Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/fd9054-778d-413d-9e95-5511daa72778/1/ycMokGvexTq49k-kuhf2PcfmtFs.roa
File:                     ycMokGvexTq49k-kuhf2PcfmtFs.roa (raw, json)
Hash identifier:          jeYn1Df5ySKu+UVY+9R7OHJd8V3YdtE2tBzeMMqj60o=
Subject key identifier:   C9:C3:28:90:6B:DE:C5:3A:B8:F6:4F:A4:BA:17:F6:3D:C7:E6:B4:5B
Certificate issuer:       /CN=3c859ed693ce3de059caa0a0c1e4245c5e9e37e4
Certificate serial:       018CC72775411071ADBC14F90A008D3A6F6F
Authority key identifier: 3C:85:9E:D6:93:CE:3D:E0:59:CA:A0:A0:C1:E4:24:5C:5E:9E:37:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PIWe1pPOPeBZyqCgweQkXF6eN-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/fd9054-778d-413d-9e95-5511daa72778/1/ycMokGvexTq49k-kuhf2PcfmtFs.roa
Signing time:             Mon 01 Jan 2024 22:31:41 +0000
ROA not before:           Mon 01 Jan 2024 22:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198150
IP address blocks:        2a13:9cc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/fd9054-778d-413d-9e95-5511daa72778/1/PIWe1pPOPeBZyqCgweQkXF6eN-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/fd9054-778d-413d-9e95-5511daa72778/1/PIWe1pPOPeBZyqCgweQkXF6eN-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PIWe1pPOPeBZyqCgweQkXF6eN-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:75:41:10:71:ad:bc:14:f9:0a:00:8d:3a:6f:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c859ed693ce3de059caa0a0c1e4245c5e9e37e4
        Validity
            Not Before: Jan  1 22:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9c328906bdec53ab8f64fa4ba17f63dc7e6b45b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7c:af:f1:56:f8:15:ca:7b:2b:e3:64:49:54:
                    69:f8:9a:a4:51:6b:c6:69:a8:1e:49:11:d0:b7:c5:
                    47:ae:a2:88:f5:c5:af:dd:b0:2b:50:8e:f4:fb:83:
                    5b:69:bb:10:a3:28:0a:8a:b3:6c:b7:94:9b:c6:e1:
                    c9:7a:44:bd:76:d6:c1:52:3e:e5:c6:ea:5d:78:67:
                    74:6b:7e:9d:0f:a7:70:24:31:80:32:9b:db:13:8a:
                    ba:33:58:f2:36:46:ac:49:6e:16:f4:0d:c1:5f:55:
                    79:2d:06:59:62:de:de:b7:34:cb:fd:f1:cf:f5:07:
                    9f:41:88:4b:e5:9e:ad:82:c9:4f:07:6d:72:19:ce:
                    66:64:08:79:a6:d0:c9:79:21:39:b2:83:e6:55:34:
                    1e:cf:16:3f:09:77:4f:11:57:25:e9:fc:32:6b:e6:
                    cd:9f:bd:0a:a0:eb:05:d0:e9:84:af:a7:a3:48:88:
                    b6:02:c7:6e:91:1c:d7:ba:62:69:03:f7:d0:56:d2:
                    33:e7:5b:02:26:ab:10:5b:d5:b3:62:04:99:9b:77:
                    de:60:de:58:3a:fb:8f:1d:27:53:75:6a:7c:27:1f:
                    c0:d4:45:21:8d:55:b0:8b:0f:49:ee:b6:e3:87:dd:
                    ee:73:1f:4c:73:eb:86:fc:ee:17:bb:a4:89:94:15:
                    f8:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:C3:28:90:6B:DE:C5:3A:B8:F6:4F:A4:BA:17:F6:3D:C7:E6:B4:5B
            X509v3 Authority Key Identifier:
                keyid:3C:85:9E:D6:93:CE:3D:E0:59:CA:A0:A0:C1:E4:24:5C:5E:9E:37:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PIWe1pPOPeBZyqCgweQkXF6eN-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/fd9054-778d-413d-9e95-5511daa72778/1/ycMokGvexTq49k-kuhf2PcfmtFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/fd9054-778d-413d-9e95-5511daa72778/1/PIWe1pPOPeBZyqCgweQkXF6eN-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ac:86:c3:2b:54:fd:f3:43:35:c2:2b:ef:33:31:36:ef:63:0d:
         5b:dd:f6:8b:fd:bb:1f:19:3c:70:70:80:45:1d:1a:39:46:da:
         12:7f:40:00:8f:31:10:20:4b:bc:38:b6:f8:b4:97:f9:57:ed:
         c2:23:fd:ac:b9:a2:62:86:4a:0b:ae:f6:a6:9c:da:25:be:a5:
         22:1a:1e:fc:0f:91:6d:63:e4:f1:f4:47:8c:35:cf:d5:4e:f3:
         1e:5e:99:5c:cd:e5:be:2f:7b:72:50:87:b5:02:1d:91:55:66:
         cb:96:2f:e3:05:7f:b5:ca:9c:40:ae:f2:49:50:16:d5:20:93:
         75:82:18:51:eb:c3:cc:80:7e:ce:84:e3:3b:b6:63:0e:02:71:
         be:01:0d:bf:2e:1e:0b:45:92:73:bc:68:b8:70:e0:ec:43:db:
         a0:bf:9c:35:56:ee:e5:22:cc:21:c0:a1:c6:1c:b2:c0:22:41:
         9f:0c:a7:03:33:67:80:1d:a5:90:b2:c8:60:d9:aa:ab:ae:a3:
         c7:e1:33:5c:a7:f5:66:62:ea:76:36:cd:6f:d4:47:10:60:33:
         fe:7c:8d:6b:93:ae:2e:56:7d:97:03:49:35:77:b2:df:fc:ef:
         cc:72:35:fc:96:e8:07:44:58:30:79:ca:61:8b:a1:7b:38:61:
         95:f6:87:91
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJ3VBEHGtvBT5CgCNOm9vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjODU5ZWQ2OTNjZTNkZTA1OWNhYTBhMGMxZTQyNDVjNWU5
ZTM3ZTQwHhcNMjQwMTAxMjIzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWMzMjg5MDZiZGVjNTNhYjhmNjRmYTRiYTE3ZjYzZGM3ZTZiNDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3yv8Vb4Fcp7K+NkSVRp+JqkUWvG
aageSRHQt8VHrqKI9cWv3bArUI70+4NbabsQoygKirNst5SbxuHJekS9dtbBUj7l
xupdeGd0a36dD6dwJDGAMpvbE4q6M1jyNkasSW4W9A3BX1V5LQZZYt7etzTL/fHP
9QefQYhL5Z6tgslPB21yGc5mZAh5ptDJeSE5soPmVTQezxY/CXdPEVcl6fwya+bN
n70KoOsF0OmEr6ejSIi2AsdukRzXumJpA/fQVtIz51sCJqsQW9WzYgSZm3feYN5Y
OvuPHSdTdWp8Jx/A1EUhjVWwiw9J7rbjh93ucx9Mc+uG/O4Xu6SJlBX4MwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMnDKJBr3sU6uPZPpLoX9j3H5rRbMB8GA1UdIwQY
MBaAFDyFntaTzj3gWcqgoMHkJFxenjfkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUElXZTFwUE9QZUJaeXFDZ3dlUWtYRjZlTi1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9mZDkwNTQtNzc4ZC00MTNkLTllOTUt
NTUxMWRhYTcyNzc4LzEveWNNb2tHdmV4VHE0OWsta3VoZjJQY2ZtdEZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9mZDkwNTQtNzc4ZC00MTNkLTllOTUtNTUxMWRhYTcyNzc4
LzEvUElXZTFwUE9QZUJaeXFDZ3dlUWtYRjZlTi1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhOcwDAN
BgkqhkiG9w0BAQsFAAOCAQEArIbDK1T980M1wivvMzE272MNW932i/27Hxk8cHCA
RR0aOUbaEn9AAI8xECBLvDi2+LSX+VftwiP9rLmiYoZKC672ppzaJb6lIhoe/A+R
bWPk8fRHjDXP1U7zHl6ZXM3lvi97clCHtQIdkVVmy5Yv4wV/tcqcQK7ySVAW1SCT
dYIYUevDzIB+zoTjO7ZjDgJxvgENvy4eC0WSc7xouHDg7EPboL+cNVbu5SLMIcCh
xhyywCJBnwynAzNngB2lkLLIYNmqq66jx+EzXKf1ZmLqdjbNb9RHEGAz/nyNa5Ou
LlZ9lwNJNXey3/zvzHI1/JboB0RYMHnKYYuhezhhlfaHkQ==
-----END CERTIFICATE-----