Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/LYjxklQXDuPP3L5W3zeNZXyXCeg.roa
File:                     LYjxklQXDuPP3L5W3zeNZXyXCeg.roa (raw, json)
Hash identifier:          ozkp+T0P4mXw1NSA/Z8g2Ol9cnp6XrdFwt7KeilqAJ0=
Subject key identifier:   2D:88:F1:92:54:17:0E:E3:CF:DC:BE:56:DF:37:8D:65:7C:97:09:E8
Certificate issuer:       /CN=dba12207af4d186c44da2533c0b8f1fd1f55d8db
Certificate serial:       01904A7CD972C9CEE58AF2EC2D0C7F06E69A
Authority key identifier: DB:A1:22:07:AF:4D:18:6C:44:DA:25:33:C0:B8:F1:FD:1F:55:D8:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/26EiB69NGGxE2iUzwLjx_R9V2Ns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/LYjxklQXDuPP3L5W3zeNZXyXCeg.roa
Signing time:             Mon 24 Jun 2024 13:43:34 +0000
ROA not before:           Mon 24 Jun 2024 13:43:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211895
IP address blocks:        2001:67c:21b4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/26EiB69NGGxE2iUzwLjx_R9V2Ns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/26EiB69NGGxE2iUzwLjx_R9V2Ns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/26EiB69NGGxE2iUzwLjx_R9V2Ns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4a:7c:d9:72:c9:ce:e5:8a:f2:ec:2d:0c:7f:06:e6:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dba12207af4d186c44da2533c0b8f1fd1f55d8db
        Validity
            Not Before: Jun 24 13:43:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d88f19254170ee3cfdcbe56df378d657c9709e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ee:d0:87:27:9e:94:27:d4:ae:05:e0:0e:a7:
                    dd:09:9a:32:1d:7c:5b:5a:64:c9:31:a0:0f:7a:c2:
                    01:01:03:38:7f:bf:b6:50:0d:6a:6f:28:5d:98:b8:
                    f9:02:9a:fe:f3:d8:53:24:30:9b:f4:8f:f3:14:5c:
                    27:46:a1:d5:a0:7a:2d:61:f3:a9:50:69:24:8c:59:
                    ce:d1:5f:6f:67:32:62:cf:4d:b4:7a:f4:da:ec:9d:
                    ab:50:b8:45:6c:c5:b4:8a:6d:c3:85:5a:5c:be:8f:
                    99:7e:e7:94:5c:2c:66:cd:ec:36:4a:62:8e:d2:64:
                    7c:59:a4:b2:2c:be:ff:0c:2d:92:c5:f6:49:19:22:
                    78:4f:08:7e:fd:b6:63:3d:80:ec:5c:69:37:81:7d:
                    b6:93:43:7d:58:fc:d3:c3:f8:66:da:bd:0d:e2:8b:
                    91:1b:4c:88:bf:1a:73:fa:7e:7c:3c:d5:95:c4:03:
                    ac:30:d9:9a:cf:f4:d8:5d:a7:51:69:33:95:b3:41:
                    d8:fe:00:1b:ed:76:5f:44:9c:de:97:6b:0c:0f:51:
                    3b:02:8e:d8:63:75:0a:73:e6:6d:75:7d:b2:6b:35:
                    64:9e:ba:f4:e4:e2:69:37:dd:26:d2:37:ac:0c:d8:
                    d2:af:df:cf:c8:14:de:c3:fe:73:2e:13:f8:48:3c:
                    72:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:88:F1:92:54:17:0E:E3:CF:DC:BE:56:DF:37:8D:65:7C:97:09:E8
            X509v3 Authority Key Identifier:
                keyid:DB:A1:22:07:AF:4D:18:6C:44:DA:25:33:C0:B8:F1:FD:1F:55:D8:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/26EiB69NGGxE2iUzwLjx_R9V2Ns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/LYjxklQXDuPP3L5W3zeNZXyXCeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/26EiB69NGGxE2iUzwLjx_R9V2Ns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:21b4::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:35:ec:50:02:06:91:1d:1e:7b:62:0b:1b:3a:4b:5d:d7:c5:
         31:8b:34:c4:82:5f:46:0a:2c:fd:e9:9f:89:d5:db:a1:ad:59:
         c9:cb:0e:c0:67:61:30:04:b0:d3:ad:09:52:39:cd:76:b2:28:
         83:78:d5:23:1e:01:e0:93:bf:6a:e8:7c:dd:02:5b:1d:db:78:
         0b:c5:22:d3:e3:27:09:dc:0c:9a:ca:c3:6e:eb:68:94:d8:a8:
         37:e8:cc:8d:59:b7:ff:7f:27:86:b2:3d:c3:85:29:0b:ae:37:
         b8:14:08:f7:c9:36:06:ab:3c:71:88:9c:f6:41:68:61:e4:8d:
         8e:8f:39:a6:11:5d:a7:dc:e8:79:c9:c7:b8:74:e5:5f:bf:51:
         95:f4:c0:9a:22:b9:8f:d8:8a:0c:08:b9:cc:0d:98:47:b6:fd:
         e9:cc:b4:67:9a:b3:5f:0d:dd:4b:02:ab:66:e1:fc:58:f9:57:
         60:ec:69:e1:47:6e:2d:3c:47:59:40:3e:97:5a:12:cf:68:43:
         e8:3f:04:a8:7a:b7:a6:6a:91:86:30:c3:5f:6a:be:83:b6:37:
         b6:7f:a3:27:cf:77:1b:5f:72:e1:c5:a8:c8:eb:63:06:96:64:
         93:0a:60:96:69:92:2a:47:9d:16:02:99:f1:8e:e5:4e:2d:1b:
         0b:f1:d8:11
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZBKfNlyyc7livLsLQx/BuaaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYTEyMjA3YWY0ZDE4NmM0NGRhMjUzM2MwYjhmMWZkMWY1
NWQ4ZGIwHhcNMjQwNjI0MTM0MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDg4ZjE5MjU0MTcwZWUzY2ZkY2JlNTZkZjM3OGQ2NTdjOTcwOWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApO7QhyeelCfUrgXgDqfdCZoyHXxb
WmTJMaAPesIBAQM4f7+2UA1qbyhdmLj5Apr+89hTJDCb9I/zFFwnRqHVoHotYfOp
UGkkjFnO0V9vZzJiz020evTa7J2rULhFbMW0im3DhVpcvo+ZfueUXCxmzew2SmKO
0mR8WaSyLL7/DC2SxfZJGSJ4Twh+/bZjPYDsXGk3gX22k0N9WPzTw/hm2r0N4ouR
G0yIvxpz+n58PNWVxAOsMNmaz/TYXadRaTOVs0HY/gAb7XZfRJzel2sMD1E7Ao7Y
Y3UKc+ZtdX2yazVknrr05OJpN90m0jesDNjSr9/PyBTew/5zLhP4SDxytQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC2I8ZJUFw7jz9y+Vt83jWV8lwnoMB8GA1UdIwQY
MBaAFNuhIgevTRhsRNolM8C48f0fVdjbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjZFaUI2OU5HR3hFMmlVendManhfUjlWMk5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9jODAxMGUtMzI4OS00YTM2LWEyYjgt
MTJiMmJjNTgwNTNhLzEvTFlqeGtsUVhEdVBQM0w1VzN6ZU5aWHlYQ2VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9jODAxMGUtMzI4OS00YTM2LWEyYjgtMTJiMmJjNTgwNTNh
LzEvMjZFaUI2OU5HR3hFMmlVendManhfUjlWMk5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCG0
MA0GCSqGSIb3DQEBCwUAA4IBAQAPNexQAgaRHR57YgsbOktd18UxizTEgl9GCiz9
6Z+J1duhrVnJyw7AZ2EwBLDTrQlSOc12siiDeNUjHgHgk79q6HzdAlsd23gLxSLT
4ycJ3AyaysNu62iU2Kg36MyNWbf/fyeGsj3DhSkLrje4FAj3yTYGqzxxiJz2QWhh
5I2OjzmmEV2n3Oh5yce4dOVfv1GV9MCaIrmP2IoMCLnMDZhHtv3pzLRnmrNfDd1L
Aqtm4fxY+Vdg7GnhR24tPEdZQD6XWhLPaEPoPwSoeremapGGMMNfar6Dtje2f6Mn
z3cbX3LhxajI62MGlmSTCmCWaZIqR50WApnxjuVOLRsL8dgR
-----END CERTIFICATE-----