Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/0f2266-b4f1-48fc-b293-67932656e594/1/zsybJGm-snwIEThRfBiorfKRJ9c.roa
File:                     zsybJGm-snwIEThRfBiorfKRJ9c.roa (raw, json)
Hash identifier:          aIi6cEDPNC7IrZBUZDlFK0BURLgqOGdGlDYtblTarSA=
Subject key identifier:   CE:CC:9B:24:69:BE:B2:7C:08:11:38:51:7C:18:A8:AD:F2:91:27:D7
Certificate issuer:       /CN=603b31bc6e7f42f6303870f0234b40def71fa03d
Certificate serial:       018EC7DED1EB3EB201490DC7BD8EC02C41E1
Authority key identifier: 60:3B:31:BC:6E:7F:42:F6:30:38:70:F0:23:4B:40:DE:F7:1F:A0:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YDsxvG5_QvYwOHDwI0tA3vcfoD0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/0f2266-b4f1-48fc-b293-67932656e594/1/zsybJGm-snwIEThRfBiorfKRJ9c.roa
Signing time:             Wed 10 Apr 2024 11:57:32 +0000
ROA not before:           Wed 10 Apr 2024 11:57:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215123
IP address blocks:        2a14:37c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/0f2266-b4f1-48fc-b293-67932656e594/1/YDsxvG5_QvYwOHDwI0tA3vcfoD0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/0f2266-b4f1-48fc-b293-67932656e594/1/YDsxvG5_QvYwOHDwI0tA3vcfoD0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YDsxvG5_QvYwOHDwI0tA3vcfoD0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c7:de:d1:eb:3e:b2:01:49:0d:c7:bd:8e:c0:2c:41:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=603b31bc6e7f42f6303870f0234b40def71fa03d
        Validity
            Not Before: Apr 10 11:57:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cecc9b2469beb27c081138517c18a8adf29127d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:06:ee:7c:5f:e6:51:fc:69:63:a6:48:90:2e:
                    de:0f:dd:7b:18:79:c2:e3:d3:19:22:5f:94:65:43:
                    79:9e:94:92:fb:cf:a2:4b:e9:13:82:cd:6c:eb:4f:
                    01:db:5e:a9:12:f8:f9:24:15:67:d5:6d:8e:d4:ca:
                    c3:39:91:23:33:89:99:28:d8:41:cc:29:ab:ae:81:
                    e0:e5:fe:66:57:79:4d:57:f0:94:4f:2b:20:4a:09:
                    a4:51:e4:f0:62:b6:f1:76:e6:0b:2f:b1:cb:c2:79:
                    59:48:fe:66:0d:ef:9c:06:b5:54:70:4c:93:6b:94:
                    d7:9d:a2:3a:3a:a6:2b:90:c1:8a:16:19:25:65:f0:
                    81:9a:ac:7a:38:49:e3:4b:55:cb:fe:4a:e6:60:36:
                    36:8b:29:4b:89:83:ef:ad:9f:b4:92:b7:19:c0:ad:
                    22:83:46:83:5e:29:a8:ff:09:c8:6f:2b:73:c3:45:
                    cd:a0:31:f3:b2:6d:d4:e8:ec:4d:51:4b:d5:2e:61:
                    e8:ec:ea:18:a1:8e:0c:70:db:ab:8b:f4:40:5d:c3:
                    59:c8:db:ba:23:f5:71:3e:1f:d1:ea:be:8a:0e:9a:
                    9e:fa:78:23:09:2a:63:f3:98:96:50:8d:50:09:9d:
                    cd:ae:15:46:5c:8f:65:bf:84:2e:e9:56:0f:61:83:
                    88:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:CC:9B:24:69:BE:B2:7C:08:11:38:51:7C:18:A8:AD:F2:91:27:D7
            X509v3 Authority Key Identifier:
                keyid:60:3B:31:BC:6E:7F:42:F6:30:38:70:F0:23:4B:40:DE:F7:1F:A0:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YDsxvG5_QvYwOHDwI0tA3vcfoD0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/0f2266-b4f1-48fc-b293-67932656e594/1/zsybJGm-snwIEThRfBiorfKRJ9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/0f2266-b4f1-48fc-b293-67932656e594/1/YDsxvG5_QvYwOHDwI0tA3vcfoD0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:37c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:4e:e1:e6:32:75:db:8b:0f:c0:be:fd:1f:2a:db:26:14:3f:
         8d:c8:14:0a:6e:d4:20:ac:30:83:db:37:5f:34:51:28:99:bb:
         d9:63:86:1c:b4:2f:54:aa:5c:ef:57:51:89:d2:38:a6:20:b8:
         fe:94:f1:bc:ef:9d:71:50:1f:d6:ae:07:05:73:36:d1:75:c2:
         e9:71:6e:24:a2:d8:fa:ef:03:4c:97:0e:01:68:a1:9b:3a:f4:
         c2:2b:b8:b2:6b:f0:81:d9:c5:01:02:d8:20:d8:98:2f:15:c5:
         98:1e:a3:92:8f:7c:25:a6:84:de:e6:fd:9e:37:9d:03:c8:6f:
         fd:d1:f7:10:28:4a:48:ff:78:0d:d2:a3:f9:65:33:bd:04:9f:
         7b:82:e2:b6:16:3b:c0:a9:5c:cc:81:a6:35:cb:de:4e:75:c3:
         18:fd:4c:df:ec:e8:a1:ed:31:66:af:f5:60:2f:cc:a9:4a:0a:
         7c:07:7a:11:f5:c0:8b:00:95:31:27:9a:65:ea:a1:7b:f9:40:
         94:4f:94:a4:43:84:74:02:b6:ff:61:25:06:b5:fd:3a:d9:71:
         7d:a8:3a:c5:dd:8b:bf:25:9a:c2:a5:40:cf:cc:2c:ff:ab:ca:
         33:4c:cf:1e:43:8a:79:b9:f1:8e:ae:56:ff:08:85:9b:5c:c9:
         4c:6f:51:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY7H3tHrPrIBSQ3HvY7ALEHhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwM2IzMWJjNmU3ZjQyZjYzMDM4NzBmMDIzNGI0MGRlZjcx
ZmEwM2QwHhcNMjQwNDEwMTE1NzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWNjOWIyNDY5YmViMjdjMDgxMTM4NTE3YzE4YThhZGYyOTEyN2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQbufF/mUfxpY6ZIkC7eD917GHnC
49MZIl+UZUN5npSS+8+iS+kTgs1s608B216pEvj5JBVn1W2O1MrDOZEjM4mZKNhB
zCmrroHg5f5mV3lNV/CUTysgSgmkUeTwYrbxduYLL7HLwnlZSP5mDe+cBrVUcEyT
a5TXnaI6OqYrkMGKFhklZfCBmqx6OEnjS1XL/krmYDY2iylLiYPvrZ+0krcZwK0i
g0aDXimo/wnIbytzw0XNoDHzsm3U6OxNUUvVLmHo7OoYoY4McNuri/RAXcNZyNu6
I/VxPh/R6r6KDpqe+ngjCSpj85iWUI1QCZ3NrhVGXI9lv4Qu6VYPYYOI0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM7MmyRpvrJ8CBE4UXwYqK3ykSfXMB8GA1UdIwQY
MBaAFGA7Mbxuf0L2MDhw8CNLQN73H6A9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWURzeHZHNV9Rdll3T0hEd0kwdEEzdmNmb0QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8wZjIyNjYtYjRmMS00OGZjLWIyOTMt
Njc5MzI2NTZlNTk0LzEvenN5YkpHbS1zbndJRVRoUmZCaW9yZktSSjljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8wZjIyNjYtYjRmMS00OGZjLWIyOTMtNjc5MzI2NTZlNTk0
LzEvWURzeHZHNV9Rdll3T0hEd0kwdEEzdmNmb0QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhQ3wAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAfTuHmMnXbiw/Avv0fKtsmFD+NyBQKbtQgrDCD
2zdfNFEombvZY4YctC9UqlzvV1GJ0jimILj+lPG8751xUB/WrgcFczbRdcLpcW4k
otj67wNMlw4BaKGbOvTCK7iya/CB2cUBAtgg2JgvFcWYHqOSj3wlpoTe5v2eN50D
yG/90fcQKEpI/3gN0qP5ZTO9BJ97guK2FjvAqVzMgaY1y95OdcMY/Uzf7Oih7TFm
r/VgL8ypSgp8B3oR9cCLAJUxJ5pl6qF7+UCUT5SkQ4R0Arb/YSUGtf062XF9qDrF
3Yu/JZrCpUDPzCz/q8ozTM8eQ4p5ufGOrlb/CIWbXMlMb1FP
-----END CERTIFICATE-----