Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/yLmp5WFUuTSPNhWT1LNz_CvyiGw.roa
File:                     yLmp5WFUuTSPNhWT1LNz_CvyiGw.roa (raw, json)
Hash identifier:          McFiOGWooyubJle/x63m+Pwt4AOJQRzoqZgqztIe7K0=
Subject key identifier:   C8:B9:A9:E5:61:54:B9:34:8F:36:15:93:D4:B3:73:FC:2B:F2:88:6C
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0190D9EB0ECE3D3351D02542B2346D4CC707
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/yLmp5WFUuTSPNhWT1LNz_CvyiGw.roa
Signing time:             Mon 22 Jul 2024 10:09:38 +0000
ROA not before:           Mon 22 Jul 2024 10:09:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60
IP address blocks:        2a0f:8300::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:40:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:d9:eb:0e:ce:3d:33:51:d0:25:42:b2:34:6d:4c:c7:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jul 22 10:09:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8b9a9e56154b9348f361593d4b373fc2bf2886c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:11:1f:26:b9:73:08:ea:75:de:b8:41:1b:45:
                    35:88:15:de:15:00:e5:87:ca:7a:24:12:77:77:c3:
                    69:4a:77:87:40:06:dc:2b:77:a2:c4:19:9a:b3:11:
                    0a:69:1e:5c:f2:d4:38:86:9c:3d:68:fb:6c:2a:e6:
                    2f:e4:f0:8c:6c:8e:dd:3a:c5:47:bf:17:5e:9c:bc:
                    86:30:5b:98:47:92:9e:0f:f0:fb:d3:44:93:42:70:
                    c6:85:ef:1f:ed:9b:f1:ba:c4:e1:0c:93:98:b1:f6:
                    ae:d3:a3:df:c7:55:d2:d9:2b:ed:1e:84:e6:75:64:
                    bb:4a:47:66:30:7f:1f:c1:85:78:d2:78:1f:3a:ac:
                    cd:96:70:3b:df:6e:ba:9e:0e:dc:a9:cc:d7:6b:55:
                    0f:31:bd:75:ff:53:7e:11:1b:40:08:b3:ab:23:28:
                    5a:18:20:cf:e7:b1:62:b5:3f:35:a9:45:0b:0b:e2:
                    36:33:1e:56:39:a8:80:2e:62:8d:12:dd:83:bf:e8:
                    b0:86:9b:af:bc:9e:ec:bc:c9:6f:5b:0d:67:98:24:
                    4a:7a:be:d8:6e:57:2d:d6:fc:53:10:c3:62:4d:c0:
                    5d:89:75:3f:ba:80:e6:51:be:85:cf:83:c5:f6:6b:
                    2a:d8:6f:2e:f8:53:c2:4e:e6:2a:28:90:c7:48:ad:
                    9c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:B9:A9:E5:61:54:B9:34:8F:36:15:93:D4:B3:73:FC:2B:F2:88:6C
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/yLmp5WFUuTSPNhWT1LNz_CvyiGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:8300::/29

    Signature Algorithm: sha256WithRSAEncryption
         ce:b7:04:c3:62:9b:75:09:8e:62:5e:b8:44:39:21:87:ab:ec:
         7f:99:b6:d5:c7:2e:6f:76:c2:c9:48:59:c7:ed:28:02:af:8a:
         84:aa:fb:21:5d:d9:23:0b:ff:80:40:38:78:a6:70:b3:a5:4d:
         af:44:8d:58:1f:7e:e1:05:c6:59:71:fa:a0:ca:b2:17:89:a7:
         57:bf:63:f9:e3:07:84:dd:d3:2f:81:cc:b7:25:94:c3:ef:5f:
         eb:e5:0a:ba:1f:16:7b:9e:c2:d8:f8:3a:b9:d8:6e:8c:51:7d:
         21:84:72:99:f4:c0:df:20:e4:9b:ab:09:43:44:5d:59:97:f5:
         ba:eb:2b:90:aa:a3:a8:92:b5:71:dc:56:54:1d:74:10:8b:bf:
         19:a0:68:7f:3e:66:a0:0f:fd:b1:4c:25:bc:6c:2b:cf:bf:c5:
         b3:08:cf:13:d8:59:6d:b2:29:0f:a6:3e:bb:eb:5b:1a:6e:9f:
         00:d9:d7:38:db:69:68:d1:14:58:2c:e3:e4:77:ac:1e:75:17:
         85:17:c3:de:56:39:26:21:5c:36:a0:fa:7d:78:b0:e5:d4:9c:
         6c:20:05:0c:a7:26:0d:c0:56:cf:1c:d0:6e:92:bc:9d:51:dd:
         e7:9c:53:1f:70:55:ed:63:20:c3:96:dc:0b:0a:8d:e6:21:bc:
         95:60:46:3c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZDZ6w7OPTNR0CVCsjRtTMcHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwNzIyMTAwOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGI5YTllNTYxNTRiOTM0OGYzNjE1OTNkNGIzNzNmYzJiZjI4ODZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6hEfJrlzCOp13rhBG0U1iBXeFQDl
h8p6JBJ3d8NpSneHQAbcK3eixBmasxEKaR5c8tQ4hpw9aPtsKuYv5PCMbI7dOsVH
vxdenLyGMFuYR5KeD/D700STQnDGhe8f7ZvxusThDJOYsfau06Pfx1XS2SvtHoTm
dWS7SkdmMH8fwYV40ngfOqzNlnA73266ng7cqczXa1UPMb11/1N+ERtACLOrIyha
GCDP57FitT81qUULC+I2Mx5WOaiALmKNEt2Dv+iwhpuvvJ7svMlvWw1nmCRKer7Y
blct1vxTEMNiTcBdiXU/uoDmUb6Fz4PF9msq2G8u+FPCTuYqKJDHSK2cKQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMi5qeVhVLk0jzYVk9Szc/wr8ohsMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEveUxtcDVXRlV1VFNQTmhXVDFMTnpfQ3Z5aUd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg+DADAN
BgkqhkiG9w0BAQsFAAOCAQEAzrcEw2KbdQmOYl64RDkhh6vsf5m21ccub3bCyUhZ
x+0oAq+KhKr7IV3ZIwv/gEA4eKZws6VNr0SNWB9+4QXGWXH6oMqyF4mnV79j+eMH
hN3TL4HMtyWUw+9f6+UKuh8We57C2Pg6udhujFF9IYRymfTA3yDkm6sJQ0RdWZf1
uusrkKqjqJK1cdxWVB10EIu/GaBofz5moA/9sUwlvGwrz7/FswjPE9hZbbIpD6Y+
u+tbGm6fANnXONtpaNEUWCzj5HesHnUXhRfD3lY5JiFcNqD6fXiw5dScbCAFDKcm
DcBWzxzQbpK8nVHd55xTH3BV7WMgw5bcCwqN5iG8lWBGPA==
-----END CERTIFICATE-----