Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/d01d58-5418-4217-89ae-23a84eedd956/1/ykpGFrLdMPBXqUwN0zjtryapTM0.roa
File:                     ykpGFrLdMPBXqUwN0zjtryapTM0.roa (raw, json)
Hash identifier:          mydnx0hnSW4RKmYfycMaAUkBf9VJQ1rcHnv5zd9iS+k=
Subject key identifier:   CA:4A:46:16:B2:DD:30:F0:57:A9:4C:0D:D3:38:ED:AF:26:A9:4C:CD
Certificate issuer:       /CN=d3358c3ec71fc19a6ac9846baf4de59836357293
Certificate serial:       018CC4254B6C151F3F4DAB4AAB7C7319C11E
Authority key identifier: D3:35:8C:3E:C7:1F:C1:9A:6A:C9:84:6B:AF:4D:E5:98:36:35:72:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0zWMPscfwZpqyYRrr03lmDY1cpM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/d01d58-5418-4217-89ae-23a84eedd956/1/ykpGFrLdMPBXqUwN0zjtryapTM0.roa
Signing time:             Mon 01 Jan 2024 08:30:27 +0000
ROA not before:           Mon 01 Jan 2024 08:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200924
IP address blocks:        2001:678:c9c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/d01d58-5418-4217-89ae-23a84eedd956/1/0zWMPscfwZpqyYRrr03lmDY1cpM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/d01d58-5418-4217-89ae-23a84eedd956/1/0zWMPscfwZpqyYRrr03lmDY1cpM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0zWMPscfwZpqyYRrr03lmDY1cpM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4b:6c:15:1f:3f:4d:ab:4a:ab:7c:73:19:c1:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3358c3ec71fc19a6ac9846baf4de59836357293
        Validity
            Not Before: Jan  1 08:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca4a4616b2dd30f057a94c0dd338edaf26a94ccd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:a8:67:be:2d:05:eb:7a:a7:aa:00:e1:68:ec:
                    13:a4:f5:fe:88:02:ef:50:b4:e4:31:71:74:cf:79:
                    74:7a:9d:99:15:4f:d0:88:77:69:e8:a6:72:d5:95:
                    d8:05:dd:0e:c7:92:36:54:b2:f1:10:f4:29:c9:9c:
                    15:93:33:09:99:2f:e1:cc:7b:cf:b8:1c:7c:a7:30:
                    c9:20:07:e1:0a:ed:69:d4:29:da:e1:82:37:0e:83:
                    5a:ed:8d:97:eb:b5:b8:aa:49:5c:48:fe:95:20:6d:
                    2d:ee:28:95:4e:91:d0:b5:a7:d1:33:d3:77:df:76:
                    60:e5:a0:e8:f4:30:6d:f0:e6:ec:19:97:c8:ca:d9:
                    8e:04:4e:50:6a:cb:32:e6:42:13:1a:7e:96:02:ec:
                    62:94:38:75:ce:47:84:67:64:32:69:71:cf:60:f3:
                    9c:08:79:dd:af:73:d0:8b:31:69:54:4c:da:59:67:
                    25:32:57:62:bb:72:65:4c:35:85:d7:2d:9a:f0:37:
                    29:15:bc:d8:91:e6:c0:85:0f:78:20:46:b2:21:73:
                    b2:40:6b:88:f2:54:31:a5:c8:4a:62:ff:87:6a:85:
                    0b:90:be:56:71:3c:2a:dc:46:4f:30:9a:c4:ef:8a:
                    fc:56:3f:91:ec:4e:ff:1f:d7:c8:fd:dc:9c:87:ed:
                    e5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:4A:46:16:B2:DD:30:F0:57:A9:4C:0D:D3:38:ED:AF:26:A9:4C:CD
            X509v3 Authority Key Identifier:
                keyid:D3:35:8C:3E:C7:1F:C1:9A:6A:C9:84:6B:AF:4D:E5:98:36:35:72:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0zWMPscfwZpqyYRrr03lmDY1cpM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/d01d58-5418-4217-89ae-23a84eedd956/1/ykpGFrLdMPBXqUwN0zjtryapTM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/d01d58-5418-4217-89ae-23a84eedd956/1/0zWMPscfwZpqyYRrr03lmDY1cpM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:c9c::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:21:d3:ad:f1:4a:fd:74:10:2b:e4:3d:21:48:6d:80:8e:30:
         5f:cc:35:9a:e5:a5:46:77:4c:a8:8d:b3:d7:3f:84:eb:9a:cb:
         c8:a0:6e:c0:73:7d:16:e0:c8:96:65:02:e3:a6:82:0d:bb:f1:
         8f:29:b1:ed:7a:00:00:a8:32:17:46:7f:74:69:ce:41:73:6a:
         13:da:70:25:3b:3a:32:c9:8d:09:48:ed:c9:d6:d0:ed:2c:fd:
         cf:f6:5f:6f:f6:40:0e:c0:42:5c:f4:90:62:24:ca:ea:8c:bc:
         e1:6d:0c:91:6f:fb:7e:1a:26:21:65:22:8d:2b:af:e4:fd:99:
         de:13:21:9f:87:98:8e:6b:29:e9:56:2a:0a:f3:a4:c5:b7:f7:
         27:fc:2b:36:c2:a4:e9:74:a4:cc:cf:66:42:65:b9:f2:71:b5:
         f8:00:09:cd:f3:66:d9:a8:66:59:ac:b2:5f:9c:73:7e:af:75:
         6c:9b:74:ea:1e:85:df:56:eb:f5:97:0b:b0:66:24:43:dd:f6:
         35:28:f7:94:4a:24:4c:af:94:e1:28:33:d7:a3:c9:8c:03:11:
         5b:e8:ae:68:4c:70:6a:e7:86:fa:69:b1:2c:99:1b:af:71:ac:
         50:0b:cb:47:7e:46:6c:af:17:4e:71:f5:46:ed:db:94:fa:cb:
         a3:7e:76:ca
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJUtsFR8/TatKq3xzGcEeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMzU4YzNlYzcxZmMxOWE2YWM5ODQ2YmFmNGRlNTk4MzYz
NTcyOTMwHhcNMjQwMTAxMDgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTRhNDYxNmIyZGQzMGYwNTdhOTRjMGRkMzM4ZWRhZjI2YTk0Y2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3qhnvi0F63qnqgDhaOwTpPX+iALv
ULTkMXF0z3l0ep2ZFU/QiHdp6KZy1ZXYBd0Ox5I2VLLxEPQpyZwVkzMJmS/hzHvP
uBx8pzDJIAfhCu1p1Cna4YI3DoNa7Y2X67W4qklcSP6VIG0t7iiVTpHQtafRM9N3
33Zg5aDo9DBt8ObsGZfIytmOBE5Qassy5kITGn6WAuxilDh1zkeEZ2QyaXHPYPOc
CHndr3PQizFpVEzaWWclMldiu3JlTDWF1y2a8DcpFbzYkebAhQ94IEayIXOyQGuI
8lQxpchKYv+HaoULkL5WcTwq3EZPMJrE74r8Vj+R7E7/H9fI/dych+3lxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMpKRhay3TDwV6lMDdM47a8mqUzNMB8GA1UdIwQY
MBaAFNM1jD7HH8GaasmEa69N5Zg2NXKTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHpXTVBzY2Z3WnBxeVlScnIwM2xtRFkxY3BNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9kMDFkNTgtNTQxOC00MjE3LTg5YWUt
MjNhODRlZWRkOTU2LzEveWtwR0ZyTGRNUEJYcVV3TjB6anRyeWFwVE0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9kMDFkNTgtNTQxOC00MjE3LTg5YWUtMjNhODRlZWRkOTU2
LzEvMHpXTVBzY2Z3WnBxeVlScnIwM2xtRFkxY3BNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAyc
MA0GCSqGSIb3DQEBCwUAA4IBAQBLIdOt8Ur9dBAr5D0hSG2AjjBfzDWa5aVGd0yo
jbPXP4TrmsvIoG7Ac30W4MiWZQLjpoINu/GPKbHtegAAqDIXRn90ac5Bc2oT2nAl
OzoyyY0JSO3J1tDtLP3P9l9v9kAOwEJc9JBiJMrqjLzhbQyRb/t+GiYhZSKNK6/k
/ZneEyGfh5iOaynpVioK86TFt/cn/Cs2wqTpdKTMz2ZCZbnycbX4AAnN82bZqGZZ
rLJfnHN+r3Vsm3TqHoXfVuv1lwuwZiRD3fY1KPeUSiRMr5ThKDPXo8mMAxFb6K5o
THBq54b6abEsmRuvcaxQC8tHfkZsrxdOcfVG7duU+sujfnbK
-----END CERTIFICATE-----