Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/Yj5blIRppQar_P5nnl-kiUtNzWU.roa
File:                     Yj5blIRppQar_P5nnl-kiUtNzWU.roa (raw, json)
Hash identifier:          /GaM+Lt4ssr9wUSskjTYtleJ8mQSUJb/83gcgaO5fN4=
Subject key identifier:   62:3E:5B:94:84:69:A5:06:AB:FC:FE:67:9E:5F:A4:89:4B:4D:CD:65
Certificate issuer:       /CN=3691d2950145dceac00c0ca4eb536d92867b38d3
Certificate serial:       018DFA0CA2820D39DB724B97B0CFE946636E
Authority key identifier: 36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/Yj5blIRppQar_P5nnl-kiUtNzWU.roa
Signing time:             Fri 01 Mar 2024 12:45:48 +0000
ROA not before:           Fri 01 Mar 2024 12:45:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212232
IP address blocks:        2a0c:2f05::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 11:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:fa:0c:a2:82:0d:39:db:72:4b:97:b0:cf:e9:46:63:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3691d2950145dceac00c0ca4eb536d92867b38d3
        Validity
            Not Before: Mar  1 12:45:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=623e5b948469a506abfcfe679e5fa4894b4dcd65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:8c:8c:fc:19:8f:38:21:2b:54:3d:db:6d:3b:
                    b2:d8:5e:84:28:e2:13:67:36:1a:db:83:3a:4e:74:
                    65:67:ae:f9:99:80:9e:8c:b3:7a:b8:0a:d7:e4:df:
                    3b:be:03:1e:cb:29:e7:23:5a:f4:ff:92:78:8a:07:
                    21:d4:36:7a:06:5a:7e:04:6c:13:43:8d:0e:0d:23:
                    21:0b:c2:f5:05:17:81:94:7c:5d:f5:f3:b4:9e:78:
                    c5:2d:41:92:c8:c4:5d:bd:6c:31:39:04:13:fb:b9:
                    af:00:c0:40:20:0c:cc:de:ea:d7:3c:47:56:c8:5e:
                    59:60:e6:5c:a2:83:85:d4:4e:30:e5:e3:98:d3:a3:
                    19:10:52:c2:d0:c1:7a:7f:70:80:98:5e:f1:99:a4:
                    11:3c:5f:5e:12:5c:7d:a3:d0:08:e2:a8:9e:18:e5:
                    bc:8a:25:a1:d7:97:31:2c:90:19:43:2e:99:7f:69:
                    59:e2:07:fb:c4:55:b2:79:53:82:2a:5e:0f:76:1b:
                    4e:ec:92:58:bb:38:27:01:17:91:71:19:e3:da:ce:
                    44:f6:d2:15:b0:1c:5c:27:fb:90:4c:2a:85:a6:80:
                    00:e0:e5:d3:90:84:43:8e:7c:b3:e7:2d:93:f4:4f:
                    b7:43:28:32:db:7a:b6:24:0d:5c:75:25:a1:77:b6:
                    4a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:3E:5B:94:84:69:A5:06:AB:FC:FE:67:9E:5F:A4:89:4B:4D:CD:65
            X509v3 Authority Key Identifier:
                keyid:36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/Yj5blIRppQar_P5nnl-kiUtNzWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:2f05::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:0f:04:b8:9d:6f:b2:67:04:30:8e:1e:51:66:6f:9e:97:93:
         c0:71:fe:37:8a:9b:50:50:2b:f4:78:5b:75:ff:cc:86:e8:21:
         d7:d7:1b:57:d9:27:c2:11:7e:5a:58:be:33:d7:cc:23:06:f9:
         30:25:88:ec:5a:d1:07:84:85:57:64:bf:1c:3f:bf:78:31:eb:
         0c:8d:ef:10:3e:31:5a:ec:76:66:d0:02:51:08:e2:52:68:c8:
         e8:1a:f3:47:69:52:13:69:34:18:d9:9d:88:49:ed:6a:ad:48:
         24:68:f3:c3:a6:6c:1a:99:5b:48:fe:d7:d4:82:a9:37:24:9d:
         14:46:14:0e:d5:5a:1a:5f:63:4d:79:66:03:69:b1:b5:5b:a4:
         5a:31:a3:27:fc:7d:4b:f4:be:6d:fb:4c:ce:5f:7f:cf:82:43:
         88:85:87:31:a3:3b:80:4f:c2:15:0f:98:f9:38:ca:1e:1c:29:
         09:0e:3f:cd:ad:b5:9e:c7:bf:1a:a3:63:3f:22:1c:d7:c6:0d:
         fb:1b:d2:b6:be:48:68:25:17:84:55:6c:76:6e:9c:7c:fd:b4:
         e0:a5:85:32:76:8c:dc:6f:31:1b:e8:ab:c0:f6:f3:77:14:3c:
         19:ea:6b:76:f0:80:f7:1f:c5:7f:60:6d:28:71:6b:1d:f3:19:
         58:d7:56:64
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY36DKKCDTnbckuXsM/pRmNuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTFkMjk1MDE0NWRjZWFjMDBjMGNhNGViNTM2ZDkyODY3
YjM4ZDMwHhcNMjQwMzAxMTI0NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjNlNWI5NDg0NjlhNTA2YWJmY2ZlNjc5ZTVmYTQ4OTRiNGRjZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIyM/BmPOCErVD3bbTuy2F6EKOIT
ZzYa24M6TnRlZ675mYCejLN6uArX5N87vgMeyynnI1r0/5J4igch1DZ6Blp+BGwT
Q40ODSMhC8L1BReBlHxd9fO0nnjFLUGSyMRdvWwxOQQT+7mvAMBAIAzM3urXPEdW
yF5ZYOZcooOF1E4w5eOY06MZEFLC0MF6f3CAmF7xmaQRPF9eElx9o9AI4qieGOW8
iiWh15cxLJAZQy6Zf2lZ4gf7xFWyeVOCKl4PdhtO7JJYuzgnAReRcRnj2s5E9tIV
sBxcJ/uQTCqFpoAA4OXTkIRDjnyz5y2T9E+3Qygy23q2JA1cdSWhd7ZKAwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGI+W5SEaaUGq/z+Z55fpIlLTc1lMB8GA1UdIwQY
MBaAFDaR0pUBRdzqwAwMpOtTbZKGezjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEt
MWRlYzQwNTg0ODA2LzEvWWo1YmxJUnBwUWFyX1A1bm5sLWtpVXROeldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEtMWRlYzQwNTg0ODA2
LzEvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgwvBTAN
BgkqhkiG9w0BAQsFAAOCAQEAgA8EuJ1vsmcEMI4eUWZvnpeTwHH+N4qbUFAr9Hhb
df/Mhugh19cbV9knwhF+Wli+M9fMIwb5MCWI7FrRB4SFV2S/HD+/eDHrDI3vED4x
Wux2ZtACUQjiUmjI6BrzR2lSE2k0GNmdiEntaq1IJGjzw6ZsGplbSP7X1IKpNySd
FEYUDtVaGl9jTXlmA2mxtVukWjGjJ/x9S/S+bftMzl9/z4JDiIWHMaM7gE/CFQ+Y
+TjKHhwpCQ4/za21nse/GqNjPyIc18YN+xvStr5IaCUXhFVsdm6cfP204KWFMnaM
3G8xG+irwPbzdxQ8GeprdvCA9x/Ff2BtKHFrHfMZWNdWZA==
-----END CERTIFICATE-----