Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/YWFFDSZv42NMZItH0xWdbjCI9Mc.roa
File:                     YWFFDSZv42NMZItH0xWdbjCI9Mc.roa (raw, json)
Hash identifier:          trXQzZruHf1X6IZZrDzPpKFQ4Mc4ExyMvIQSSRMmbJA=
Subject key identifier:   61:61:45:0D:26:6F:E3:63:4C:64:8B:47:D3:15:9D:6E:30:88:F4:C7
Certificate issuer:       /CN=f50bae60970a2dfc86dd607c5b915ad5c534b413
Certificate serial:       018CC3B6B3625D984723577481B8D2CF8330
Authority key identifier: F5:0B:AE:60:97:0A:2D:FC:86:DD:60:7C:5B:91:5A:D5:C5:34:B4:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/YWFFDSZv42NMZItH0xWdbjCI9Mc.roa
Signing time:             Mon 01 Jan 2024 06:29:39 +0000
ROA not before:           Mon 01 Jan 2024 06:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212804
IP address blocks:        2a0a:2785::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 21:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b3:62:5d:98:47:23:57:74:81:b8:d2:cf:83:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f50bae60970a2dfc86dd607c5b915ad5c534b413
        Validity
            Not Before: Jan  1 06:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6161450d266fe3634c648b47d3159d6e3088f4c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c6:7f:8c:9c:5f:81:2e:71:38:54:76:dc:26:
                    d0:4c:35:95:d3:5b:74:aa:8d:e2:6d:e3:b4:14:b0:
                    13:98:57:ac:6c:6b:9a:a4:34:3e:04:f8:50:7e:67:
                    d9:b4:3f:b6:08:c8:97:c7:86:30:0b:b1:68:0e:c2:
                    f2:5a:29:fd:b1:3a:06:07:14:19:73:80:35:28:c8:
                    f8:07:59:23:be:7e:4a:9f:58:a2:1d:4a:8d:bd:57:
                    48:b5:a1:d9:54:bc:7a:05:5e:bb:09:f0:59:fe:65:
                    10:36:22:c9:4d:e2:f2:7f:e4:6c:a9:e9:1f:c2:fa:
                    83:96:38:2a:14:74:e7:9c:c2:66:bb:b7:96:4a:7c:
                    6d:da:52:1d:ae:be:f4:db:30:8d:64:35:0d:ed:fa:
                    34:ac:81:ef:35:68:c9:9d:aa:05:28:53:7a:42:89:
                    f1:53:b8:4b:f4:a4:a4:5d:b4:21:94:89:ec:d6:4c:
                    fb:79:fb:26:d7:45:fb:2b:bc:85:94:c3:69:1a:8a:
                    62:92:e4:ee:23:fc:2c:67:e2:39:eb:4b:b2:2c:85:
                    f5:30:0e:64:26:8b:06:85:6a:82:07:7f:68:61:50:
                    fc:3b:87:e3:63:97:f3:6d:0b:78:1f:df:8c:b5:db:
                    0d:09:dd:6d:c4:28:cc:d1:ee:87:35:a1:e0:b8:ad:
                    e2:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:61:45:0D:26:6F:E3:63:4C:64:8B:47:D3:15:9D:6E:30:88:F4:C7
            X509v3 Authority Key Identifier:
                keyid:F5:0B:AE:60:97:0A:2D:FC:86:DD:60:7C:5B:91:5A:D5:C5:34:B4:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/YWFFDSZv42NMZItH0xWdbjCI9Mc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2785::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:97:08:0f:43:3e:f3:b3:58:b5:3c:d6:0c:8e:08:5a:cc:69:
         41:61:eb:7a:4b:5e:ac:d7:5f:b4:b2:27:8f:00:bf:de:06:57:
         82:0b:2c:bf:5f:71:4e:f5:0f:1e:b2:15:ef:f1:24:32:cf:35:
         24:b4:b1:25:c6:2a:01:98:5e:7e:65:51:1b:e6:7b:9c:79:68:
         9c:c0:72:98:48:54:5a:63:0c:8b:41:90:54:51:14:f3:ca:06:
         37:b5:57:bd:b4:64:d5:8e:2c:de:9d:04:4a:42:69:c9:aa:91:
         b2:50:2c:01:3f:69:90:dd:db:ad:3d:69:9d:78:55:22:84:46:
         c8:92:0a:e3:af:53:10:a0:ae:a0:2e:d2:27:4c:79:64:7f:b5:
         31:f9:82:60:71:ba:41:5d:d9:7b:e9:b6:04:a6:e4:0a:8f:56:
         b0:ea:35:4d:0c:2a:9e:b7:9c:03:88:f8:6e:f5:87:be:9a:a4:
         5c:e0:9f:77:57:5c:1a:f7:37:33:2f:1e:46:86:3c:2e:c3:b6:
         77:be:8a:bf:93:4a:8c:70:c9:8c:fe:c2:c6:f9:f5:e4:c6:ce:
         ce:7a:02:fc:c9:69:9b:fb:78:5b:f0:8c:cb:8d:0f:c5:c7:b7:
         e3:09:38:8d:59:72:aa:a9:06:98:5c:57:01:e2:2c:5a:3c:28:
         a1:f9:bc:58
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDtrNiXZhHI1d0gbjSz4MwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MGJhZTYwOTcwYTJkZmM4NmRkNjA3YzViOTE1YWQ1YzUz
NGI0MTMwHhcNMjQwMTAxMDYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTYxNDUwZDI2NmZlMzYzNGM2NDhiNDdkMzE1OWQ2ZTMwODhmNGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8Z/jJxfgS5xOFR23CbQTDWV01t0
qo3ibeO0FLATmFesbGuapDQ+BPhQfmfZtD+2CMiXx4YwC7FoDsLyWin9sToGBxQZ
c4A1KMj4B1kjvn5Kn1iiHUqNvVdItaHZVLx6BV67CfBZ/mUQNiLJTeLyf+Rsqekf
wvqDljgqFHTnnMJmu7eWSnxt2lIdrr702zCNZDUN7fo0rIHvNWjJnaoFKFN6Qonx
U7hL9KSkXbQhlIns1kz7efsm10X7K7yFlMNpGopikuTuI/wsZ+I560uyLIX1MA5k
JosGhWqCB39oYVD8O4fjY5fzbQt4H9+MtdsNCd1txCjM0e6HNaHguK3inQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGFhRQ0mb+NjTGSLR9MVnW4wiPTHMB8GA1UdIwQY
MBaAFPULrmCXCi38ht1gfFuRWtXFNLQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVF1dVlKY0tMZnlHM1dCOFc1RmExY1UwdEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9mNzFkY2ItOWU5Mi00NGU3LWIwNDIt
MzY2NTA2N2RiMjU2LzEvWVdGRkRTWnY0Mk5NWkl0SDB4V2RiakNJOU1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9mNzFkY2ItOWU5Mi00NGU3LWIwNDItMzY2NTA2N2RiMjU2
LzEvOVF1dVlKY0tMZnlHM1dCOFc1RmExY1UwdEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgonhTAN
BgkqhkiG9w0BAQsFAAOCAQEARZcID0M+87NYtTzWDI4IWsxpQWHrekterNdftLIn
jwC/3gZXggssv19xTvUPHrIV7/EkMs81JLSxJcYqAZhefmVRG+Z7nHlonMBymEhU
WmMMi0GQVFEU88oGN7VXvbRk1Y4s3p0ESkJpyaqRslAsAT9pkN3brT1pnXhVIoRG
yJIK469TEKCuoC7SJ0x5ZH+1MfmCYHG6QV3Ze+m2BKbkCo9WsOo1TQwqnrecA4j4
bvWHvpqkXOCfd1dcGvc3My8eRoY8LsO2d76Kv5NKjHDJjP7Cxvn15MbOznoC/Mlp
m/t4W/CMy40Pxce34wk4jVlyqqkGmFxXAeIsWjwoofm8WA==
-----END CERTIFICATE-----