Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/yxu1NVdfQMB2HzyW_VSsHptVTOI.roa
File:                     yxu1NVdfQMB2HzyW_VSsHptVTOI.roa (raw, json)
Hash identifier:          GhG/AXTJv1rdc2zKTkQPfZqGnFia64f3DH9Nu26ayv8=
Subject key identifier:   CB:1B:B5:35:57:5F:40:C0:76:1F:3C:96:FD:54:AC:1E:9B:55:4C:E2
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       019426D9840D2DCE695607D07C65AB1D3EA2
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/yxu1NVdfQMB2HzyW_VSsHptVTOI.roa
Signing time:             Thu 02 Jan 2025 11:49:36 +0000
ROA not before:           Thu 02 Jan 2025 11:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199580
IP address blocks:        2a03:5840:f4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:84:0d:2d:ce:69:56:07:d0:7c:65:ab:1d:3e:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 11:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb1bb535575f40c0761f3c96fd54ac1e9b554ce2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:da:e8:07:ca:70:fc:91:a1:87:79:33:fc:ec:
                    36:96:31:12:24:41:74:92:24:fd:ac:71:cd:14:51:
                    2f:d8:bb:03:65:36:d7:46:f0:73:84:7c:be:48:79:
                    68:c3:72:cf:25:b6:6c:e2:14:2d:68:76:52:1f:1d:
                    34:bb:54:25:b1:a3:7a:d5:9d:3b:fd:97:88:b0:dd:
                    b2:4f:e6:e4:43:85:b1:8f:46:fc:32:35:0e:20:7f:
                    80:90:20:fc:68:02:d4:65:5b:a5:fa:a0:29:a3:0c:
                    5b:9e:13:85:de:d0:a8:07:12:65:58:36:7a:27:b6:
                    15:3b:33:de:15:c7:08:3f:d9:91:3e:b8:60:a3:6a:
                    22:9b:5e:72:e9:19:68:b2:fc:8e:60:67:27:e7:94:
                    75:2e:20:a3:a1:34:c2:c4:df:87:09:3a:fa:27:59:
                    bd:a0:5d:47:7e:25:4a:90:32:6b:2a:4a:cf:27:ef:
                    02:93:80:09:5d:ed:10:39:1d:4f:c9:53:ce:cf:63:
                    f1:44:86:d3:e6:5c:8f:66:34:fa:48:84:3c:13:2a:
                    b6:4d:05:41:ba:37:bb:8f:62:99:d7:98:ea:b5:9c:
                    17:f2:f9:8d:d7:4e:d9:7a:db:7f:b2:7f:ab:af:49:
                    77:29:5d:d6:bf:78:32:c6:28:92:59:37:84:79:38:
                    61:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:1B:B5:35:57:5F:40:C0:76:1F:3C:96:FD:54:AC:1E:9B:55:4C:E2
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/yxu1NVdfQMB2HzyW_VSsHptVTOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:fc:1a:a9:ec:0a:81:d0:37:c2:9d:ce:4c:82:f7:94:75:da:
         0b:8f:c4:d7:cd:f4:db:fe:76:91:dc:17:1d:50:0d:b1:92:e3:
         e0:01:f6:4d:a7:95:b0:ab:41:79:27:93:ca:93:07:ec:22:d4:
         cb:a8:d5:c7:3b:e1:55:d0:d6:80:13:63:c8:b9:02:9e:b6:af:
         67:bd:b3:7e:0d:b6:99:39:9f:be:00:40:d2:b3:9d:ff:98:29:
         d9:20:3a:a5:88:70:f3:cc:6c:69:50:b3:19:68:b9:64:3e:4e:
         0d:b6:b5:7a:0d:1e:0d:be:b9:20:e3:cb:ab:c8:dc:a6:04:2a:
         08:7a:58:6a:51:2d:85:63:c1:a2:cb:94:84:ee:17:30:c8:c6:
         10:f4:39:7a:d4:0b:73:ab:74:0f:35:d4:e4:56:32:8b:51:6a:
         fa:53:f2:d3:d7:8a:e5:1f:28:47:d4:55:5d:34:35:00:a9:d9:
         b4:db:7e:4c:87:8c:a1:30:a2:57:a7:84:66:7d:35:f2:c9:b1:
         16:73:c4:97:34:6b:52:d4:06:f1:d9:28:26:d6:e8:1e:2a:aa:
         3b:34:25:5e:fe:cc:a8:86:f3:81:08:85:74:c5:16:aa:27:23:
         30:6b:ba:76:23:52:e7:76:93:8f:b9:c0:b6:c5:00:63:36:d8:
         4f:87:f3:16
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQm2YQNLc5pVgfQfGWrHT6iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjUwMTAyMTE0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjFiYjUzNTU3NWY0MGMwNzYxZjNjOTZmZDU0YWMxZTliNTU0Y2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9roB8pw/JGhh3kz/Ow2ljESJEF0
kiT9rHHNFFEv2LsDZTbXRvBzhHy+SHlow3LPJbZs4hQtaHZSHx00u1QlsaN61Z07
/ZeIsN2yT+bkQ4Wxj0b8MjUOIH+AkCD8aALUZVul+qApowxbnhOF3tCoBxJlWDZ6
J7YVOzPeFccIP9mRPrhgo2oim15y6RlosvyOYGcn55R1LiCjoTTCxN+HCTr6J1m9
oF1HfiVKkDJrKkrPJ+8Ck4AJXe0QOR1PyVPOz2PxRIbT5lyPZjT6SIQ8Eyq2TQVB
uje7j2KZ15jqtZwX8vmN107Zett/sn+rr0l3KV3Wv3gyxiiSWTeEeThh+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMsbtTVXX0DAdh88lv1UrB6bVUziMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEveXh1MU5WZGZRTUIySHp5V19WU3NIcHRWVE9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAD0
MA0GCSqGSIb3DQEBCwUAA4IBAQBu/Bqp7AqB0DfCnc5MgveUddoLj8TXzfTb/naR
3BcdUA2xkuPgAfZNp5Wwq0F5J5PKkwfsItTLqNXHO+FV0NaAE2PIuQKetq9nvbN+
DbaZOZ++AEDSs53/mCnZIDqliHDzzGxpULMZaLlkPk4NtrV6DR4Nvrkg48uryNym
BCoIelhqUS2FY8Giy5SE7hcwyMYQ9Dl61Atzq3QPNdTkVjKLUWr6U/LT14rlHyhH
1FVdNDUAqdm0235Mh4yhMKJXp4RmfTXyybEWc8SXNGtS1Abx2Sgm1ugeKqo7NCVe
/syohvOBCIV0xRaqJyMwa7p2I1LndpOPucC2xQBjNthPh/MW
-----END CERTIFICATE-----