Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/cd92cd-7fe3-4223-8350-3c773a6c42f9/1/Y5OnFI_ASQKiP8sn2vjF01n0hgM.roa
File:                     Y5OnFI_ASQKiP8sn2vjF01n0hgM.roa (raw, json)
Hash identifier:          Ao+XfFad/9xTmSoUChE6wSBDnLonlbalr70VLSu3tEE=
Subject key identifier:   63:93:A7:14:8F:C0:49:02:A2:3F:CB:27:DA:F8:C5:D3:59:F4:86:03
Certificate issuer:       /CN=a98e5943c355d48c004e6bf4a3b6cdb8c30adc4c
Certificate serial:       018CC64B3A3B37B6B321CDEACA20EF38F5EA
Authority key identifier: A9:8E:59:43:C3:55:D4:8C:00:4E:6B:F4:A3:B6:CD:B8:C3:0A:DC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qY5ZQ8NV1IwATmv0o7bNuMMK3Ew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/cd92cd-7fe3-4223-8350-3c773a6c42f9/1/Y5OnFI_ASQKiP8sn2vjF01n0hgM.roa
Signing time:             Mon 01 Jan 2024 18:31:08 +0000
ROA not before:           Mon 01 Jan 2024 18:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1267
IP address blocks:        2a02:b000::/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/cd92cd-7fe3-4223-8350-3c773a6c42f9/1/qY5ZQ8NV1IwATmv0o7bNuMMK3Ew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/cd92cd-7fe3-4223-8350-3c773a6c42f9/1/qY5ZQ8NV1IwATmv0o7bNuMMK3Ew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qY5ZQ8NV1IwATmv0o7bNuMMK3Ew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3a:3b:37:b6:b3:21:cd:ea:ca:20:ef:38:f5:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a98e5943c355d48c004e6bf4a3b6cdb8c30adc4c
        Validity
            Not Before: Jan  1 18:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6393a7148fc04902a23fcb27daf8c5d359f48603
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:44:3b:c0:8a:9f:57:ff:26:6d:6b:9b:fc:ef:
                    39:a3:b1:ce:1b:e4:2f:89:40:1e:a2:81:83:46:74:
                    9f:de:5c:94:40:bc:2c:10:0f:e2:b0:cc:2a:77:bf:
                    0d:73:f4:f8:34:5e:fe:fc:b2:5e:36:6c:d8:27:76:
                    ec:61:9b:41:ad:7c:0f:ad:dd:e1:ea:3d:01:0c:20:
                    87:77:c6:ef:10:e7:b3:c2:24:3f:4b:0b:35:42:ec:
                    05:a6:88:a2:67:e0:6b:bf:8a:e5:8e:a3:6a:e1:bf:
                    57:ac:69:e1:1c:81:c9:5c:d6:d0:5a:21:4c:b9:96:
                    02:b4:e6:54:ad:a7:98:dd:88:e5:48:d0:0a:1b:62:
                    67:d4:1d:a9:a4:07:b8:4a:b5:59:60:7b:b6:e4:24:
                    a9:e0:7b:dc:7c:f6:80:5a:ef:5e:25:4b:ce:c5:59:
                    91:3f:18:87:91:2d:9e:2b:77:f9:1b:02:a9:2e:53:
                    84:82:2c:8a:b6:bd:8b:e0:66:c9:9a:cb:99:bc:5d:
                    34:69:df:d1:07:1c:67:f7:21:a7:8d:10:bf:17:9b:
                    06:76:9a:aa:6f:e6:81:f9:de:29:c8:a5:04:37:9a:
                    18:41:ab:f1:38:6c:a1:d5:ff:7b:b1:6b:61:ad:28:
                    64:2f:32:c4:7e:01:7d:4c:09:d6:e5:01:df:f4:e6:
                    32:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:93:A7:14:8F:C0:49:02:A2:3F:CB:27:DA:F8:C5:D3:59:F4:86:03
            X509v3 Authority Key Identifier:
                keyid:A9:8E:59:43:C3:55:D4:8C:00:4E:6B:F4:A3:B6:CD:B8:C3:0A:DC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qY5ZQ8NV1IwATmv0o7bNuMMK3Ew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd92cd-7fe3-4223-8350-3c773a6c42f9/1/Y5OnFI_ASQKiP8sn2vjF01n0hgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd92cd-7fe3-4223-8350-3c773a6c42f9/1/qY5ZQ8NV1IwATmv0o7bNuMMK3Ew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:b000::/23

    Signature Algorithm: sha256WithRSAEncryption
         54:5f:d3:9f:25:c8:6e:0a:51:42:f6:d9:69:99:97:81:b1:10:
         d3:fd:b4:37:b2:04:f7:40:69:b6:9f:a6:3e:35:8e:02:c2:ce:
         f6:bb:69:d3:f6:22:33:78:e3:f4:24:10:fa:6f:26:4c:7d:b3:
         11:b6:1a:10:c2:5b:20:2b:15:e3:e1:a4:9e:f0:f1:f2:5f:8e:
         16:33:68:d7:7b:38:e1:53:aa:09:2f:dc:cc:8e:d2:30:3f:6d:
         c1:6c:48:0a:f4:ba:ea:2f:c1:08:88:9f:4d:79:4b:f0:c5:79:
         d8:6e:df:95:87:c7:27:99:b0:36:36:1b:06:02:34:27:d0:3b:
         a6:98:ab:c8:a9:a3:9f:45:07:a0:c5:dd:fb:eb:d0:ae:c6:7d:
         18:41:c9:f1:b6:74:98:01:8d:5a:9c:95:f7:a0:6e:71:cc:3d:
         c4:04:82:10:50:fd:ff:c2:66:dd:07:94:b0:83:5d:0c:dc:80:
         88:78:5a:c9:0d:12:26:01:07:08:8e:46:06:d1:a8:2c:a5:4f:
         c6:33:d5:4f:96:8e:48:45:2a:0e:15:03:4b:7e:8c:c5:86:2c:
         bd:80:9f:2b:9e:78:1d:d9:01:30:30:21:81:ad:0d:19:11:e3:
         73:f4:38:8e:6d:ce:7c:21:8c:b5:cf:41:41:99:27:19:c4:4e:
         97:3c:47:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSzo7N7azIc3qyiDvOPXqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5OGU1OTQzYzM1NWQ0OGMwMDRlNmJmNGEzYjZjZGI4YzMw
YWRjNGMwHhcNMjQwMTAxMTgzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzkzYTcxNDhmYzA0OTAyYTIzZmNiMjdkYWY4YzVkMzU5ZjQ4NjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEQ7wIqfV/8mbWub/O85o7HOG+Qv
iUAeooGDRnSf3lyUQLwsEA/isMwqd78Nc/T4NF7+/LJeNmzYJ3bsYZtBrXwPrd3h
6j0BDCCHd8bvEOezwiQ/Sws1QuwFpoiiZ+Brv4rljqNq4b9XrGnhHIHJXNbQWiFM
uZYCtOZUraeY3YjlSNAKG2Jn1B2ppAe4SrVZYHu25CSp4HvcfPaAWu9eJUvOxVmR
PxiHkS2eK3f5GwKpLlOEgiyKtr2L4GbJmsuZvF00ad/RBxxn9yGnjRC/F5sGdpqq
b+aB+d4pyKUEN5oYQavxOGyh1f97sWthrShkLzLEfgF9TAnW5QHf9OYyZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGOTpxSPwEkCoj/LJ9r4xdNZ9IYDMB8GA1UdIwQY
MBaAFKmOWUPDVdSMAE5r9KO2zbjDCtxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVk1WlE4TlYxSXdBVG12MG83Yk51TU1LM0V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9jZDkyY2QtN2ZlMy00MjIzLTgzNTAt
M2M3NzNhNmM0MmY5LzEvWTVPbkZJX0FTUUtpUDhzbjJ2akYwMW4waGdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9jZDkyY2QtN2ZlMy00MjIzLTgzNTAtM2M3NzNhNmM0MmY5
LzEvcVk1WlE4TlYxSXdBVG12MG83Yk51TU1LM0V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAAjAGAwQBKgKwMA0G
CSqGSIb3DQEBCwUAA4IBAQBUX9OfJchuClFC9tlpmZeBsRDT/bQ3sgT3QGm2n6Y+
NY4Cws72u2nT9iIzeOP0JBD6byZMfbMRthoQwlsgKxXj4aSe8PHyX44WM2jXezjh
U6oJL9zMjtIwP23BbEgK9LrqL8EIiJ9NeUvwxXnYbt+Vh8cnmbA2NhsGAjQn0Dum
mKvIqaOfRQegxd3769Cuxn0YQcnxtnSYAY1anJX3oG5xzD3EBIIQUP3/wmbdB5Sw
g10M3ICIeFrJDRImAQcIjkYG0agspU/GM9VPlo5IRSoOFQNLfozFhiy9gJ8rnngd
2QEwMCGBrQ0ZEeNz9DiObc58IYy1z0FBmScZxE6XPEdN
-----END CERTIFICATE-----