Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/YQqFWSrC54u8FrqOFQO1nffcgkQ.roa
File:                     YQqFWSrC54u8FrqOFQO1nffcgkQ.roa (raw, json)
Hash identifier:          hW8+/d9YwiWl9Mc7RiCFUnPcBQdXxStRu5QkIx5FxNY=
Subject key identifier:   61:0A:85:59:2A:C2:E7:8B:BC:16:BA:8E:15:03:B5:9D:F7:DC:82:44
Certificate issuer:       /CN=c441738baab988b1d68693bb05e29bfbb4f0f671
Certificate serial:       018CC501532546FAECD7154C0F750F0BD5CC
Authority key identifier: C4:41:73:8B:AA:B9:88:B1:D6:86:93:BB:05:E2:9B:FB:B4:F0:F6:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/YQqFWSrC54u8FrqOFQO1nffcgkQ.roa
Signing time:             Mon 01 Jan 2024 12:30:47 +0000
ROA not before:           Mon 01 Jan 2024 12:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61201
IP address blocks:        2a00:eb0:100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:53:25:46:fa:ec:d7:15:4c:0f:75:0f:0b:d5:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c441738baab988b1d68693bb05e29bfbb4f0f671
        Validity
            Not Before: Jan  1 12:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=610a85592ac2e78bbc16ba8e1503b59df7dc8244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:3a:db:61:11:40:73:65:ee:f9:27:12:a9:3f:
                    d2:18:61:5b:8a:09:82:9b:45:9c:e1:37:24:47:52:
                    7c:5d:ea:ff:0a:cc:c4:d4:14:7a:55:9e:29:83:88:
                    ed:67:08:59:02:6a:22:e8:3d:0e:35:ac:72:02:11:
                    2d:87:8f:59:4a:69:14:8c:c8:f3:e7:e9:b4:b3:1e:
                    cd:91:4b:e9:1b:d5:b4:c1:04:6d:91:fa:ec:35:fc:
                    e9:68:8c:e3:15:d3:f3:49:cf:be:d0:e0:b0:17:29:
                    da:db:c3:fd:62:5a:50:21:9f:bf:88:51:bb:54:f0:
                    9b:ed:ca:15:a8:5f:dd:2a:3c:ae:94:cf:55:47:dc:
                    22:03:34:fa:b8:c6:24:ce:08:26:19:ee:99:e3:1b:
                    40:7a:d2:0d:3b:6f:e9:1b:fe:8f:12:70:d6:24:30:
                    8e:15:1b:00:2c:1c:f9:7b:25:83:29:be:df:64:d1:
                    5a:de:f9:86:80:e7:18:2a:ba:5d:5d:38:dd:c3:cc:
                    b4:b7:b2:5a:ba:f5:91:69:e6:ee:c2:08:64:8d:f7:
                    f4:2d:6c:c7:85:05:9a:6c:f1:d0:70:ba:16:9d:71:
                    d9:5e:c8:d2:09:cd:3d:9a:9c:cc:2e:e4:bc:5c:27:
                    39:9c:ed:65:05:c5:5e:b5:48:4e:1e:4a:a8:1a:18:
                    7c:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:0A:85:59:2A:C2:E7:8B:BC:16:BA:8E:15:03:B5:9D:F7:DC:82:44
            X509v3 Authority Key Identifier:
                keyid:C4:41:73:8B:AA:B9:88:B1:D6:86:93:BB:05:E2:9B:FB:B4:F0:F6:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/YQqFWSrC54u8FrqOFQO1nffcgkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:eb0:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:45:b8:f8:19:c8:ae:1c:d0:c0:f5:61:0c:32:22:a8:2c:38:
         16:35:5f:3a:12:1a:50:f0:37:82:7d:78:c7:ad:a4:e9:77:4d:
         e8:8e:12:14:4c:ba:bf:f4:6a:a0:e7:a4:3c:c7:8f:d4:84:6f:
         2c:89:94:77:77:a8:44:03:43:2b:5e:80:62:e2:db:8e:52:dc:
         63:bd:2a:d9:33:c3:df:43:27:e3:7b:43:84:bb:49:43:ab:c4:
         e4:6c:87:90:9e:dc:28:a6:7c:aa:65:22:5c:e0:70:c1:fe:7f:
         b1:d0:2d:d2:d1:f9:fa:bd:0e:a4:43:2f:ad:5c:9b:b5:12:28:
         e0:5e:d5:93:e4:88:5c:ff:66:a1:74:64:d5:cb:6d:9f:d7:c5:
         9f:5e:86:d6:c2:17:c4:d3:a1:d0:42:07:72:02:df:0b:62:d8:
         0f:f3:55:62:58:92:f3:2a:29:4e:cb:fe:29:4a:52:82:7d:e4:
         1e:6e:cd:8e:32:f0:df:9c:c5:af:a4:bb:01:e7:da:f6:50:61:
         f5:0d:a1:ce:07:fa:cb:d0:87:9e:37:2b:d9:00:9a:b0:cb:7f:
         df:bc:54:84:9a:b1:fe:63:93:7a:2e:ae:c3:02:48:96:26:d9:
         7c:cb:ae:59:a8:e2:ea:38:d4:a6:38:c9:c3:5b:91:d6:ca:f1:
         af:56:b6:2e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAVMlRvrs1xVMD3UPC9XMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NDE3MzhiYWFiOTg4YjFkNjg2OTNiYjA1ZTI5YmZiYjRm
MGY2NzEwHhcNMjQwMTAxMTIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTBhODU1OTJhYzJlNzhiYmMxNmJhOGUxNTAzYjU5ZGY3ZGM4MjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjrbYRFAc2Xu+ScSqT/SGGFbigmC
m0Wc4TckR1J8Xer/CszE1BR6VZ4pg4jtZwhZAmoi6D0ONaxyAhEth49ZSmkUjMjz
5+m0sx7NkUvpG9W0wQRtkfrsNfzpaIzjFdPzSc++0OCwFyna28P9YlpQIZ+/iFG7
VPCb7coVqF/dKjyulM9VR9wiAzT6uMYkzggmGe6Z4xtAetINO2/pG/6PEnDWJDCO
FRsALBz5eyWDKb7fZNFa3vmGgOcYKrpdXTjdw8y0t7JauvWRaebuwghkjff0LWzH
hQWabPHQcLoWnXHZXsjSCc09mpzMLuS8XCc5nO1lBcVetUhOHkqoGhh85QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGEKhVkqwueLvBa6jhUDtZ333IJEMB8GA1UdIwQY
MBaAFMRBc4uquYix1oaTuwXim/u08PZxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEVGemk2cTVpTEhXaHBPN0JlS2ItN1R3OW5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9mODMxNGUtYTNiYy00NWU5LWE5ZjUt
NGM5OGQ5YTUxNDA1LzEvWVFxRldTckM1NHU4RnJxT0ZRTzFuZmZjZ2tRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9mODMxNGUtYTNiYy00NWU5LWE5ZjUtNGM5OGQ5YTUxNDA1
LzEveEVGemk2cTVpTEhXaHBPN0JlS2ItN1R3OW5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAOsAEA
MA0GCSqGSIb3DQEBCwUAA4IBAQCnRbj4GciuHNDA9WEMMiKoLDgWNV86EhpQ8DeC
fXjHraTpd03ojhIUTLq/9Gqg56Q8x4/UhG8siZR3d6hEA0MrXoBi4tuOUtxjvSrZ
M8PfQyfje0OEu0lDq8TkbIeQntwopnyqZSJc4HDB/n+x0C3S0fn6vQ6kQy+tXJu1
EijgXtWT5Ihc/2ahdGTVy22f18WfXobWwhfE06HQQgdyAt8LYtgP81ViWJLzKilO
y/4pSlKCfeQebs2OMvDfnMWvpLsB59r2UGH1DaHOB/rL0IeeNyvZAJqwy3/fvFSE
mrH+Y5N6Lq7DAkiWJtl8y65ZqOLqONSmOMnDW5HWyvGvVrYu
-----END CERTIFICATE-----