Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/IvYSO-4EKOiuvKf6uNuqHrAOXmY.roa
File:                     IvYSO-4EKOiuvKf6uNuqHrAOXmY.roa (raw, json)
Hash identifier:          rFgpDcrDt+KUX/ENBAuqEcFOaPtbL0N7zICJieULzEY=
Subject key identifier:   22:F6:12:3B:EE:04:28:E8:AE:BC:A7:FA:B8:DB:AA:1E:B0:0E:5E:66
Certificate issuer:       /CN=3d0483538737453e2f57ffb57499c3922e83636d
Certificate serial:       018CC9BC3FB774592D15F6A089B7306DE4E9
Authority key identifier: 3D:04:83:53:87:37:45:3E:2F:57:FF:B5:74:99:C3:92:2E:83:63:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/IvYSO-4EKOiuvKf6uNuqHrAOXmY.roa
Signing time:             Tue 02 Jan 2024 10:33:26 +0000
ROA not before:           Tue 02 Jan 2024 10:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200482
IP address blocks:        2a07:6d40:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 22:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:3f:b7:74:59:2d:15:f6:a0:89:b7:30:6d:e4:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d0483538737453e2f57ffb57499c3922e83636d
        Validity
            Not Before: Jan  2 10:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22f6123bee0428e8aebca7fab8dbaa1eb00e5e66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:69:72:b1:41:de:f9:25:4d:cc:5e:48:c4:d2:
                    4a:81:91:d3:2b:1e:58:f4:79:1b:be:16:a3:67:8b:
                    b7:a3:89:cc:e9:8f:67:01:7c:5d:45:c5:6a:12:1a:
                    9a:a6:3c:5b:dd:a8:d3:19:6c:83:03:29:c0:b7:b2:
                    10:c0:6f:d7:74:cf:b1:7e:4e:5b:b4:31:89:16:03:
                    96:04:68:aa:dd:f1:0e:fa:68:bb:22:ca:3e:d5:37:
                    28:5f:dd:43:68:c4:32:2d:71:59:c4:13:bb:b0:4f:
                    ca:0a:74:a6:1f:23:6a:13:96:b8:f3:3e:3c:9f:b9:
                    7d:40:18:92:a0:cc:55:6f:31:97:0f:ea:d0:4d:c7:
                    00:ec:db:0a:5a:96:20:87:af:67:e6:80:de:7a:7c:
                    f7:99:55:97:04:4d:63:48:aa:b6:a1:52:fa:2c:85:
                    3d:b6:d3:ff:e9:26:22:4b:39:96:25:09:3d:b7:67:
                    de:b7:4d:99:9d:55:dd:74:e4:4b:01:2e:22:f5:c4:
                    39:dd:fc:08:6c:66:b2:49:3f:ad:b7:e9:1f:d9:98:
                    4d:92:9c:81:1a:85:22:91:03:bf:d0:25:29:c4:5c:
                    c2:99:ac:dd:d7:f5:7c:cd:bf:e5:63:d4:c0:fb:bb:
                    e4:66:93:f7:22:fc:91:62:35:b3:93:6b:b1:f2:e5:
                    a8:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:F6:12:3B:EE:04:28:E8:AE:BC:A7:FA:B8:DB:AA:1E:B0:0E:5E:66
            X509v3 Authority Key Identifier:
                keyid:3D:04:83:53:87:37:45:3E:2F:57:FF:B5:74:99:C3:92:2E:83:63:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/IvYSO-4EKOiuvKf6uNuqHrAOXmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:6d40:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:2b:76:5e:2c:a9:69:aa:63:f8:d0:23:ec:c0:0a:4d:30:be:
         73:4a:3c:b1:58:b6:b6:2a:fb:f0:56:58:57:3f:9b:ef:6c:21:
         1d:98:d1:6e:65:5b:25:57:19:e0:6c:38:9b:be:31:86:be:76:
         ff:71:fb:03:2a:00:ed:2b:63:ca:04:08:23:d0:39:23:32:ad:
         10:87:a5:c0:09:ab:ef:a4:0e:9b:2e:48:0e:f8:9b:17:2b:ba:
         b8:cb:6d:cf:1d:99:c9:63:c0:9e:6d:e6:8a:10:39:d5:0d:64:
         5c:61:b4:eb:08:7f:db:a9:c3:8e:9c:57:44:6a:6f:ac:95:f3:
         33:44:d7:6d:e5:75:9e:68:7b:0d:63:73:c8:05:78:d7:b1:e5:
         05:98:a3:19:74:55:1d:c9:cd:8c:ef:1e:f8:75:a6:aa:6d:8f:
         f2:28:5b:ea:22:69:86:2a:38:23:0c:39:89:2c:5b:85:d4:98:
         be:ad:eb:ed:f2:ad:ea:84:63:26:c0:4e:2a:dc:b8:a7:c6:d4:
         3a:18:af:af:07:78:4d:71:bf:82:b3:70:e2:2a:e5:f6:49:0d:
         b3:47:a6:de:3a:8d:b8:61:8d:65:84:ea:37:fe:e0:7c:37:01:
         d1:c4:21:99:b6:33:f3:40:46:1a:88:68:70:07:c1:70:b6:f0:
         8d:ff:94:52
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvD+3dFktFfagibcwbeTpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMDQ4MzUzODczNzQ1M2UyZjU3ZmZiNTc0OTljMzkyMmU4
MzYzNmQwHhcNMjQwMTAyMTAzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmY2MTIzYmVlMDQyOGU4YWViY2E3ZmFiOGRiYWExZWIwMGU1ZTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWlysUHe+SVNzF5IxNJKgZHTKx5Y
9HkbvhajZ4u3o4nM6Y9nAXxdRcVqEhqapjxb3ajTGWyDAynAt7IQwG/XdM+xfk5b
tDGJFgOWBGiq3fEO+mi7Iso+1TcoX91DaMQyLXFZxBO7sE/KCnSmHyNqE5a48z48
n7l9QBiSoMxVbzGXD+rQTccA7NsKWpYgh69n5oDeenz3mVWXBE1jSKq2oVL6LIU9
ttP/6SYiSzmWJQk9t2fet02ZnVXddORLAS4i9cQ53fwIbGayST+tt+kf2ZhNkpyB
GoUikQO/0CUpxFzCmazd1/V8zb/lY9TA+7vkZpP3IvyRYjWzk2ux8uWoCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCL2EjvuBCjorryn+rjbqh6wDl5mMB8GA1UdIwQY
MBaAFD0Eg1OHN0U+L1f/tXSZw5Iug2NtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFFTRFU0YzNSVDR2Vl8tMWRKbkRraTZEWTIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9lMTA2YzMtMGIxZi00MDEwLTg2ZjEt
NjVhNDZjOGU0MWU5LzEvSXZZU08tNEVLT2l1dktmNnVOdXFIckFPWG1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9lMTA2YzMtMGIxZi00MDEwLTg2ZjEtNjVhNDZjOGU0MWU5
LzEvUFFTRFU0YzNSVDR2Vl8tMWRKbkRraTZEWTIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgdtQAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCiK3ZeLKlpqmP40CPswApNML5zSjyxWLa2Kvvw
VlhXP5vvbCEdmNFuZVslVxngbDibvjGGvnb/cfsDKgDtK2PKBAgj0DkjMq0Qh6XA
CavvpA6bLkgO+JsXK7q4y23PHZnJY8CebeaKEDnVDWRcYbTrCH/bqcOOnFdEam+s
lfMzRNdt5XWeaHsNY3PIBXjXseUFmKMZdFUdyc2M7x74daaqbY/yKFvqImmGKjgj
DDmJLFuF1Ji+revt8q3qhGMmwE4q3LinxtQ6GK+vB3hNcb+Cs3DiKuX2SQ2zR6be
Oo24YY1lhOo3/uB8NwHRxCGZtjPzQEYaiGhwB8FwtvCN/5RS
-----END CERTIFICATE-----