Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/Y3tZVYclwxj5F6U1ruBrFGvvbXI.roa
File:                     Y3tZVYclwxj5F6U1ruBrFGvvbXI.roa (raw, json)
Hash identifier:          gRKw1nTITGnxtd/q5D0uf5Cjdu9j/ERrphDkO1Dx4Ek=
Subject key identifier:   63:7B:59:55:87:25:C3:18:F9:17:A5:35:AE:E0:6B:14:6B:EF:6D:72
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       0190BD1A95852EAFB1DEBC5E9D3F6C6F782F
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/Y3tZVYclwxj5F6U1ruBrFGvvbXI.roa
Signing time:             Tue 16 Jul 2024 19:52:34 +0000
ROA not before:           Tue 16 Jul 2024 19:52:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214514
IP address blocks:        2a0a:79c0:600::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bd:1a:95:85:2e:af:b1:de:bc:5e:9d:3f:6c:6f:78:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jul 16 19:52:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=637b59558725c318f917a535aee06b146bef6d72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:30:ca:49:fa:dd:e8:36:cc:de:0a:e4:bd:93:
                    36:5a:fd:da:57:36:ea:3b:4d:cf:78:34:8e:ec:4d:
                    73:1c:22:3f:43:04:97:f2:02:03:58:06:bd:06:49:
                    e4:97:56:95:24:36:67:20:db:c2:c8:05:ae:b8:4c:
                    6d:3c:1a:d4:23:8b:8e:5d:ac:5f:ee:38:a1:ec:7c:
                    c6:54:98:5d:3d:50:1a:52:e7:a5:92:6d:7e:ff:c4:
                    75:15:9c:65:83:59:24:43:33:e0:56:fc:f5:ed:7c:
                    7b:be:27:37:9e:15:29:79:61:23:85:e5:e8:14:4e:
                    05:ba:9b:33:64:ad:f1:b0:71:7b:1e:19:f2:88:61:
                    05:2c:a1:ad:4c:e5:55:6f:1a:2c:bf:0e:78:2c:72:
                    fe:02:9d:5a:c3:70:2b:6e:6b:0e:f3:23:e7:ab:cf:
                    0c:8c:0b:7b:e8:57:17:c4:a2:1a:76:aa:bd:6e:36:
                    c7:d6:aa:ed:ee:24:be:96:e4:51:0c:cc:5c:2e:db:
                    68:b9:32:00:ae:86:37:96:fa:24:4d:b9:08:97:54:
                    21:8e:e2:9d:20:09:e7:8f:08:68:aa:31:4a:5f:7a:
                    f5:f1:bd:23:ad:28:ec:6f:f7:78:50:c4:13:13:1f:
                    e4:74:ad:8e:65:fd:f3:90:e2:c1:00:20:97:c0:78:
                    25:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:7B:59:55:87:25:C3:18:F9:17:A5:35:AE:E0:6B:14:6B:EF:6D:72
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/Y3tZVYclwxj5F6U1ruBrFGvvbXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:79c0:600::/44

    Signature Algorithm: sha256WithRSAEncryption
         d8:32:34:f3:23:82:ce:f4:a4:79:0c:d9:25:ba:6f:dc:6f:20:
         66:48:87:cb:fd:32:96:26:4c:0a:65:6e:e6:29:cb:73:7e:c3:
         e9:83:29:d6:f2:b8:e9:b6:a6:d9:56:67:e2:a8:0b:ab:07:9c:
         50:6e:3f:06:98:b7:c6:3b:5a:83:c9:9c:50:20:6a:ed:17:dc:
         35:85:96:ce:54:3b:1e:1b:7b:48:bb:ed:4c:58:19:df:6d:03:
         ac:27:7b:64:4a:10:c9:4a:95:8f:32:24:be:24:92:5c:02:af:
         61:8a:d4:76:a1:ba:4e:e1:49:21:4e:cb:60:7e:d9:15:92:74:
         e3:d9:86:4e:83:b5:8e:05:23:8b:4f:d1:3b:db:75:41:6f:e8:
         f1:06:d8:19:20:d5:cf:6b:3e:ec:28:bf:84:9a:92:22:b0:1e:
         d3:f8:8e:a6:8b:0f:4c:03:3c:b6:dc:7d:8f:12:9d:b9:d6:5e:
         d7:46:2a:3a:66:b7:43:52:45:68:64:07:3f:64:d8:2a:e7:b4:
         9f:02:a5:1d:a0:9d:0a:0a:f4:b7:a8:95:36:e4:e3:81:8f:cd:
         ae:39:51:40:a3:dd:be:de:4f:65:ec:22:f8:54:ab:db:6b:06:
         62:b0:c1:92:2a:95:22:ca:1e:fc:ba:6e:5c:31:27:36:24:a3:
         f8:c5:78:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZC9GpWFLq+x3rxenT9sb3gvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwNzE2MTk1MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzdiNTk1NTg3MjVjMzE4ZjkxN2E1MzVhZWUwNmIxNDZiZWY2ZDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjDKSfrd6DbM3grkvZM2Wv3aVzbq
O03PeDSO7E1zHCI/QwSX8gIDWAa9Bknkl1aVJDZnINvCyAWuuExtPBrUI4uOXaxf
7jih7HzGVJhdPVAaUuelkm1+/8R1FZxlg1kkQzPgVvz17Xx7vic3nhUpeWEjheXo
FE4FupszZK3xsHF7HhnyiGEFLKGtTOVVbxosvw54LHL+Ap1aw3ArbmsO8yPnq88M
jAt76FcXxKIadqq9bjbH1qrt7iS+luRRDMxcLttouTIAroY3lvokTbkIl1QhjuKd
IAnnjwhoqjFKX3r18b0jrSjsb/d4UMQTEx/kdK2OZf3zkOLBACCXwHgllQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGN7WVWHJcMY+RelNa7gaxRr721yMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvWTN0WlZZY2x3eGo1RjZVMXJ1QnJGR3Z2YlhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgp5wAYA
MA0GCSqGSIb3DQEBCwUAA4IBAQDYMjTzI4LO9KR5DNklum/cbyBmSIfL/TKWJkwK
ZW7mKctzfsPpgynW8rjptqbZVmfiqAurB5xQbj8GmLfGO1qDyZxQIGrtF9w1hZbO
VDseG3tIu+1MWBnfbQOsJ3tkShDJSpWPMiS+JJJcAq9hitR2obpO4UkhTstgftkV
knTj2YZOg7WOBSOLT9E723VBb+jxBtgZINXPaz7sKL+EmpIisB7T+I6miw9MAzy2
3H2PEp251l7XRio6ZrdDUkVoZAc/ZNgq57SfAqUdoJ0KCvS3qJU25OOBj82uOVFA
o92+3k9l7CL4VKvbawZisMGSKpUiyh78um5cMSc2JKP4xXi7
-----END CERTIFICATE-----