Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/YJbSI7nFTtFH5KLHvtbSRARLtY8.roa
File:                     YJbSI7nFTtFH5KLHvtbSRARLtY8.roa (raw, json)
Hash identifier:          t0B1JfzA7Y0qknLMFlefU1csweaK2D7RQS7edYPJgGM=
Subject key identifier:   60:96:D2:23:B9:C5:4E:D1:47:E4:A2:C7:BE:D6:D2:44:04:4B:B5:8F
Certificate issuer:       /CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
Certificate serial:       0191A6A256941D9BF87423491E56183EE229
Authority key identifier: 69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/YJbSI7nFTtFH5KLHvtbSRARLtY8.roa
Signing time:             Sat 31 Aug 2024 04:12:22 +0000
ROA not before:           Sat 31 Aug 2024 04:12:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215223
IP address blocks:        2a01:e281:a300::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 20:25:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a6:a2:56:94:1d:9b:f8:74:23:49:1e:56:18:3e:e2:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
        Validity
            Not Before: Aug 31 04:12:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6096d223b9c54ed147e4a2c7bed6d244044bb58f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:3e:8c:5d:d8:5f:5c:e0:c8:3e:d7:e5:05:be:
                    2e:ea:89:39:87:31:15:a7:99:7f:0d:30:d0:0b:a1:
                    8f:09:47:fe:90:91:c2:13:c3:ba:ad:c0:be:fb:a7:
                    6f:3f:cb:ab:5a:1d:83:b8:46:b4:21:de:c8:ad:18:
                    fa:2a:80:bb:a6:e1:f7:89:7d:59:a1:4e:b7:ac:28:
                    a4:6c:9b:ce:f8:e7:e8:01:df:f2:02:63:8f:a8:9c:
                    6c:5b:b0:09:00:e1:4c:dd:54:5b:e9:76:8d:d5:60:
                    62:28:54:eb:4c:a8:dd:61:ad:b2:bb:75:22:9a:4d:
                    ca:51:47:5a:2c:e7:be:73:11:e0:0a:05:99:3e:51:
                    1b:00:4c:af:9d:28:52:9f:ca:bc:5b:31:5a:32:57:
                    a7:0f:62:f6:d2:cb:17:2e:74:0d:c0:72:cd:72:c1:
                    9c:52:a2:66:29:cb:bf:df:69:f2:e4:19:86:b0:8e:
                    03:56:f5:fc:9e:48:80:84:b5:c0:b1:37:9e:cc:e3:
                    a6:31:77:39:cc:80:a7:33:fb:56:74:3a:b4:42:f2:
                    ec:f1:3a:80:23:4b:8c:95:d4:5e:78:4d:50:7b:7a:
                    15:71:15:bd:7e:6b:a5:e6:c2:94:49:53:cf:91:f0:
                    c8:29:12:d3:02:23:d2:cd:9c:b2:2a:15:02:e8:96:
                    88:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:96:D2:23:B9:C5:4E:D1:47:E4:A2:C7:BE:D6:D2:44:04:4B:B5:8F
            X509v3 Authority Key Identifier:
                keyid:69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/YJbSI7nFTtFH5KLHvtbSRARLtY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e281:a300::/40

    Signature Algorithm: sha256WithRSAEncryption
         b0:ce:7e:ce:54:60:26:f8:32:8a:94:0a:5f:2a:e3:b7:84:e7:
         79:14:c8:33:a9:8e:c9:13:71:dd:68:b9:ae:6c:96:42:2c:c2:
         f0:6b:32:63:fe:eb:d4:ef:60:df:89:20:06:85:5d:69:5e:38:
         e6:9f:e2:88:ec:71:00:c6:e6:3b:e1:88:41:db:2d:a6:11:bd:
         3e:30:86:71:f7:d3:dd:e1:67:1d:13:95:0e:b6:ca:a6:4f:f9:
         0f:d0:90:cd:9b:aa:95:7b:b7:e2:1c:88:ea:a7:09:25:6d:b6:
         2a:d4:6a:5a:c2:b2:c6:28:48:ff:cf:b5:25:77:17:b5:53:56:
         45:11:27:b1:9e:bc:5d:29:9e:b6:92:3b:08:ed:71:13:d3:43:
         a8:a8:9c:00:6d:ea:9d:65:f5:f6:d5:e6:ca:c0:ba:ae:16:ba:
         fb:ac:ad:20:13:5c:fc:25:eb:bc:d3:f0:c9:76:9f:dd:fc:9e:
         ac:a5:d3:80:fe:74:47:4b:ce:98:c6:33:24:bd:af:cc:45:52:
         1a:2b:dc:d6:27:ea:fb:5f:b2:b6:da:35:f8:b0:29:6d:43:6b:
         d9:ba:60:e2:05:6a:8c:fc:12:48:4f:23:81:a6:0c:fc:4e:ac:
         a7:dc:fa:b3:54:2a:82:a7:08:33:05:6a:b6:5f:87:91:c6:d0:
         f2:56:cc:72
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZGmolaUHZv4dCNJHlYYPuIpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZGJlMWU3ZDllODdkNjg3MDFhNDAzNWE3NmM1MWJmZWNk
ODhkODEwHhcNMjQwODMxMDQxMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDk2ZDIyM2I5YzU0ZWQxNDdlNGEyYzdiZWQ2ZDI0NDA0NGJiNThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnT6MXdhfXODIPtflBb4u6ok5hzEV
p5l/DTDQC6GPCUf+kJHCE8O6rcC++6dvP8urWh2DuEa0Id7IrRj6KoC7puH3iX1Z
oU63rCikbJvO+OfoAd/yAmOPqJxsW7AJAOFM3VRb6XaN1WBiKFTrTKjdYa2yu3Ui
mk3KUUdaLOe+cxHgCgWZPlEbAEyvnShSn8q8WzFaMlenD2L20ssXLnQNwHLNcsGc
UqJmKcu/32ny5BmGsI4DVvX8nkiAhLXAsTeezOOmMXc5zICnM/tWdDq0QvLs8TqA
I0uMldReeE1Qe3oVcRW9fmul5sKUSVPPkfDIKRLTAiPSzZyyKhUC6JaIlQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGCW0iO5xU7RR+Six77W0kQES7WPMB8GA1UdIwQY
MBaAFGnb4efZ6H1ocBpANadsUb/s2I2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWIt
OGQ5NDU1M2I3NWUxLzEvWUpiU0k3bkZUdEZINUtMSHZ0YlNSQVJMdFk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWItOGQ5NDU1M2I3NWUx
LzEvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgHigaMw
DQYJKoZIhvcNAQELBQADggEBALDOfs5UYCb4MoqUCl8q47eE53kUyDOpjskTcd1o
ua5slkIswvBrMmP+69TvYN+JIAaFXWleOOaf4ojscQDG5jvhiEHbLaYRvT4whnH3
093hZx0TlQ62yqZP+Q/QkM2bqpV7t+IciOqnCSVttirUalrCssYoSP/PtSV3F7VT
VkURJ7GevF0pnraSOwjtcRPTQ6ionABt6p1l9fbV5srAuq4WuvusrSATXPwl67zT
8Ml2n938nqyl04D+dEdLzpjGMyS9r8xFUhor3NYn6vtfsrbaNfiwKW1Da9m6YOIF
aoz8EkhPI4GmDPxOrKfc+rNUKoKnCDMFarZfh5HG0PJWzHI=
-----END CERTIFICATE-----