Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/YEIDM5VP6pDNSzhVyIBvi8lDeCI.roa
File:                     YEIDM5VP6pDNSzhVyIBvi8lDeCI.roa (raw, json)
Hash identifier:          VfO7RaDBQnJXW+DJDu274bJ0HgDUiIBNrxwmhRosZYY=
Subject key identifier:   60:42:03:33:95:4F:EA:90:CD:4B:38:55:C8:80:6F:8B:C9:43:78:22
Certificate issuer:       /CN=53f47a725c768d4de78fb31bb40fe16eba19f20d
Certificate serial:       018CC9BBF5E14B9B545431030EABC3AD4550
Authority key identifier: 53:F4:7A:72:5C:76:8D:4D:E7:8F:B3:1B:B4:0F:E1:6E:BA:19:F2:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U_R6clx2jU3nj7MbtA_hbroZ8g0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/YEIDM5VP6pDNSzhVyIBvi8lDeCI.roa
Signing time:             Tue 02 Jan 2024 10:33:07 +0000
ROA not before:           Tue 02 Jan 2024 10:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48605
IP address blocks:        2a06:8181::/32 maxlen: 32
                          2a06:8184::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/U_R6clx2jU3nj7MbtA_hbroZ8g0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/U_R6clx2jU3nj7MbtA_hbroZ8g0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U_R6clx2jU3nj7MbtA_hbroZ8g0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f5:e1:4b:9b:54:54:31:03:0e:ab:c3:ad:45:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53f47a725c768d4de78fb31bb40fe16eba19f20d
        Validity
            Not Before: Jan  2 10:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60420333954fea90cd4b3855c8806f8bc9437822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f2:3b:5e:ed:a7:05:3e:7f:8a:62:6d:18:d6:
                    f8:0e:03:0a:9a:9e:8b:9d:c1:76:9d:96:18:ac:9e:
                    23:c1:97:ec:d2:0c:42:8b:36:cc:39:87:48:5b:55:
                    0c:31:51:54:1f:4d:88:9b:fb:98:5e:62:40:52:7c:
                    ec:49:52:b2:fd:b6:ee:7d:d0:94:86:5d:c9:23:f3:
                    47:93:9f:85:10:63:dd:00:da:8f:d6:5a:83:75:f2:
                    19:95:b7:ad:91:20:81:52:cd:b9:ce:5f:e7:eb:71:
                    c2:fb:26:f1:a9:e6:c5:f4:46:ae:02:41:84:bb:71:
                    f7:21:ed:c5:c0:0d:70:8d:fe:69:0c:86:63:bb:ba:
                    44:60:a4:34:0f:a4:23:b7:46:12:ce:e5:8d:4d:f4:
                    0f:0c:7f:ec:cf:d4:3b:d7:ee:2c:38:ba:8b:b5:4f:
                    d3:86:e2:14:f9:12:9f:d5:f1:5f:b0:14:9b:fa:0f:
                    30:ca:1d:97:78:34:93:05:a2:29:86:ab:1f:db:7d:
                    56:4a:65:8e:06:95:ee:61:a7:f7:7d:4b:38:e0:d5:
                    12:f5:f2:97:a2:7c:59:15:05:a2:89:98:40:cb:53:
                    43:05:f1:08:39:94:83:5a:a5:f5:44:ba:cb:0e:6e:
                    cd:17:c9:da:ab:35:64:10:80:9a:51:e0:af:cc:e8:
                    0d:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:42:03:33:95:4F:EA:90:CD:4B:38:55:C8:80:6F:8B:C9:43:78:22
            X509v3 Authority Key Identifier:
                keyid:53:F4:7A:72:5C:76:8D:4D:E7:8F:B3:1B:B4:0F:E1:6E:BA:19:F2:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U_R6clx2jU3nj7MbtA_hbroZ8g0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/YEIDM5VP6pDNSzhVyIBvi8lDeCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/U_R6clx2jU3nj7MbtA_hbroZ8g0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:8181::/32
                  2a06:8184::/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:79:81:43:c0:87:fc:58:cd:02:da:51:48:55:26:37:e2:0d:
         3a:c4:61:ef:87:cb:65:5b:d7:88:4a:cb:e9:5b:5d:6e:02:fa:
         b2:a8:04:16:70:1a:bf:8f:ea:bd:b1:d6:97:e8:79:66:9d:79:
         de:40:0a:f4:64:c5:3e:b3:6e:17:68:ce:32:1b:80:6e:af:13:
         1e:22:a4:f6:df:50:f7:f7:0f:1d:eb:44:69:2a:c4:3a:bd:15:
         42:a5:22:f4:ce:eb:33:fd:6f:0c:86:08:9a:ba:84:de:05:1f:
         d9:35:d8:46:3e:d3:6f:85:08:c3:79:c3:23:62:90:09:47:f2:
         fd:13:eb:f6:ef:2f:f7:45:f1:17:11:b7:57:3b:4e:e2:65:92:
         e4:59:02:98:68:bb:cc:0e:75:40:67:1a:5b:2f:47:a7:4b:f5:
         bf:e9:a7:c4:32:23:a3:63:f5:d0:10:de:f5:84:8f:c6:33:3d:
         b0:b9:12:4c:5f:e7:e0:5a:bc:46:ff:0a:39:4e:3b:9f:7a:4e:
         73:63:77:ea:a0:47:91:27:ff:09:03:cb:53:c0:69:87:fd:bc:
         0b:13:7a:2c:ce:a2:fa:4c:74:85:1e:37:66:d0:24:f0:33:9a:
         0f:9a:a6:62:54:12:42:44:dd:e2:bb:70:f8:aa:58:b1:0d:65:
         d5:69:fa:2e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJu/XhS5tUVDEDDqvDrUVQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZjQ3YTcyNWM3NjhkNGRlNzhmYjMxYmI0MGZlMTZlYmEx
OWYyMGQwHhcNMjQwMTAyMTAzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDQyMDMzMzk1NGZlYTkwY2Q0YjM4NTVjODgwNmY4YmM5NDM3ODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/I7Xu2nBT5/imJtGNb4DgMKmp6L
ncF2nZYYrJ4jwZfs0gxCizbMOYdIW1UMMVFUH02Im/uYXmJAUnzsSVKy/bbufdCU
hl3JI/NHk5+FEGPdANqP1lqDdfIZlbetkSCBUs25zl/n63HC+ybxqebF9EauAkGE
u3H3Ie3FwA1wjf5pDIZju7pEYKQ0D6Qjt0YSzuWNTfQPDH/sz9Q71+4sOLqLtU/T
huIU+RKf1fFfsBSb+g8wyh2XeDSTBaIphqsf231WSmWOBpXuYaf3fUs44NUS9fKX
onxZFQWiiZhAy1NDBfEIOZSDWqX1RLrLDm7NF8naqzVkEICaUeCvzOgNtwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGBCAzOVT+qQzUs4VciAb4vJQ3giMB8GA1UdIwQY
MBaAFFP0enJcdo1N54+zG7QP4W66GfINMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVV9SNmNseDJqVTNuajdNYnRBX2hicm9aOGcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82NDAxZjMtNmRmMC00MDM4LWIwYmMt
NTc0NzEzODQ1ZGJjLzEvWUVJRE01VlA2cEROU3poVnlJQnZpOGxEZUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82NDAxZjMtNmRmMC00MDM4LWIwYmMtNTc0NzEzODQ1ZGJj
LzEvVV9SNmNseDJqVTNuajdNYnRBX2hicm9aOGcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgaBgQMF
ACoGgYQwDQYJKoZIhvcNAQELBQADggEBAI95gUPAh/xYzQLaUUhVJjfiDTrEYe+H
y2Vb14hKy+lbXW4C+rKoBBZwGr+P6r2x1pfoeWaded5ACvRkxT6zbhdozjIbgG6v
Ex4ipPbfUPf3Dx3rRGkqxDq9FUKlIvTO6zP9bwyGCJq6hN4FH9k12EY+02+FCMN5
wyNikAlH8v0T6/bvL/dF8RcRt1c7TuJlkuRZAphou8wOdUBnGlsvR6dL9b/pp8Qy
I6Nj9dAQ3vWEj8YzPbC5Ekxf5+BavEb/CjlOO596TnNjd+qgR5En/wkDy1PAaYf9
vAsTeizOovpMdIUeN2bQJPAzmg+apmJUEkJE3eK7cPiqWLENZdVp+i4=
-----END CERTIFICATE-----