Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/ac8fdc-9d55-45db-a243-f16697d72a71/1/YxYV7ilU-bzaeiwRMYc2UtSyiIY.roa
File:                     YxYV7ilU-bzaeiwRMYc2UtSyiIY.roa (raw, json)
Hash identifier:          u2WpS/rE8mabBFz4HXJHYjc1HdXHi/azx+IQDgOLWXo=
Subject key identifier:   63:16:15:EE:29:54:F9:BC:DA:7A:2C:11:31:87:36:52:D4:B2:88:86
Certificate issuer:       /CN=b2749bc9cd2cf8dffcf2ffed7884fbc13cb3e45d
Certificate serial:       018FC129CECE32BC91FC7ED7CDC95E232DF3
Authority key identifier: B2:74:9B:C9:CD:2C:F8:DF:FC:F2:FF:ED:78:84:FB:C1:3C:B3:E4:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/snSbyc0s-N_88v_teIT7wTyz5F0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/ac8fdc-9d55-45db-a243-f16697d72a71/1/YxYV7ilU-bzaeiwRMYc2UtSyiIY.roa
Signing time:             Tue 28 May 2024 21:44:53 +0000
ROA not before:           Tue 28 May 2024 21:44:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        2001:678:580::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/ac8fdc-9d55-45db-a243-f16697d72a71/1/snSbyc0s-N_88v_teIT7wTyz5F0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/ac8fdc-9d55-45db-a243-f16697d72a71/1/snSbyc0s-N_88v_teIT7wTyz5F0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/snSbyc0s-N_88v_teIT7wTyz5F0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c1:29:ce:ce:32:bc:91:fc:7e:d7:cd:c9:5e:23:2d:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2749bc9cd2cf8dffcf2ffed7884fbc13cb3e45d
        Validity
            Not Before: May 28 21:44:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=631615ee2954f9bcda7a2c1131873652d4b28886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:24:42:88:b9:0f:d5:6f:d5:46:0b:69:82:40:
                    bc:b1:43:d4:4b:d9:8b:69:0e:77:9d:9b:2c:76:ba:
                    a0:66:1b:d5:14:2a:76:0b:eb:d0:f1:18:45:7a:27:
                    63:73:62:77:55:dd:e7:b6:52:d4:10:e7:8b:ea:2e:
                    b7:3c:c7:d9:bc:cd:9a:18:1b:18:87:10:32:d2:32:
                    8d:10:be:b6:ac:e1:c9:50:81:04:11:68:04:79:2b:
                    1e:4d:f8:13:4b:5a:02:25:44:37:6c:55:d1:61:08:
                    33:7b:f3:ae:0a:1a:c6:d6:07:9a:72:8b:d6:c9:64:
                    26:86:67:92:89:93:98:56:bb:42:f3:d2:c7:3b:2a:
                    b6:a9:b6:a9:d5:21:97:43:fd:0a:29:a3:fe:b4:74:
                    d5:b3:1d:24:9b:55:bb:3a:11:b0:83:c2:9c:3a:eb:
                    e9:49:6f:79:b7:81:a6:cc:5c:83:d9:bc:2f:74:bc:
                    1b:d6:2a:81:d8:51:44:10:57:8f:fc:e3:66:a3:83:
                    ab:a2:08:0c:26:4c:44:d2:34:98:bb:a4:c3:3b:bf:
                    f1:ba:72:70:cc:80:30:cf:08:c2:5c:cb:e0:f3:39:
                    b3:45:6b:c1:d0:53:59:65:df:01:82:7b:ca:9e:25:
                    86:03:c5:c2:d1:1c:34:5f:15:7d:05:27:24:68:a7:
                    db:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:16:15:EE:29:54:F9:BC:DA:7A:2C:11:31:87:36:52:D4:B2:88:86
            X509v3 Authority Key Identifier:
                keyid:B2:74:9B:C9:CD:2C:F8:DF:FC:F2:FF:ED:78:84:FB:C1:3C:B3:E4:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/snSbyc0s-N_88v_teIT7wTyz5F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ac8fdc-9d55-45db-a243-f16697d72a71/1/YxYV7ilU-bzaeiwRMYc2UtSyiIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ac8fdc-9d55-45db-a243-f16697d72a71/1/snSbyc0s-N_88v_teIT7wTyz5F0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:580::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:82:a4:17:4b:37:80:0d:07:c3:99:e6:ce:42:1c:08:01:ce:
         78:d5:6c:89:53:86:8b:6f:03:c3:d1:1d:6c:01:f7:a9:62:9d:
         d4:c3:6a:25:bb:61:ca:81:7e:54:ea:70:2b:87:65:5a:15:e5:
         46:19:e7:79:3a:03:72:ce:8c:3a:b5:91:59:a2:ba:3d:f9:e6:
         99:31:41:97:92:c8:35:3f:9e:08:00:fb:b3:14:37:98:1f:be:
         a3:50:cc:cd:c0:d5:93:79:ca:4c:f6:3c:77:6a:0c:b8:c2:1f:
         c4:4c:7a:b2:ab:c8:4d:7a:9a:87:89:3f:dd:85:0c:e9:46:45:
         d6:c9:66:e7:81:62:bc:40:03:be:07:8f:4d:d7:a1:df:39:49:
         d2:74:6b:59:55:fe:a0:23:6a:a8:f7:e3:da:4f:34:e6:e2:03:
         e0:ec:34:9c:1c:f9:91:2c:3c:64:b8:f1:fd:0c:6b:cf:e0:9b:
         d4:ee:e5:ca:c2:4d:5f:87:2f:85:31:4d:36:b1:3d:5e:7d:b6:
         7d:65:e6:03:49:2c:28:ac:3c:43:a2:e5:6c:5e:d1:c5:6e:fc:
         d7:d1:66:eb:90:90:7d:72:88:2f:79:5e:a8:b5:df:ce:bc:3c:
         bf:aa:1f:02:2a:fa:d2:b9:ee:c3:b5:aa:9a:33:07:81:b1:29:
         ee:b8:fa:9c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY/BKc7OMryR/H7XzcleIy3zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNzQ5YmM5Y2QyY2Y4ZGZmY2YyZmZlZDc4ODRmYmMxM2Ni
M2U0NWQwHhcNMjQwNTI4MjE0NDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzE2MTVlZTI5NTRmOWJjZGE3YTJjMTEzMTg3MzY1MmQ0YjI4ODg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyRCiLkP1W/VRgtpgkC8sUPUS9mL
aQ53nZssdrqgZhvVFCp2C+vQ8RhFeidjc2J3Vd3ntlLUEOeL6i63PMfZvM2aGBsY
hxAy0jKNEL62rOHJUIEEEWgEeSseTfgTS1oCJUQ3bFXRYQgze/OuChrG1geacovW
yWQmhmeSiZOYVrtC89LHOyq2qbap1SGXQ/0KKaP+tHTVsx0km1W7OhGwg8KcOuvp
SW95t4GmzFyD2bwvdLwb1iqB2FFEEFeP/ONmo4OroggMJkxE0jSYu6TDO7/xunJw
zIAwzwjCXMvg8zmzRWvB0FNZZd8BgnvKniWGA8XC0Rw0XxV9BSckaKfblQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGMWFe4pVPm82nosETGHNlLUsoiGMB8GA1UdIwQY
MBaAFLJ0m8nNLPjf/PL/7XiE+8E8s+RdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc25TYnljMHMtTl84OHZfdGVJVDd3VHl6NUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9hYzhmZGMtOWQ1NS00NWRiLWEyNDMt
ZjE2Njk3ZDcyYTcxLzEvWXhZVjdpbFUtYnphZWl3Uk1ZYzJVdFN5aUlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9hYzhmZGMtOWQ1NS00NWRiLWEyNDMtZjE2Njk3ZDcyYTcx
LzEvc25TYnljMHMtTl84OHZfdGVJVDd3VHl6NUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAWA
MA0GCSqGSIb3DQEBCwUAA4IBAQA2gqQXSzeADQfDmebOQhwIAc541WyJU4aLbwPD
0R1sAfepYp3Uw2olu2HKgX5U6nArh2VaFeVGGed5OgNyzow6tZFZoro9+eaZMUGX
ksg1P54IAPuzFDeYH76jUMzNwNWTecpM9jx3agy4wh/ETHqyq8hNepqHiT/dhQzp
RkXWyWbngWK8QAO+B49N16HfOUnSdGtZVf6gI2qo9+PaTzTm4gPg7DScHPmRLDxk
uPH9DGvP4JvU7uXKwk1fhy+FMU02sT1efbZ9ZeYDSSworDxDouVsXtHFbvzX0Wbr
kJB9cogveV6otd/OvDy/qh8CKvrSue7DtaqaMweBsSnuuPqc
-----END CERTIFICATE-----