Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/c0147a-fabf-40a4-9ef5-2214e96e382f/1/dYiRyodnhodMDi2Ti7uTvRsl_HI.roa
File:                     dYiRyodnhodMDi2Ti7uTvRsl_HI.roa (raw, json)
Hash identifier:          r/T5yjL4p8CfLW3QFj2L/TSQnQ/hf9uXqXBQcgJ9274=
Subject key identifier:   75:88:91:CA:87:67:86:87:4C:0E:2D:93:8B:BB:93:BD:1B:25:FC:72
Certificate issuer:       /CN=926cc6b46295cbbc1bdf986302d0271b8b7d7af0
Certificate serial:       018FDD3C4CCC74C354F993BF82FC022D465B
Authority key identifier: 92:6C:C6:B4:62:95:CB:BC:1B:DF:98:63:02:D0:27:1B:8B:7D:7A:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kmzGtGKVy7wb35hjAtAnG4t9evA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/c0147a-fabf-40a4-9ef5-2214e96e382f/1/dYiRyodnhodMDi2Ti7uTvRsl_HI.roa
Signing time:             Mon 03 Jun 2024 08:34:27 +0000
ROA not before:           Mon 03 Jun 2024 08:34:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1241
IP address blocks:        176.58.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/c0147a-fabf-40a4-9ef5-2214e96e382f/1/kmzGtGKVy7wb35hjAtAnG4t9evA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/c0147a-fabf-40a4-9ef5-2214e96e382f/1/kmzGtGKVy7wb35hjAtAnG4t9evA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kmzGtGKVy7wb35hjAtAnG4t9evA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:dd:3c:4c:cc:74:c3:54:f9:93:bf:82:fc:02:2d:46:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=926cc6b46295cbbc1bdf986302d0271b8b7d7af0
        Validity
            Not Before: Jun  3 08:34:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=758891ca876786874c0e2d938bbb93bd1b25fc72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e1:e5:41:c2:c5:f5:d3:ff:50:44:5e:13:0b:
                    a6:f7:9b:1f:71:ed:82:6c:34:82:7d:52:ba:82:83:
                    8d:7b:45:ab:eb:30:63:14:77:39:86:05:b7:e6:99:
                    76:92:76:28:d1:60:e7:b6:bf:8b:fb:3f:ab:10:fa:
                    2a:aa:d8:5e:9d:ba:2d:29:86:92:28:05:17:e4:b7:
                    0c:43:be:46:47:5e:68:0d:25:01:4e:2d:45:de:20:
                    b8:86:78:f2:1e:af:b1:9b:7f:77:8c:97:86:da:e9:
                    55:5c:42:1d:5b:3a:c1:9f:01:c1:77:22:75:b9:70:
                    d7:6a:ca:46:1a:8c:55:e2:ca:9e:d8:ee:d1:28:a3:
                    c9:03:74:51:ff:5c:c2:76:72:ad:31:60:03:91:42:
                    d5:ea:73:57:2c:95:81:c5:3b:a4:8f:7f:4a:62:77:
                    90:3d:e3:8f:18:1c:fe:ce:10:b1:a6:e9:fe:bb:2e:
                    8f:73:63:4c:21:fa:53:87:63:69:1c:26:8b:53:20:
                    a9:6c:41:2c:0a:d0:31:68:f6:2a:2e:dc:4e:86:f5:
                    db:d7:11:b0:4a:5c:61:ce:2b:61:cb:78:d5:f9:88:
                    60:79:9b:3d:a0:d0:1d:47:33:e9:37:38:11:46:40:
                    3e:d8:45:c6:55:82:c9:fb:fc:e2:1a:29:3b:70:4a:
                    15:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:88:91:CA:87:67:86:87:4C:0E:2D:93:8B:BB:93:BD:1B:25:FC:72
            X509v3 Authority Key Identifier:
                keyid:92:6C:C6:B4:62:95:CB:BC:1B:DF:98:63:02:D0:27:1B:8B:7D:7A:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kmzGtGKVy7wb35hjAtAnG4t9evA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/c0147a-fabf-40a4-9ef5-2214e96e382f/1/dYiRyodnhodMDi2Ti7uTvRsl_HI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/c0147a-fabf-40a4-9ef5-2214e96e382f/1/kmzGtGKVy7wb35hjAtAnG4t9evA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.58.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:26:e7:14:de:4a:6d:b0:c1:a4:4b:83:8b:c7:c8:24:47:74:
         4d:b4:47:d7:9c:4e:cd:2b:a3:62:cf:96:c2:33:e9:d1:6d:78:
         03:71:dd:35:9a:83:92:bd:3b:94:56:f3:2b:3c:44:df:70:61:
         aa:c3:f3:35:49:ab:77:bc:16:db:ac:06:0b:08:91:62:70:8d:
         8a:25:ab:70:dd:6b:98:61:e6:37:5f:c9:8d:54:8d:ff:80:1b:
         7b:d1:c1:80:e4:17:9a:31:00:0c:b1:e6:b0:0c:b8:f3:84:4a:
         fe:0d:b8:5d:b3:fb:8b:6b:b6:a4:a4:df:93:39:27:27:95:47:
         2f:14:59:62:88:88:8d:af:34:0c:64:c9:ec:15:15:78:f5:dd:
         4a:ce:ba:b8:ea:3f:45:21:4d:e2:6c:19:16:b8:90:89:6e:62:
         b7:52:f4:50:38:5c:90:b5:d9:cd:3c:11:f5:fb:df:04:90:55:
         5b:7a:35:ce:4a:65:f2:76:4b:a4:34:7d:89:aa:7b:35:07:27:
         27:72:73:cd:36:db:f8:e4:0b:c5:f1:8d:2d:d7:28:e8:8a:ea:
         3e:68:9d:ce:97:4a:e1:a1:ab:27:c5:2a:1e:9c:d5:ce:fd:26:
         50:86:38:b4:95:f2:f0:fb:47:c7:92:e5:f9:d0:75:42:4a:8f:
         b9:a3:b3:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/dPEzMdMNU+ZO/gvwCLUZbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNmNjNmI0NjI5NWNiYmMxYmRmOTg2MzAyZDAyNzFiOGI3
ZDdhZjAwHhcNMjQwNjAzMDgzNDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTg4OTFjYTg3Njc4Njg3NGMwZTJkOTM4YmJiOTNiZDFiMjVmYzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOHlQcLF9dP/UEReEwum95sfce2C
bDSCfVK6goONe0Wr6zBjFHc5hgW35pl2knYo0WDntr+L+z+rEPoqqthenbotKYaS
KAUX5LcMQ75GR15oDSUBTi1F3iC4hnjyHq+xm393jJeG2ulVXEIdWzrBnwHBdyJ1
uXDXaspGGoxV4sqe2O7RKKPJA3RR/1zCdnKtMWADkULV6nNXLJWBxTukj39KYneQ
PeOPGBz+zhCxpun+uy6Pc2NMIfpTh2NpHCaLUyCpbEEsCtAxaPYqLtxOhvXb1xGw
Slxhzithy3jV+YhgeZs9oNAdRzPpNzgRRkA+2EXGVYLJ+/ziGik7cEoVQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHWIkcqHZ4aHTA4tk4u7k70bJfxyMB8GA1UdIwQY
MBaAFJJsxrRilcu8G9+YYwLQJxuLfXrwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva216R3RHS1Z5N3diMzVoakF0QW5HNHQ5ZXZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jMDE0N2EtZmFiZi00MGE0LTllZjUt
MjIxNGU5NmUzODJmLzEvZFlpUnlvZG5ob2RNRGkyVGk3dVR2UnNsX0hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jMDE0N2EtZmFiZi00MGE0LTllZjUtMjIxNGU5NmUzODJm
LzEva216R3RHS1Z5N3diMzVoakF0QW5HNHQ5ZXZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDr5MA0G
CSqGSIb3DQEBCwUAA4IBAQAeJucU3kptsMGkS4OLx8gkR3RNtEfXnE7NK6Niz5bC
M+nRbXgDcd01moOSvTuUVvMrPETfcGGqw/M1Sat3vBbbrAYLCJFicI2KJatw3WuY
YeY3X8mNVI3/gBt70cGA5BeaMQAMseawDLjzhEr+Dbhds/uLa7akpN+TOScnlUcv
FFliiIiNrzQMZMnsFRV49d1Kzrq46j9FIU3ibBkWuJCJbmK3UvRQOFyQtdnNPBH1
+98EkFVbejXOSmXydkukNH2Jqns1BycncnPNNtv45AvF8Y0t1yjoiuo+aJ3Ol0rh
oasnxSoenNXO/SZQhji0lfLw+0fHkuX50HVCSo+5o7PP
-----END CERTIFICATE-----