Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/yN8OkTCc-WWsxLzxU-rFmO66JtI.roa
File:                     yN8OkTCc-WWsxLzxU-rFmO66JtI.roa (raw, json)
Hash identifier:          E1gVICZoS1qgxatSf1EYD1Ef+rRi0nLAivk3KmjGANk=
Subject key identifier:   C8:DF:0E:91:30:9C:F9:65:AC:C4:BC:F1:53:EA:C5:98:EE:BA:26:D2
Certificate issuer:       /CN=27484956736549eab3b06e23aab89ca5993a8076
Certificate serial:       018EB040F9542A808DAA4760BEF4F0A8CA11
Authority key identifier: 27:48:49:56:73:65:49:EA:B3:B0:6E:23:AA:B8:9C:A5:99:3A:80:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J0hJVnNlSeqzsG4jqricpZk6gHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/yN8OkTCc-WWsxLzxU-rFmO66JtI.roa
Signing time:             Fri 05 Apr 2024 21:53:51 +0000
ROA not before:           Fri 05 Apr 2024 21:53:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397423
IP address blocks:        2a10:3b00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/J0hJVnNlSeqzsG4jqricpZk6gHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/J0hJVnNlSeqzsG4jqricpZk6gHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J0hJVnNlSeqzsG4jqricpZk6gHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:b0:40:f9:54:2a:80:8d:aa:47:60:be:f4:f0:a8:ca:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27484956736549eab3b06e23aab89ca5993a8076
        Validity
            Not Before: Apr  5 21:53:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8df0e91309cf965acc4bcf153eac598eeba26d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:79:f4:06:a3:af:f1:50:75:24:da:82:8c:2e:
                    77:47:01:fa:49:92:83:f7:f9:2a:ca:2b:23:ec:a8:
                    6e:5e:2f:0e:b8:42:c4:17:fe:17:71:90:e1:dd:1b:
                    d6:03:c0:4b:f6:69:f9:80:1d:dc:33:3f:72:a0:5e:
                    f8:4d:c2:b4:6d:34:7d:b7:98:78:3b:99:a8:55:89:
                    9e:9b:46:59:ec:10:35:fb:a2:cf:68:4d:55:33:5a:
                    ab:94:22:90:06:7f:1e:02:3e:34:a9:2d:d5:bc:aa:
                    25:95:00:9b:51:05:85:f3:b6:cf:8a:e2:9a:ec:e5:
                    ca:bd:23:90:86:9d:b7:73:ce:e6:38:cd:7e:c3:bf:
                    e7:3f:f7:0d:e4:29:77:fc:76:76:9b:41:2f:2a:54:
                    74:70:80:69:80:e7:d8:1b:5e:82:d0:30:a0:36:75:
                    02:94:e0:69:ce:02:b1:ab:cc:0a:01:58:c9:d8:2f:
                    5b:e9:45:79:2f:28:75:95:bc:a5:e9:34:02:8f:3d:
                    40:14:8c:75:f9:4a:d3:ee:f0:89:1e:9d:1d:25:24:
                    84:33:c0:cf:13:36:44:b6:47:99:60:17:ac:95:73:
                    8f:fd:f0:88:3a:c5:b9:65:e0:e1:05:82:e7:02:e2:
                    e3:ce:b3:15:03:92:f8:62:e5:ff:0c:4e:fd:9f:1a:
                    e7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:DF:0E:91:30:9C:F9:65:AC:C4:BC:F1:53:EA:C5:98:EE:BA:26:D2
            X509v3 Authority Key Identifier:
                keyid:27:48:49:56:73:65:49:EA:B3:B0:6E:23:AA:B8:9C:A5:99:3A:80:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J0hJVnNlSeqzsG4jqricpZk6gHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/yN8OkTCc-WWsxLzxU-rFmO66JtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/J0hJVnNlSeqzsG4jqricpZk6gHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:3b00::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:8c:c6:65:31:b6:a5:d9:2c:f1:00:bc:7c:da:8a:66:18:d5:
         ed:de:b4:bf:0d:9c:cd:69:c8:37:5e:ea:75:df:b3:71:59:0f:
         04:f3:11:59:07:50:6b:ef:20:0e:75:82:ec:47:3b:fe:df:68:
         de:b9:68:4d:0a:13:91:0b:fd:1a:10:75:cb:05:dc:76:b9:7b:
         7e:e4:e6:09:58:89:df:c7:1b:36:94:8a:aa:24:22:54:5e:bd:
         31:a4:47:c9:ef:00:96:46:5b:69:6e:39:05:a0:45:8c:a0:51:
         63:76:d4:f0:3e:12:cb:bd:70:71:c9:15:8c:58:c7:48:55:35:
         44:47:66:cd:5e:28:f5:fa:b0:33:72:47:ac:eb:d6:72:2a:1a:
         db:1b:11:e8:1f:59:37:f4:3e:22:60:87:6c:66:44:51:f9:7b:
         7a:63:75:7b:77:4d:cd:5e:6e:a5:6d:8b:33:d3:ff:16:da:89:
         49:0c:fe:a2:d2:ff:a3:72:a8:27:2e:29:95:63:73:86:a5:5d:
         14:2c:17:1e:dd:2e:b7:e9:13:57:a8:db:87:1e:5f:3a:cb:55:
         54:e2:da:09:f0:38:36:13:6b:94:d7:34:ec:51:f0:f9:f9:8e:
         c9:c2:d4:a9:c4:8b:ec:6c:08:81:14:c8:cf:19:ba:03:18:52:
         52:d1:1e:2e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY6wQPlUKoCNqkdgvvTwqMoRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NDg0OTU2NzM2NTQ5ZWFiM2IwNmUyM2FhYjg5Y2E1OTkz
YTgwNzYwHhcNMjQwNDA1MjE1MzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGRmMGU5MTMwOWNmOTY1YWNjNGJjZjE1M2VhYzU5OGVlYmEyNmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHn0BqOv8VB1JNqCjC53RwH6SZKD
9/kqyisj7KhuXi8OuELEF/4XcZDh3RvWA8BL9mn5gB3cMz9yoF74TcK0bTR9t5h4
O5moVYmem0ZZ7BA1+6LPaE1VM1qrlCKQBn8eAj40qS3VvKollQCbUQWF87bPiuKa
7OXKvSOQhp23c87mOM1+w7/nP/cN5Cl3/HZ2m0EvKlR0cIBpgOfYG16C0DCgNnUC
lOBpzgKxq8wKAVjJ2C9b6UV5Lyh1lbyl6TQCjz1AFIx1+UrT7vCJHp0dJSSEM8DP
EzZEtkeZYBeslXOP/fCIOsW5ZeDhBYLnAuLjzrMVA5L4YuX/DE79nxrnrQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMjfDpEwnPllrMS88VPqxZjuuibSMB8GA1UdIwQY
MBaAFCdISVZzZUnqs7BuI6q4nKWZOoB2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjBoSlZuTmxTZXF6c0c0anFyaWNwWms2Z0hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9kZWU1NzgtZjJjNi00MWMwLWI3Mjgt
YWQxNjNhYjM1NGM4LzEveU44T2tUQ2MtV1dzeEx6eFUtckZtTzY2SnRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9kZWU1NzgtZjJjNi00MWMwLWI3MjgtYWQxNjNhYjM1NGM4
LzEvSjBoSlZuTmxTZXF6c0c0anFyaWNwWms2Z0hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhA7ADAN
BgkqhkiG9w0BAQsFAAOCAQEAc4zGZTG2pdks8QC8fNqKZhjV7d60vw2czWnIN17q
dd+zcVkPBPMRWQdQa+8gDnWC7Ec7/t9o3rloTQoTkQv9GhB1ywXcdrl7fuTmCViJ
38cbNpSKqiQiVF69MaRHye8AlkZbaW45BaBFjKBRY3bU8D4Sy71wcckVjFjHSFU1
REdmzV4o9fqwM3JHrOvWcioa2xsR6B9ZN/Q+ImCHbGZEUfl7emN1e3dNzV5upW2L
M9P/FtqJSQz+otL/o3KoJy4plWNzhqVdFCwXHt0ut+kTV6jbhx5fOstVVOLaCfA4
NhNrlNc07FHw+fmOycLUqcSL7GwIgRTIzxm6AxhSUtEeLg==
-----END CERTIFICATE-----