Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/51dd21-9db1-4224-9aac-56afc3cbdf4e/1/YDAV-stFbBYknK-MHQjAFGKIviM.roa
File:                     YDAV-stFbBYknK-MHQjAFGKIviM.roa (raw, json)
Hash identifier:          SdDeY9dzrBZujPQFvilvXbGOkdZa6vv8FLkLN5jjZVw=
Subject key identifier:   60:30:15:FA:CB:45:6C:16:24:9C:AF:8C:1D:08:C0:14:62:88:BE:23
Certificate issuer:       /CN=cd6cba10ab465cf0ee3e76025c67f8554d2d01a5
Certificate serial:       01942748512EFF5E064CA741AE721900C477
Authority key identifier: CD:6C:BA:10:AB:46:5C:F0:EE:3E:76:02:5C:67:F8:55:4D:2D:01:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zWy6EKtGXPDuPnYCXGf4VU0tAaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/51dd21-9db1-4224-9aac-56afc3cbdf4e/1/YDAV-stFbBYknK-MHQjAFGKIviM.roa
Signing time:             Thu 02 Jan 2025 13:50:38 +0000
ROA not before:           Thu 02 Jan 2025 13:50:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206271
IP address blocks:        2001:67c:be4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/51dd21-9db1-4224-9aac-56afc3cbdf4e/1/zWy6EKtGXPDuPnYCXGf4VU0tAaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/51dd21-9db1-4224-9aac-56afc3cbdf4e/1/zWy6EKtGXPDuPnYCXGf4VU0tAaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zWy6EKtGXPDuPnYCXGf4VU0tAaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:51:2e:ff:5e:06:4c:a7:41:ae:72:19:00:c4:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd6cba10ab465cf0ee3e76025c67f8554d2d01a5
        Validity
            Not Before: Jan  2 13:50:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=603015facb456c16249caf8c1d08c0146288be23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:3d:90:2d:15:d0:d2:11:15:d8:53:ce:94:b6:
                    a8:18:1e:71:f7:47:71:af:35:99:a6:a5:83:0d:ce:
                    fa:f0:1e:ba:8c:af:6a:09:9f:2f:8a:ad:30:ea:b5:
                    63:76:f0:3d:52:bd:b3:f8:96:02:f0:9b:c0:cc:2f:
                    cb:69:fa:fa:74:52:8b:a9:87:45:b3:3f:bf:3c:3a:
                    cf:8b:f3:16:07:40:39:77:60:3f:8c:22:eb:6b:3e:
                    ad:65:bc:15:df:aa:61:b8:a1:73:f4:1f:c0:3e:3b:
                    9d:a2:17:88:88:bc:d1:f5:3d:36:b3:ef:5f:82:91:
                    1a:35:89:f2:30:a0:c5:0e:cb:eb:73:05:e8:67:97:
                    de:0d:d4:aa:c5:d7:64:60:7b:cb:eb:d7:84:b1:71:
                    31:2d:84:7a:19:3b:32:b4:1b:6e:1a:36:9e:fd:46:
                    77:27:ce:d4:ad:0e:7a:60:24:1d:d3:0a:03:9c:a5:
                    17:88:70:83:84:23:55:89:70:07:73:57:41:65:f8:
                    d1:c6:64:28:91:0c:10:fd:75:bc:e1:ef:e7:3b:f9:
                    74:c5:25:42:ff:47:1c:b7:ee:cf:7b:16:fc:c5:11:
                    4b:33:c4:62:c6:bf:a7:ca:a3:b8:8e:a9:a9:9b:ab:
                    1f:0f:5c:63:fc:b5:4b:7f:9d:6f:b8:a4:ff:23:af:
                    08:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:30:15:FA:CB:45:6C:16:24:9C:AF:8C:1D:08:C0:14:62:88:BE:23
            X509v3 Authority Key Identifier:
                keyid:CD:6C:BA:10:AB:46:5C:F0:EE:3E:76:02:5C:67:F8:55:4D:2D:01:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zWy6EKtGXPDuPnYCXGf4VU0tAaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/51dd21-9db1-4224-9aac-56afc3cbdf4e/1/YDAV-stFbBYknK-MHQjAFGKIviM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/51dd21-9db1-4224-9aac-56afc3cbdf4e/1/zWy6EKtGXPDuPnYCXGf4VU0tAaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:be4::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:67:d4:69:ca:1e:6a:a0:f5:c0:ad:68:d9:46:67:11:8c:77:
         7f:a6:cc:f8:2a:4b:53:56:a0:16:66:f0:6d:4b:f4:86:a7:dc:
         b4:00:85:4f:b4:b7:00:b2:34:7a:df:14:e6:41:67:1a:ca:46:
         f0:df:31:8c:a8:e7:54:99:91:21:91:1a:87:77:40:24:ac:98:
         33:f9:80:39:ff:5b:93:71:62:24:d4:3c:eb:57:5f:81:fc:76:
         da:06:66:c7:dd:e7:2b:4f:f1:ca:72:f1:05:fd:b4:5e:e9:17:
         a8:a3:ad:7d:4a:03:df:4a:1c:0b:26:69:af:69:2b:0c:9f:ea:
         0a:0c:97:de:2b:1b:a3:db:e7:69:b1:18:ca:8b:e3:b9:10:84:
         4c:9f:ac:f9:cb:91:a4:eb:00:88:14:da:1b:a8:5a:b1:af:46:
         d5:8e:2d:ff:0f:2e:4d:0a:c6:60:ab:e4:cd:ea:93:d8:3d:85:
         92:50:04:98:73:77:26:66:60:62:97:d9:0c:47:5c:61:1d:61:
         79:c5:8a:bf:30:08:8d:db:97:81:cd:9b:0c:9b:42:e7:d8:22:
         31:07:73:aa:d7:4f:e8:3c:13:22:43:d4:16:43:17:1b:4e:04:
         e8:eb:15:c2:d2:1f:91:26:13:47:f9:85:43:57:d1:11:9b:3c:
         0e:ea:4c:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnSFEu/14GTKdBrnIZAMR3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNmNiYTEwYWI0NjVjZjBlZTNlNzYwMjVjNjdmODU1NGQy
ZDAxYTUwHhcNMjUwMTAyMTM1MDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDMwMTVmYWNiNDU2YzE2MjQ5Y2FmOGMxZDA4YzAxNDYyODhiZTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuD2QLRXQ0hEV2FPOlLaoGB5x90dx
rzWZpqWDDc768B66jK9qCZ8viq0w6rVjdvA9Ur2z+JYC8JvAzC/Lafr6dFKLqYdF
sz+/PDrPi/MWB0A5d2A/jCLraz6tZbwV36phuKFz9B/APjudoheIiLzR9T02s+9f
gpEaNYnyMKDFDsvrcwXoZ5feDdSqxddkYHvL69eEsXExLYR6GTsytBtuGjae/UZ3
J87UrQ56YCQd0woDnKUXiHCDhCNViXAHc1dBZfjRxmQokQwQ/XW84e/nO/l0xSVC
/0cct+7Pexb8xRFLM8Rixr+nyqO4jqmpm6sfD1xj/LVLf51vuKT/I68ILQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGAwFfrLRWwWJJyvjB0IwBRiiL4jMB8GA1UdIwQY
MBaAFM1suhCrRlzw7j52Alxn+FVNLQGlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveld5NkVLdEdYUER1UG5ZQ1hHZjRWVTB0QWFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS81MWRkMjEtOWRiMS00MjI0LTlhYWMt
NTZhZmMzY2JkZjRlLzEvWURBVi1zdEZiQllrbkstTUhRakFGR0tJdmlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS81MWRkMjEtOWRiMS00MjI0LTlhYWMtNTZhZmMzY2JkZjRl
LzEveld5NkVLdEdYUER1UG5ZQ1hHZjRWVTB0QWFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAvk
MA0GCSqGSIb3DQEBCwUAA4IBAQC/Z9Rpyh5qoPXArWjZRmcRjHd/psz4KktTVqAW
ZvBtS/SGp9y0AIVPtLcAsjR63xTmQWcaykbw3zGMqOdUmZEhkRqHd0AkrJgz+YA5
/1uTcWIk1DzrV1+B/HbaBmbH3ecrT/HKcvEF/bRe6Reoo619SgPfShwLJmmvaSsM
n+oKDJfeKxuj2+dpsRjKi+O5EIRMn6z5y5Gk6wCIFNobqFqxr0bVji3/Dy5NCsZg
q+TN6pPYPYWSUASYc3cmZmBil9kMR1xhHWF5xYq/MAiN25eBzZsMm0Ln2CIxB3Oq
10/oPBMiQ9QWQxcbTgTo6xXC0h+RJhNH+YVDV9ERmzwO6kzt
-----END CERTIFICATE-----