Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/Yr9cS6aCn5m-fuVWUB1GoA1PzVA.roa
File:                     Yr9cS6aCn5m-fuVWUB1GoA1PzVA.roa (raw, json)
Hash identifier:          o3hn48UKGemH/EAdaXizsjOSOVz9DyWl8XxLdB4iehg=
Subject key identifier:   62:BF:5C:4B:A6:82:9F:99:BE:7E:E5:56:50:1D:46:A0:0D:4F:CD:50
Certificate issuer:       /CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
Certificate serial:       018CC2DB033C8638E87B17CB90FD87ACFB55
Authority key identifier: 98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/Yr9cS6aCn5m-fuVWUB1GoA1PzVA.roa
Signing time:             Mon 01 Jan 2024 02:29:42 +0000
ROA not before:           Mon 01 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     268624
IP address blocks:        80.94.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:03:3c:86:38:e8:7b:17:cb:90:fd:87:ac:fb:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
        Validity
            Not Before: Jan  1 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62bf5c4ba6829f99be7ee556501d46a00d4fcd50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:15:65:84:19:ac:aa:23:ec:06:a5:21:28:3e:
                    a2:49:09:82:66:da:c6:08:26:b4:20:b2:fc:0e:2e:
                    e0:68:c7:ac:d6:1b:8d:c8:25:16:f9:08:f1:29:6c:
                    19:2d:21:a1:01:f3:d3:6e:29:1a:51:b0:08:f9:1a:
                    3b:ad:65:4f:82:89:74:4a:a3:7c:52:56:34:31:65:
                    1c:7d:de:bf:66:93:3c:da:79:8d:92:3e:a2:fa:37:
                    97:b5:e4:40:bb:7c:f8:05:93:ca:fa:3b:d4:64:8b:
                    88:bd:5d:99:f8:41:b5:ae:a4:a7:3e:3d:d2:40:a2:
                    16:ba:92:1d:2a:fa:e0:79:7c:20:63:d6:5c:25:89:
                    49:a4:af:81:92:34:47:6b:50:06:cc:d4:79:1b:f5:
                    33:f6:c9:39:20:8c:b5:4f:84:f0:9c:30:e4:0e:1f:
                    04:4b:bd:46:56:02:e4:47:23:0f:6b:ee:1e:80:fa:
                    9a:49:30:fc:9f:b8:40:cb:0c:e2:c9:6c:9b:28:de:
                    1b:da:f9:0d:46:b5:29:e7:5f:d6:88:51:5f:06:76:
                    06:be:d6:50:04:4e:23:be:c6:7b:42:3a:e9:3a:98:
                    5a:f6:2d:5a:15:42:f8:20:38:d9:67:93:a3:70:b7:
                    a5:e8:94:ce:dd:37:67:c3:4d:d4:7b:f3:ac:e7:de:
                    e9:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:BF:5C:4B:A6:82:9F:99:BE:7E:E5:56:50:1D:46:A0:0D:4F:CD:50
            X509v3 Authority Key Identifier:
                keyid:98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/Yr9cS6aCn5m-fuVWUB1GoA1PzVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.94.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:b5:21:cc:73:98:c5:89:d8:86:74:48:9b:f2:80:71:4b:02:
         25:2b:90:2e:80:50:7a:b2:a6:33:ac:5f:d9:c0:dd:ea:65:1e:
         ce:db:3f:55:4c:32:ad:c5:21:ef:23:2c:3c:92:1c:be:94:ea:
         d2:d5:4f:1b:88:b6:40:6b:e7:17:a3:6e:fa:42:1d:83:10:2e:
         95:49:f8:1e:e7:0e:f8:51:46:8e:3c:c3:ce:85:af:91:cf:ee:
         8c:8b:10:8a:1f:64:dc:6d:45:a9:e4:c0:bc:1b:9e:fa:19:ec:
         70:f3:cf:34:68:6f:c1:6a:03:b4:5b:fa:55:04:29:64:b7:62:
         c7:30:d3:d0:e9:41:59:3b:4e:5f:ab:fc:b3:25:47:ed:04:e1:
         38:b9:0b:71:54:0d:e2:0e:00:50:77:72:dc:08:dc:c0:83:1e:
         e3:a0:23:b9:0a:54:7f:88:36:e9:f2:90:99:f2:89:b4:96:83:
         7c:d4:c0:7f:91:ee:f3:23:ee:62:0a:ec:28:83:94:0a:f0:ca:
         40:38:8f:64:6c:73:a0:94:37:ce:17:ef:a7:74:8b:ad:e3:75:
         5d:3e:5a:44:8e:b7:ae:81:89:58:0a:5f:ff:42:9a:27:8f:e9:
         06:2b:02:3c:a4:5d:24:a2:8c:ff:90:1d:25:7a:97:5a:c7:64:
         6a:e6:4b:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2wM8hjjoexfLkP2HrPtVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjhhMTk5MmJiODAzN2RkZTgxZDBjOGNkYzA2OTVmY2Vl
MTdjMjcwHhcNMjQwMTAxMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmJmNWM0YmE2ODI5Zjk5YmU3ZWU1NTY1MDFkNDZhMDBkNGZjZDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxVlhBmsqiPsBqUhKD6iSQmCZtrG
CCa0ILL8Di7gaMes1huNyCUW+QjxKWwZLSGhAfPTbikaUbAI+Ro7rWVPgol0SqN8
UlY0MWUcfd6/ZpM82nmNkj6i+jeXteRAu3z4BZPK+jvUZIuIvV2Z+EG1rqSnPj3S
QKIWupIdKvrgeXwgY9ZcJYlJpK+BkjRHa1AGzNR5G/Uz9sk5IIy1T4TwnDDkDh8E
S71GVgLkRyMPa+4egPqaSTD8n7hAywziyWybKN4b2vkNRrUp51/WiFFfBnYGvtZQ
BE4jvsZ7QjrpOpha9i1aFUL4IDjZZ5OjcLel6JTO3Tdnw03Ue/Os597pLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGK/XEumgp+Zvn7lVlAdRqANT81QMB8GA1UdIwQY
MBaAFJhooZkruAN93oHQyM3AaV/O4XwnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2It
ZDc4ZDU2MzFkN2Y2LzEvWXI5Y1M2YUNuNW0tZnVWV1VCMUdvQTFQelZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2ItZDc4ZDU2MzFkN2Y2
LzEvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUF5aMA0G
CSqGSIb3DQEBCwUAA4IBAQC1tSHMc5jFidiGdEib8oBxSwIlK5AugFB6sqYzrF/Z
wN3qZR7O2z9VTDKtxSHvIyw8khy+lOrS1U8biLZAa+cXo276Qh2DEC6VSfge5w74
UUaOPMPOha+Rz+6MixCKH2TcbUWp5MC8G576Gexw8880aG/BagO0W/pVBClkt2LH
MNPQ6UFZO05fq/yzJUftBOE4uQtxVA3iDgBQd3LcCNzAgx7joCO5ClR/iDbp8pCZ
8om0loN81MB/ke7zI+5iCuwog5QK8MpAOI9kbHOglDfOF++ndIut43VdPlpEjreu
gYlYCl//Qponj+kGKwI8pF0kooz/kB0lepdax2Rq5kuF
-----END CERTIFICATE-----