Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/YtZsgEdY6FChVZRVChbos9M0M0A.roa
File:                     YtZsgEdY6FChVZRVChbos9M0M0A.roa (raw, json)
Hash identifier:          VF+P/RnqGVvfb6m5T1SH78Y1omoNr4I/TXpZBN2ccoI=
Subject key identifier:   62:D6:6C:80:47:58:E8:50:A1:55:94:55:0A:16:E8:B3:D3:34:33:40
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018CC8DE313A01661E5D14F24E0D125865BF
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/YtZsgEdY6FChVZRVChbos9M0M0A.roa
Signing time:             Tue 02 Jan 2024 06:30:53 +0000
ROA not before:           Tue 02 Jan 2024 06:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47122
IP address blocks:        91.214.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:31:3a:01:66:1e:5d:14:f2:4e:0d:12:58:65:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jan  2 06:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62d66c804758e850a15594550a16e8b3d3343340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:93:11:85:9e:5a:f6:69:6f:83:d8:6f:4c:f2:
                    e4:fe:d3:97:aa:16:bc:67:31:95:ba:71:d7:7d:7f:
                    86:cb:86:4f:ec:1d:77:bf:32:d4:0f:f7:22:25:e1:
                    40:3d:2f:cc:d0:df:d1:b5:16:e9:45:d2:8d:f6:cf:
                    92:df:e7:20:15:6e:a2:d1:d2:7e:7a:38:ef:83:b3:
                    f8:a4:05:97:07:7d:3a:97:04:40:48:5c:9d:25:53:
                    49:ba:99:d7:39:5e:19:cf:69:5e:d6:ab:35:6f:b9:
                    e1:97:fd:7a:0e:d8:75:55:1b:d1:09:3e:07:10:e2:
                    2d:f6:20:fd:31:d0:00:12:c6:b8:54:41:b1:30:04:
                    2f:8d:4b:41:90:e2:e3:62:cd:10:46:d6:96:09:ae:
                    9f:5c:68:89:67:28:5c:22:0c:5c:2c:0b:25:85:6f:
                    22:5d:f9:bb:fe:99:5d:38:78:c9:a9:df:ee:af:75:
                    1f:0a:a7:00:2a:85:6e:68:47:7b:f2:87:fd:ce:00:
                    7b:cd:fb:6e:18:5d:b0:99:a5:1d:a6:0b:91:a3:88:
                    84:9d:42:46:b7:d0:bd:0d:ad:bd:98:2e:f3:d8:ea:
                    e7:de:c4:3c:50:4d:5b:bf:e4:1c:c1:ab:21:12:bc:
                    db:73:a8:7b:fa:c8:af:16:96:20:3a:45:a7:97:ba:
                    9f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:D6:6C:80:47:58:E8:50:A1:55:94:55:0A:16:E8:B3:D3:34:33:40
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/YtZsgEdY6FChVZRVChbos9M0M0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:a7:cb:a5:43:c0:20:32:43:81:c0:05:09:d4:ec:bc:bc:5b:
         07:45:16:67:d6:c7:3b:8f:7e:b2:b6:a1:a5:d7:5f:72:8f:1c:
         ec:96:a4:12:e8:00:a0:ec:b5:04:5d:67:3f:b8:39:0e:32:40:
         aa:0c:0e:5d:81:f6:32:5d:52:6e:33:75:87:3d:ab:23:af:23:
         49:85:7b:12:a7:e4:e0:b4:70:7a:0b:8e:58:17:e3:1c:15:e1:
         88:a5:ff:6b:86:17:90:68:80:f2:ab:f4:33:af:56:21:a8:07:
         aa:ea:5d:c6:49:2d:18:bd:08:54:3d:68:e9:d3:46:57:e0:b9:
         3d:82:33:16:b7:c1:00:37:3c:5a:9e:8c:ca:c4:ae:61:84:d1:
         fe:b5:b3:a1:f9:3e:25:04:c1:30:ad:02:ea:b0:15:6c:b4:78:
         97:cf:07:6e:8d:6b:3e:5e:85:9d:b4:f5:b6:6b:12:33:e6:05:
         1d:4b:92:f7:56:82:d2:18:aa:04:6e:12:0d:d8:d8:d3:ca:7f:
         88:f0:77:63:4a:c2:e7:55:b1:a6:49:b8:58:8c:4d:09:1a:7b:
         45:25:30:47:8f:82:33:cf:ee:f8:ff:3d:6e:a6:68:7f:d7:07:
         ce:e3:1b:42:fe:d5:62:9f:be:16:14:3e:97:33:09:1d:91:3d:
         45:4f:c8:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3jE6AWYeXRTyTg0SWGW/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMTAyMDYzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmQ2NmM4MDQ3NThlODUwYTE1NTk0NTUwYTE2ZThiM2QzMzQzMzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZMRhZ5a9mlvg9hvTPLk/tOXqha8
ZzGVunHXfX+Gy4ZP7B13vzLUD/ciJeFAPS/M0N/RtRbpRdKN9s+S3+cgFW6i0dJ+
ejjvg7P4pAWXB306lwRASFydJVNJupnXOV4Zz2le1qs1b7nhl/16Dth1VRvRCT4H
EOIt9iD9MdAAEsa4VEGxMAQvjUtBkOLjYs0QRtaWCa6fXGiJZyhcIgxcLAslhW8i
Xfm7/pldOHjJqd/ur3UfCqcAKoVuaEd78of9zgB7zftuGF2wmaUdpguRo4iEnUJG
t9C9Da29mC7z2Orn3sQ8UE1bv+QcwashErzbc6h7+sivFpYgOkWnl7qfJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLWbIBHWOhQoVWUVQoW6LPTNDNAMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvWXRac2dFZFk2RkNoVlpSVkNoYm9zOU0wTTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9Z3MA0G
CSqGSIb3DQEBCwUAA4IBAQAop8ulQ8AgMkOBwAUJ1Oy8vFsHRRZn1sc7j36ytqGl
119yjxzslqQS6ACg7LUEXWc/uDkOMkCqDA5dgfYyXVJuM3WHPasjryNJhXsSp+Tg
tHB6C45YF+McFeGIpf9rhheQaIDyq/Qzr1YhqAeq6l3GSS0YvQhUPWjp00ZX4Lk9
gjMWt8EANzxanozKxK5hhNH+tbOh+T4lBMEwrQLqsBVstHiXzwdujWs+XoWdtPW2
axIz5gUdS5L3VoLSGKoEbhIN2NjTyn+I8HdjSsLnVbGmSbhYjE0JGntFJTBHj4Iz
z+74/z1upmh/1wfO4xtC/tVin74WFD6XMwkdkT1FT8iH
-----END CERTIFICATE-----