Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/CHaYv23nBDvhgPnkAaJIG6qKyEc.roa
File:                     CHaYv23nBDvhgPnkAaJIG6qKyEc.roa (raw, json)
Hash identifier:          PNChr98DacA+XSZQuclbW9wntjSDwWQ8owujTN7ptJ8=
Subject key identifier:   08:76:98:BF:6D:E7:04:3B:E1:80:F9:E4:01:A2:48:1B:AA:8A:C8:47
Certificate issuer:       /CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
Certificate serial:       0190279722B5C3D62D4F597468B067B30697
Authority key identifier: 32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/CHaYv23nBDvhgPnkAaJIG6qKyEc.roa
Signing time:             Mon 17 Jun 2024 19:05:34 +0000
ROA not before:           Mon 17 Jun 2024 19:05:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203125
IP address blocks:        2a05:4741:9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:27:97:22:b5:c3:d6:2d:4f:59:74:68:b0:67:b3:06:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
        Validity
            Not Before: Jun 17 19:05:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=087698bf6de7043be180f9e401a2481baa8ac847
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4c:eb:a9:f0:1e:c4:33:f7:8b:6d:38:79:ac:
                    97:78:24:64:93:4c:85:27:e8:2a:44:0b:34:48:e6:
                    93:8c:2c:1d:65:c1:ee:6b:46:0a:9f:a1:78:e2:d1:
                    11:81:55:0b:f3:d7:fc:e8:fd:bc:10:98:3f:66:2a:
                    b8:84:51:d8:5a:9e:0f:47:83:9c:34:97:2c:69:2e:
                    3e:99:7b:eb:3a:6d:f7:4b:f6:3d:c6:00:2b:c0:7c:
                    33:78:35:68:1d:a2:ea:1f:92:b6:fd:80:8a:ac:4e:
                    05:1b:ce:12:ba:96:b5:c7:9b:c8:56:44:2c:e8:ed:
                    30:3c:a9:b4:aa:f7:89:cf:f9:9d:c9:e7:96:08:d0:
                    d9:7d:f3:9f:f5:a9:5c:8d:67:73:89:d6:3e:66:bb:
                    19:93:9e:91:70:84:6e:cd:0b:4e:36:dd:47:30:de:
                    22:44:d4:78:fc:c4:f4:ef:52:50:34:7c:76:ff:8c:
                    f5:3f:39:b2:e7:2c:4e:62:db:34:88:7d:1d:cd:97:
                    3f:93:41:df:2c:80:93:a7:46:d1:b2:b6:d2:0b:bd:
                    81:80:dc:24:e7:86:67:53:a1:e5:58:fa:3b:38:7d:
                    8f:ec:75:98:33:b1:ee:d7:a6:96:65:10:7a:f8:84:
                    b0:de:84:07:5c:ce:f2:7d:31:e7:6b:26:ce:da:f4:
                    f4:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:76:98:BF:6D:E7:04:3B:E1:80:F9:E4:01:A2:48:1B:AA:8A:C8:47
            X509v3 Authority Key Identifier:
                keyid:32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/CHaYv23nBDvhgPnkAaJIG6qKyEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4741:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:c0:0d:cd:6a:3d:bf:92:6a:be:2c:61:61:7a:f0:04:1d:55:
         bd:1a:80:74:6b:f4:ed:d0:66:b0:d5:51:3b:84:28:b6:08:dc:
         f3:db:96:3b:d3:61:34:8f:3e:81:f0:49:eb:45:de:11:3c:77:
         30:27:b4:d1:2b:77:c9:89:1e:3c:a9:6d:b7:0c:e4:0a:de:a5:
         ae:a6:a6:fd:0e:22:dc:e0:ef:56:a1:17:c0:60:e9:87:1d:eb:
         f5:7e:6d:4a:e6:5c:5a:ba:fe:5a:7e:db:ea:a2:d7:6c:83:31:
         6e:bd:1f:ee:8c:5d:6c:c3:c9:93:95:21:4a:cb:fc:ff:19:33:
         c9:d3:c7:9f:1f:ec:04:31:6c:71:c4:76:7d:ff:eb:df:1c:f1:
         d0:2d:ce:0f:f9:41:20:92:c9:ec:c8:f7:74:cd:03:b8:8f:89:
         b1:f4:18:74:1b:13:e6:75:4f:40:e8:0d:ad:70:21:f1:02:d8:
         f1:cd:2f:42:7d:35:5e:c0:72:6e:c4:53:72:ab:30:38:c3:f4:
         99:bc:23:1a:93:67:81:75:22:47:65:0b:9b:5b:de:13:39:d6:
         7c:86:a3:c3:7d:d6:80:93:a8:bd:00:0e:8c:fb:28:02:36:cf:
         f6:00:c8:dc:3b:c4:56:d4:57:09:c4:09:5a:8b:54:4d:ad:03:
         5f:60:35:c1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAnlyK1w9YtT1l0aLBnswaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDc0YWM3Y2E4NWUwOWMyZDQ4YjMzZTdiZjY2ZjhlZDc2
NGRlMGYwHhcNMjQwNjE3MTkwNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODc2OThiZjZkZTcwNDNiZTE4MGY5ZTQwMWEyNDgxYmFhOGFjODQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUzrqfAexDP3i204eayXeCRkk0yF
J+gqRAs0SOaTjCwdZcHua0YKn6F44tERgVUL89f86P28EJg/Ziq4hFHYWp4PR4Oc
NJcsaS4+mXvrOm33S/Y9xgArwHwzeDVoHaLqH5K2/YCKrE4FG84Supa1x5vIVkQs
6O0wPKm0qveJz/mdyeeWCNDZffOf9alcjWdzidY+ZrsZk56RcIRuzQtONt1HMN4i
RNR4/MT071JQNHx2/4z1Pzmy5yxOYts0iH0dzZc/k0HfLICTp0bRsrbSC72BgNwk
54ZnU6HlWPo7OH2P7HWYM7Hu16aWZRB6+ISw3oQHXM7yfTHnaybO2vT0FQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAh2mL9t5wQ74YD55AGiSBuqishHMB8GA1UdIwQY
MBaAFDJHSsfKheCcLUizPnv2b47XZN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzkt
MTJlYzIyYzljNWEyLzEvQ0hhWXYyM25CRHZoZ1Bua0FhSklHNnFLeUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzktMTJlYzIyYzljNWEy
LzEvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgVHQQAJ
MA0GCSqGSIb3DQEBCwUAA4IBAQCVwA3Naj2/kmq+LGFhevAEHVW9GoB0a/Tt0Gaw
1VE7hCi2CNzz25Y702E0jz6B8EnrRd4RPHcwJ7TRK3fJiR48qW23DOQK3qWupqb9
DiLc4O9WoRfAYOmHHev1fm1K5lxauv5aftvqotdsgzFuvR/ujF1sw8mTlSFKy/z/
GTPJ08efH+wEMWxxxHZ9/+vfHPHQLc4P+UEgksnsyPd0zQO4j4mx9Bh0GxPmdU9A
6A2tcCHxAtjxzS9CfTVewHJuxFNyqzA4w/SZvCMak2eBdSJHZQubW94TOdZ8hqPD
fdaAk6i9AA6M+ygCNs/2AMjcO8RW1FcJxAlai1RNrQNfYDXB
-----END CERTIFICATE-----