Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/YZ_uk0AwzR-Ff0OiZRuw41qX0vQ.roa
File:                     YZ_uk0AwzR-Ff0OiZRuw41qX0vQ.roa (raw, json)
Hash identifier:          zLbmqPhAX0Q+0UEUIc+q46B1jtxYkovpa3rZPy/6Cd0=
Subject key identifier:   61:9F:EE:93:40:30:CD:1F:85:7F:43:A2:65:1B:B0:E3:5A:97:D2:F4
Certificate issuer:       /CN=e316318247d211841f9620a9a1130010ddb486f2
Certificate serial:       018F1698F1AE663A1D68984ADBF74F502D84
Authority key identifier: E3:16:31:82:47:D2:11:84:1F:96:20:A9:A1:13:00:10:DD:B4:86:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/YZ_uk0AwzR-Ff0OiZRuw41qX0vQ.roa
Signing time:             Thu 25 Apr 2024 18:51:12 +0000
ROA not before:           Thu 25 Apr 2024 18:51:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30781
IP address blocks:        91.232.99.0/24 maxlen: 24
                          91.232.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:16:98:f1:ae:66:3a:1d:68:98:4a:db:f7:4f:50:2d:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e316318247d211841f9620a9a1130010ddb486f2
        Validity
            Not Before: Apr 25 18:51:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=619fee934030cd1f857f43a2651bb0e35a97d2f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b5:01:e0:e3:b2:79:b5:43:b6:4c:fd:68:ef:
                    c3:57:67:4d:92:1f:a0:8f:92:fb:d6:e1:d8:59:6f:
                    9f:83:f9:1a:00:b3:1e:b8:4c:ae:53:db:3e:b1:3f:
                    2f:4b:a7:02:e6:8b:fa:88:b9:7b:8d:5c:51:1d:c9:
                    d2:5c:ce:51:8d:48:5a:d2:a5:53:3d:a5:41:19:5b:
                    6a:ae:81:93:72:d3:2e:1a:6c:fe:39:c5:42:65:06:
                    fa:fa:e9:a9:d0:81:4c:7f:71:cd:08:d4:c6:07:e3:
                    b4:6b:1e:16:81:3c:e7:b4:1c:3b:d2:9a:37:c9:61:
                    bd:ec:78:ce:20:2f:43:32:40:29:af:83:92:cc:ed:
                    2e:a3:30:41:ed:86:19:8b:50:29:76:ea:14:94:98:
                    ce:fb:a5:e2:df:e7:6c:f7:be:95:98:e8:54:df:3e:
                    d2:24:0e:a4:d5:07:8b:2e:f3:38:e8:63:2d:9c:2c:
                    88:c9:ea:5c:87:1d:29:52:cb:6f:0f:9b:84:bf:e0:
                    08:68:a2:61:2c:ed:7e:93:25:cc:3a:cd:a9:ad:c3:
                    9b:52:12:91:30:6a:49:bd:c0:8c:35:b0:d3:bf:73:
                    38:86:49:e2:4f:24:5a:f0:d2:0b:18:fe:c3:3b:e7:
                    e1:8c:4b:54:8a:b6:c8:b3:23:c6:06:4b:b5:c4:f9:
                    29:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:9F:EE:93:40:30:CD:1F:85:7F:43:A2:65:1B:B0:E3:5A:97:D2:F4
            X509v3 Authority Key Identifier:
                keyid:E3:16:31:82:47:D2:11:84:1F:96:20:A9:A1:13:00:10:DD:B4:86:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/YZ_uk0AwzR-Ff0OiZRuw41qX0vQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.99.0/24
                  91.232.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:77:43:c6:cc:f5:80:38:12:44:09:33:01:8e:e3:e2:bb:73:
         ea:3d:9b:ef:ec:31:10:75:7f:62:be:f7:77:4e:d8:e8:83:a2:
         52:03:0c:51:dd:51:87:3f:d3:26:58:46:7d:ec:58:4a:2e:57:
         d8:cd:e0:fe:84:99:d3:c5:a5:04:1d:a5:85:bf:a4:56:e2:65:
         5a:6e:fa:07:68:7c:4a:c0:b3:b7:24:e1:6f:8a:f8:dc:61:2b:
         ce:f4:ca:4f:94:0f:3c:90:68:23:75:c5:26:5b:56:f3:0a:3f:
         69:0d:96:29:4c:1a:c1:5d:f6:a3:fc:ae:15:27:6d:fb:32:b6:
         3c:4b:62:24:e1:f0:d1:6b:69:9c:c1:97:87:22:b5:a4:5c:36:
         f5:ff:bf:2e:6e:94:d3:b2:17:61:fc:df:24:13:07:48:9e:d4:
         96:0c:24:41:f7:c6:08:10:ba:32:cf:0e:de:4c:55:08:a1:8b:
         d1:c9:2d:22:24:9a:7e:c2:c0:47:15:c9:4e:f2:8e:ed:bb:42:
         b9:ec:b2:e5:34:de:3c:5d:89:e1:3a:a1:4f:40:b0:9b:61:9e:
         2c:1b:39:b0:49:31:ff:1b:49:b8:68:9c:52:00:c3:a1:9d:6f:
         da:ab:8a:b9:36:e3:12:48:36:52:df:8a:42:9c:4a:68:e6:8f:
         94:04:f7:5f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8WmPGuZjodaJhK2/dPUC2EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMTYzMTgyNDdkMjExODQxZjk2MjBhOWExMTMwMDEwZGRi
NDg2ZjIwHhcNMjQwNDI1MTg1MTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTlmZWU5MzQwMzBjZDFmODU3ZjQzYTI2NTFiYjBlMzVhOTdkMmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7UB4OOyebVDtkz9aO/DV2dNkh+g
j5L71uHYWW+fg/kaALMeuEyuU9s+sT8vS6cC5ov6iLl7jVxRHcnSXM5RjUha0qVT
PaVBGVtqroGTctMuGmz+OcVCZQb6+ump0IFMf3HNCNTGB+O0ax4WgTzntBw70po3
yWG97HjOIC9DMkApr4OSzO0uozBB7YYZi1ApduoUlJjO+6Xi3+ds976VmOhU3z7S
JA6k1QeLLvM46GMtnCyIyepchx0pUstvD5uEv+AIaKJhLO1+kyXMOs2prcObUhKR
MGpJvcCMNbDTv3M4hkniTyRa8NILGP7DO+fhjEtUirbIsyPGBku1xPkpWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGGf7pNAMM0fhX9DomUbsONal9L0MB8GA1UdIwQY
MBaAFOMWMYJH0hGEH5YgqaETABDdtIbyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHhZeGdrZlNFWVFmbGlDcG9STUFFTjIwaHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9lZTQyYmItMWU0OS00YzIxLWE0ZDYt
ZWMyODdlMWQzN2U1LzEvWVpfdWswQXd6Ui1GZjBPaVpSdXc0MXFYMHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9lZTQyYmItMWU0OS00YzIxLWE0ZDYtZWMyODdlMWQzN2U1
LzEvNHhZeGdrZlNFWVFmbGlDcG9STUFFTjIwaHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+hjAwQA
W+hnMA0GCSqGSIb3DQEBCwUAA4IBAQBBd0PGzPWAOBJECTMBjuPiu3PqPZvv7DEQ
dX9ivvd3Ttjog6JSAwxR3VGHP9MmWEZ97FhKLlfYzeD+hJnTxaUEHaWFv6RW4mVa
bvoHaHxKwLO3JOFvivjcYSvO9MpPlA88kGgjdcUmW1bzCj9pDZYpTBrBXfaj/K4V
J237MrY8S2Ik4fDRa2mcwZeHIrWkXDb1/78ubpTTshdh/N8kEwdIntSWDCRB98YI
ELoyzw7eTFUIoYvRyS0iJJp+wsBHFclO8o7tu0K57LLlNN48XYnhOqFPQLCbYZ4s
GzmwSTH/G0m4aJxSAMOhnW/aq4q5NuMSSDZS34pCnEpo5o+UBPdf
-----END CERTIFICATE-----