Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/3cce22-c301-4bbc-b027-64eecaed11dc/1/YwqVuAV2cpkECW7gMbP--QkHCd0.roa
File:                     YwqVuAV2cpkECW7gMbP--QkHCd0.roa (raw, json)
Hash identifier:          9FGjcAV2UjVlKH6IqkuNlwY4wlIQRxqJWs2YgCz8W4A=
Subject key identifier:   63:0A:95:B8:05:76:72:99:04:09:6E:E0:31:B3:FE:F9:09:07:09:DD
Certificate issuer:       /CN=fad949f66253543ee89b9196390736b5a6ed7cb8
Certificate serial:       019072F3CC63E0C9DE866A85B27F379F07AA
Authority key identifier: FA:D9:49:F6:62:53:54:3E:E8:9B:91:96:39:07:36:B5:A6:ED:7C:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tlJ9mJTVD7om5GWOQc2tabtfLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/3cce22-c301-4bbc-b027-64eecaed11dc/1/YwqVuAV2cpkECW7gMbP--QkHCd0.roa
Signing time:             Tue 02 Jul 2024 10:18:18 +0000
ROA not before:           Tue 02 Jul 2024 10:18:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214621
IP address blocks:        2a11:2801:a0e8::/48 maxlen: 48
                          2a11:2801:fcf9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/3cce22-c301-4bbc-b027-64eecaed11dc/1/1-tlJ9mJTVD7om5GWOQc2tabtfLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/3cce22-c301-4bbc-b027-64eecaed11dc/1/1-tlJ9mJTVD7om5GWOQc2tabtfLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tlJ9mJTVD7om5GWOQc2tabtfLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:72:f3:cc:63:e0:c9:de:86:6a:85:b2:7f:37:9f:07:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad949f66253543ee89b9196390736b5a6ed7cb8
        Validity
            Not Before: Jul  2 10:18:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=630a95b80576729904096ee031b3fef9090709dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2c:9e:43:1a:1f:5f:c5:4f:e4:72:95:e6:b0:
                    e7:cd:60:a2:f0:6d:c6:29:ba:60:c1:07:40:b7:d9:
                    9a:83:6d:88:7a:fe:99:58:4d:9f:e2:a0:d8:97:31:
                    08:1c:7c:51:80:ad:30:52:88:ab:fe:02:ed:d2:c7:
                    fe:94:2f:f9:c6:f6:32:b1:9a:79:bd:8b:97:9a:77:
                    48:b7:23:8a:31:55:85:96:3e:8a:25:9d:66:e3:55:
                    bc:a0:50:3a:e2:57:4d:d9:c0:2b:c2:f5:39:ec:1d:
                    93:0b:a5:30:34:ae:4c:62:50:b3:11:8f:13:b7:98:
                    a4:e6:0c:a8:0d:a5:6a:bb:8e:59:c1:48:3d:ac:99:
                    6a:d3:6c:b9:1a:73:0b:f4:20:37:f7:b0:d7:53:b2:
                    86:75:b3:81:9f:71:61:6d:f5:a7:98:e3:f4:c4:d7:
                    8e:b2:ed:0c:4e:1a:a3:c6:6a:f8:b2:e6:b5:7c:b4:
                    2e:ab:d9:f7:00:d7:d7:e6:cf:d2:53:20:c4:f9:b9:
                    f3:33:1e:a0:1d:73:0b:db:e7:3d:f7:20:05:07:be:
                    eb:06:6b:97:67:47:f8:44:f3:f3:77:98:39:72:3b:
                    47:57:12:4c:9a:99:d1:88:f9:6a:9b:5f:13:ef:ec:
                    86:fd:55:79:5a:91:59:5a:ec:17:08:4b:9f:d8:8a:
                    78:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:0A:95:B8:05:76:72:99:04:09:6E:E0:31:B3:FE:F9:09:07:09:DD
            X509v3 Authority Key Identifier:
                keyid:FA:D9:49:F6:62:53:54:3E:E8:9B:91:96:39:07:36:B5:A6:ED:7C:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tlJ9mJTVD7om5GWOQc2tabtfLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/3cce22-c301-4bbc-b027-64eecaed11dc/1/YwqVuAV2cpkECW7gMbP--QkHCd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/3cce22-c301-4bbc-b027-64eecaed11dc/1/1-tlJ9mJTVD7om5GWOQc2tabtfLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:2801:a0e8::/48
                  2a11:2801:fcf9::/48

    Signature Algorithm: sha256WithRSAEncryption
         9f:12:b7:93:c5:a7:a9:49:90:c2:2e:67:bf:cf:b9:6f:93:e7:
         cc:bc:33:1b:6c:a9:74:b7:b4:9a:9e:64:d0:3d:87:90:70:42:
         d7:32:db:66:19:00:3d:88:ba:3e:d0:d0:0d:25:45:f5:4b:a7:
         1c:2b:7f:1d:46:34:66:3b:15:2a:4d:5b:1d:c2:aa:e7:eb:d0:
         39:d7:9d:d6:0e:2b:ed:00:0c:cf:97:00:05:b6:88:39:33:41:
         2d:e6:b5:5f:eb:40:18:23:5d:e9:2c:65:d6:90:cf:fb:1e:08:
         dc:ff:71:66:8b:d6:bd:1b:f3:4c:8d:3a:47:bc:c0:73:33:a9:
         42:08:a1:e4:de:b7:d2:e2:64:95:cf:ec:06:c7:3f:30:3c:56:
         35:7b:5a:d7:11:ab:3d:50:fb:34:57:b9:4a:d6:e8:34:a2:b5:
         bb:19:62:4b:a4:39:aa:ee:46:c3:76:57:46:e6:c7:ec:c1:52:
         ca:ad:a9:8f:70:92:a2:8e:42:e1:b7:58:70:b9:18:05:c6:93:
         ca:3a:7c:86:ae:cf:2e:26:a4:8e:3a:53:fa:d9:67:f6:8d:54:
         05:6a:3c:9e:ad:88:dc:53:86:4f:e9:4b:85:7e:81:9d:a3:c9:
         91:27:bf:e0:41:8d:c4:c1:a8:e9:aa:b2:3b:ba:4e:80:1e:70:
         b3:7b:9f:44
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZBy88xj4MnehmqFsn83nweqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZDk0OWY2NjI1MzU0M2VlODliOTE5NjM5MDczNmI1YTZl
ZDdjYjgwHhcNMjQwNzAyMTAxODE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzBhOTViODA1NzY3Mjk5MDQwOTZlZTAzMWIzZmVmOTA5MDcwOWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryyeQxofX8VP5HKV5rDnzWCi8G3G
KbpgwQdAt9mag22Iev6ZWE2f4qDYlzEIHHxRgK0wUoir/gLt0sf+lC/5xvYysZp5
vYuXmndItyOKMVWFlj6KJZ1m41W8oFA64ldN2cArwvU57B2TC6UwNK5MYlCzEY8T
t5ik5gyoDaVqu45ZwUg9rJlq02y5GnML9CA397DXU7KGdbOBn3FhbfWnmOP0xNeO
su0MThqjxmr4sua1fLQuq9n3ANfX5s/SUyDE+bnzMx6gHXML2+c99yAFB77rBmuX
Z0f4RPPzd5g5cjtHVxJMmpnRiPlqm18T7+yG/VV5WpFZWuwXCEuf2Ip4nwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGMKlbgFdnKZBAlu4DGz/vkJBwndMB8GA1UdIwQY
MBaAFPrZSfZiU1Q+6JuRljkHNrWm7Xy4MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10bEo5bUpUVkQ3b201R1dPUWMydGFidGZMZy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjkvM2NjZTIyLWMzMDEtNGJiYy1iMDI3
LTY0ZWVjYWVkMTFkYy8xL1l3cVZ1QVYyY3BrRUNXN2dNYlAtLVFrSENkMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjkvM2NjZTIyLWMzMDEtNGJiYy1iMDI3LTY0ZWVjYWVkMTFk
Yy8xLzEtdGxKOW1KVFZEN29tNUdXT1FjMnRhYnRmTGcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgACMBIDBwAqESgB
oOgDBwAqESgB/PkwDQYJKoZIhvcNAQELBQADggEBAJ8St5PFp6lJkMIuZ7/PuW+T
58y8MxtsqXS3tJqeZNA9h5BwQtcy22YZAD2Iuj7Q0A0lRfVLpxwrfx1GNGY7FSpN
Wx3Cqufr0DnXndYOK+0ADM+XAAW2iDkzQS3mtV/rQBgjXeksZdaQz/seCNz/cWaL
1r0b80yNOke8wHMzqUIIoeTet9LiZJXP7AbHPzA8VjV7WtcRqz1Q+zRXuUrW6DSi
tbsZYkukOaruRsN2V0bmx+zBUsqtqY9wkqKOQuG3WHC5GAXGk8o6fIauzy4mpI46
U/rZZ/aNVAVqPJ6tiNxThk/pS4V+gZ2jyZEnv+BBjcTBqOmqsju6ToAecLN7n0Q=
-----END CERTIFICATE-----