Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/yPl8FLi7qXKvUJpMY_TIdKZdmSg.roa
File:                     yPl8FLi7qXKvUJpMY_TIdKZdmSg.roa (raw, json)
Hash identifier:          SZpF1vhphYHjMaPXtJW72vX9z9fHJ05llU8uFmiL02Q=
Subject key identifier:   C8:F9:7C:14:B8:BB:A9:72:AF:50:9A:4C:63:F4:C8:74:A6:5D:99:28
Certificate issuer:       /CN=55fad96dd05af8c2d26192c841131f2f97459fed
Certificate serial:       018CC424851998B66C84DC9F6148F63AC540
Authority key identifier: 55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/yPl8FLi7qXKvUJpMY_TIdKZdmSg.roa
Signing time:             Mon 01 Jan 2024 08:29:36 +0000
ROA not before:           Mon 01 Jan 2024 08:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203008
IP address blocks:        2a0e:3302::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:85:19:98:b6:6c:84:dc:9f:61:48:f6:3a:c5:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55fad96dd05af8c2d26192c841131f2f97459fed
        Validity
            Not Before: Jan  1 08:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8f97c14b8bba972af509a4c63f4c874a65d9928
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7a:d4:74:5b:d3:c3:5f:82:fd:71:43:27:e7:
                    27:a8:eb:ce:a0:73:df:2f:fa:b3:48:72:be:8a:e7:
                    ce:15:a8:3e:0d:de:ab:fa:27:0a:30:29:2b:ca:16:
                    be:7b:c4:0d:24:ec:d6:ff:c9:e0:91:c6:e1:e4:32:
                    58:2e:cd:bf:50:83:2d:54:ba:4b:22:e1:c1:86:12:
                    95:0a:81:5d:5a:3e:a8:d2:0b:48:78:ff:42:88:c3:
                    29:58:8d:b0:ba:fd:01:7c:f8:32:af:c2:74:4e:bf:
                    8b:33:38:10:b5:7d:60:e5:1e:04:f4:ab:8e:28:aa:
                    50:83:6b:2e:26:21:aa:d4:a7:ee:b1:35:e6:82:86:
                    39:01:22:75:8a:1c:e6:0e:58:94:72:7f:f1:22:c7:
                    d4:a8:5d:9c:bd:86:23:fc:1d:d2:f8:22:72:75:e6:
                    65:99:03:aa:d0:59:bd:a5:1b:60:c5:29:dd:a7:f4:
                    4a:fe:ba:db:c9:6b:22:b8:c1:fb:5c:1d:41:29:da:
                    8c:b5:70:de:d0:a5:3f:d1:f4:9f:d5:ed:26:22:49:
                    41:33:0d:e7:c5:89:23:7a:e6:c0:f9:88:8f:f7:21:
                    6a:64:28:6d:5b:c6:06:67:ab:7a:f4:75:c2:37:63:
                    9f:b1:4b:53:46:87:08:b3:ee:cc:fd:fe:2e:02:b6:
                    b9:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:F9:7C:14:B8:BB:A9:72:AF:50:9A:4C:63:F4:C8:74:A6:5D:99:28
            X509v3 Authority Key Identifier:
                keyid:55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/yPl8FLi7qXKvUJpMY_TIdKZdmSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:3302::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:0f:cc:a9:43:b6:f1:bb:9d:83:dd:02:1b:f6:a3:31:88:b7:
         21:c6:9a:8f:4c:88:2d:eb:5a:46:f5:f2:6c:c1:71:06:24:22:
         14:b5:ca:ee:ce:8f:ae:9c:e0:55:40:5d:78:a1:f1:5e:78:64:
         e6:14:a9:31:fc:dd:f1:cf:1d:45:b1:ad:1d:b7:8c:c6:21:38:
         ca:98:38:3f:a7:07:2f:0f:e5:8e:37:15:b3:0a:3b:33:5c:ea:
         65:3b:d4:1a:5b:34:e3:53:33:95:f0:d2:96:89:94:0f:e5:e9:
         f0:fd:3b:1e:af:7a:ea:f9:e3:99:da:56:08:76:6d:6e:72:45:
         20:34:ca:c4:1f:53:13:c9:d0:21:b5:d8:21:36:b0:74:67:a8:
         c9:7d:68:5f:dc:5d:7e:dd:07:23:01:98:51:8d:bb:14:75:88:
         63:12:ca:be:a6:7d:06:0c:35:74:8c:44:18:c0:bd:a7:fe:f0:
         eb:b3:6b:99:a8:94:f1:ad:5a:ed:ef:12:56:23:4c:19:d3:4c:
         68:e7:72:3e:bb:fe:e5:81:e1:56:c5:57:55:9f:d8:b4:2d:ac:
         a5:a3:0a:39:61:c1:9a:ac:73:cf:b2:50:51:51:7a:ac:85:4f:
         54:56:5c:4b:f4:3e:06:c2:90:26:48:b8:1a:83:d2:85:92:db:
         22:5a:04:11
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEJIUZmLZshNyfYUj2OsVAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZmFkOTZkZDA1YWY4YzJkMjYxOTJjODQxMTMxZjJmOTc0
NTlmZWQwHhcNMjQwMTAxMDgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGY5N2MxNGI4YmJhOTcyYWY1MDlhNGM2M2Y0Yzg3NGE2NWQ5OTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXrUdFvTw1+C/XFDJ+cnqOvOoHPf
L/qzSHK+iufOFag+Dd6r+icKMCkryha+e8QNJOzW/8ngkcbh5DJYLs2/UIMtVLpL
IuHBhhKVCoFdWj6o0gtIeP9CiMMpWI2wuv0BfPgyr8J0Tr+LMzgQtX1g5R4E9KuO
KKpQg2suJiGq1KfusTXmgoY5ASJ1ihzmDliUcn/xIsfUqF2cvYYj/B3S+CJydeZl
mQOq0Fm9pRtgxSndp/RK/rrbyWsiuMH7XB1BKdqMtXDe0KU/0fSf1e0mIklBMw3n
xYkjeubA+YiP9yFqZChtW8YGZ6t69HXCN2OfsUtTRocIs+7M/f4uAra5+wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMj5fBS4u6lyr1CaTGP0yHSmXZkoMB8GA1UdIwQY
MBaAFFX62W3QWvjC0mGSyEETHy+XRZ/tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAt
MzBmZjJjODNmMDAxLzEveVBsOEZMaTdxWEt2VUpwTVlfVElkS1pkbVNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAtMzBmZjJjODNmMDAx
LzEvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg4zAjAN
BgkqhkiG9w0BAQsFAAOCAQEAUw/MqUO28budg90CG/ajMYi3Icaaj0yILetaRvXy
bMFxBiQiFLXK7s6PrpzgVUBdeKHxXnhk5hSpMfzd8c8dRbGtHbeMxiE4ypg4P6cH
Lw/ljjcVswo7M1zqZTvUGls041MzlfDSlomUD+Xp8P07Hq966vnjmdpWCHZtbnJF
IDTKxB9TE8nQIbXYITawdGeoyX1oX9xdft0HIwGYUY27FHWIYxLKvqZ9Bgw1dIxE
GMC9p/7w67NrmaiU8a1a7e8SViNMGdNMaOdyPrv+5YHhVsVXVZ/YtC2spaMKOWHB
mqxzz7JQUVF6rIVPVFZcS/Q+BsKQJki4GoPShZLbIloEEQ==
-----END CERTIFICATE-----