdjVTTvezRf2sskpUHw2e7aIBgGA4cuKIrb
vHYiCB/xQS4NAMg+QlkG2sIsUcaSNXz0rSVGNiJHGF5WqsqA93jiU2RxU1GPRpr6
eABn4aI8/PkNS3vmJjdjLO1DfX0MKdjSQl94P90OvKc6BIz6
-----END CERTIFICATE-----