Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/89ff47-0b7b-4309-a8af-2cbd55f9a8ee/1/yyTnRnOwDkrDVYHF7A8qtdHsoj8.roa
File:                     yyTnRnOwDkrDVYHF7A8qtdHsoj8.roa (raw, json)
Hash identifier:          NH/7mdZsiq7PYHaJVAX4tp191dtqg9PhRSzbC7OG2Ro=
Subject key identifier:   CB:24:E7:46:73:B0:0E:4A:C3:55:81:C5:EC:0F:2A:B5:D1:EC:A2:3F
Certificate issuer:       /CN=69a28c2f84c75e8d0388694355152dd2b731f249
Certificate serial:       019247F36FCE8E8F34355C8595E22944D46B
Authority key identifier: 69:A2:8C:2F:84:C7:5E:8D:03:88:69:43:55:15:2D:D2:B7:31:F2:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aaKML4THXo0DiGlDVRUt0rcx8kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/89ff47-0b7b-4309-a8af-2cbd55f9a8ee/1/yyTnRnOwDkrDVYHF7A8qtdHsoj8.roa
Signing time:             Tue 01 Oct 2024 11:59:49 +0000
ROA not before:           Tue 01 Oct 2024 11:59:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41783
IP address blocks:        217.26.16.0/20 maxlen: 22
                          2a00:7c00::/32 maxlen: 39
                          2a00:7c00::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/89ff47-0b7b-4309-a8af-2cbd55f9a8ee/1/aaKML4THXo0DiGlDVRUt0rcx8kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/89ff47-0b7b-4309-a8af-2cbd55f9a8ee/1/aaKML4THXo0DiGlDVRUt0rcx8kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aaKML4THXo0DiGlDVRUt0rcx8kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:47:f3:6f:ce:8e:8f:34:35:5c:85:95:e2:29:44:d4:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69a28c2f84c75e8d0388694355152dd2b731f249
        Validity
            Not Before: Oct  1 11:59:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb24e74673b00e4ac35581c5ec0f2ab5d1eca23f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:fe:27:7e:84:07:64:6b:89:94:63:fb:d0:9d:
                    0c:6f:2c:2a:8d:f1:17:23:4b:e0:b8:19:7a:61:63:
                    56:8b:c6:bb:0d:a4:25:a9:c1:87:17:ef:a9:f9:6f:
                    72:84:06:28:0d:fd:51:17:b4:7c:28:56:95:83:b6:
                    5d:a4:34:53:1f:81:f9:99:82:ae:4e:8d:3e:aa:5b:
                    3f:8f:3e:ad:e7:65:2a:59:78:51:4c:51:db:6e:33:
                    12:56:c0:f1:73:35:7b:43:ea:34:ec:3d:3b:34:4e:
                    f0:0d:30:bb:c5:16:48:e1:af:f8:70:4e:09:6a:87:
                    ec:94:72:1b:43:fb:2a:d6:87:79:08:04:cd:e4:37:
                    71:8c:92:0d:d5:75:a1:72:30:ef:71:b0:19:6f:5d:
                    53:bb:4c:9c:04:93:ff:31:86:68:cf:16:32:f6:8f:
                    27:b4:d7:48:63:d0:63:e0:cc:d9:c3:9c:d7:99:0a:
                    77:7a:bb:43:ad:0a:a9:b8:e6:c7:6c:82:6b:e4:20:
                    3e:2b:c7:a2:d7:9a:01:f5:c8:ef:74:3d:a3:88:85:
                    6d:9c:61:21:41:ae:41:de:d2:b6:81:f3:71:a1:5c:
                    d1:be:5f:fa:bd:66:99:fc:72:3f:df:47:84:79:86:
                    c2:d9:31:2d:a6:81:e7:ad:30:00:3a:92:2a:ee:82:
                    17:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:24:E7:46:73:B0:0E:4A:C3:55:81:C5:EC:0F:2A:B5:D1:EC:A2:3F
            X509v3 Authority Key Identifier:
                keyid:69:A2:8C:2F:84:C7:5E:8D:03:88:69:43:55:15:2D:D2:B7:31:F2:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aaKML4THXo0DiGlDVRUt0rcx8kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/89ff47-0b7b-4309-a8af-2cbd55f9a8ee/1/yyTnRnOwDkrDVYHF7A8qtdHsoj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/89ff47-0b7b-4309-a8af-2cbd55f9a8ee/1/aaKML4THXo0DiGlDVRUt0rcx8kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.26.16.0/20
                IPv6:
                  2a00:7c00::/32

    Signature Algorithm: sha256WithRSAEncryption
         b9:aa:8f:ab:cc:d4:50:4f:f8:77:6e:48:56:7e:82:b7:86:03:
         60:05:95:e1:5c:e9:dd:ca:47:bd:d4:6e:d0:86:47:1b:8c:18:
         a1:40:97:20:fb:a4:0e:06:4b:6b:f2:e9:55:0b:b9:2c:9a:a8:
         af:b4:50:b8:9f:13:a4:e8:75:87:ee:2b:0b:e9:da:e3:1e:db:
         6e:79:a7:f4:b5:e9:2e:a7:e0:bb:98:13:48:b9:dd:4e:c9:50:
         8e:4f:56:77:cb:50:ae:32:50:18:e5:ec:8f:d7:de:66:c6:8e:
         58:09:09:02:e8:6a:66:0c:a2:e7:b6:24:52:c6:49:a1:be:b2:
         01:0b:cb:4c:40:7a:bb:05:f4:c1:44:40:41:a9:eb:5a:c9:f8:
         74:a1:11:33:01:86:89:a8:03:3d:3f:79:78:8a:ea:5d:08:0c:
         6f:ee:ee:31:83:ea:f5:21:59:90:37:98:29:22:7a:d1:cb:9a:
         a0:d9:a8:df:58:ca:51:81:70:c9:6e:06:f8:bd:ab:24:63:fe:
         13:1d:a5:f9:af:4f:48:f4:4d:ec:eb:79:b4:cb:c6:f6:9f:36:
         bf:88:8a:40:41:d5:28:46:a5:e2:81:35:1f:e9:71:b8:89:f9:
         7b:c6:7f:3a:07:ec:4f:0e:05:b9:40:8d:e7:10:1c:fe:f4:51:
         5a:9f:d9:a7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZJH82/Ojo80NVyFleIpRNRrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5YTI4YzJmODRjNzVlOGQwMzg4Njk0MzU1MTUyZGQyYjcz
MWYyNDkwHhcNMjQxMDAxMTE1OTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjI0ZTc0NjczYjAwZTRhYzM1NTgxYzVlYzBmMmFiNWQxZWNhMjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmf4nfoQHZGuJlGP70J0MbywqjfEX
I0vguBl6YWNWi8a7DaQlqcGHF++p+W9yhAYoDf1RF7R8KFaVg7ZdpDRTH4H5mYKu
To0+qls/jz6t52UqWXhRTFHbbjMSVsDxczV7Q+o07D07NE7wDTC7xRZI4a/4cE4J
aofslHIbQ/sq1od5CATN5DdxjJIN1XWhcjDvcbAZb11Tu0ycBJP/MYZozxYy9o8n
tNdIY9Bj4MzZw5zXmQp3ertDrQqpuObHbIJr5CA+K8ei15oB9cjvdD2jiIVtnGEh
Qa5B3tK2gfNxoVzRvl/6vWaZ/HI/30eEeYbC2TEtpoHnrTAAOpIq7oIXCQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMsk50ZzsA5Kw1WBxewPKrXR7KI/MB8GA1UdIwQY
MBaAFGmijC+Ex16NA4hpQ1UVLdK3MfJJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWFLTUw0VEhYbzBEaUdsRFZSVXQwcmN4OGtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS84OWZmNDctMGI3Yi00MzA5LWE4YWYt
MmNiZDU1ZjlhOGVlLzEveXlUblJuT3dEa3JEVllIRjdBOHF0ZEhzb2o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS84OWZmNDctMGI3Yi00MzA5LWE4YWYtMmNiZDU1ZjlhOGVl
LzEvYWFLTUw0VEhYbzBEaUdsRFZSVXQwcmN4OGtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQE2RoQMA0E
AgACMAcDBQAqAHwAMA0GCSqGSIb3DQEBCwUAA4IBAQC5qo+rzNRQT/h3bkhWfoK3
hgNgBZXhXOndyke91G7QhkcbjBihQJcg+6QOBktr8ulVC7ksmqivtFC4nxOk6HWH
7isL6drjHttueaf0tekup+C7mBNIud1OyVCOT1Z3y1CuMlAY5eyP195mxo5YCQkC
6GpmDKLntiRSxkmhvrIBC8tMQHq7BfTBREBBqetayfh0oREzAYaJqAM9P3l4iupd
CAxv7u4xg+r1IVmQN5gpInrRy5qg2ajfWMpRgXDJbgb4vaskY/4THaX5r09I9E3s
63m0y8b2nza/iIpAQdUoRqXigTUf6XG4ifl7xn86B+xPDgW5QI3nEBz+9FFan9mn
-----END CERTIFICATE-----