Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/YkSODmQWK2LV6cPbww4RkPzIUp8.roa
File:                     YkSODmQWK2LV6cPbww4RkPzIUp8.roa (raw, json)
Hash identifier:          hkBf+BdQNIgN8IgdXcmtUkpLcOI+u7cXwezFhawWkmg=
Subject key identifier:   62:44:8E:0E:64:16:2B:62:D5:E9:C3:DB:C3:0E:11:90:FC:C8:52:9F
Certificate issuer:       /CN=6af9c540b146bb44c8219d01375c10124920ae9f
Certificate serial:       018CC8DE42B17C215BCB849EE2AC134FA190
Authority key identifier: 6A:F9:C5:40:B1:46:BB:44:C8:21:9D:01:37:5C:10:12:49:20:AE:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/avnFQLFGu0TIIZ0BN1wQEkkgrp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/YkSODmQWK2LV6cPbww4RkPzIUp8.roa
Signing time:             Tue 02 Jan 2024 06:30:58 +0000
ROA not before:           Tue 02 Jan 2024 06:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211442
IP address blocks:        2a10:e1c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/avnFQLFGu0TIIZ0BN1wQEkkgrp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/avnFQLFGu0TIIZ0BN1wQEkkgrp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/avnFQLFGu0TIIZ0BN1wQEkkgrp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:42:b1:7c:21:5b:cb:84:9e:e2:ac:13:4f:a1:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6af9c540b146bb44c8219d01375c10124920ae9f
        Validity
            Not Before: Jan  2 06:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62448e0e64162b62d5e9c3dbc30e1190fcc8529f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:91:c5:48:15:e7:84:fe:d7:d8:ad:20:e0:db:
                    7b:97:78:43:36:c9:98:9c:73:55:8d:6b:04:d3:62:
                    4b:14:05:b8:af:c9:e6:9a:e3:94:f0:f7:c5:01:bb:
                    11:c4:8b:14:9a:e8:8b:ee:f5:e1:1e:91:27:33:d9:
                    b4:49:c7:9b:ce:b4:c8:e7:1f:53:64:7b:1c:53:66:
                    1e:e0:b8:e2:c2:7a:2c:a2:64:ee:c9:fc:7b:e6:b3:
                    8c:a2:65:35:f5:b3:c2:17:1c:ea:b0:aa:2b:2a:b5:
                    f7:a4:e2:71:0f:ac:28:1c:f6:7a:ba:b8:cd:e3:fe:
                    42:16:ea:14:33:f9:4d:fd:16:bd:b0:db:e8:83:3a:
                    d7:bd:b7:86:16:14:9f:bd:3e:99:c9:d5:e7:35:6d:
                    ee:37:9a:08:d6:a5:f8:7b:cd:5f:fc:31:9a:e0:01:
                    a3:45:92:69:9b:0f:fe:e7:2a:69:0f:af:c9:c0:15:
                    44:3d:6d:50:38:d5:46:96:74:ff:b5:d2:de:4c:5f:
                    ff:82:d4:d2:8b:35:20:47:5e:a6:58:4a:c0:75:b2:
                    b2:50:f5:6c:1e:f9:a8:63:13:37:10:ba:65:42:a3:
                    99:84:40:7b:7f:6c:30:e0:9c:09:40:8b:da:c2:be:
                    39:0f:6f:79:b0:d1:11:dc:92:54:86:bf:1d:e1:d2:
                    a6:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:44:8E:0E:64:16:2B:62:D5:E9:C3:DB:C3:0E:11:90:FC:C8:52:9F
            X509v3 Authority Key Identifier:
                keyid:6A:F9:C5:40:B1:46:BB:44:C8:21:9D:01:37:5C:10:12:49:20:AE:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/avnFQLFGu0TIIZ0BN1wQEkkgrp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/YkSODmQWK2LV6cPbww4RkPzIUp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/avnFQLFGu0TIIZ0BN1wQEkkgrp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:e1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:1f:c0:2d:a9:36:e3:62:45:f2:d2:71:c9:ef:63:9b:8d:df:
         e6:28:81:63:a9:fa:46:74:cd:f8:db:55:fb:76:f6:4d:9e:91:
         3b:1b:b6:07:62:97:92:14:7b:e3:ac:22:c9:b1:83:48:99:e1:
         4c:22:23:30:26:1f:8e:da:da:e1:82:4c:2b:4f:e6:ec:ed:ec:
         f7:ac:d7:d6:0e:0f:5c:c1:b9:06:aa:e4:c5:71:27:53:2d:8f:
         5d:99:5f:77:1e:62:84:79:8c:3b:7b:f6:1c:db:b8:7e:b6:83:
         3d:21:1b:af:be:7a:9e:50:9a:66:41:f4:ad:6a:07:96:f9:7e:
         68:a0:b3:23:ce:93:e2:2b:2e:c2:d4:bd:bf:e4:3b:60:8b:47:
         ee:0b:fb:f1:ca:58:5d:6a:a4:27:2f:18:13:3e:0b:b7:59:62:
         4c:23:6a:7d:11:9c:cc:c5:cd:96:77:6c:fd:23:cb:89:91:0a:
         d1:5e:c1:b9:6d:be:09:8a:6e:5c:29:4e:77:a5:92:d3:3e:ac:
         35:e7:40:73:ae:64:af:0f:00:45:3c:ce:9e:cb:38:f3:33:88:
         eb:f0:1a:74:6f:d2:b2:f0:da:0a:ef:49:4d:35:4d:bb:74:22:
         c9:b2:e4:74:a1:af:4e:23:be:c5:ef:ae:f4:af:78:75:02:32:
         ba:a9:d9:89
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3kKxfCFby4Se4qwTT6GQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhZjljNTQwYjE0NmJiNDRjODIxOWQwMTM3NWMxMDEyNDky
MGFlOWYwHhcNMjQwMTAyMDYzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjQ0OGUwZTY0MTYyYjYyZDVlOWMzZGJjMzBlMTE5MGZjYzg1MjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpHFSBXnhP7X2K0g4Nt7l3hDNsmY
nHNVjWsE02JLFAW4r8nmmuOU8PfFAbsRxIsUmuiL7vXhHpEnM9m0ScebzrTI5x9T
ZHscU2Ye4LjiwnosomTuyfx75rOMomU19bPCFxzqsKorKrX3pOJxD6woHPZ6urjN
4/5CFuoUM/lN/Ra9sNvogzrXvbeGFhSfvT6ZydXnNW3uN5oI1qX4e81f/DGa4AGj
RZJpmw/+5yppD6/JwBVEPW1QONVGlnT/tdLeTF//gtTSizUgR16mWErAdbKyUPVs
HvmoYxM3ELplQqOZhEB7f2ww4JwJQIvawr45D295sNER3JJUhr8d4dKmswIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGJEjg5kFiti1enD28MOEZD8yFKfMB8GA1UdIwQY
MBaAFGr5xUCxRrtEyCGdATdcEBJJIK6fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXZuRlFMRkd1MFRJSVowQk4xd1FFa2tncnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zNzk1MjktZjQ2OS00MzYzLThiODct
NDIxYTk5YmRkNzhmLzEvWWtTT0RtUVdLMkxWNmNQYnd3NFJrUHpJVXA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zNzk1MjktZjQ2OS00MzYzLThiODctNDIxYTk5YmRkNzhm
LzEvYXZuRlFMRkd1MFRJSVowQk4xd1FFa2tncnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhDhwDAN
BgkqhkiG9w0BAQsFAAOCAQEACR/ALak242JF8tJxye9jm43f5iiBY6n6RnTN+NtV
+3b2TZ6ROxu2B2KXkhR746wiybGDSJnhTCIjMCYfjtra4YJMK0/m7O3s96zX1g4P
XMG5BqrkxXEnUy2PXZlfdx5ihHmMO3v2HNu4fraDPSEbr756nlCaZkH0rWoHlvl+
aKCzI86T4isuwtS9v+Q7YItH7gv78cpYXWqkJy8YEz4Lt1liTCNqfRGczMXNlnds
/SPLiZEK0V7BuW2+CYpuXClOd6WS0z6sNedAc65krw8ARTzOnss48zOI6/AadG/S
svDaCu9JTTVNu3QiybLkdKGvTiO+xe+u9K94dQIyuqnZiQ==
-----END CERTIFICATE-----