Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/y-kHeyrmzVoHIuhRZU-dEdauAzo.roa
File:                     y-kHeyrmzVoHIuhRZU-dEdauAzo.roa (raw, json)
Hash identifier:          SytMjCNFfsOObaGn5u0io5LUi9le9uBKulFZJbfl/mo=
Subject key identifier:   CB:E9:07:7B:2A:E6:CD:5A:07:22:E8:51:65:4F:9D:11:D6:AE:03:3A
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       019072D4AC049574F6648EDC67DBE875E296
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/y-kHeyrmzVoHIuhRZU-dEdauAzo.roa
Signing time:             Tue 02 Jul 2024 09:44:18 +0000
ROA not before:           Tue 02 Jul 2024 09:44:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214590
IP address blocks:        2a03:5840:11d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:72:d4:ac:04:95:74:f6:64:8e:dc:67:db:e8:75:e2:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jul  2 09:44:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbe9077b2ae6cd5a0722e851654f9d11d6ae033a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:93:39:80:59:ca:ef:ae:bd:b4:ff:20:d8:6e:
                    13:e5:89:38:92:1f:16:6e:b2:80:97:cc:19:fc:c4:
                    19:ad:79:37:b7:df:63:b2:c9:43:cc:c5:e2:b6:bd:
                    f9:ae:7c:f8:74:37:f8:3d:b7:67:46:4b:b9:b3:16:
                    e3:28:b1:08:35:9f:e0:ee:72:8b:1e:b1:37:79:45:
                    77:65:ce:27:38:db:42:f1:35:08:c6:72:33:09:a2:
                    da:99:de:8c:59:36:c4:88:30:9f:2a:59:fa:52:a9:
                    be:27:24:f7:b1:9b:2a:1e:f9:ed:0f:8d:ee:92:89:
                    18:4e:0a:6d:f9:fd:bd:c1:35:e3:63:1d:f1:76:2f:
                    bd:88:54:c9:ef:b4:a5:d4:35:2f:4c:c6:73:3c:78:
                    ae:a7:33:4d:ba:80:ec:67:3e:b1:b0:59:fd:ff:be:
                    53:ce:96:68:4d:ea:87:9f:e1:97:7d:6d:b6:ac:9f:
                    46:3c:91:74:26:fe:67:fc:ae:24:d3:61:26:54:88:
                    6b:9c:0c:2c:35:16:e6:34:e0:0b:e5:9a:89:56:3a:
                    da:24:99:0f:47:08:39:51:02:32:89:0d:d9:26:f4:
                    27:dd:8c:0a:0c:7c:71:d5:c6:6b:60:51:fe:12:05:
                    63:32:60:70:e6:dc:4c:47:23:82:96:27:67:f1:79:
                    9f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:E9:07:7B:2A:E6:CD:5A:07:22:E8:51:65:4F:9D:11:D6:AE:03:3A
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/y-kHeyrmzVoHIuhRZU-dEdauAzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:11d::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:35:c8:37:73:00:bf:a8:6a:77:0f:f6:2c:1e:51:d8:57:f8:
         8d:d6:37:6c:fe:ed:df:6b:7c:d2:47:47:f3:6c:7b:1a:8f:e6:
         05:ae:ce:54:37:df:c0:72:af:4c:54:f2:b9:77:06:f7:df:ff:
         c1:63:e0:b5:af:01:70:57:56:b6:16:0d:ab:fd:f6:66:cd:45:
         c5:fa:68:be:b4:89:54:2f:ea:0d:8b:f3:b0:db:bd:17:18:6d:
         72:aa:f4:5c:a4:24:78:f2:10:99:88:0c:c6:d6:a7:f7:70:6c:
         37:43:8c:46:1b:f5:59:72:a8:2a:45:1e:27:29:d2:6a:29:d0:
         29:1a:28:12:ff:18:d3:e8:47:62:33:41:55:9e:22:f7:bf:48:
         50:15:bd:2e:69:dd:4b:d4:ac:30:87:04:41:8d:78:2a:7b:56:
         ed:1f:70:03:8c:93:8d:d9:41:21:bb:8e:23:1a:cf:7a:c6:a4:
         9a:01:57:dd:76:7f:e6:12:78:fd:ee:50:a1:aa:01:3e:44:aa:
         fa:db:96:cf:de:66:38:1a:ce:b8:78:14:66:fa:05:8a:54:f8:
         1f:32:0e:9c:2f:6f:3f:05:dd:8a:86:59:13:0f:04:57:cd:d1:
         ac:f0:a1:2c:b5:93:8f:5d:06:ac:c9:74:35:ae:e5:9d:2c:f5:
         3c:f4:79:19
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZBy1KwElXT2ZI7cZ9vodeKWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwNzAyMDk0NDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmU5MDc3YjJhZTZjZDVhMDcyMmU4NTE2NTRmOWQxMWQ2YWUwMzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2JM5gFnK7669tP8g2G4T5Yk4kh8W
brKAl8wZ/MQZrXk3t99jsslDzMXitr35rnz4dDf4PbdnRku5sxbjKLEINZ/g7nKL
HrE3eUV3Zc4nONtC8TUIxnIzCaLamd6MWTbEiDCfKln6Uqm+JyT3sZsqHvntD43u
kokYTgpt+f29wTXjYx3xdi+9iFTJ77Sl1DUvTMZzPHiupzNNuoDsZz6xsFn9/75T
zpZoTeqHn+GXfW22rJ9GPJF0Jv5n/K4k02EmVIhrnAwsNRbmNOAL5ZqJVjraJJkP
Rwg5UQIyiQ3ZJvQn3YwKDHxx1cZrYFH+EgVjMmBw5txMRyOClidn8XmfcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMvpB3sq5s1aByLoUWVPnRHWrgM6MB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEveS1rSGV5cm16Vm9ISXVoUlpVLWRFZGF1QXpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEd
MA0GCSqGSIb3DQEBCwUAA4IBAQB7Ncg3cwC/qGp3D/YsHlHYV/iN1jds/u3fa3zS
R0fzbHsaj+YFrs5UN9/Acq9MVPK5dwb33//BY+C1rwFwV1a2Fg2r/fZmzUXF+mi+
tIlUL+oNi/Ow270XGG1yqvRcpCR48hCZiAzG1qf3cGw3Q4xGG/VZcqgqRR4nKdJq
KdApGigS/xjT6EdiM0FVniL3v0hQFb0uad1L1KwwhwRBjXgqe1btH3ADjJON2UEh
u44jGs96xqSaAVfddn/mEnj97lChqgE+RKr625bP3mY4Gs64eBRm+gWKVPgfMg6c
L28/Bd2KhlkTDwRXzdGs8KEstZOPXQasyXQ1ruWdLPU89HkZ
-----END CERTIFICATE-----