Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/YCCfjdnd8AjLqnPb2kV2y7gIDWU.roa
File:                     YCCfjdnd8AjLqnPb2kV2y7gIDWU.roa (raw, json)
Hash identifier:          Z26l2+kFVwn91Y8Aqf3q6p5U8uxAomBbJmI6IRMTong=
Subject key identifier:   60:20:9F:8D:D9:DD:F0:08:CB:AA:73:DB:DA:45:76:CB:B8:08:0D:65
Certificate issuer:       /CN=6b3a735d09aaa7970def12c4ac60e827fdb3f825
Certificate serial:       018F9AED28B05C05D0EAAD268851A90DB255
Authority key identifier: 6B:3A:73:5D:09:AA:A7:97:0D:EF:12:C4:AC:60:E8:27:FD:B3:F8:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/YCCfjdnd8AjLqnPb2kV2y7gIDWU.roa
Signing time:             Tue 21 May 2024 11:33:04 +0000
ROA not before:           Tue 21 May 2024 11:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32931
IP address blocks:        2a0b:2280::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9a:ed:28:b0:5c:05:d0:ea:ad:26:88:51:a9:0d:b2:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b3a735d09aaa7970def12c4ac60e827fdb3f825
        Validity
            Not Before: May 21 11:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60209f8dd9ddf008cbaa73dbda4576cbb8080d65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ed:76:13:c7:4a:7f:6c:9b:6e:6b:13:91:77:
                    e4:91:39:24:1c:d6:75:50:a8:60:cc:f8:7d:97:71:
                    63:de:4e:9e:51:7c:2b:1d:32:24:f4:87:49:a7:2c:
                    6c:7f:1e:42:98:c4:69:09:16:bd:dc:75:9d:b1:00:
                    40:bc:df:ad:ba:f5:21:21:5c:9b:d4:51:56:93:0a:
                    d6:ee:4b:7f:8f:21:5a:5f:53:c0:cf:b5:22:de:ae:
                    8b:28:7d:91:25:ce:f9:ea:c5:46:72:2c:f9:e4:e9:
                    41:04:df:07:ed:12:c0:85:a7:b9:d4:06:39:c1:c6:
                    98:f4:83:70:3e:1c:1c:c3:69:be:57:ed:56:65:21:
                    27:40:28:c1:50:84:b8:fa:ed:b4:d7:50:16:a1:1b:
                    c3:6c:92:3b:c6:4d:a0:df:e9:24:47:28:6e:0b:c0:
                    7a:8c:23:89:8a:ca:d7:80:03:36:4f:85:9b:30:07:
                    0c:91:7b:c4:c9:d4:df:ce:e3:7a:53:af:69:02:ac:
                    dc:66:10:51:6d:e9:3d:db:0e:52:bb:63:ad:a5:12:
                    49:49:a9:ee:fc:19:b9:dc:1f:e3:f3:52:4b:f3:63:
                    ea:43:a2:38:f1:ef:67:ab:ab:16:a0:f7:24:5c:f5:
                    ef:82:1d:3e:7c:d3:6b:c0:c2:51:ba:33:c9:52:b9:
                    4a:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:20:9F:8D:D9:DD:F0:08:CB:AA:73:DB:DA:45:76:CB:B8:08:0D:65
            X509v3 Authority Key Identifier:
                keyid:6B:3A:73:5D:09:AA:A7:97:0D:EF:12:C4:AC:60:E8:27:FD:B3:F8:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/YCCfjdnd8AjLqnPb2kV2y7gIDWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2280::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:e1:2d:5d:d1:6f:40:3d:1e:ae:95:7e:d1:97:f0:d2:5b:c0:
         d3:e3:28:20:bd:d6:44:4b:e2:06:1f:d1:a2:cf:04:1d:8c:e9:
         e6:89:e2:c7:9b:cb:b8:8b:0a:8a:bb:55:f9:df:72:97:42:2f:
         ea:5b:1a:0c:eb:04:75:aa:68:18:3f:94:d6:bc:ef:a7:3b:4e:
         bb:77:85:af:a5:e6:d6:b2:cf:4e:cc:d9:69:40:ca:9a:a1:5c:
         4d:9a:05:54:31:0e:bf:4b:4c:ef:03:01:88:bc:c1:6a:48:b2:
         19:a7:e4:78:4c:ad:c6:41:da:50:e9:4b:8f:91:41:5e:d3:31:
         5d:ba:d3:15:10:ae:56:b1:60:d8:99:1d:31:0a:df:54:ed:4d:
         3f:04:45:09:c5:73:ba:47:0a:a3:78:54:ff:d6:4f:20:a2:ad:
         02:d3:f4:df:9b:c6:8b:0b:2f:c4:0b:85:7b:65:dd:2e:dd:87:
         79:a6:b6:4f:a0:47:a3:c8:04:ef:d5:60:bd:6a:62:bc:9d:29:
         4b:f3:1b:2d:bd:85:f0:69:a8:f7:aa:0b:9e:0e:09:57:d9:45:
         09:2f:5e:a3:4a:0d:a0:cd:4f:45:d7:8f:5b:43:5d:a7:58:b7:
         af:0c:c1:89:3e:04:3d:9b:a5:68:3a:ea:3b:79:c7:0e:b0:34:
         1c:85:4b:66
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY+a7SiwXAXQ6q0miFGpDbJVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiM2E3MzVkMDlhYWE3OTcwZGVmMTJjNGFjNjBlODI3ZmRi
M2Y4MjUwHhcNMjQwNTIxMTEzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDIwOWY4ZGQ5ZGRmMDA4Y2JhYTczZGJkYTQ1NzZjYmI4MDgwZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmO12E8dKf2ybbmsTkXfkkTkkHNZ1
UKhgzPh9l3Fj3k6eUXwrHTIk9IdJpyxsfx5CmMRpCRa93HWdsQBAvN+tuvUhIVyb
1FFWkwrW7kt/jyFaX1PAz7Ui3q6LKH2RJc756sVGciz55OlBBN8H7RLAhae51AY5
wcaY9INwPhwcw2m+V+1WZSEnQCjBUIS4+u2011AWoRvDbJI7xk2g3+kkRyhuC8B6
jCOJisrXgAM2T4WbMAcMkXvEydTfzuN6U69pAqzcZhBRbek92w5Su2OtpRJJSanu
/Bm53B/j81JL82PqQ6I48e9nq6sWoPckXPXvgh0+fNNrwMJRujPJUrlKnwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGAgn43Z3fAIy6pz29pFdsu4CA1lMB8GA1UdIwQY
MBaAFGs6c10JqqeXDe8SxKxg6Cf9s/glMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXpwelhRbXFwNWNON3hMRXJHRG9KXzJ6LUNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jYzcyNDctNmYwYy00Yjc0LTg2OTAt
MDUxMDc2NzQ0YTY1LzEvWUNDZmpkbmQ4QWpMcW5QYjJrVjJ5N2dJRFdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jYzcyNDctNmYwYy00Yjc0LTg2OTAtMDUxMDc2NzQ0YTY1
LzEvYXpwelhRbXFwNWNON3hMRXJHRG9KXzJ6LUNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgsigDAN
BgkqhkiG9w0BAQsFAAOCAQEAKOEtXdFvQD0erpV+0Zfw0lvA0+MoIL3WREviBh/R
os8EHYzp5onix5vLuIsKirtV+d9yl0Iv6lsaDOsEdapoGD+U1rzvpztOu3eFr6Xm
1rLPTszZaUDKmqFcTZoFVDEOv0tM7wMBiLzBakiyGafkeEytxkHaUOlLj5FBXtMx
XbrTFRCuVrFg2JkdMQrfVO1NPwRFCcVzukcKo3hU/9ZPIKKtAtP035vGiwsvxAuF
e2XdLt2Heaa2T6BHo8gE79VgvWpivJ0pS/MbLb2F8Gmo96oLng4JV9lFCS9eo0oN
oM1PRdePW0Ndp1i3rwzBiT4EPZulaDrqO3nHDrA0HIVLZg==
-----END CERTIFICATE-----