Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/YMd3qlEPMVBTUCZnS-kA6K-iQbw.roa
File:                     YMd3qlEPMVBTUCZnS-kA6K-iQbw.roa (raw, json)
Hash identifier:          4nVnBk6VV6+Lr+uvhp1NnMPOQVxHfUJUufs6gCiHrgE=
Subject key identifier:   60:C7:77:AA:51:0F:31:50:53:50:26:67:4B:E9:00:E8:AF:A2:41:BC
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       0192B023EBB143510C18EBE8C043CE8FBF91
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/YMd3qlEPMVBTUCZnS-kA6K-iQbw.roa
Signing time:             Mon 21 Oct 2024 17:33:16 +0000
ROA not before:           Mon 21 Oct 2024 17:33:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212128
IP address blocks:        2a0d:95c3::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b0:23:eb:b1:43:51:0c:18:eb:e8:c0:43:ce:8f:bf:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Oct 21 17:33:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60c777aa510f3150535026674be900e8afa241bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e5:e3:1c:ec:89:c5:ff:ef:ad:6b:35:cb:8b:
                    21:c7:37:e8:b8:20:f8:ef:11:16:4b:44:0c:f6:79:
                    19:35:e6:aa:54:8a:08:b9:3a:45:0d:6a:45:a8:4c:
                    1b:d3:8b:11:3d:76:38:be:93:d7:d7:6e:f3:51:cb:
                    d6:67:ff:30:ef:e0:fd:dd:cd:c6:b6:77:ed:e9:ab:
                    05:84:52:5f:a7:77:63:3c:a7:56:83:3d:2c:0f:41:
                    2e:c8:06:64:a3:ea:e1:0f:93:e8:51:4b:74:1d:12:
                    b8:99:e8:bd:8f:6a:b8:ed:3c:42:6d:98:7e:7d:ba:
                    1b:09:cf:43:87:75:75:f8:60:c1:df:cc:d4:b0:4c:
                    93:2c:52:2e:2d:91:4e:de:2a:6b:8b:5c:00:14:82:
                    3b:72:17:44:be:33:73:a3:ae:6a:5a:c4:63:5a:80:
                    29:3c:9b:67:9b:06:d5:69:8a:54:56:1f:ba:9b:df:
                    c5:cd:03:43:2b:18:65:12:23:a6:0a:c5:55:4b:c7:
                    b6:56:ff:c9:b7:b8:c4:3c:34:ae:ea:06:91:51:fc:
                    36:3a:aa:b5:7e:c5:90:b9:98:9a:41:4d:fd:f9:0f:
                    2c:b3:91:bc:e9:29:29:2f:1d:7a:36:74:90:83:ed:
                    61:e3:a9:6b:56:50:1d:d8:db:95:ed:90:d9:d2:37:
                    84:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:C7:77:AA:51:0F:31:50:53:50:26:67:4B:E9:00:E8:AF:A2:41:BC
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/YMd3qlEPMVBTUCZnS-kA6K-iQbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:95c3::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:d3:58:d6:6f:78:a6:7e:21:2b:6e:36:96:2f:8f:29:95:97:
         6b:15:0f:b6:87:67:0d:62:cd:02:70:b9:8e:86:4a:90:15:ea:
         20:73:be:9c:c5:98:8a:dd:67:aa:5d:61:95:a0:f8:d0:1c:ab:
         5c:4f:61:c1:9b:04:e0:24:d8:91:22:b2:48:24:c8:a4:3a:ac:
         b2:d5:45:b6:0f:90:98:cc:fc:fd:29:2b:6d:f7:c9:04:cf:3a:
         30:11:21:ec:33:02:8e:3f:c1:a2:38:6c:a3:82:e6:47:f4:2c:
         94:5d:db:80:be:dc:b3:9a:b8:c6:cb:f8:20:bb:cd:5b:cc:c6:
         0c:fa:ec:46:f5:25:90:f8:69:79:4c:e7:9b:f4:6d:cf:59:54:
         c1:aa:e3:e1:84:86:4f:f2:8f:df:37:7f:9a:ed:06:cb:00:86:
         af:dc:f7:5a:79:cd:29:e1:9b:35:27:c4:27:94:77:cb:f3:0d:
         47:31:e2:ae:25:22:d2:bd:29:d6:bb:1f:0c:a5:a0:c2:ab:b0:
         22:3b:3c:30:29:73:f8:5c:ea:15:b9:af:cb:ba:e0:9e:9c:89:
         16:5b:4a:4e:00:98:dc:ce:4f:ff:b4:b0:e8:58:4b:9b:3a:35:
         52:2a:60:5d:f7:25:fb:b7:c4:b3:ee:90:1b:6d:48:21:84:f3:
         e2:e1:93:e9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZKwI+uxQ1EMGOvowEPOj7+RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQxMDIxMTczMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGM3NzdhYTUxMGYzMTUwNTM1MDI2Njc0YmU5MDBlOGFmYTI0MWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOXjHOyJxf/vrWs1y4shxzfouCD4
7xEWS0QM9nkZNeaqVIoIuTpFDWpFqEwb04sRPXY4vpPX127zUcvWZ/8w7+D93c3G
tnft6asFhFJfp3djPKdWgz0sD0EuyAZko+rhD5PoUUt0HRK4mei9j2q47TxCbZh+
fbobCc9Dh3V1+GDB38zUsEyTLFIuLZFO3ipri1wAFII7chdEvjNzo65qWsRjWoAp
PJtnmwbVaYpUVh+6m9/FzQNDKxhlEiOmCsVVS8e2Vv/Jt7jEPDSu6gaRUfw2Oqq1
fsWQuZiaQU39+Q8ss5G86SkpLx16NnSQg+1h46lrVlAd2NuV7ZDZ0jeEAwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGDHd6pRDzFQU1AmZ0vpAOivokG8MB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvWU1kM3FsRVBNVkJUVUNablMta0E2Sy1pUWJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg2VwzAN
BgkqhkiG9w0BAQsFAAOCAQEAodNY1m94pn4hK242li+PKZWXaxUPtodnDWLNAnC5
joZKkBXqIHO+nMWYit1nql1hlaD40ByrXE9hwZsE4CTYkSKySCTIpDqsstVFtg+Q
mMz8/SkrbffJBM86MBEh7DMCjj/Bojhso4LmR/QslF3bgL7cs5q4xsv4ILvNW8zG
DPrsRvUlkPhpeUznm/Rtz1lUwarj4YSGT/KP3zd/mu0GywCGr9z3WnnNKeGbNSfE
J5R3y/MNRzHiriUi0r0p1rsfDKWgwquwIjs8MClz+FzqFbmvy7rgnpyJFltKTgCY
3M5P/7Sw6FhLmzo1UipgXfcl+7fEs+6QG21IIYTz4uGT6Q==
-----END CERTIFICATE-----