Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/yk4UXBsmY3Ec43JYuC15qbTogEk.roa
File:                     yk4UXBsmY3Ec43JYuC15qbTogEk.roa (raw, json)
Hash identifier:          OubHujtzIRF6gSogYd2yzvDcpohPvjeuzmEVIPZenhY=
Subject key identifier:   CA:4E:14:5C:1B:26:63:71:1C:E3:72:58:B8:2D:79:A9:B4:E8:80:49
Certificate issuer:       /CN=2793bde946ae936d3cacc136a5f3239edf2431f4
Certificate serial:       018CC86F058EAAA7B9074AE1749C96774C37
Authority key identifier: 27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/yk4UXBsmY3Ec43JYuC15qbTogEk.roa
Signing time:             Tue 02 Jan 2024 04:29:28 +0000
ROA not before:           Tue 02 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202634
IP address blocks:        2a0b:8dc0::/29 maxlen: 29
                          2a0f:6840::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:05:8e:aa:a7:b9:07:4a:e1:74:9c:96:77:4c:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2793bde946ae936d3cacc136a5f3239edf2431f4
        Validity
            Not Before: Jan  2 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca4e145c1b2663711ce37258b82d79a9b4e88049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:04:55:37:49:34:55:15:7f:8c:a1:d8:e1:49:
                    21:c8:5b:65:e5:a4:de:ac:8f:96:f4:8a:66:2f:24:
                    cf:77:c9:95:55:b8:7c:69:de:2f:c1:10:80:61:69:
                    10:5f:41:b4:96:88:10:e1:95:a6:b5:56:8a:6b:f5:
                    f4:94:1d:2e:71:10:62:48:d6:d7:6b:43:94:27:e9:
                    c4:33:6e:61:14:dd:46:56:cf:6c:91:2d:71:55:65:
                    9c:3c:7c:21:ae:66:44:42:46:3d:93:a2:c2:3d:e1:
                    cf:e5:d7:d6:da:82:ac:ce:93:6b:f6:e5:b2:09:29:
                    1c:b3:68:01:f2:a3:7f:a7:12:5e:14:44:35:d9:ca:
                    22:3b:5f:c4:18:78:b3:68:52:2c:29:f4:b3:e3:2a:
                    ab:22:e7:71:a7:51:50:46:de:69:0e:81:5a:1c:bf:
                    ff:f0:5c:bf:fe:00:39:6e:c1:7d:9a:ea:56:85:80:
                    89:98:57:8b:47:c9:cb:c8:fc:56:cf:eb:1e:3b:a8:
                    0e:7b:96:b6:e2:3a:d7:08:8b:35:61:18:76:40:be:
                    be:0e:5f:08:dc:52:11:6e:78:5c:24:c0:f3:e5:9b:
                    44:0b:bf:2c:0d:c1:2a:91:fd:76:2b:02:4c:fd:f1:
                    73:01:86:d4:9e:18:68:a2:95:a3:a9:dd:70:1f:a0:
                    1f:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:4E:14:5C:1B:26:63:71:1C:E3:72:58:B8:2D:79:A9:B4:E8:80:49
            X509v3 Authority Key Identifier:
                keyid:27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/yk4UXBsmY3Ec43JYuC15qbTogEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:8dc0::/29
                  2a0f:6840::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:46:59:55:38:4d:6b:f5:81:50:1f:ab:1c:94:95:94:f0:95:
         c8:5a:b0:23:fd:c4:f6:b6:ee:cd:59:4f:cf:7c:b2:74:00:e8:
         3d:4c:0e:9c:87:79:37:27:cb:12:a8:30:4c:d2:0d:20:9e:4f:
         13:cf:49:26:63:e9:30:ee:0b:a1:5a:73:91:72:3e:a0:62:03:
         67:eb:2e:93:96:2c:23:25:d1:77:b7:0c:45:16:6b:23:98:36:
         b7:75:2e:93:ed:d6:7f:bd:1b:66:4b:31:a6:d5:00:88:51:bc:
         e3:f9:68:37:53:2e:20:b4:a2:c5:8f:97:e7:65:56:3a:77:79:
         d0:a7:e9:7f:a3:a6:d7:e1:5c:1d:e3:67:99:93:7e:07:85:96:
         f6:40:83:e4:29:90:53:c4:03:94:a3:8e:24:fe:11:ba:8f:79:
         be:bc:bd:eb:86:df:d7:15:da:a7:d7:6b:23:bd:91:5b:20:75:
         44:fd:29:3c:e4:ce:22:3a:7a:8f:55:de:7a:9e:89:5c:11:54:
         4a:41:3e:d0:86:fe:6a:d1:64:54:12:50:0c:99:58:18:91:c9:
         d6:51:bd:62:0b:82:11:01:4e:36:2a:b9:e1:45:51:00:74:9c:
         b7:ae:a3:bc:8d:21:80:c1:63:7d:fe:6a:5e:12:aa:f8:76:7e:
         a5:02:87:ca
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIbwWOqqe5B0rhdJyWd0w3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTNiZGU5NDZhZTkzNmQzY2FjYzEzNmE1ZjMyMzllZGYy
NDMxZjQwHhcNMjQwMTAyMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTRlMTQ1YzFiMjY2MzcxMWNlMzcyNThiODJkNzlhOWI0ZTg4MDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArARVN0k0VRV/jKHY4UkhyFtl5aTe
rI+W9IpmLyTPd8mVVbh8ad4vwRCAYWkQX0G0logQ4ZWmtVaKa/X0lB0ucRBiSNbX
a0OUJ+nEM25hFN1GVs9skS1xVWWcPHwhrmZEQkY9k6LCPeHP5dfW2oKszpNr9uWy
CSkcs2gB8qN/pxJeFEQ12coiO1/EGHizaFIsKfSz4yqrIudxp1FQRt5pDoFaHL//
8Fy//gA5bsF9mupWhYCJmFeLR8nLyPxWz+seO6gOe5a24jrXCIs1YRh2QL6+Dl8I
3FIRbnhcJMDz5ZtEC78sDcEqkf12KwJM/fFzAYbUnhhoopWjqd1wH6Af6wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMpOFFwbJmNxHONyWLgteam06IBJMB8GA1UdIwQY
MBaAFCeTvelGrpNtPKzBNqXzI57fJDH0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2Et
OTJjM2JmNzRhOTdiLzEveWs0VVhCc21ZM0VjNDNKWXVDMTVxYlRvZ0VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2EtOTJjM2JmNzRhOTdi
LzEvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKguNwAMF
AyoPaEAwDQYJKoZIhvcNAQELBQADggEBAAxGWVU4TWv1gVAfqxyUlZTwlchasCP9
xPa27s1ZT898snQA6D1MDpyHeTcnyxKoMEzSDSCeTxPPSSZj6TDuC6Fac5FyPqBi
A2frLpOWLCMl0Xe3DEUWayOYNrd1LpPt1n+9G2ZLMabVAIhRvOP5aDdTLiC0osWP
l+dlVjp3edCn6X+jptfhXB3jZ5mTfgeFlvZAg+QpkFPEA5SjjiT+EbqPeb68veuG
39cV2qfXayO9kVsgdUT9KTzkziI6eo9V3nqeiVwRVEpBPtCG/mrRZFQSUAyZWBiR
ydZRvWILghEBTjYqueFFUQB0nLeuo7yNIYDBY33+al4Sqvh2fqUCh8o=
-----END CERTIFICATE-----