Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/FY0h06ON8EJRgYOpw112Fe7lQPY.roa
File:                     FY0h06ON8EJRgYOpw112Fe7lQPY.roa (raw, json)
Hash identifier:          wSOpqGKxU0M3P9JulY3TIPJrRAc3rHCyqulInI22dRs=
Subject key identifier:   15:8D:21:D3:A3:8D:F0:42:51:81:83:A9:C3:5D:76:15:EE:E5:40:F6
Certificate issuer:       /CN=ce37ca3abca5e14ac11bc7f3c1562a64d6391d22
Certificate serial:       018CC348ECC4F92EC571B044F6DBED951233
Authority key identifier: CE:37:CA:3A:BC:A5:E1:4A:C1:1B:C7:F3:C1:56:2A:64:D6:39:1D:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zjfKOryl4UrBG8fzwVYqZNY5HSI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/FY0h06ON8EJRgYOpw112Fe7lQPY.roa
Signing time:             Mon 01 Jan 2024 04:29:45 +0000
ROA not before:           Mon 01 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212748
IP address blocks:        2a0e:b2c4::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/zjfKOryl4UrBG8fzwVYqZNY5HSI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/zjfKOryl4UrBG8fzwVYqZNY5HSI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zjfKOryl4UrBG8fzwVYqZNY5HSI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ec:c4:f9:2e:c5:71:b0:44:f6:db:ed:95:12:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce37ca3abca5e14ac11bc7f3c1562a64d6391d22
        Validity
            Not Before: Jan  1 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=158d21d3a38df042518183a9c35d7615eee540f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:98:53:d1:b5:0d:27:58:a5:55:5b:3f:bd:3a:
                    be:db:e6:4b:81:78:c7:f3:94:cf:4c:a0:df:21:8c:
                    40:37:e1:45:81:9a:29:c8:f1:ff:a2:cc:78:89:18:
                    01:1e:4f:16:28:45:c9:59:9a:bf:14:65:62:60:e5:
                    ba:69:77:fd:b9:98:0a:fc:6f:1c:79:30:da:c4:89:
                    a7:9e:dc:74:3c:d9:64:9a:c2:16:52:ca:a5:29:57:
                    be:3d:89:6b:fb:dc:8c:04:fb:19:d4:90:7b:63:fc:
                    9e:c2:ae:d4:a4:73:b8:3c:f8:a0:8b:99:20:56:af:
                    d5:44:ef:55:3b:cb:9b:b2:a0:33:d7:7f:63:a7:70:
                    40:fb:dc:3a:23:04:1d:3a:c2:44:df:d8:f7:7e:ee:
                    9c:8b:42:49:0d:95:ef:39:cb:3d:6c:52:9c:f2:1b:
                    a3:2f:5c:10:4d:8e:2f:81:1e:36:82:f5:75:d6:f5:
                    0f:7c:d0:f3:ef:0b:7b:98:18:93:73:d8:de:01:6c:
                    5d:05:16:0c:09:dd:51:8d:8a:a5:2c:ff:65:10:47:
                    1b:46:50:39:e2:1e:d7:84:e6:06:c7:ec:fd:3c:7a:
                    e4:2f:9e:17:63:89:42:e9:eb:2a:e8:55:e6:c4:d0:
                    17:b1:bc:a0:d5:49:9d:c2:d4:19:78:03:bd:ec:7b:
                    6e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:8D:21:D3:A3:8D:F0:42:51:81:83:A9:C3:5D:76:15:EE:E5:40:F6
            X509v3 Authority Key Identifier:
                keyid:CE:37:CA:3A:BC:A5:E1:4A:C1:1B:C7:F3:C1:56:2A:64:D6:39:1D:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zjfKOryl4UrBG8fzwVYqZNY5HSI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/FY0h06ON8EJRgYOpw112Fe7lQPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/zjfKOryl4UrBG8fzwVYqZNY5HSI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b2c4::/30

    Signature Algorithm: sha256WithRSAEncryption
         51:a9:c2:c5:39:f8:27:e6:c4:44:ad:f8:9e:fe:42:9b:fd:0a:
         c3:4a:e2:fb:50:58:b3:bb:2d:f2:0f:16:b6:c1:4a:60:2e:0b:
         74:90:48:44:14:a6:ba:03:57:61:13:91:10:1e:d1:12:ea:e8:
         bb:ad:e6:df:1f:62:57:3b:83:08:f1:34:f0:74:71:f6:65:7f:
         26:8b:04:5b:87:06:59:26:e7:dc:2d:4b:1e:5f:3c:45:cf:6f:
         2b:a2:8d:32:91:58:d6:0a:21:9c:b5:14:a5:88:05:bd:65:98:
         2c:ca:5c:b7:26:6d:65:ff:7e:e9:91:4c:32:96:25:3a:f3:6e:
         b7:a9:d8:1c:16:cd:e0:6f:64:2d:07:f0:15:a3:fb:35:68:ad:
         94:c9:20:06:bb:06:c3:27:ec:25:84:42:80:3f:85:c3:d8:c5:
         7d:45:05:ec:10:4e:4e:cc:c5:b7:ed:6c:a7:91:cf:8a:4a:56:
         95:ea:84:e0:14:f8:7c:ab:65:9c:29:d4:1e:9a:55:6c:65:99:
         b4:6f:97:da:e7:6d:c0:bb:7a:f7:b5:35:6d:74:b1:8a:d4:7c:
         f7:bd:5c:4e:84:b3:df:45:1f:de:35:56:1a:1f:c6:31:7e:d5:
         14:05:86:90:e6:bf:5c:53:37:d4:b8:70:2a:24:65:bc:8c:b7:
         ab:c0:df:7d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSOzE+S7FcbBE9tvtlRIzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlMzdjYTNhYmNhNWUxNGFjMTFiYzdmM2MxNTYyYTY0ZDYz
OTFkMjIwHhcNMjQwMTAxMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNThkMjFkM2EzOGRmMDQyNTE4MTgzYTljMzVkNzYxNWVlZTU0MGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZhT0bUNJ1ilVVs/vTq+2+ZLgXjH
85TPTKDfIYxAN+FFgZopyPH/osx4iRgBHk8WKEXJWZq/FGViYOW6aXf9uZgK/G8c
eTDaxImnntx0PNlkmsIWUsqlKVe+PYlr+9yMBPsZ1JB7Y/yewq7UpHO4PPigi5kg
Vq/VRO9VO8ubsqAz139jp3BA+9w6IwQdOsJE39j3fu6ci0JJDZXvOcs9bFKc8huj
L1wQTY4vgR42gvV11vUPfNDz7wt7mBiTc9jeAWxdBRYMCd1RjYqlLP9lEEcbRlA5
4h7XhOYGx+z9PHrkL54XY4lC6esq6FXmxNAXsbyg1UmdwtQZeAO97Htu8wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBWNIdOjjfBCUYGDqcNddhXu5UD2MB8GA1UdIwQY
MBaAFM43yjq8peFKwRvH88FWKmTWOR0iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvempmS09yeWw0VXJCRzhmendWWXFaTlk1SFNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9iZTY2YmYtNTYxYy00ZDU1LTgyNmQt
MDM4MDM1ZDgwYzBiLzEvRlkwaDA2T044RUpSZ1lPcHcxMTJGZTdsUVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9iZTY2YmYtNTYxYy00ZDU1LTgyNmQtMDM4MDM1ZDgwYzBi
LzEvempmS09yeWw0VXJCRzhmendWWXFaTlk1SFNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUCKg6yxDAN
BgkqhkiG9w0BAQsFAAOCAQEAUanCxTn4J+bERK34nv5Cm/0Kw0ri+1BYs7st8g8W
tsFKYC4LdJBIRBSmugNXYROREB7REurou63m3x9iVzuDCPE08HRx9mV/JosEW4cG
WSbn3C1LHl88Rc9vK6KNMpFY1gohnLUUpYgFvWWYLMpctyZtZf9+6ZFMMpYlOvNu
t6nYHBbN4G9kLQfwFaP7NWitlMkgBrsGwyfsJYRCgD+Fw9jFfUUF7BBOTszFt+1s
p5HPikpWleqE4BT4fKtlnCnUHppVbGWZtG+X2udtwLt697U1bXSxitR8971cToSz
30Uf3jVWGh/GMX7VFAWGkOa/XFM31LhwKiRlvIy3q8DffQ==
-----END CERTIFICATE-----