Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/RYnasgrYwDkMD19uXSf6pICv7sk.roa
File:                     RYnasgrYwDkMD19uXSf6pICv7sk.roa (raw, json)
Hash identifier:          7bDlcsBzEXU70zpKlu/x4t3mBrpt31CMd6Kye2aP8Zk=
Subject key identifier:   45:89:DA:B2:0A:D8:C0:39:0C:0F:5F:6E:5D:27:FA:A4:80:AF:EE:C9
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D81F09365AEC2D9CCE1CCE2CB1A2AE307
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/RYnasgrYwDkMD19uXSf6pICv7sk.roa
Signing time:             Wed 07 Feb 2024 05:00:43 +0000
ROA not before:           Wed 07 Feb 2024 05:00:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205980
IP address blocks:        2a0f:b241:3a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:81:f0:93:65:ae:c2:d9:cc:e1:cc:e2:cb:1a:2a:e3:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  7 05:00:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4589dab20ad8c0390c0f5f6e5d27faa480afeec9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:65:41:f0:9a:f7:8d:31:c3:64:70:76:f9:3b:
                    ba:7b:69:35:a2:6d:80:2e:2e:84:9b:09:dc:20:84:
                    5f:1a:82:68:c5:73:e4:f4:d7:a4:75:db:f1:cd:99:
                    be:d4:2d:c5:db:d1:4d:85:f2:da:96:3e:a1:88:a2:
                    ea:f4:9e:9b:e6:30:54:68:85:04:81:01:84:2a:ae:
                    5e:d4:33:b7:b5:88:96:00:ac:e4:1d:04:68:c8:20:
                    1f:3e:35:44:26:e7:96:e7:96:c3:83:18:0a:65:93:
                    0d:37:93:e5:b3:97:0e:4f:09:41:bc:5f:dd:73:7a:
                    70:07:68:8a:d1:0b:81:00:a2:4f:51:40:af:b8:a9:
                    9c:fc:2b:77:ea:72:f9:21:63:bc:f1:7c:76:61:65:
                    88:75:bf:03:a6:01:f5:1d:d1:d4:e0:26:71:3e:b1:
                    15:5f:3a:7c:5d:83:f2:42:df:98:50:32:d3:87:0b:
                    7c:f2:36:a1:68:7e:92:e2:5f:bc:af:e5:b8:21:81:
                    c5:25:bc:83:1b:dc:0e:91:2e:47:f1:57:b2:9e:3f:
                    03:dc:7d:41:c0:4f:e7:ef:0f:df:e9:c8:a3:c8:ec:
                    5a:24:7d:dd:ab:09:31:0e:82:92:77:4b:77:c0:84:
                    6b:0d:19:b3:51:01:9d:1b:27:31:cc:db:f3:56:c8:
                    24:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:89:DA:B2:0A:D8:C0:39:0C:0F:5F:6E:5D:27:FA:A4:80:AF:EE:C9
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/RYnasgrYwDkMD19uXSf6pICv7sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:3a::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:3d:2b:f6:fc:40:49:b6:81:9d:e8:20:65:b9:f2:3f:ce:ba:
         30:27:b8:ae:85:b9:b5:c8:45:65:30:1a:7c:b0:a3:e4:86:16:
         de:ed:51:c0:a4:7d:ce:2b:c7:be:53:de:e4:2a:f1:7a:0f:b1:
         75:2a:d5:d1:ce:7b:d2:c2:57:38:f5:f9:de:57:37:51:6e:3f:
         64:25:87:e7:08:42:d4:1b:65:ef:04:d0:e0:90:70:9a:58:ee:
         9b:2c:14:c5:fb:a2:2d:ce:f7:9b:d0:1f:91:6d:e7:6b:3c:98:
         d3:24:b5:13:56:49:ae:94:73:f0:a7:e6:3d:b6:7e:a7:df:8f:
         34:b1:b8:35:9a:2d:3c:74:52:4b:5d:b3:67:28:a5:4a:f5:77:
         a1:33:d7:75:96:56:d2:f0:4d:d0:ce:4e:3f:14:4f:2a:a7:ed:
         e5:41:2a:08:77:64:82:2e:2d:5d:08:45:0b:2c:86:04:21:fb:
         4d:7a:37:b4:97:a5:27:91:e9:7c:bf:38:91:b0:80:79:3f:3d:
         03:fe:37:5d:84:9a:7a:7a:18:7b:45:5f:23:56:c9:17:0d:ba:
         5c:36:0b:2a:ef:72:a7:fb:e0:5c:d7:78:82:30:a5:69:8a:55:
         f8:5e:92:ec:4d:dd:36:c0:32:11:15:60:96:ba:b5:b6:ad:4a:
         6c:a8:5c:cd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2B8JNlrsLZzOHM4ssaKuMHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA3MDUwMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTg5ZGFiMjBhZDhjMDM5MGMwZjVmNmU1ZDI3ZmFhNDgwYWZlZWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWVB8Jr3jTHDZHB2+Tu6e2k1om2A
Li6EmwncIIRfGoJoxXPk9NekddvxzZm+1C3F29FNhfLalj6hiKLq9J6b5jBUaIUE
gQGEKq5e1DO3tYiWAKzkHQRoyCAfPjVEJueW55bDgxgKZZMNN5Pls5cOTwlBvF/d
c3pwB2iK0QuBAKJPUUCvuKmc/Ct36nL5IWO88Xx2YWWIdb8DpgH1HdHU4CZxPrEV
Xzp8XYPyQt+YUDLThwt88jahaH6S4l+8r+W4IYHFJbyDG9wOkS5H8Veynj8D3H1B
wE/n7w/f6cijyOxaJH3dqwkxDoKSd0t3wIRrDRmzUQGdGycxzNvzVsgkSQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEWJ2rIK2MA5DA9fbl0n+qSAr+7JMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvUlluYXNncll3RGtNRDE5dVhTZjZwSUN2N3NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQA6
MA0GCSqGSIb3DQEBCwUAA4IBAQAVPSv2/EBJtoGd6CBlufI/zrowJ7iuhbm1yEVl
MBp8sKPkhhbe7VHApH3OK8e+U97kKvF6D7F1KtXRznvSwlc49fneVzdRbj9kJYfn
CELUG2XvBNDgkHCaWO6bLBTF+6Itzveb0B+RbedrPJjTJLUTVkmulHPwp+Y9tn6n
3480sbg1mi08dFJLXbNnKKVK9XehM9d1llbS8E3Qzk4/FE8qp+3lQSoId2SCLi1d
CEULLIYEIftNeje0l6Unkel8vziRsIB5Pz0D/jddhJp6ehh7RV8jVskXDbpcNgsq
73Kn++Bc13iCMKVpilX4XpLsTd02wDIRFWCWurW2rUpsqFzN
-----END CERTIFICATE-----