Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/YKJp2-icJw7Xjp8pT1ZKhU0SUos.roa
File:                     YKJp2-icJw7Xjp8pT1ZKhU0SUos.roa (raw, json)
Hash identifier:          QY6G7twubM/A4mqqLWajgq70b10rCv69e8JbaIg7ttc=
Subject key identifier:   60:A2:69:DB:E8:9C:27:0E:D7:8E:9F:29:4F:56:4A:85:4D:12:52:8B
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01900CFF462609E0271D62737CE181C95511
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/YKJp2-icJw7Xjp8pT1ZKhU0SUos.roa
Signing time:             Wed 12 Jun 2024 15:09:34 +0000
ROA not before:           Wed 12 Jun 2024 15:09:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214713
IP address blocks:        2a0f:7803:fa40::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0c:ff:46:26:09:e0:27:1d:62:73:7c:e1:81:c9:55:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jun 12 15:09:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60a269dbe89c270ed78e9f294f564a854d12528b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:eb:ca:a4:b3:2a:2e:85:75:31:05:ac:0c:15:
                    ac:50:bc:fa:12:c6:06:f4:4b:3f:ac:a8:c6:0a:66:
                    37:f8:44:a7:58:d8:84:b6:3e:d3:49:85:73:8c:8c:
                    a1:75:a0:c3:aa:c6:3e:54:19:b4:62:1c:fa:e0:51:
                    52:2f:68:e9:77:67:91:20:c3:8e:ff:a8:df:c5:1b:
                    ae:3b:19:61:f5:0c:35:33:e6:c7:31:e1:c1:4a:f7:
                    7b:0c:35:dc:d3:35:2f:fa:f9:ab:d3:24:28:7b:28:
                    b5:31:b9:e3:f6:a3:11:54:6a:5b:1d:f0:b8:6a:4a:
                    78:c4:3c:35:c2:f9:33:fa:85:57:0d:50:da:a4:3b:
                    b1:e2:bd:a6:63:5d:83:b2:a4:61:ad:4a:65:80:58:
                    70:b0:0b:27:21:3e:c2:3f:ec:bc:53:3f:0c:e3:2f:
                    f4:52:7f:d7:d8:03:14:92:48:12:59:b6:63:35:d4:
                    40:5c:13:c4:55:c5:d1:50:74:33:4b:e0:86:fd:d2:
                    09:22:e6:52:19:57:3a:97:a1:f9:39:c0:ea:83:6d:
                    19:38:06:84:c5:8b:c5:bf:cd:3d:a4:20:52:7d:ff:
                    58:df:f7:f2:3f:8f:13:08:6e:c3:a0:a1:a8:0c:b7:
                    49:da:ee:89:22:d4:18:d0:3a:72:41:ac:35:53:8d:
                    cc:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:A2:69:DB:E8:9C:27:0E:D7:8E:9F:29:4F:56:4A:85:4D:12:52:8B
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/YKJp2-icJw7Xjp8pT1ZKhU0SUos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fa40::/44

    Signature Algorithm: sha256WithRSAEncryption
         1d:ab:05:34:33:75:13:9d:2e:bd:41:9c:85:86:1b:e5:74:48:
         ff:4c:fe:41:75:21:ed:80:29:b5:68:f8:1a:87:85:b3:bc:6d:
         45:04:1c:07:91:d8:2b:54:dd:79:99:af:ab:aa:63:88:e9:07:
         14:8b:37:bc:7a:67:b8:d1:f0:7d:e5:76:26:5f:4e:06:78:69:
         dd:f4:92:f8:f0:d8:46:04:15:4b:14:1b:43:3b:10:4a:a6:e7:
         bf:94:f6:10:d3:93:07:c3:1a:02:27:c7:6f:67:ff:e5:2e:4b:
         c3:d4:a6:bb:c1:9c:a2:d6:99:35:32:09:93:17:b1:73:59:bd:
         fd:1d:ba:38:a5:5a:02:94:f0:bc:58:ca:e8:4a:83:6a:8c:ca:
         ba:a1:5d:2a:f0:82:55:a3:d3:f5:6b:bc:0e:2e:54:ce:9b:89:
         7f:c4:5d:c2:bc:da:3f:17:68:07:8b:b9:5c:32:1b:b0:5b:0f:
         92:66:2a:3d:43:5a:fb:b0:d0:0a:57:75:6a:c8:0e:24:eb:8c:
         d1:6c:aa:21:02:0c:31:02:57:ee:49:90:8f:54:a7:1a:d9:a4:
         18:38:ce:3c:58:65:5c:ea:3e:96:f1:ae:71:68:06:c2:97:bd:
         84:ef:6b:1f:ed:4c:ff:b1:df:d1:07:81:e1:d7:97:47:e5:61:
         7f:60:7d:ad
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAM/0YmCeAnHWJzfOGByVURMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNjEyMTUwOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGEyNjlkYmU4OWMyNzBlZDc4ZTlmMjk0ZjU2NGE4NTRkMTI1MjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+vKpLMqLoV1MQWsDBWsULz6EsYG
9Es/rKjGCmY3+ESnWNiEtj7TSYVzjIyhdaDDqsY+VBm0Yhz64FFSL2jpd2eRIMOO
/6jfxRuuOxlh9Qw1M+bHMeHBSvd7DDXc0zUv+vmr0yQoeyi1Mbnj9qMRVGpbHfC4
akp4xDw1wvkz+oVXDVDapDux4r2mY12DsqRhrUplgFhwsAsnIT7CP+y8Uz8M4y/0
Un/X2AMUkkgSWbZjNdRAXBPEVcXRUHQzS+CG/dIJIuZSGVc6l6H5OcDqg20ZOAaE
xYvFv809pCBSff9Y3/fyP48TCG7DoKGoDLdJ2u6JItQY0DpyQaw1U43MbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGCiadvonCcO146fKU9WSoVNElKLMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvWUtKcDItaWNKdzdYanA4cFQxWktoVTBTVW9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/pA
MA0GCSqGSIb3DQEBCwUAA4IBAQAdqwU0M3UTnS69QZyFhhvldEj/TP5BdSHtgCm1
aPgah4WzvG1FBBwHkdgrVN15ma+rqmOI6QcUize8eme40fB95XYmX04GeGnd9JL4
8NhGBBVLFBtDOxBKpue/lPYQ05MHwxoCJ8dvZ//lLkvD1Ka7wZyi1pk1MgmTF7Fz
Wb39Hbo4pVoClPC8WMroSoNqjMq6oV0q8IJVo9P1a7wOLlTOm4l/xF3CvNo/F2gH
i7lcMhuwWw+SZio9Q1r7sNAKV3VqyA4k64zRbKohAgwxAlfuSZCPVKca2aQYOM48
WGVc6j6W8a5xaAbCl72E72sf7Uz/sd/RB4Hh15dH5WF/YH2t
-----END CERTIFICATE-----