Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/yyPioYPL202O23xyB-0T1_JS4dQ.roa
File:                     yyPioYPL202O23xyB-0T1_JS4dQ.roa (raw, json)
Hash identifier:          2kwxqqGezXrPpfgYIo9wQ4mMsT6KHpVXboYluUw8b4o=
Subject key identifier:   CB:23:E2:A1:83:CB:DB:4D:8E:DB:7C:72:07:ED:13:D7:F2:52:E1:D4
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       018CC6B930741006F0CDAA4EA44744D317C7
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/yyPioYPL202O23xyB-0T1_JS4dQ.roa
Signing time:             Mon 01 Jan 2024 20:31:14 +0000
ROA not before:           Mon 01 Jan 2024 20:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6939
IP address blocks:        2a0e:da40:da40::/48 maxlen: 128
                          2a0e:da40:1::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:30:74:10:06:f0:cd:aa:4e:a4:47:44:d3:17:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jan  1 20:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb23e2a183cbdb4d8edb7c7207ed13d7f252e1d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ae:d3:ed:a6:9b:da:d9:b3:13:08:b9:36:a4:
                    37:a9:42:40:f2:db:51:f9:13:50:f6:29:57:c5:19:
                    1b:cb:4c:60:3c:71:80:51:29:fe:1e:ed:ed:40:89:
                    10:db:37:10:a9:4a:41:07:24:67:12:12:20:88:a7:
                    b6:9c:a7:07:16:a9:71:4b:e4:fc:5b:97:a6:53:7f:
                    7c:04:7f:fa:d6:94:d9:e7:51:de:3d:5d:6e:8b:65:
                    4c:d2:98:9a:f2:80:81:3b:51:5f:72:07:09:94:eb:
                    eb:c0:fc:ee:33:93:70:3c:c5:72:86:73:df:59:c5:
                    23:ae:35:49:d5:8b:42:5e:e8:5a:ee:86:97:eb:80:
                    3a:f6:27:48:e4:1c:3e:df:33:51:9a:ca:5d:aa:47:
                    4a:cc:c8:fb:d3:f4:47:f8:ba:79:5d:a1:28:72:77:
                    2a:a5:f5:4f:3a:72:f2:e4:27:ef:06:d0:2a:d3:25:
                    c7:9e:04:d9:e4:11:74:99:b9:ff:7b:b9:73:31:2f:
                    b0:7b:c4:09:e9:5d:7d:03:50:d9:88:a7:52:f4:5e:
                    1c:4c:74:93:5d:2d:68:cb:e0:64:1f:33:83:55:86:
                    43:c9:88:87:5e:de:6b:55:31:5b:cc:31:87:30:e1:
                    8f:29:ba:85:46:f8:c9:47:3f:9f:a4:27:de:97:40:
                    bb:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:23:E2:A1:83:CB:DB:4D:8E:DB:7C:72:07:ED:13:D7:F2:52:E1:D4
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/yyPioYPL202O23xyB-0T1_JS4dQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:da40:1::/48
                  2a0e:da40:da40::/48

    Signature Algorithm: sha256WithRSAEncryption
         bc:de:61:e6:35:55:e9:9f:b4:0e:19:9c:4b:56:67:4a:7d:f0:
         99:b6:c2:2e:81:49:a6:1c:1a:aa:03:d2:a1:aa:69:2a:7b:02:
         1f:70:42:6b:ba:df:3e:bd:17:e6:50:be:27:10:57:23:06:d5:
         4b:7f:a0:b2:c7:79:28:02:f8:51:3c:e1:ae:5d:1e:28:8b:2f:
         ba:1a:fc:88:4f:47:8b:9c:6c:04:56:22:a6:f5:03:07:28:c5:
         18:51:24:8a:bc:32:83:01:8f:0e:60:c7:87:ba:29:90:f1:1b:
         52:87:c5:c7:4c:fc:f8:b9:09:7a:dc:a1:e1:7b:0a:6e:d5:51:
         d2:03:ca:df:8e:9e:28:b4:70:09:39:f8:23:0d:73:4a:f5:c2:
         dd:e6:f5:0b:5d:4a:33:67:8f:85:7f:43:db:c5:a2:fb:d9:41:
         26:be:fa:52:52:a0:2b:fd:91:c2:2f:c4:da:6a:c5:7e:17:f1:
         86:25:88:04:ad:b9:fe:5e:1e:b8:af:38:c7:80:aa:6a:ef:fc:
         72:36:2d:fc:29:6e:48:b3:63:ab:26:49:42:0a:0b:22:3f:d5:
         ee:26:81:49:15:c1:68:02:d2:1b:5a:7d:d0:71:ce:46:dc:e1:
         4b:34:0f:1c:62:a6:58:7b:25:ab:7b:c2:a2:cb:e6:1b:d9:fe:
         38:7e:34:0e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGuTB0EAbwzapOpEdE0xfHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjQwMTAxMjAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjIzZTJhMTgzY2JkYjRkOGVkYjdjNzIwN2VkMTNkN2YyNTJlMWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgq7T7aab2tmzEwi5NqQ3qUJA8ttR
+RNQ9ilXxRkby0xgPHGAUSn+Hu3tQIkQ2zcQqUpBByRnEhIgiKe2nKcHFqlxS+T8
W5emU398BH/61pTZ51HePV1ui2VM0pia8oCBO1FfcgcJlOvrwPzuM5NwPMVyhnPf
WcUjrjVJ1YtCXuha7oaX64A69idI5Bw+3zNRmspdqkdKzMj70/RH+Lp5XaEocncq
pfVPOnLy5CfvBtAq0yXHngTZ5BF0mbn/e7lzMS+we8QJ6V19A1DZiKdS9F4cTHST
XS1oy+BkHzODVYZDyYiHXt5rVTFbzDGHMOGPKbqFRvjJRz+fpCfel0C7MQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMsj4qGDy9tNjtt8cgftE9fyUuHUMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEveXlQaW9ZUEwyMDJPMjN4eUItMFQxX0pTNGRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg7aQAAB
AwcAKg7aQNpAMA0GCSqGSIb3DQEBCwUAA4IBAQC83mHmNVXpn7QOGZxLVmdKffCZ
tsIugUmmHBqqA9KhqmkqewIfcEJrut8+vRfmUL4nEFcjBtVLf6Cyx3koAvhRPOGu
XR4oiy+6GvyIT0eLnGwEViKm9QMHKMUYUSSKvDKDAY8OYMeHuimQ8RtSh8XHTPz4
uQl63KHhewpu1VHSA8rfjp4otHAJOfgjDXNK9cLd5vULXUozZ4+Ff0PbxaL72UEm
vvpSUqAr/ZHCL8TaasV+F/GGJYgErbn+Xh64rzjHgKpq7/xyNi38KW5Is2OrJklC
CgsiP9XuJoFJFcFoAtIbWn3Qcc5G3OFLNA8cYqZYeyWre8Kiy+Yb2f44fjQO
-----END CERTIFICATE-----