Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/206ff0-445a-42b4-99f5-7e157bae6c2b/1/tlPSxJbaYaCdHjDPISJEayws_yc.roa
File:                     tlPSxJbaYaCdHjDPISJEayws_yc.roa (raw, json)
Hash identifier:          TE6il5tB/r5wLI4gfgseRdom20XkwyfANtb9DGaUTdU=
Subject key identifier:   B6:53:D2:C4:96:DA:61:A0:9D:1E:30:CF:21:22:44:6B:2C:2C:FF:27
Certificate issuer:       /CN=087813142b0d3f068dea6dd4341c4e0b907988ec
Certificate serial:       018CC500AAFDD5EE0F929B8672B0F323CA40
Authority key identifier: 08:78:13:14:2B:0D:3F:06:8D:EA:6D:D4:34:1C:4E:0B:90:79:88:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CHgTFCsNPwaN6m3UNBxOC5B5iOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/206ff0-445a-42b4-99f5-7e157bae6c2b/1/tlPSxJbaYaCdHjDPISJEayws_yc.roa
Signing time:             Mon 01 Jan 2024 12:30:04 +0000
ROA not before:           Mon 01 Jan 2024 12:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49825
IP address blocks:        2a0b:8fc1::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/206ff0-445a-42b4-99f5-7e157bae6c2b/1/CHgTFCsNPwaN6m3UNBxOC5B5iOw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/206ff0-445a-42b4-99f5-7e157bae6c2b/1/CHgTFCsNPwaN6m3UNBxOC5B5iOw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CHgTFCsNPwaN6m3UNBxOC5B5iOw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:aa:fd:d5:ee:0f:92:9b:86:72:b0:f3:23:ca:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=087813142b0d3f068dea6dd4341c4e0b907988ec
        Validity
            Not Before: Jan  1 12:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b653d2c496da61a09d1e30cf2122446b2c2cff27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e7:f3:42:71:ce:6d:8b:90:b0:9d:d3:fe:17:
                    1e:da:e9:81:fc:46:7d:32:62:59:76:84:3e:ae:f5:
                    c5:5d:3a:07:81:80:71:d9:8f:be:db:eb:e6:6b:41:
                    2f:cc:f3:67:f7:0f:cc:2b:35:2f:ff:a3:98:06:6a:
                    c2:47:3b:35:a3:b0:5e:15:71:8a:f0:27:84:42:28:
                    a2:58:7d:4a:20:af:a1:9f:09:de:aa:6e:b1:2f:dc:
                    31:6a:4a:a1:fc:6a:42:79:0a:e3:0c:7d:a3:f2:71:
                    43:ee:cf:8c:45:fe:77:fc:d7:47:e8:21:ef:87:49:
                    0d:bc:cb:b2:5e:fd:8e:0f:bf:6d:3a:bd:52:04:cd:
                    3e:e1:4f:70:f1:2b:e4:87:42:0f:cc:46:2a:0e:69:
                    5a:f3:b9:b3:ba:45:66:7d:14:ee:27:54:21:e2:ae:
                    70:86:f8:ac:5e:89:4f:8a:59:bc:0d:a3:e9:0e:00:
                    1a:23:87:e3:d8:9e:e7:3b:dd:ad:47:13:f8:7f:24:
                    db:cd:7d:2a:fd:71:7a:fa:c8:91:cd:06:c5:9a:2f:
                    04:60:f4:b9:e6:a4:51:6a:eb:6e:6d:68:09:e5:1c:
                    1a:d7:33:ac:a9:ca:1c:76:aa:8b:1c:78:a5:39:a6:
                    8d:c2:5d:eb:dc:f8:88:ed:13:f7:a0:e1:c6:3b:fe:
                    05:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:53:D2:C4:96:DA:61:A0:9D:1E:30:CF:21:22:44:6B:2C:2C:FF:27
            X509v3 Authority Key Identifier:
                keyid:08:78:13:14:2B:0D:3F:06:8D:EA:6D:D4:34:1C:4E:0B:90:79:88:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CHgTFCsNPwaN6m3UNBxOC5B5iOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/206ff0-445a-42b4-99f5-7e157bae6c2b/1/tlPSxJbaYaCdHjDPISJEayws_yc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/206ff0-445a-42b4-99f5-7e157bae6c2b/1/CHgTFCsNPwaN6m3UNBxOC5B5iOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:8fc1::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:fa:46:a0:53:9d:73:59:fe:61:c9:11:42:07:35:30:ae:c7:
         97:bf:6b:ad:34:db:c9:d7:7c:5e:a7:1f:76:cb:76:81:98:24:
         89:67:8d:08:ab:92:48:67:4d:66:86:83:0d:fe:f5:61:b0:a3:
         38:6f:95:28:8b:d3:e3:94:a7:5a:5f:7b:7a:b2:8b:8f:04:cc:
         cf:7b:69:87:df:c8:77:e9:54:03:1f:f4:ad:bb:97:bd:13:a7:
         cd:d8:b6:11:80:b9:50:bb:89:9b:ec:5f:e0:76:68:05:31:31:
         c8:58:4f:68:3d:e2:91:07:4a:8e:87:b1:f8:d0:95:ff:8a:fb:
         fb:76:35:d5:2f:46:1f:41:c3:63:65:8a:b6:b2:17:17:bc:a6:
         6b:a4:82:d6:49:6d:86:23:59:81:ce:9d:0f:ff:22:df:54:96:
         12:fd:21:95:01:41:12:b2:45:7c:4c:40:e7:26:e2:b7:03:71:
         ac:95:f5:fa:31:45:d4:5a:6d:13:ea:9a:a6:97:56:a6:79:c7:
         6d:c2:7b:1f:b3:b5:cb:a6:72:13:2c:e5:18:22:d9:52:d7:57:
         37:d6:fa:38:f8:96:74:a0:a0:e1:61:4a:75:9d:26:37:92:58:
         ec:a5:7a:02:c3:ee:c8:1a:4c:fd:b4:13:62:b6:21:54:ec:f5:
         18:76:00:61
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAKr91e4PkpuGcrDzI8pAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NzgxMzE0MmIwZDNmMDY4ZGVhNmRkNDM0MWM0ZTBiOTA3
OTg4ZWMwHhcNMjQwMTAxMTIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjUzZDJjNDk2ZGE2MWEwOWQxZTMwY2YyMTIyNDQ2YjJjMmNmZjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiufzQnHObYuQsJ3T/hce2umB/EZ9
MmJZdoQ+rvXFXToHgYBx2Y++2+vma0EvzPNn9w/MKzUv/6OYBmrCRzs1o7BeFXGK
8CeEQiiiWH1KIK+hnwneqm6xL9wxakqh/GpCeQrjDH2j8nFD7s+MRf53/NdH6CHv
h0kNvMuyXv2OD79tOr1SBM0+4U9w8Svkh0IPzEYqDmla87mzukVmfRTuJ1Qh4q5w
hvisXolPilm8DaPpDgAaI4fj2J7nO92tRxP4fyTbzX0q/XF6+siRzQbFmi8EYPS5
5qRRautubWgJ5Rwa1zOsqcocdqqLHHilOaaNwl3r3PiI7RP3oOHGO/4FcwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLZT0sSW2mGgnR4wzyEiRGssLP8nMB8GA1UdIwQY
MBaAFAh4ExQrDT8Gjept1DQcTguQeYjsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0hnVEZDc05Qd2FONm0zVU5CeE9DNUI1aU93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8yMDZmZjAtNDQ1YS00MmI0LTk5ZjUt
N2UxNTdiYWU2YzJiLzEvdGxQU3hKYmFZYUNkSGpEUElTSkVheXdzX3ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8yMDZmZjAtNDQ1YS00MmI0LTk5ZjUtN2UxNTdiYWU2YzJi
LzEvQ0hnVEZDc05Qd2FONm0zVU5CeE9DNUI1aU93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKguPwTAN
BgkqhkiG9w0BAQsFAAOCAQEAXfpGoFOdc1n+YckRQgc1MK7Hl79rrTTbydd8Xqcf
dst2gZgkiWeNCKuSSGdNZoaDDf71YbCjOG+VKIvT45SnWl97erKLjwTMz3tph9/I
d+lUAx/0rbuXvROnzdi2EYC5ULuJm+xf4HZoBTExyFhPaD3ikQdKjoex+NCV/4r7
+3Y11S9GH0HDY2WKtrIXF7yma6SC1klthiNZgc6dD/8i31SWEv0hlQFBErJFfExA
5ybitwNxrJX1+jFF1FptE+qappdWpnnHbcJ7H7O1y6ZyEyzlGCLZUtdXN9b6OPiW
dKCg4WFKdZ0mN5JY7KV6AsPuyBpM/bQTYrYhVOz1GHYAYQ==
-----END CERTIFICATE-----