Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/YNJwQXsP7YeJ4uqcfdoTnVGVg_o.roa
File:                     YNJwQXsP7YeJ4uqcfdoTnVGVg_o.roa (raw, json)
Hash identifier:          digcUoXBDjQc5Jz7We3y9rOFSEGPW2CbrNTwQiweZBY=
Subject key identifier:   60:D2:70:41:7B:0F:ED:87:89:E2:EA:9C:7D:DA:13:9D:51:95:83:FA
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018CC2DB5B3BEBAB5B1CE8E1403870B5BA33
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/YNJwQXsP7YeJ4uqcfdoTnVGVg_o.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63949
IP address blocks:        2a02:26f0:1280::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5b:3b:eb:ab:5b:1c:e8:e1:40:38:70:b5:ba:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60d270417b0fed8789e2ea9c7dda139d519583fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:fd:00:c4:d4:42:d2:35:ca:60:fa:93:64:6b:
                    df:25:1a:48:c1:28:dc:1d:fb:fa:cf:f6:ed:41:c5:
                    8c:31:b3:db:b1:f9:01:78:96:91:91:cd:e7:33:3c:
                    1c:d1:12:26:4a:1e:26:c7:6d:85:71:72:59:5d:1d:
                    f3:79:af:bd:7c:13:ff:0c:fc:34:3f:42:1d:e1:61:
                    98:17:1b:55:c3:ff:f7:8c:fa:c5:19:35:13:13:ba:
                    cd:2b:d5:de:d0:17:09:72:ad:45:5b:bb:5b:ac:9a:
                    69:ed:64:37:1a:c3:b4:81:4b:15:05:1e:14:38:79:
                    93:0d:5a:da:74:ad:dc:23:2c:97:13:37:87:cd:3e:
                    13:b5:56:ef:f4:61:68:ce:95:c0:25:17:df:65:a6:
                    cb:c5:ea:85:e8:08:6c:a5:12:50:18:c1:25:a2:34:
                    36:ff:10:15:ff:9e:89:6c:9a:30:51:d9:8f:f5:26:
                    e9:67:34:a3:ab:b1:f1:b9:f1:7b:e6:cf:60:57:fb:
                    bd:08:a1:6b:85:83:95:eb:f9:98:b8:f9:bd:50:d9:
                    61:09:ae:e4:fc:01:ad:f4:e0:3c:55:5b:1f:1d:fb:
                    45:68:52:35:4f:d9:99:bc:10:b6:b3:db:59:f7:2f:
                    ab:ff:6d:a4:79:f1:f7:a3:e9:c5:3b:1a:9f:6a:e6:
                    26:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:D2:70:41:7B:0F:ED:87:89:E2:EA:9C:7D:DA:13:9D:51:95:83:FA
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/YNJwQXsP7YeJ4uqcfdoTnVGVg_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:26f0:1280::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:80:d0:5c:0a:67:c0:9a:aa:fc:e9:0d:79:88:92:09:0a:c8:
         30:ee:23:4b:56:21:a7:9e:82:3a:da:b1:08:2c:fa:1e:72:fb:
         1f:b5:b4:d0:4b:69:74:03:50:27:22:98:0e:0c:ab:37:ad:bc:
         63:52:de:cb:84:fa:55:c7:f1:b2:08:ff:2d:3c:33:67:be:55:
         21:57:be:03:c5:3d:91:f5:78:0b:f3:d3:b7:31:1e:42:2e:e4:
         ca:ab:0f:28:3f:4e:73:f4:20:5a:be:68:90:c9:3d:c2:12:d7:
         b9:cc:52:c3:63:dd:90:f8:6c:90:84:5f:56:41:ad:e7:7b:ae:
         86:e8:94:ae:45:ec:b1:86:1c:4e:90:98:ac:dd:30:e7:a7:af:
         05:0b:89:1d:e6:33:17:00:14:48:bd:09:dd:1b:e3:f1:4b:2c:
         6f:7f:fd:78:e8:1b:db:d6:e5:ac:09:cf:ad:d3:c4:aa:28:c3:
         8b:50:f9:2b:46:fb:cc:19:00:e2:09:99:bb:3c:86:62:fd:58:
         3d:a6:e4:ca:67:b9:9d:67:78:70:8a:77:ab:1a:fb:b3:fd:67:
         2a:f7:d2:3d:e0:7f:1b:5b:6e:fa:e4:d2:87:1c:53:e3:a1:fc:
         e0:c4:d8:87:de:6d:c5:26:2e:a6:13:99:63:ef:46:69:13:e7:
         23:b1:e6:be
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC21s766tbHOjhQDhwtbozMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGQyNzA0MTdiMGZlZDg3ODllMmVhOWM3ZGRhMTM5ZDUxOTU4M2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhv0AxNRC0jXKYPqTZGvfJRpIwSjc
Hfv6z/btQcWMMbPbsfkBeJaRkc3nMzwc0RImSh4mx22FcXJZXR3zea+9fBP/DPw0
P0Id4WGYFxtVw//3jPrFGTUTE7rNK9Xe0BcJcq1FW7tbrJpp7WQ3GsO0gUsVBR4U
OHmTDVradK3cIyyXEzeHzT4TtVbv9GFozpXAJRffZabLxeqF6AhspRJQGMElojQ2
/xAV/56JbJowUdmP9SbpZzSjq7HxufF75s9gV/u9CKFrhYOV6/mYuPm9UNlhCa7k
/AGt9OA8VVsfHftFaFI1T9mZvBC2s9tZ9y+r/22kefH3o+nFOxqfauYmIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGDScEF7D+2HieLqnH3aE51RlYP6MB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvWU5Kd1FYc1A3WWVKNHVxY2Zkb1RuVkdWZ19vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIm8BKA
MA0GCSqGSIb3DQEBCwUAA4IBAQCOgNBcCmfAmqr86Q15iJIJCsgw7iNLViGnnoI6
2rEILPoecvsftbTQS2l0A1AnIpgODKs3rbxjUt7LhPpVx/GyCP8tPDNnvlUhV74D
xT2R9XgL89O3MR5CLuTKqw8oP05z9CBavmiQyT3CEte5zFLDY92Q+GyQhF9WQa3n
e66G6JSuReyxhhxOkJis3TDnp68FC4kd5jMXABRIvQndG+PxSyxvf/146Bvb1uWs
Cc+t08SqKMOLUPkrRvvMGQDiCZm7PIZi/Vg9puTKZ7mdZ3hwinerGvuz/Wcq99I9
4H8bW2765NKHHFPjofzgxNiH3m3FJi6mE5lj70ZpE+cjsea+
-----END CERTIFICATE-----