Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/yCl_5K-7dutZfpVBsTRTujDdDI4.roa
File:                     yCl_5K-7dutZfpVBsTRTujDdDI4.roa (raw, json)
Hash identifier:          wOvw68YTFtg6h7cumH0+PL9juPbklsF6uxvg0G5lsJg=
Subject key identifier:   C8:29:7F:E4:AF:BB:76:EB:59:7E:95:41:B1:34:53:BA:30:DD:0C:8E
Certificate issuer:       /CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
Certificate serial:       018EF5103D2F5347E95674857CE5CF17FF59
Authority key identifier: 5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/yCl_5K-7dutZfpVBsTRTujDdDI4.roa
Signing time:             Fri 19 Apr 2024 06:34:25 +0000
ROA not before:           Fri 19 Apr 2024 06:34:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211318
IP address blocks:        45.89.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f5:10:3d:2f:53:47:e9:56:74:85:7c:e5:cf:17:ff:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
        Validity
            Not Before: Apr 19 06:34:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8297fe4afbb76eb597e9541b13453ba30dd0c8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ce:cb:67:21:25:1d:34:e7:05:9a:93:01:63:
                    ff:25:e9:74:d4:52:f8:2f:c2:01:d8:50:5d:3a:0d:
                    95:b2:49:bf:5a:26:3f:3a:5c:69:cf:c7:b7:81:b8:
                    a4:1f:c6:ba:b7:90:74:4a:52:9a:98:d5:55:0b:b2:
                    6c:79:85:b4:94:0f:ba:81:70:8d:11:4e:ca:80:d5:
                    02:07:38:54:cf:a7:dc:51:e5:3e:f1:ca:36:41:44:
                    5f:e0:a1:77:3d:2f:81:3e:91:46:35:70:d4:c7:45:
                    20:1e:3e:2c:f3:b3:4a:75:8b:30:c4:5f:27:16:3b:
                    91:3c:fc:56:92:d1:95:8a:7b:c0:35:07:2e:49:49:
                    c8:d9:3a:af:c9:f8:ef:62:f0:39:52:af:f3:2c:0c:
                    07:e4:82:ad:b0:38:dd:26:0c:ca:00:46:ac:e5:5c:
                    7b:62:83:82:24:6c:00:be:24:46:99:fb:7e:7a:d2:
                    4e:17:5d:bd:f8:2d:ef:10:7b:5c:75:95:e4:89:fc:
                    dd:da:2e:0d:34:79:82:2c:94:a8:38:b5:74:98:ec:
                    09:88:59:02:e5:0a:ba:e7:8c:76:86:a3:56:37:9e:
                    52:90:76:b5:90:3c:73:e6:4c:13:c2:5b:db:9a:03:
                    b9:42:d0:e2:74:bd:f6:a2:2a:f5:25:da:2a:18:10:
                    8a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:29:7F:E4:AF:BB:76:EB:59:7E:95:41:B1:34:53:BA:30:DD:0C:8E
            X509v3 Authority Key Identifier:
                keyid:5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/yCl_5K-7dutZfpVBsTRTujDdDI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:05:62:1d:3b:da:93:e6:72:68:1b:bf:e0:fa:81:7c:00:f1:
         4c:1a:23:b2:51:cc:78:bf:b3:27:23:90:b2:ef:e9:c5:f7:30:
         db:65:29:6b:de:e2:9c:c0:34:45:0f:4c:75:01:e3:af:10:3c:
         8f:72:e3:e2:23:0e:b9:f5:c0:b5:14:1d:5b:af:d4:4b:16:22:
         7d:81:1f:2d:bc:9f:f5:b6:b5:36:5b:5c:2b:5b:15:2d:cc:52:
         27:91:9b:65:7c:45:14:b2:87:07:d5:c0:12:07:f4:38:18:6c:
         45:1e:1a:c5:46:2c:36:ee:f2:86:61:cc:6a:fb:1b:b4:9b:cc:
         38:16:f5:6e:09:5b:c8:da:5b:cd:04:76:b3:7f:f6:d2:23:5d:
         47:95:63:b7:dc:bf:44:f8:dd:96:3f:42:d7:a1:b2:98:6d:26:
         8a:5e:ad:97:78:f4:c2:82:6f:45:6f:3f:00:15:f3:82:2a:52:
         f6:8a:77:c2:40:69:47:23:87:aa:36:63:d7:02:39:ae:25:52:
         a9:a1:fe:fe:74:ff:b3:b1:84:fe:01:5a:34:3a:4b:9b:64:5a:
         9b:90:05:59:93:7f:35:06:bb:c3:95:2f:94:a9:14:7f:72:54:
         9e:64:3a:04:b4:23:0e:07:0a:4e:8c:9b:a9:2f:33:84:05:df:
         e5:0e:06:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY71ED0vU0fpVnSFfOXPF/9ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZWUwZDdlNzMwODRhNDJlNGM3ZjcxMThmMjM4M2ZjZmYz
NjliYTQwHhcNMjQwNDE5MDYzNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODI5N2ZlNGFmYmI3NmViNTk3ZTk1NDFiMTM0NTNiYTMwZGQwYzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApM7LZyElHTTnBZqTAWP/Jel01FL4
L8IB2FBdOg2Vskm/WiY/Olxpz8e3gbikH8a6t5B0SlKamNVVC7JseYW0lA+6gXCN
EU7KgNUCBzhUz6fcUeU+8co2QURf4KF3PS+BPpFGNXDUx0UgHj4s87NKdYswxF8n
FjuRPPxWktGVinvANQcuSUnI2TqvyfjvYvA5Uq/zLAwH5IKtsDjdJgzKAEas5Vx7
YoOCJGwAviRGmft+etJOF129+C3vEHtcdZXkifzd2i4NNHmCLJSoOLV0mOwJiFkC
5Qq654x2hqNWN55SkHa1kDxz5kwTwlvbmgO5QtDidL32oir1JdoqGBCKiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgpf+Svu3brWX6VQbE0U7ow3QyOMB8GA1UdIwQY
MBaAFF7uDX5zCEpC5Mf3EY8jg/z/NpukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgt
ZGRjMjY2NTY0NmNjLzEveUNsXzVLLTdkdXRaZnBWQnNUUlR1akRkREk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgtZGRjMjY2NTY0NmNj
LzEvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVkcMA0G
CSqGSIb3DQEBCwUAA4IBAQCTBWIdO9qT5nJoG7/g+oF8APFMGiOyUcx4v7MnI5Cy
7+nF9zDbZSlr3uKcwDRFD0x1AeOvEDyPcuPiIw659cC1FB1br9RLFiJ9gR8tvJ/1
trU2W1wrWxUtzFInkZtlfEUUsocH1cASB/Q4GGxFHhrFRiw27vKGYcxq+xu0m8w4
FvVuCVvI2lvNBHazf/bSI11HlWO33L9E+N2WP0LXobKYbSaKXq2XePTCgm9Fbz8A
FfOCKlL2infCQGlHI4eqNmPXAjmuJVKpof7+dP+zsYT+AVo0OkubZFqbkAVZk381
BrvDlS+UqRR/clSeZDoEtCMOBwpOjJupLzOEBd/lDgYa
-----END CERTIFICATE-----