Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9d3de4-76a5-4941-b626-e954e16ab27d/1/YG8gGKvgybLhSUzMA-4JIOw0crA.roa
File:                     YG8gGKvgybLhSUzMA-4JIOw0crA.roa (raw, json)
Hash identifier:          yqXlr4Nq996/MSta3ADMhCNmvq03TzCrDeMZHoPsRWw=
Subject key identifier:   60:6F:20:18:AB:E0:C9:B2:E1:49:4C:CC:03:EE:09:20:EC:34:72:B0
Certificate issuer:       /CN=0d6bb59e97bf3b1efc3569df956c45e472849861
Certificate serial:       018CC4930AAFEC89ED760A25FF7025D863AC
Authority key identifier: 0D:6B:B5:9E:97:BF:3B:1E:FC:35:69:DF:95:6C:45:E4:72:84:98:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DWu1npe_Ox78NWnflWxF5HKEmGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9d3de4-76a5-4941-b626-e954e16ab27d/1/YG8gGKvgybLhSUzMA-4JIOw0crA.roa
Signing time:             Mon 01 Jan 2024 10:30:20 +0000
ROA not before:           Mon 01 Jan 2024 10:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40999
IP address blocks:        178.16.48.0/21 maxlen: 21
                          2a04:2101::/32 maxlen: 32
                          2a04:2100::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9d3de4-76a5-4941-b626-e954e16ab27d/1/DWu1npe_Ox78NWnflWxF5HKEmGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9d3de4-76a5-4941-b626-e954e16ab27d/1/DWu1npe_Ox78NWnflWxF5HKEmGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DWu1npe_Ox78NWnflWxF5HKEmGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:0a:af:ec:89:ed:76:0a:25:ff:70:25:d8:63:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d6bb59e97bf3b1efc3569df956c45e472849861
        Validity
            Not Before: Jan  1 10:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=606f2018abe0c9b2e1494ccc03ee0920ec3472b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:4c:6e:30:5c:4d:d3:06:94:9b:ce:f0:ab:91:
                    74:49:e7:bc:cf:97:a4:5b:25:17:1a:70:55:81:54:
                    3d:76:af:33:67:4c:2a:de:72:00:0e:c1:8a:87:a9:
                    e4:ca:4e:a3:70:54:41:ec:7b:40:d6:8d:82:a5:03:
                    47:bc:c7:ed:79:25:0c:16:f9:cd:1a:c4:06:a9:8c:
                    c6:ef:84:d7:b7:b7:88:42:cd:70:cd:83:e0:af:79:
                    28:0e:53:26:94:b3:55:39:ad:e4:3f:e8:7c:67:17:
                    26:11:c5:e4:8f:36:0a:cb:97:a0:0e:84:c7:ea:96:
                    f7:7f:c0:0e:80:fe:76:da:ce:6c:69:e0:cb:fd:c6:
                    dd:f0:3f:49:10:fd:24:ae:f8:72:06:44:b5:1a:4a:
                    16:ca:26:f3:27:bc:09:4a:c8:6e:d9:21:12:89:14:
                    38:ca:3b:4b:d2:25:8c:eb:da:53:d6:dd:aa:e5:65:
                    f2:4f:77:42:e5:44:ad:be:1e:db:86:d8:c1:a2:93:
                    c8:b9:29:70:66:19:8c:38:5d:56:3e:3a:7a:23:53:
                    fc:b6:d5:54:1d:43:cc:b1:93:20:b5:70:49:72:36:
                    74:4b:a0:d0:a0:99:07:92:a5:73:53:e0:96:65:e8:
                    2b:ae:da:fc:39:7f:7c:30:b5:af:2a:55:96:0b:9c:
                    44:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:6F:20:18:AB:E0:C9:B2:E1:49:4C:CC:03:EE:09:20:EC:34:72:B0
            X509v3 Authority Key Identifier:
                keyid:0D:6B:B5:9E:97:BF:3B:1E:FC:35:69:DF:95:6C:45:E4:72:84:98:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DWu1npe_Ox78NWnflWxF5HKEmGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9d3de4-76a5-4941-b626-e954e16ab27d/1/YG8gGKvgybLhSUzMA-4JIOw0crA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9d3de4-76a5-4941-b626-e954e16ab27d/1/DWu1npe_Ox78NWnflWxF5HKEmGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.16.48.0/21
                IPv6:
                  2a04:2100::/31

    Signature Algorithm: sha256WithRSAEncryption
         59:d7:4b:96:ba:13:12:8f:20:23:8b:50:11:fd:59:b4:83:7c:
         fa:aa:59:ab:49:82:65:f9:c8:84:60:96:21:1b:1f:17:66:2b:
         43:80:69:de:8d:9c:08:22:03:a1:d3:a1:4b:20:f3:d2:5d:49:
         61:b3:76:bd:3a:60:ad:a3:42:4c:5d:bd:25:15:0f:77:3f:52:
         af:f7:fa:70:c8:df:82:72:5d:6d:63:a1:08:66:a2:59:1f:c9:
         75:1a:cb:ac:e9:69:e0:39:87:dc:e2:34:bc:85:36:94:d7:8a:
         b8:36:ba:b8:47:77:ff:8c:85:b1:4b:0c:ad:c2:fc:b0:48:63:
         67:ab:cb:fd:6b:e8:ba:c0:e8:a8:12:f4:7b:b2:8b:bf:27:40:
         13:83:49:8c:2d:23:06:fd:41:9c:96:f0:a2:a1:df:da:30:ad:
         b4:63:3b:a1:52:e6:d9:38:3b:58:c8:89:62:20:cc:42:28:81:
         c5:be:56:32:cf:86:66:e6:e8:44:ea:b8:fc:71:34:f1:b1:6a:
         0c:07:3c:3e:10:37:76:27:03:70:72:53:e2:b7:eb:96:3a:70:
         94:65:33:ab:53:06:42:b0:be:80:04:b8:bf:4d:c3:8c:15:16:
         56:58:1a:4d:60:23:5a:0b:16:88:ab:24:f5:5e:1a:14:68:d2:
         36:07:e6:9f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkwqv7Intdgol/3Al2GOsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNmJiNTllOTdiZjNiMWVmYzM1NjlkZjk1NmM0NWU0NzI4
NDk4NjEwHhcNMjQwMTAxMTAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDZmMjAxOGFiZTBjOWIyZTE0OTRjY2MwM2VlMDkyMGVjMzQ3MmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkxuMFxN0waUm87wq5F0See8z5ek
WyUXGnBVgVQ9dq8zZ0wq3nIADsGKh6nkyk6jcFRB7HtA1o2CpQNHvMfteSUMFvnN
GsQGqYzG74TXt7eIQs1wzYPgr3koDlMmlLNVOa3kP+h8ZxcmEcXkjzYKy5egDoTH
6pb3f8AOgP522s5saeDL/cbd8D9JEP0krvhyBkS1GkoWyibzJ7wJSshu2SESiRQ4
yjtL0iWM69pT1t2q5WXyT3dC5UStvh7bhtjBopPIuSlwZhmMOF1WPjp6I1P8ttVU
HUPMsZMgtXBJcjZ0S6DQoJkHkqVzU+CWZegrrtr8OX98MLWvKlWWC5xEGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGBvIBir4Mmy4UlMzAPuCSDsNHKwMB8GA1UdIwQY
MBaAFA1rtZ6Xvzse/DVp35VsReRyhJhhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFd1MW5wZV9PeDc4TlduZmxXeEY1SEtFbUdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZDNkZTQtNzZhNS00OTQxLWI2MjYt
ZTk1NGUxNmFiMjdkLzEvWUc4Z0dLdmd5YkxoU1V6TUEtNEpJT3cwY3JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZDNkZTQtNzZhNS00OTQxLWI2MjYtZTk1NGUxNmFiMjdk
LzEvRFd1MW5wZV9PeDc4TlduZmxXeEY1SEtFbUdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDshAwMA0E
AgACMAcDBQEqBCEAMA0GCSqGSIb3DQEBCwUAA4IBAQBZ10uWuhMSjyAji1AR/Vm0
g3z6qlmrSYJl+ciEYJYhGx8XZitDgGnejZwIIgOh06FLIPPSXUlhs3a9OmCto0JM
Xb0lFQ93P1Kv9/pwyN+Ccl1tY6EIZqJZH8l1Gsus6WngOYfc4jS8hTaU14q4Nrq4
R3f/jIWxSwytwvywSGNnq8v9a+i6wOioEvR7sou/J0ATg0mMLSMG/UGclvCiod/a
MK20YzuhUubZODtYyIliIMxCKIHFvlYyz4Zm5uhE6rj8cTTxsWoMBzw+EDd2JwNw
clPit+uWOnCUZTOrUwZCsL6ABLi/TcOMFRZWWBpNYCNaCxaIqyT1XhoUaNI2B+af
-----END CERTIFICATE-----