Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/YN6w0LBz-JWegc4A_NyPFJKE9ds.roa
File:                     YN6w0LBz-JWegc4A_NyPFJKE9ds.roa (raw, json)
Hash identifier:          apKehVNWTye3f2sphPpTFQRAy4nLSZM072jqr8LbZII=
Subject key identifier:   60:DE:B0:D0:B0:73:F8:95:9E:81:CE:00:FC:DC:8F:14:92:84:F5:DB
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       0191EB8949DE22221DDE6D6D70D24B9F872E
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/YN6w0LBz-JWegc4A_NyPFJKE9ds.roa
Signing time:             Fri 13 Sep 2024 13:18:48 +0000
ROA not before:           Fri 13 Sep 2024 13:18:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206873
IP address blocks:        2a0d:b9c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:eb:89:49:de:22:22:1d:de:6d:6d:70:d2:4b:9f:87:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Sep 13 13:18:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60deb0d0b073f8959e81ce00fcdc8f149284f5db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c3:43:ee:b9:e1:74:cf:c3:a0:93:f4:d7:59:
                    c3:f3:30:f4:f6:9c:fa:f9:87:b0:8e:c5:15:1e:16:
                    9e:f4:cd:8a:cb:a6:44:30:9b:40:a0:02:a4:82:46:
                    8b:ec:54:e5:2f:f1:e3:23:aa:60:e9:a1:17:e2:a9:
                    e5:7b:24:a0:2b:9b:29:35:b4:6c:2c:8a:9e:b3:f0:
                    b2:bd:24:a1:ba:06:bd:a8:9c:40:50:24:85:56:49:
                    6e:16:63:10:2e:3b:79:ac:a7:fa:6a:57:29:f9:59:
                    4d:75:a3:13:3c:42:e8:50:55:30:ab:c8:9e:7b:23:
                    07:0c:1f:5e:d8:63:95:b6:cb:4f:34:5e:4a:ab:dc:
                    95:fd:e3:5f:3c:eb:19:74:35:0b:80:1e:bf:a3:ac:
                    e3:48:aa:1f:72:8d:ec:52:3a:e2:75:c8:65:71:dd:
                    82:fe:1e:9e:3e:31:55:c7:55:31:3d:9b:ac:d4:ad:
                    04:55:92:a9:39:5d:04:9e:26:32:21:60:24:80:a8:
                    6c:84:21:f4:6b:bb:70:28:7a:70:12:40:5d:d4:8f:
                    22:64:bc:98:f3:4a:51:71:7c:88:5c:cc:b8:9a:ff:
                    f5:db:8f:86:e6:78:fd:5f:92:c8:5b:d2:34:a1:05:
                    9f:02:1c:1d:72:67:c9:67:8b:3e:09:4e:11:5c:fb:
                    ac:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:DE:B0:D0:B0:73:F8:95:9E:81:CE:00:FC:DC:8F:14:92:84:F5:DB
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/YN6w0LBz-JWegc4A_NyPFJKE9ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:b9c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:48:76:7e:0b:cb:b1:3d:e3:37:87:0f:2a:fb:1e:1b:c4:65:
         c4:e5:b0:38:28:81:5e:bd:5a:4f:39:fc:03:08:c3:67:48:b4:
         ed:ab:10:03:98:49:9b:a4:ad:81:4c:5e:b6:b4:b2:b6:bf:a9:
         e4:c6:b9:16:10:c2:53:90:f7:12:ab:45:3b:cf:c4:bb:75:08:
         c9:98:6a:0d:09:77:d0:89:b2:76:b1:3e:29:5b:42:0f:aa:e6:
         bd:63:4b:99:80:7f:c1:05:04:27:2c:76:70:59:77:fc:e4:69:
         45:9c:22:bd:c8:75:32:25:2f:39:3e:c2:aa:4e:8e:92:1c:56:
         96:be:ff:23:09:33:33:bf:d9:94:1a:2c:d3:a5:64:66:51:0f:
         aa:f2:a9:de:dd:0f:20:13:08:72:7b:6c:95:33:f6:a2:6b:ab:
         8c:d1:f2:33:1a:3e:07:91:df:bc:3f:2e:d1:f9:44:5a:fb:f8:
         ef:97:dc:f8:d0:55:6c:7b:ea:b7:5a:83:ec:f4:07:a9:89:71:
         9e:25:a0:65:d5:7f:c4:ed:20:f5:d4:74:a6:b9:17:39:e8:b3:
         83:97:09:0b:13:1b:90:0a:a7:ef:36:cf:aa:98:c6:24:c3:95:
         c6:cb:a1:73:c1:24:a2:db:5e:a4:c6:d3:a3:0c:ee:c6:45:04:
         16:4e:d5:dc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZHriUneIiId3m1tcNJLn4cuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjQwOTEzMTMxODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGRlYjBkMGIwNzNmODk1OWU4MWNlMDBmY2RjOGYxNDkyODRmNWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8ND7rnhdM/DoJP011nD8zD09pz6
+YewjsUVHhae9M2Ky6ZEMJtAoAKkgkaL7FTlL/HjI6pg6aEX4qnleySgK5spNbRs
LIqes/CyvSShuga9qJxAUCSFVkluFmMQLjt5rKf6alcp+VlNdaMTPELoUFUwq8ie
eyMHDB9e2GOVtstPNF5Kq9yV/eNfPOsZdDULgB6/o6zjSKofco3sUjridchlcd2C
/h6ePjFVx1UxPZus1K0EVZKpOV0EniYyIWAkgKhshCH0a7twKHpwEkBd1I8iZLyY
80pRcXyIXMy4mv/124+G5nj9X5LIW9I0oQWfAhwdcmfJZ4s+CU4RXPus4wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGDesNCwc/iVnoHOAPzcjxSShPXbMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvWU42dzBMQnotSldlZ2M0QV9OeVBGSktFOWRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg25wDAN
BgkqhkiG9w0BAQsFAAOCAQEAb0h2fgvLsT3jN4cPKvseG8RlxOWwOCiBXr1aTzn8
AwjDZ0i07asQA5hJm6StgUxetrSytr+p5Ma5FhDCU5D3EqtFO8/Eu3UIyZhqDQl3
0ImydrE+KVtCD6rmvWNLmYB/wQUEJyx2cFl3/ORpRZwivch1MiUvOT7Cqk6OkhxW
lr7/IwkzM7/ZlBos06VkZlEPqvKp3t0PIBMIcntslTP2omurjNHyMxo+B5HfvD8u
0flEWvv475fc+NBVbHvqt1qD7PQHqYlxniWgZdV/xO0g9dR0prkXOeizg5cJCxMb
kAqn7zbPqpjGJMOVxsuhc8EkottepMbTowzuxkUEFk7V3A==
-----END CERTIFICATE-----