Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/YQzLDFpNCoaD6lTT8ZK4-hYyjxE.roa
File:                     YQzLDFpNCoaD6lTT8ZK4-hYyjxE.roa (raw, json)
Hash identifier:          CpWLFlrRnDfN2luHVamzq3c8UFdQl/MisQwYoex/KQ4=
Subject key identifier:   61:0C:CB:0C:5A:4D:0A:86:83:EA:54:D3:F1:92:B8:FA:16:32:8F:11
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E14A85ADFCB1F9F46E89037E3C02271D0
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/YQzLDFpNCoaD6lTT8ZK4-hYyjxE.roa
Signing time:             Wed 06 Mar 2024 16:46:01 +0000
ROA not before:           Wed 06 Mar 2024 16:46:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18680
IP address blocks:        2a02:26f0:880::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:14:a8:5a:df:cb:1f:9f:46:e8:90:37:e3:c0:22:71:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar  6 16:46:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=610ccb0c5a4d0a8683ea54d3f192b8fa16328f11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a5:77:0f:1a:5b:5c:81:66:90:a5:bd:7d:64:
                    87:50:c6:07:d5:54:93:75:d8:68:d2:1b:13:07:df:
                    2a:70:a5:02:a5:1d:72:b9:50:e4:db:82:60:d5:70:
                    eb:01:bc:65:9a:9f:42:42:9d:8b:4b:26:ab:cc:a6:
                    71:f7:73:e1:ee:22:8a:ec:6e:0f:8a:cd:63:41:25:
                    cd:c5:34:c7:b8:bd:6a:9d:04:21:67:8e:82:2b:59:
                    8b:35:b5:af:98:34:af:b4:4b:f4:ab:ec:d8:94:15:
                    ef:33:55:e2:8a:29:79:fa:f2:ed:86:bf:29:c3:4b:
                    48:f3:3c:fe:fd:61:49:cf:56:07:cd:c1:d2:26:6d:
                    75:7c:e9:04:ba:2f:f3:c2:2c:b1:01:7e:f1:33:c8:
                    6c:ca:2a:aa:16:45:7f:8b:4d:fe:1f:31:f2:61:b3:
                    bb:08:b5:c0:43:ef:d4:3c:06:ec:ba:5e:b3:fe:e9:
                    3d:7b:e5:50:72:88:ad:fc:9e:0b:72:25:f9:32:9e:
                    fb:b9:7c:ec:f4:0d:75:67:a2:ca:67:6e:19:79:37:
                    91:c1:9d:a9:82:c6:49:0d:2e:ae:06:81:a7:25:61:
                    ab:61:ae:d7:92:22:fa:93:73:45:2e:82:b0:92:c2:
                    e4:b0:84:4c:97:3d:bf:ff:3f:10:8d:d5:23:c8:79:
                    27:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:0C:CB:0C:5A:4D:0A:86:83:EA:54:D3:F1:92:B8:FA:16:32:8F:11
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/YQzLDFpNCoaD6lTT8ZK4-hYyjxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:26f0:880::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:8e:55:e8:e1:21:29:2c:ba:d8:59:27:55:02:5b:e1:ec:2c:
         82:61:50:63:f8:40:38:ff:3d:a3:94:35:4d:b5:78:32:14:50:
         89:67:2e:c5:ae:1c:6f:72:a0:a4:8c:86:b7:1b:bc:28:cc:30:
         d8:ee:b1:36:86:36:a3:4d:15:70:ff:69:45:99:03:0a:b8:eb:
         b7:0e:a5:81:4a:bd:1b:19:7e:3f:5e:4e:7b:ca:0c:cb:da:c7:
         df:fe:6f:b1:28:a6:05:5f:6c:df:9f:e5:dc:c9:0c:f9:9d:2c:
         c6:13:0a:18:68:45:b0:ab:f5:7c:5d:16:66:f5:17:18:b0:32:
         68:fc:1f:8e:61:5f:fd:5a:e5:ef:f5:bc:71:f3:90:4a:d3:77:
         68:80:a3:8e:53:4f:2e:3f:41:25:55:4c:4c:43:c4:c1:ad:47:
         49:08:d7:2c:b8:7e:e9:37:c0:51:dc:fa:34:8e:db:84:7e:ef:
         50:84:5b:b3:f1:13:3f:10:8e:52:26:e3:75:09:00:8c:4f:3b:
         06:f8:58:90:e3:21:52:6d:c4:42:88:72:a0:34:99:ad:1b:80:
         5d:7f:cc:f4:66:45:e9:7f:7b:d8:50:ce:86:f5:b0:84:ac:33:
         f0:3c:25:48:a6:cb:2f:ab:a5:6c:3c:3d:cf:41:a4:f5:cd:ab:
         dc:aa:33:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4UqFrfyx+fRuiQN+PAInHQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzA2MTY0NjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTBjY2IwYzVhNGQwYTg2ODNlYTU0ZDNmMTkyYjhmYTE2MzI4ZjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaV3DxpbXIFmkKW9fWSHUMYH1VST
ddho0hsTB98qcKUCpR1yuVDk24Jg1XDrAbxlmp9CQp2LSyarzKZx93Ph7iKK7G4P
is1jQSXNxTTHuL1qnQQhZ46CK1mLNbWvmDSvtEv0q+zYlBXvM1Xiiil5+vLthr8p
w0tI8zz+/WFJz1YHzcHSJm11fOkEui/zwiyxAX7xM8hsyiqqFkV/i03+HzHyYbO7
CLXAQ+/UPAbsul6z/uk9e+VQcoit/J4LciX5Mp77uXzs9A11Z6LKZ24ZeTeRwZ2p
gsZJDS6uBoGnJWGrYa7XkiL6k3NFLoKwksLksIRMlz2//z8QjdUjyHknbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGEMywxaTQqGg+pU0/GSuPoWMo8RMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvWVF6TERGcE5Db2FENmxUVDhaSzQtaFl5anhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIm8AiA
MA0GCSqGSIb3DQEBCwUAA4IBAQAFjlXo4SEpLLrYWSdVAlvh7CyCYVBj+EA4/z2j
lDVNtXgyFFCJZy7FrhxvcqCkjIa3G7wozDDY7rE2hjajTRVw/2lFmQMKuOu3DqWB
Sr0bGX4/Xk57ygzL2sff/m+xKKYFX2zfn+XcyQz5nSzGEwoYaEWwq/V8XRZm9RcY
sDJo/B+OYV/9WuXv9bxx85BK03dogKOOU08uP0ElVUxMQ8TBrUdJCNcsuH7pN8BR
3Po0jtuEfu9QhFuz8RM/EI5SJuN1CQCMTzsG+FiQ4yFSbcRCiHKgNJmtG4Bdf8z0
ZkXpf3vYUM6G9bCErDPwPCVIpssvq6VsPD3PQaT1zavcqjP0
-----END CERTIFICATE-----