Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/yt3xlGG_vpTJK0vPnCvUU305iOk.roa
File:                     yt3xlGG_vpTJK0vPnCvUU305iOk.roa (raw, json)
Hash identifier:          Cj+9WDQl6HHcaE1ziPlvV5Cv5cfchUt6mNY8xca5dmg=
Subject key identifier:   CA:DD:F1:94:61:BF:BE:94:C9:2B:4B:CF:9C:2B:D4:53:7D:39:88:E9
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018D8F29C5AC2E3A3623BECE036A651397D8
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/yt3xlGG_vpTJK0vPnCvUU305iOk.roa
Signing time:             Fri 09 Feb 2024 18:38:15 +0000
ROA not before:           Fri 09 Feb 2024 18:38:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215577
IP address blocks:        2a07:e345:200::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8f:29:c5:ac:2e:3a:36:23:be:ce:03:6a:65:13:97:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Feb  9 18:38:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=caddf19461bfbe94c92b4bcf9c2bd4537d3988e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f2:eb:82:cb:49:d7:1e:23:cd:52:dd:54:94:
                    8c:4b:c9:20:f3:41:59:22:67:d4:09:8a:6e:15:65:
                    05:61:68:62:e7:72:71:9d:c8:f0:c2:c6:06:ec:9c:
                    07:50:b6:a3:2a:21:e9:2a:e2:48:c5:0b:e3:07:49:
                    8e:e7:bc:f0:54:39:fc:b1:ff:64:70:d4:c6:3b:b6:
                    76:d7:27:ac:b2:7a:e0:53:3d:c0:91:88:34:10:30:
                    19:40:67:7d:65:8c:1d:0c:97:b8:0b:22:0a:d0:a6:
                    c1:d8:84:c2:59:19:cf:2f:54:91:80:20:3f:4a:db:
                    8f:fa:9a:57:c2:aa:90:a9:7d:b5:db:19:19:4d:66:
                    d8:95:f3:58:f6:34:c7:83:58:80:0c:ce:d3:ea:0f:
                    54:11:b3:92:ab:10:04:56:1f:b4:97:2e:e3:f1:77:
                    41:74:59:2a:7b:28:2e:bc:dc:ba:f0:2a:1b:6f:e6:
                    d6:0c:78:d5:92:94:b8:93:8a:6c:01:64:c9:0f:89:
                    d9:9c:b1:6b:44:4b:5d:95:47:7b:b4:09:8f:8f:4e:
                    e1:a0:18:51:c9:c4:c7:1d:54:39:c0:7e:84:93:85:
                    c0:b4:bf:64:f7:21:e1:fe:16:1b:4b:5c:43:fa:c5:
                    77:b4:fc:e3:b3:3b:73:14:5c:3d:7f:db:45:c2:24:
                    53:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:DD:F1:94:61:BF:BE:94:C9:2B:4B:CF:9C:2B:D4:53:7D:39:88:E9
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/yt3xlGG_vpTJK0vPnCvUU305iOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:e345:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:4b:56:36:0b:cd:61:3d:a1:e7:7a:c2:f2:32:2d:f5:2c:34:
         f8:70:f3:23:f6:ea:fc:93:00:01:be:75:24:9d:00:b5:bc:64:
         98:b2:b4:ac:05:89:51:99:48:8b:7d:ce:40:48:db:86:d5:26:
         ec:a6:70:f6:b0:3a:c6:2e:78:de:5e:90:2f:42:14:2f:3e:7a:
         29:ef:58:fc:4c:5f:9e:19:55:a4:e6:ee:21:e1:e1:a6:b3:38:
         54:dd:3a:d8:de:9a:5e:9e:d3:89:e2:79:75:04:5e:0f:0e:e3:
         09:2b:e6:8a:92:a5:ce:ee:40:0b:dd:a6:71:b5:2a:62:a6:ef:
         47:41:8d:bd:dd:2a:82:d5:8e:0f:ca:88:70:6a:fa:44:21:8e:
         82:83:35:cf:6d:dd:59:4e:1a:61:b0:7c:1b:52:87:cb:4c:7e:
         61:19:f8:ef:8c:62:9d:cf:32:8b:f6:a9:a4:1f:ab:dc:8d:6c:
         e7:b6:c6:76:e4:4b:a7:a2:81:6f:97:21:14:8d:b9:09:6a:79:
         7e:6d:e3:c4:51:3c:1b:d4:c2:52:22:4d:17:f7:b1:91:67:42:
         f6:e4:8c:fc:e1:81:9d:c6:30:bb:37:4e:2e:52:c9:2b:5d:61:
         d9:a8:91:ae:3e:29:10:6d:d6:78:20:16:bb:4f:ac:29:b7:a9:
         6d:59:1e:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2PKcWsLjo2I77OA2plE5fYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwMjA5MTgzODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWRkZjE5NDYxYmZiZTk0YzkyYjRiY2Y5YzJiZDQ1MzdkMzk4OGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPLrgstJ1x4jzVLdVJSMS8kg80FZ
ImfUCYpuFWUFYWhi53JxncjwwsYG7JwHULajKiHpKuJIxQvjB0mO57zwVDn8sf9k
cNTGO7Z21yessnrgUz3AkYg0EDAZQGd9ZYwdDJe4CyIK0KbB2ITCWRnPL1SRgCA/
StuP+ppXwqqQqX212xkZTWbYlfNY9jTHg1iADM7T6g9UEbOSqxAEVh+0ly7j8XdB
dFkqeyguvNy68Cobb+bWDHjVkpS4k4psAWTJD4nZnLFrREtdlUd7tAmPj07hoBhR
ycTHHVQ5wH6Ek4XAtL9k9yHh/hYbS1xD+sV3tPzjsztzFFw9f9tFwiRT2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMrd8ZRhv76UyStLz5wr1FN9OYjpMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEveXQzeGxHR192cFRKSzB2UG5DdlVVMzA1aU9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgfjRQIA
MA0GCSqGSIb3DQEBCwUAA4IBAQAJS1Y2C81hPaHnesLyMi31LDT4cPMj9ur8kwAB
vnUknQC1vGSYsrSsBYlRmUiLfc5ASNuG1SbspnD2sDrGLnjeXpAvQhQvPnop71j8
TF+eGVWk5u4h4eGmszhU3TrY3ppentOJ4nl1BF4PDuMJK+aKkqXO7kAL3aZxtSpi
pu9HQY293SqC1Y4PyohwavpEIY6CgzXPbd1ZThphsHwbUofLTH5hGfjvjGKdzzKL
9qmkH6vcjWzntsZ25EunooFvlyEUjbkJanl+bePEUTwb1MJSIk0X97GRZ0L25Iz8
4YGdxjC7N04uUskrXWHZqJGuPikQbdZ4IBa7T6wpt6ltWR5/
-----END CERTIFICATE-----