Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/YESo74Sgw-DGkGd4HOe05SnE6Xw.roa
File:                     YESo74Sgw-DGkGd4HOe05SnE6Xw.roa (raw, json)
Hash identifier:          NG8HzYChgxie2hkFXOAuQnkOksnpvfEsfPQCBU72mcw=
Subject key identifier:   60:44:A8:EF:84:A0:C3:E0:C6:90:67:78:1C:E7:B4:E5:29:C4:E9:7C
Certificate issuer:       /CN=2d28cfa3fd2da9caaa659284758dee67099934f8
Certificate serial:       01900D9DA8EEE31AEBA49FA80CDBB737D2AE
Authority key identifier: 2D:28:CF:A3:FD:2D:A9:CA:AA:65:92:84:75:8D:EE:67:09:99:34:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/YESo74Sgw-DGkGd4HOe05SnE6Xw.roa
Signing time:             Wed 12 Jun 2024 18:02:34 +0000
ROA not before:           Wed 12 Jun 2024 18:02:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214739
IP address blocks:        212.15.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/LSjPo_0tqcqqZZKEdY3uZwmZNPg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/LSjPo_0tqcqqZZKEdY3uZwmZNPg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0d:9d:a8:ee:e3:1a:eb:a4:9f:a8:0c:db:b7:37:d2:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d28cfa3fd2da9caaa659284758dee67099934f8
        Validity
            Not Before: Jun 12 18:02:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6044a8ef84a0c3e0c69067781ce7b4e529c4e97c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:15:84:7d:57:7b:65:e1:a4:37:1d:ba:3f:56:
                    69:5a:ba:3c:34:b3:8e:ab:52:31:c8:30:7f:4d:ce:
                    b6:81:03:3f:5c:29:9b:cc:1e:b9:0d:a5:7a:55:94:
                    fe:67:52:50:15:be:2b:2a:9b:47:c5:b9:2a:c6:04:
                    1b:c5:53:8b:65:fc:dc:7f:f3:a7:ce:a3:63:eb:47:
                    39:4a:9b:c6:67:85:d2:5d:95:a4:77:bd:20:1d:7f:
                    b0:bf:ad:dd:80:b6:24:22:d4:7a:70:bf:8c:43:80:
                    ef:0d:e7:2d:d1:b9:1b:70:73:55:87:d2:45:14:67:
                    a8:5c:0f:43:ab:c8:5f:f3:ef:20:67:12:5e:c7:6a:
                    b7:47:e2:1c:d4:8a:37:e2:ac:c6:af:ae:bc:2a:1f:
                    98:a6:28:f4:af:77:86:da:77:96:44:c3:b4:2c:5a:
                    5c:b5:55:4f:36:8a:e6:f3:78:a0:b6:b8:f3:ec:64:
                    e2:63:9a:af:1f:72:24:33:be:84:c6:4c:ca:87:68:
                    6c:83:28:f4:eb:4c:95:06:55:eb:57:19:d7:49:8a:
                    ae:fb:b8:a7:cd:47:85:e7:3f:de:eb:fa:ac:58:b5:
                    bb:36:1e:ac:00:4c:86:89:e6:c9:f9:01:b7:00:41:
                    95:d8:ba:2b:c4:a4:d8:4b:3b:77:fc:76:a0:e0:08:
                    38:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:44:A8:EF:84:A0:C3:E0:C6:90:67:78:1C:E7:B4:E5:29:C4:E9:7C
            X509v3 Authority Key Identifier:
                keyid:2D:28:CF:A3:FD:2D:A9:CA:AA:65:92:84:75:8D:EE:67:09:99:34:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/YESo74Sgw-DGkGd4HOe05SnE6Xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/LSjPo_0tqcqqZZKEdY3uZwmZNPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.15.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:31:18:6c:ed:34:b3:7c:39:0c:08:61:13:c6:8b:a4:44:28:
         53:d7:ae:40:75:59:9d:27:1e:ff:67:7a:54:9d:77:ea:2d:a1:
         21:22:da:03:22:4e:80:c5:fd:6d:d4:0c:26:58:9c:1f:35:4e:
         1d:1f:29:23:df:f8:d9:44:e5:8f:88:07:8b:b6:43:88:28:5b:
         c7:f9:2a:1f:40:77:ca:15:8f:b6:90:ea:d1:2a:bc:1e:f9:bf:
         6e:44:36:b7:04:7e:d0:83:e7:f6:ab:ef:ca:ce:6f:4d:dc:1d:
         8f:37:53:eb:a6:64:a8:b6:66:f9:22:e5:b6:8b:b7:a8:ec:ad:
         e0:d8:ab:79:8e:73:9b:f6:18:21:4c:df:77:06:59:91:ed:2b:
         35:37:41:a2:fa:08:c2:8b:48:f1:01:00:9f:15:dd:a1:92:36:
         59:f2:7a:fb:63:bc:83:c8:49:99:0c:fc:23:5f:82:f8:0d:72:
         c3:bb:f6:b2:dd:70:41:30:73:2e:fe:bb:de:13:bb:55:e1:5e:
         42:eb:0d:b8:eb:e3:d0:55:9b:3a:8c:20:43:83:6d:e9:6c:df:
         67:e1:02:7f:23:45:bf:04:e9:98:41:8e:55:e8:43:d0:97:15:
         ef:15:d8:74:ef:21:a2:dc:d3:e7:cd:20:cf:9a:42:22:b5:cd:
         d5:55:21:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZANnaju4xrrpJ+oDNu3N9KuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMjhjZmEzZmQyZGE5Y2FhYTY1OTI4NDc1OGRlZTY3MDk5
OTM0ZjgwHhcNMjQwNjEyMTgwMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDQ0YThlZjg0YTBjM2UwYzY5MDY3NzgxY2U3YjRlNTI5YzRlOTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4BWEfVd7ZeGkNx26P1ZpWro8NLOO
q1IxyDB/Tc62gQM/XCmbzB65DaV6VZT+Z1JQFb4rKptHxbkqxgQbxVOLZfzcf/On
zqNj60c5SpvGZ4XSXZWkd70gHX+wv63dgLYkItR6cL+MQ4DvDect0bkbcHNVh9JF
FGeoXA9Dq8hf8+8gZxJex2q3R+Ic1Io34qzGr668Kh+Ypij0r3eG2neWRMO0LFpc
tVVPNorm83igtrjz7GTiY5qvH3IkM76ExkzKh2hsgyj060yVBlXrVxnXSYqu+7in
zUeF5z/e6/qsWLW7Nh6sAEyGiebJ+QG3AEGV2LorxKTYSzt3/Hag4Ag4TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGBEqO+EoMPgxpBneBzntOUpxOl8MB8GA1UdIwQY
MBaAFC0oz6P9LanKqmWShHWN7mcJmTT4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFNqUG9fMHRxY3FxWlpLRWRZM3Vad21aTlBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mZWJhYjAtZDkzYS00NzA0LTlhNzEt
M2FkNTJlOGI5NjI4LzEvWUVTbzc0U2d3LURHa0dkNEhPZTA1U25FNlh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mZWJhYjAtZDkzYS00NzA0LTlhNzEtM2FkNTJlOGI5NjI4
LzEvTFNqUG9fMHRxY3FxWlpLRWRZM3Vad21aTlBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1A9WMA0G
CSqGSIb3DQEBCwUAA4IBAQCrMRhs7TSzfDkMCGETxoukRChT165AdVmdJx7/Z3pU
nXfqLaEhItoDIk6Axf1t1AwmWJwfNU4dHykj3/jZROWPiAeLtkOIKFvH+SofQHfK
FY+2kOrRKrwe+b9uRDa3BH7Qg+f2q+/Kzm9N3B2PN1PrpmSotmb5IuW2i7eo7K3g
2Kt5jnOb9hghTN93BlmR7Ss1N0Gi+gjCi0jxAQCfFd2hkjZZ8nr7Y7yDyEmZDPwj
X4L4DXLDu/ay3XBBMHMu/rveE7tV4V5C6w246+PQVZs6jCBDg23pbN9n4QJ/I0W/
BOmYQY5V6EPQlxXvFdh07yGi3NPnzSDPmkIitc3VVSFq
-----END CERTIFICATE-----