Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/be8143-a408-49ab-a147-cda117fe830d/1/YOGFlmlV2_WJqXJipmKxo-UT7Fs.roa
File:                     YOGFlmlV2_WJqXJipmKxo-UT7Fs.roa (raw, json)
Hash identifier:          yldbSa1BsIMdKFPk5mMeltr1Ebyxjw7wj9onkWkP/p8=
Subject key identifier:   60:E1:85:96:69:55:DB:F5:89:A9:72:62:A6:62:B1:A3:E5:13:EC:5B
Certificate issuer:       /CN=4c04e01231b1db820b1f5d542834ab05f693fd78
Certificate serial:       018CC6B8425D820C001D6823EF26AC2FDB0A
Authority key identifier: 4C:04:E0:12:31:B1:DB:82:0B:1F:5D:54:28:34:AB:05:F6:93:FD:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TATgEjGx24ILH11UKDSrBfaT_Xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/be8143-a408-49ab-a147-cda117fe830d/1/YOGFlmlV2_WJqXJipmKxo-UT7Fs.roa
Signing time:             Mon 01 Jan 2024 20:30:13 +0000
ROA not before:           Mon 01 Jan 2024 20:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57757
IP address blocks:        2a0e:4480::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/be8143-a408-49ab-a147-cda117fe830d/1/TATgEjGx24ILH11UKDSrBfaT_Xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/be8143-a408-49ab-a147-cda117fe830d/1/TATgEjGx24ILH11UKDSrBfaT_Xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TATgEjGx24ILH11UKDSrBfaT_Xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:42:5d:82:0c:00:1d:68:23:ef:26:ac:2f:db:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c04e01231b1db820b1f5d542834ab05f693fd78
        Validity
            Not Before: Jan  1 20:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60e185966955dbf589a97262a662b1a3e513ec5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:02:91:70:d3:96:57:e0:67:e4:f7:f3:55:b0:
                    90:4d:4e:a4:74:83:a6:46:67:26:60:e0:b2:18:36:
                    7c:05:52:3b:c2:67:7c:f7:fd:85:56:f3:03:f9:92:
                    15:5c:84:ce:b8:ad:90:b0:42:44:bd:19:80:bc:d2:
                    d7:ec:99:5b:66:b3:85:c1:ba:33:44:24:50:6b:e6:
                    ae:90:32:b7:41:08:30:b5:d1:15:88:11:40:1d:27:
                    34:29:dd:4f:4e:09:b4:6e:c4:f3:f9:5e:2d:bb:27:
                    98:58:e8:76:71:95:db:00:93:20:f6:c7:52:76:b2:
                    c0:88:d2:a3:2d:05:ef:6d:1a:ca:4a:54:65:b6:f4:
                    80:32:6c:24:6e:5b:2c:20:25:ac:8c:74:70:3c:24:
                    12:ac:8c:9c:fd:5b:cd:22:94:57:6d:8d:53:d0:3e:
                    7d:4b:9a:cd:36:b4:2f:0e:0f:7d:69:42:a7:0e:e4:
                    7f:01:77:2f:e6:fa:b7:78:56:a3:f4:af:66:e1:f0:
                    5e:18:cd:51:dd:8b:29:47:16:ff:2c:57:5f:58:d7:
                    b7:c1:02:01:05:f4:bd:86:0c:7d:13:90:76:0c:86:
                    53:2b:28:fa:78:d7:13:98:cf:67:4a:95:7b:ef:f9:
                    20:f4:a6:83:b8:d4:3c:ea:60:6e:46:d1:f2:67:09:
                    e4:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:E1:85:96:69:55:DB:F5:89:A9:72:62:A6:62:B1:A3:E5:13:EC:5B
            X509v3 Authority Key Identifier:
                keyid:4C:04:E0:12:31:B1:DB:82:0B:1F:5D:54:28:34:AB:05:F6:93:FD:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TATgEjGx24ILH11UKDSrBfaT_Xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/be8143-a408-49ab-a147-cda117fe830d/1/YOGFlmlV2_WJqXJipmKxo-UT7Fs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/be8143-a408-49ab-a147-cda117fe830d/1/TATgEjGx24ILH11UKDSrBfaT_Xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4480::/32

    Signature Algorithm: sha256WithRSAEncryption
         66:c7:bb:f7:ac:5a:0e:43:31:0f:b1:6c:b3:8e:21:8f:14:5f:
         98:87:33:d9:9c:1f:19:0a:34:f5:5b:32:f0:30:ee:55:63:55:
         d5:21:c1:1a:7d:d6:f1:36:80:ea:e5:9e:0b:71:4c:11:4b:a2:
         1a:3d:35:9f:95:26:17:ad:82:e0:79:3a:30:45:81:de:f4:b2:
         a3:67:07:5e:d3:59:f0:e1:74:cc:b3:15:d8:50:54:4a:12:54:
         8d:9b:8f:33:de:24:c6:70:7a:f6:54:5d:c4:aa:22:ac:b6:c3:
         bb:07:7d:8e:ad:5b:71:92:8f:3f:66:7c:8b:a1:68:ed:3d:60:
         4d:e3:d1:94:76:46:97:47:03:1c:35:05:94:54:07:9b:5c:e0:
         3d:0e:e0:fa:7f:6e:a1:fd:fd:37:23:f7:7e:c1:f1:5f:5b:08:
         1b:9c:2f:ab:5d:1a:ac:85:97:42:7f:0f:cf:7f:4e:4c:05:e6:
         92:dd:29:af:cb:93:71:03:2b:74:ba:94:af:28:97:d2:ca:d4:
         eb:a9:00:47:c6:8d:32:0a:43:3b:d9:71:d6:66:f3:75:83:58:
         c8:df:d2:31:9f:bb:53:e2:cc:2b:e2:ff:37:fc:61:78:37:fe:
         51:a7:22:1f:49:0d:60:14:4f:02:0f:06:18:ae:30:4b:d3:0e:
         b2:96:d5:c5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGuEJdggwAHWgj7yasL9sKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMDRlMDEyMzFiMWRiODIwYjFmNWQ1NDI4MzRhYjA1ZjY5
M2ZkNzgwHhcNMjQwMTAxMjAzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGUxODU5NjY5NTVkYmY1ODlhOTcyNjJhNjYyYjFhM2U1MTNlYzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQKRcNOWV+Bn5PfzVbCQTU6kdIOm
RmcmYOCyGDZ8BVI7wmd89/2FVvMD+ZIVXITOuK2QsEJEvRmAvNLX7JlbZrOFwboz
RCRQa+aukDK3QQgwtdEViBFAHSc0Kd1PTgm0bsTz+V4tuyeYWOh2cZXbAJMg9sdS
drLAiNKjLQXvbRrKSlRltvSAMmwkblssICWsjHRwPCQSrIyc/VvNIpRXbY1T0D59
S5rNNrQvDg99aUKnDuR/AXcv5vq3eFaj9K9m4fBeGM1R3YspRxb/LFdfWNe3wQIB
BfS9hgx9E5B2DIZTKyj6eNcTmM9nSpV77/kg9KaDuNQ86mBuRtHyZwnkbQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGDhhZZpVdv1ialyYqZisaPlE+xbMB8GA1UdIwQY
MBaAFEwE4BIxsduCCx9dVCg0qwX2k/14MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEFUZ0VqR3gyNElMSDExVUtEU3JCZmFUX1hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9iZTgxNDMtYTQwOC00OWFiLWExNDct
Y2RhMTE3ZmU4MzBkLzEvWU9HRmxtbFYyX1dKcVhKaXBtS3hvLVVUN0ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9iZTgxNDMtYTQwOC00OWFiLWExNDctY2RhMTE3ZmU4MzBk
LzEvVEFUZ0VqR3gyNElMSDExVUtEU3JCZmFUX1hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5EgDAN
BgkqhkiG9w0BAQsFAAOCAQEAZse796xaDkMxD7Fss44hjxRfmIcz2ZwfGQo09Vsy
8DDuVWNV1SHBGn3W8TaA6uWeC3FMEUuiGj01n5UmF62C4Hk6MEWB3vSyo2cHXtNZ
8OF0zLMV2FBUShJUjZuPM94kxnB69lRdxKoirLbDuwd9jq1bcZKPP2Z8i6Fo7T1g
TePRlHZGl0cDHDUFlFQHm1zgPQ7g+n9uof39NyP3fsHxX1sIG5wvq10arIWXQn8P
z39OTAXmkt0pr8uTcQMrdLqUryiX0srU66kAR8aNMgpDO9lx1mbzdYNYyN/SMZ+7
U+LMK+L/N/xheDf+UaciH0kNYBRPAg8GGK4wS9MOspbVxQ==
-----END CERTIFICATE-----