Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/yWNpS7yGLMVwqxfBZQ01X2D8B-w.roa
File:                     yWNpS7yGLMVwqxfBZQ01X2D8B-w.roa (raw, json)
Hash identifier:          bPXomo9ZO8moEYD+b/zWWM8ZNqL2uP1auBivBckw0HQ=
Subject key identifier:   C9:63:69:4B:BC:86:2C:C5:70:AB:17:C1:65:0D:35:5F:60:FC:07:EC
Certificate issuer:       /CN=5e936bea1b0c3a208aba27d8b10b275e474dde2c
Certificate serial:       018CC34927A816A57A570493094214224D53
Authority key identifier: 5E:93:6B:EA:1B:0C:3A:20:8A:BA:27:D8:B1:0B:27:5E:47:4D:DE:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XpNr6hsMOiCKuifYsQsnXkdN3iw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/yWNpS7yGLMVwqxfBZQ01X2D8B-w.roa
Signing time:             Mon 01 Jan 2024 04:30:00 +0000
ROA not before:           Mon 01 Jan 2024 04:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200544
IP address blocks:        2a07:ad00::/30 maxlen: 30
                          2a07:ad00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/XpNr6hsMOiCKuifYsQsnXkdN3iw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/XpNr6hsMOiCKuifYsQsnXkdN3iw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XpNr6hsMOiCKuifYsQsnXkdN3iw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:27:a8:16:a5:7a:57:04:93:09:42:14:22:4d:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e936bea1b0c3a208aba27d8b10b275e474dde2c
        Validity
            Not Before: Jan  1 04:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c963694bbc862cc570ab17c1650d355f60fc07ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:42:ab:f4:9a:0c:2f:b7:e6:31:c0:b9:57:7c:
                    47:b6:6f:66:3d:b2:8d:80:54:e0:a3:5a:87:9b:6a:
                    55:c3:71:8e:29:ea:5a:3d:21:5a:cd:6a:03:1f:f5:
                    89:b5:df:e1:1a:88:73:6c:6b:dd:44:7d:9f:f5:61:
                    94:e4:2d:34:e9:5a:a3:78:41:60:63:e3:83:dc:62:
                    0e:ca:cc:0c:ac:f4:d4:81:99:af:fc:10:10:40:b3:
                    cc:62:b3:45:c0:44:09:c3:f4:2f:89:0a:0d:47:7c:
                    6b:07:19:73:6c:04:91:80:c1:40:4b:ce:dc:d9:7a:
                    94:46:fd:a2:17:35:92:5a:b4:48:e1:44:6e:13:d5:
                    1e:ad:c2:e2:43:9e:25:3d:12:14:62:99:1d:51:b9:
                    dc:78:23:e4:5f:a2:17:49:9e:bc:35:7e:44:7a:7a:
                    1c:fd:18:91:da:05:36:4f:39:a0:fa:6f:e1:0b:f6:
                    ee:77:2f:af:2b:c9:48:59:a3:fc:cd:84:e4:2b:68:
                    ac:b5:25:18:b6:4e:86:13:e6:5b:d4:24:12:0a:44:
                    cf:cf:01:1b:4c:88:f2:0e:d0:cb:b0:2e:9a:a0:9d:
                    21:2e:e7:75:81:24:e5:42:45:18:6e:4f:ee:79:64:
                    10:0c:ae:a9:3c:47:d4:d5:48:da:f9:a3:cb:1f:bc:
                    bf:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:63:69:4B:BC:86:2C:C5:70:AB:17:C1:65:0D:35:5F:60:FC:07:EC
            X509v3 Authority Key Identifier:
                keyid:5E:93:6B:EA:1B:0C:3A:20:8A:BA:27:D8:B1:0B:27:5E:47:4D:DE:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XpNr6hsMOiCKuifYsQsnXkdN3iw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/yWNpS7yGLMVwqxfBZQ01X2D8B-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/XpNr6hsMOiCKuifYsQsnXkdN3iw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:ad00::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:e2:8f:f9:ce:7a:ef:17:04:0c:a9:ff:f2:f1:80:ba:c2:f9:
         7f:39:9e:92:65:79:02:d7:54:98:f7:b5:dc:f4:cd:5d:63:04:
         a4:4f:31:be:8e:09:bf:cd:07:4f:ac:34:e6:e8:d0:97:4c:30:
         d3:9f:12:65:48:ed:72:59:57:1c:86:71:ae:40:bc:7f:cb:b4:
         66:7b:a6:3b:04:19:88:d0:9b:1f:8b:6a:76:07:90:0d:a0:fb:
         b1:1e:a8:45:20:1c:08:53:28:ab:ee:e1:98:8a:43:86:bc:c3:
         78:6b:c7:64:64:c8:c5:34:b0:70:7a:a8:d3:90:2a:f6:81:72:
         6b:6d:8e:f2:29:df:36:08:39:31:fc:ce:24:ba:a1:3f:3f:2d:
         ec:f1:2e:64:46:f3:71:ab:e1:60:da:e3:30:04:15:0f:bf:14:
         ca:81:b6:8f:c2:c2:ff:f0:9d:d3:8d:e8:04:55:cf:3f:26:aa:
         c9:f4:29:0f:cd:e1:65:90:68:38:c6:a0:23:37:b7:8a:97:14:
         fb:88:9a:f0:d1:51:0d:67:a3:d9:00:9a:36:e2:b3:d5:21:6a:
         12:ea:94:1d:3b:51:8f:41:78:14:ad:78:e1:25:d6:cd:98:6a:
         44:a3:f3:89:51:b3:9d:5e:61:07:25:27:51:5e:26:41:2f:c8:
         fa:ca:51:16
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSSeoFqV6VwSTCUIUIk1TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlOTM2YmVhMWIwYzNhMjA4YWJhMjdkOGIxMGIyNzVlNDc0
ZGRlMmMwHhcNMjQwMTAxMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTYzNjk0YmJjODYyY2M1NzBhYjE3YzE2NTBkMzU1ZjYwZmMwN2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0Kr9JoML7fmMcC5V3xHtm9mPbKN
gFTgo1qHm2pVw3GOKepaPSFazWoDH/WJtd/hGohzbGvdRH2f9WGU5C006VqjeEFg
Y+OD3GIOyswMrPTUgZmv/BAQQLPMYrNFwEQJw/QviQoNR3xrBxlzbASRgMFAS87c
2XqURv2iFzWSWrRI4URuE9UercLiQ54lPRIUYpkdUbnceCPkX6IXSZ68NX5Eenoc
/RiR2gU2Tzmg+m/hC/budy+vK8lIWaP8zYTkK2istSUYtk6GE+Zb1CQSCkTPzwEb
TIjyDtDLsC6aoJ0hLud1gSTlQkUYbk/ueWQQDK6pPEfU1Uja+aPLH7y/XQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMljaUu8hizFcKsXwWUNNV9g/AfsMB8GA1UdIwQY
MBaAFF6Ta+obDDogiron2LELJ15HTd4sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHBOcjZoc01PaUNLdWlmWXNRc25Ya2ROM2l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS8zMjg3NmItYTgyYi00NzA0LWJhNjct
OTg0NzdhODY1M2M3LzEveVdOcFM3eUdMTVZ3cXhmQlpRMDFYMkQ4Qi13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS8zMjg3NmItYTgyYi00NzA0LWJhNjctOTg0NzdhODY1M2M3
LzEvWHBOcjZoc01PaUNLdWlmWXNRc25Ya2ROM2l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgetADAN
BgkqhkiG9w0BAQsFAAOCAQEAQeKP+c567xcEDKn/8vGAusL5fzmekmV5AtdUmPe1
3PTNXWMEpE8xvo4Jv80HT6w05ujQl0ww058SZUjtcllXHIZxrkC8f8u0ZnumOwQZ
iNCbH4tqdgeQDaD7sR6oRSAcCFMoq+7hmIpDhrzDeGvHZGTIxTSwcHqo05Aq9oFy
a22O8infNgg5MfzOJLqhPz8t7PEuZEbzcavhYNrjMAQVD78UyoG2j8LC//Cd043o
BFXPPyaqyfQpD83hZZBoOMagIze3ipcU+4ia8NFRDWej2QCaNuKz1SFqEuqUHTtR
j0F4FK144SXWzZhqRKPziVGznV5hByUnUV4mQS/I+spRFg==
-----END CERTIFICATE-----