Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/yFv63_ztEd060kvKlQpm14ClH8Y.roa
File:                     yFv63_ztEd060kvKlQpm14ClH8Y.roa (raw, json)
Hash identifier:          5RgQqmRpRGvwhH2YFw3VWw7doX2vHc5eu2IX9PKLDRs=
Subject key identifier:   C8:5B:FA:DF:FC:ED:11:DD:3A:D2:4B:CA:95:0A:66:D7:80:A5:1F:C6
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       018CC3B6AE9C57987B65129C6E4F6823FCDD
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/yFv63_ztEd060kvKlQpm14ClH8Y.roa
Signing time:             Mon 01 Jan 2024 06:29:38 +0000
ROA not before:           Mon 01 Jan 2024 06:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34373
IP address blocks:        2a07:3500:1778::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ae:9c:57:98:7b:65:12:9c:6e:4f:68:23:fc:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Jan  1 06:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c85bfadffced11dd3ad24bca950a66d780a51fc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:3f:0c:da:96:6a:12:6b:1c:ab:8a:c7:54:d7:
                    d4:92:31:a4:ac:a8:f6:9e:fc:43:47:78:3c:63:7a:
                    01:4b:10:9d:a5:d3:dd:ee:f8:57:a9:18:e6:39:e7:
                    43:18:05:4d:a4:3a:91:1c:15:19:d1:eb:0d:f3:45:
                    24:46:aa:62:eb:d5:c2:9b:a5:63:9f:7c:61:7d:02:
                    f4:fb:0a:64:79:ae:37:35:fa:c2:d3:cf:28:7a:99:
                    2e:f8:46:49:39:a8:c7:2f:c9:cc:7a:0f:33:f4:75:
                    fe:d3:4b:ff:f4:13:d7:2d:2b:dc:0d:ab:3b:ef:aa:
                    5a:94:5f:89:83:02:fe:ef:1e:5c:fa:8d:da:b3:95:
                    ba:84:3e:17:9a:ef:09:ed:10:6f:7d:73:00:b0:24:
                    a2:62:dd:10:63:15:f0:1c:9e:4d:9d:fa:37:04:ee:
                    75:37:fe:72:fc:1b:30:84:4e:a5:3b:3f:fd:7b:f6:
                    8c:6e:7a:f0:11:7c:d6:69:64:73:3c:83:72:af:70:
                    b1:35:e0:c7:ed:0d:62:82:59:45:6f:aa:79:50:6a:
                    e1:25:a3:00:ef:62:0b:ac:60:d8:58:0c:4d:c3:0b:
                    41:d8:57:72:ec:23:b8:d0:ed:e3:10:2f:8d:d4:ad:
                    c6:0d:35:27:dd:33:c3:e5:a4:45:99:6f:6f:82:2c:
                    08:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:5B:FA:DF:FC:ED:11:DD:3A:D2:4B:CA:95:0A:66:D7:80:A5:1F:C6
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/yFv63_ztEd060kvKlQpm14ClH8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3500:1778::/48

    Signature Algorithm: sha256WithRSAEncryption
         cb:30:82:56:55:9a:69:45:41:5b:f7:32:0a:a9:96:c2:dc:82:
         9a:97:a6:89:3e:32:82:fd:e1:f3:ec:21:f2:0f:5c:15:22:25:
         a0:68:63:c1:1a:35:47:33:1b:3a:b5:9a:f4:80:f3:6d:1b:0a:
         7e:9a:d5:85:60:57:d4:d7:63:1f:86:7f:c9:70:ee:5b:18:7f:
         02:04:4d:c8:d8:10:f5:c9:05:6d:f3:5f:6e:96:ce:3d:d4:fa:
         93:0a:8b:db:19:77:c8:7e:12:9c:28:72:94:d5:e6:05:fb:01:
         e9:dd:45:be:11:ca:77:6b:e9:62:22:93:7f:98:26:cc:5e:50:
         78:be:c2:20:e2:af:75:40:85:de:ef:9f:7c:2d:04:0e:ae:c9:
         4a:28:df:94:e5:6f:a5:ab:38:8d:0b:45:cf:4e:09:6e:c8:bf:
         40:d9:95:bb:d9:b0:1e:31:c0:a0:33:b2:b4:a4:69:2c:15:50:
         ef:0e:47:61:ab:d7:dc:af:b0:66:48:88:89:c5:0a:d7:44:c1:
         1f:a0:a3:41:f1:7d:3d:4c:86:bc:dc:4b:45:ee:d4:19:69:dd:
         1f:ae:0c:ca:9a:78:52:1f:fa:6f:ce:fa:e8:2d:92:31:3b:8e:
         a5:af:b2:c3:74:61:2d:e3:12:3f:cc:19:d4:e8:55:d1:b4:e7:
         47:a5:f4:22
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtq6cV5h7ZRKcbk9oI/zdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjQwMTAxMDYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODViZmFkZmZjZWQxMWRkM2FkMjRiY2E5NTBhNjZkNzgwYTUxZmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjD8M2pZqEmscq4rHVNfUkjGkrKj2
nvxDR3g8Y3oBSxCdpdPd7vhXqRjmOedDGAVNpDqRHBUZ0esN80UkRqpi69XCm6Vj
n3xhfQL0+wpkea43NfrC088oepku+EZJOajHL8nMeg8z9HX+00v/9BPXLSvcDas7
76palF+JgwL+7x5c+o3as5W6hD4Xmu8J7RBvfXMAsCSiYt0QYxXwHJ5Nnfo3BO51
N/5y/BswhE6lOz/9e/aMbnrwEXzWaWRzPINyr3CxNeDH7Q1igllFb6p5UGrhJaMA
72ILrGDYWAxNwwtB2Fdy7CO40O3jEC+N1K3GDTUn3TPD5aRFmW9vgiwIwwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMhb+t/87RHdOtJLypUKZteApR/GMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEveUZ2NjNfenRFZDA2MGt2S2xRcG0xNENsSDhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgc1ABd4
MA0GCSqGSIb3DQEBCwUAA4IBAQDLMIJWVZppRUFb9zIKqZbC3IKal6aJPjKC/eHz
7CHyD1wVIiWgaGPBGjVHMxs6tZr0gPNtGwp+mtWFYFfU12Mfhn/JcO5bGH8CBE3I
2BD1yQVt819uls491PqTCovbGXfIfhKcKHKU1eYF+wHp3UW+Ecp3a+liIpN/mCbM
XlB4vsIg4q91QIXe7598LQQOrslKKN+U5W+lqziNC0XPTgluyL9A2ZW72bAeMcCg
M7K0pGksFVDvDkdhq9fcr7BmSIiJxQrXRMEfoKNB8X09TIa83EtF7tQZad0frgzK
mnhSH/pvzvroLZIxO46lr7LDdGEt4xI/zBnU6FXRtOdHpfQi
-----END CERTIFICATE-----