Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/ynCWUyfbJnTUiKxeySGl7jLw7_A.roa
File:                     ynCWUyfbJnTUiKxeySGl7jLw7_A.roa (raw, json)
Hash identifier:          YVEdGzV6nStbfKY2Db/9ujcFGts1GAoDMMgGkOs/dNQ=
Subject key identifier:   CA:70:96:53:27:DB:26:74:D4:88:AC:5E:C9:21:A5:EE:32:F0:EF:F0
Certificate issuer:       /CN=e5bf3a72cad6f4b3dc305b4cbe31087051d983f6
Certificate serial:       018CCA287F5A0DFE728A350E128E4C9E0B4F
Authority key identifier: E5:BF:3A:72:CA:D6:F4:B3:DC:30:5B:4C:BE:31:08:70:51:D9:83:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5b86csrW9LPcMFtMvjEIcFHZg_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/ynCWUyfbJnTUiKxeySGl7jLw7_A.roa
Signing time:             Tue 02 Jan 2024 12:31:40 +0000
ROA not before:           Tue 02 Jan 2024 12:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61292
IP address blocks:        2a0e:1c80:1a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/5b86csrW9LPcMFtMvjEIcFHZg_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/5b86csrW9LPcMFtMvjEIcFHZg_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5b86csrW9LPcMFtMvjEIcFHZg_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:02:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:7f:5a:0d:fe:72:8a:35:0e:12:8e:4c:9e:0b:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5bf3a72cad6f4b3dc305b4cbe31087051d983f6
        Validity
            Not Before: Jan  2 12:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca70965327db2674d488ac5ec921a5ee32f0eff0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d5:4b:84:2f:c2:eb:eb:ce:49:24:bd:68:ab:
                    2a:3d:87:33:77:3a:76:a5:ef:14:ae:75:e3:fd:46:
                    fb:24:76:bb:6e:ce:07:c4:e2:0f:8f:f6:e8:75:56:
                    99:58:d9:bb:0c:dc:18:14:41:3e:57:34:63:ed:da:
                    9e:f6:4c:66:2b:e6:3b:ab:fc:20:0c:87:6c:18:f1:
                    45:d4:12:dc:75:70:62:9b:15:66:44:27:93:29:b4:
                    66:93:fd:ac:b4:8d:c4:aa:33:7e:20:d4:b7:79:b5:
                    76:6a:d9:b5:78:ac:5d:23:18:4f:b7:6b:86:42:42:
                    e6:df:00:97:ec:6a:3b:a6:cf:6c:d6:73:d0:e9:2f:
                    e5:d6:30:c0:af:5f:69:db:0b:0d:07:1d:e4:9e:88:
                    bd:c9:f8:9b:63:5f:74:6e:8f:9e:0c:53:eb:c1:a8:
                    10:61:79:c2:48:ec:73:61:11:e2:bd:d8:48:ba:a7:
                    5c:47:87:79:b6:d1:5f:45:7a:c2:9c:4a:24:56:2d:
                    00:b0:51:ff:a3:10:35:46:7a:39:00:64:1e:95:63:
                    db:12:f9:2c:4f:28:5c:70:f5:e0:fe:63:86:7e:15:
                    23:18:f3:43:ff:28:a8:20:67:6e:cc:57:82:ab:d9:
                    7e:ce:64:02:bd:52:e6:d2:ba:3f:33:87:34:88:e1:
                    cb:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:70:96:53:27:DB:26:74:D4:88:AC:5E:C9:21:A5:EE:32:F0:EF:F0
            X509v3 Authority Key Identifier:
                keyid:E5:BF:3A:72:CA:D6:F4:B3:DC:30:5B:4C:BE:31:08:70:51:D9:83:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b86csrW9LPcMFtMvjEIcFHZg_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/ynCWUyfbJnTUiKxeySGl7jLw7_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/5b86csrW9LPcMFtMvjEIcFHZg_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1c80:1a::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:19:13:ec:c6:13:38:23:0b:91:16:f7:6e:d4:0a:cc:3d:31:
         2c:dc:1c:89:44:91:5b:b1:fd:c1:08:fa:ac:7c:d4:45:5d:a9:
         10:89:05:21:54:0c:af:75:be:73:88:5b:5a:78:d5:34:68:41:
         e7:56:cf:cb:c1:60:8c:f7:e8:34:a4:2a:a2:3c:54:65:eb:30:
         a5:f7:de:54:e8:a1:81:a7:16:11:1d:7c:f9:3c:c3:50:75:27:
         3f:e1:2a:82:72:01:4c:94:53:1f:8d:48:f2:56:6f:6d:fd:52:
         ac:30:dc:04:67:69:a7:3a:3b:95:e0:9d:e9:e8:5b:8c:4d:bf:
         b9:74:db:52:d6:f6:12:35:8d:8d:47:07:95:ce:fe:c1:c0:df:
         52:f6:ac:89:1d:ea:c0:e7:32:30:35:bc:10:97:69:dc:3e:38:
         16:31:5c:56:f7:1d:ed:35:cd:b9:22:e4:60:c8:8c:d1:52:96:
         d8:1b:ed:df:59:6c:cd:31:74:04:38:b1:92:85:ff:a8:f1:8e:
         22:e4:60:cd:24:5e:01:fb:2f:6b:0a:3e:cf:3f:01:4c:cb:78:
         20:7e:bb:d5:ce:f4:9c:f9:f5:63:76:50:80:08:84:ec:33:e4:
         d5:2a:cf:9c:eb:89:43:27:34:73:8f:06:03:30:0b:53:a4:50:
         26:88:91:58
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKH9aDf5yijUOEo5MngtPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YmYzYTcyY2FkNmY0YjNkYzMwNWI0Y2JlMzEwODcwNTFk
OTgzZjYwHhcNMjQwMTAyMTIzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTcwOTY1MzI3ZGIyNjc0ZDQ4OGFjNWVjOTIxYTVlZTMyZjBlZmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNVLhC/C6+vOSSS9aKsqPYczdzp2
pe8UrnXj/Ub7JHa7bs4HxOIPj/bodVaZWNm7DNwYFEE+VzRj7dqe9kxmK+Y7q/wg
DIdsGPFF1BLcdXBimxVmRCeTKbRmk/2stI3EqjN+INS3ebV2atm1eKxdIxhPt2uG
QkLm3wCX7Go7ps9s1nPQ6S/l1jDAr19p2wsNBx3knoi9yfibY190bo+eDFPrwagQ
YXnCSOxzYRHivdhIuqdcR4d5ttFfRXrCnEokVi0AsFH/oxA1Rno5AGQelWPbEvks
TyhccPXg/mOGfhUjGPND/yioIGduzFeCq9l+zmQCvVLm0ro/M4c0iOHLqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMpwllMn2yZ01IisXskhpe4y8O/wMB8GA1UdIwQY
MBaAFOW/OnLK1vSz3DBbTL4xCHBR2YP2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWI4NmNzclc5TFBjTUZ0TXZqRUljRkhaZ19ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8yMzEzYjgtZGUwMi00MjI4LTkwMGEt
MDliZTlkYjExZjY2LzEveW5DV1V5ZmJKblRVaUt4ZXlTR2w3akx3N19BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8yMzEzYjgtZGUwMi00MjI4LTkwMGEtMDliZTlkYjExZjY2
LzEvNWI4NmNzclc5TFBjTUZ0TXZqRUljRkhaZ19ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg4cgAAa
MA0GCSqGSIb3DQEBCwUAA4IBAQBnGRPsxhM4IwuRFvdu1ArMPTEs3ByJRJFbsf3B
CPqsfNRFXakQiQUhVAyvdb5ziFtaeNU0aEHnVs/LwWCM9+g0pCqiPFRl6zCl995U
6KGBpxYRHXz5PMNQdSc/4SqCcgFMlFMfjUjyVm9t/VKsMNwEZ2mnOjuV4J3p6FuM
Tb+5dNtS1vYSNY2NRweVzv7BwN9S9qyJHerA5zIwNbwQl2ncPjgWMVxW9x3tNc25
IuRgyIzRUpbYG+3fWWzNMXQEOLGShf+o8Y4i5GDNJF4B+y9rCj7PPwFMy3ggfrvV
zvSc+fVjdlCACITsM+TVKs+c64lDJzRzjwYDMAtTpFAmiJFY
-----END CERTIFICATE-----