Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/cd7526-61ad-46cc-8784-3d63557301c0/1/yur-CtCR3Plhjz2pZ6OupE3Ojp4.roa
File:                     yur-CtCR3Plhjz2pZ6OupE3Ojp4.roa (raw, json)
Hash identifier:          1u3lLuhAfhn5X1h73o27YBqU/RbpwZ9XAOfQxkgFXdU=
Subject key identifier:   CA:EA:FE:0A:D0:91:DC:F9:61:8F:3D:A9:67:A3:AE:A4:4D:CE:8E:9E
Certificate issuer:       /CN=e5d90d7f03512f6dbd0645dfe274368e2d844c23
Certificate serial:       018CC725B6C5DD82590B9BEFE2C70781C3DA
Authority key identifier: E5:D9:0D:7F:03:51:2F:6D:BD:06:45:DF:E2:74:36:8E:2D:84:4C:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5dkNfwNRL229BkXf4nQ2ji2ETCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/cd7526-61ad-46cc-8784-3d63557301c0/1/yur-CtCR3Plhjz2pZ6OupE3Ojp4.roa
Signing time:             Mon 01 Jan 2024 22:29:46 +0000
ROA not before:           Mon 01 Jan 2024 22:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200059
IP address blocks:        185.40.80.0/22 maxlen: 32
                          2a00:fc20::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/cd7526-61ad-46cc-8784-3d63557301c0/1/5dkNfwNRL229BkXf4nQ2ji2ETCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/cd7526-61ad-46cc-8784-3d63557301c0/1/5dkNfwNRL229BkXf4nQ2ji2ETCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5dkNfwNRL229BkXf4nQ2ji2ETCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 04:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:b6:c5:dd:82:59:0b:9b:ef:e2:c7:07:81:c3:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5d90d7f03512f6dbd0645dfe274368e2d844c23
        Validity
            Not Before: Jan  1 22:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=caeafe0ad091dcf9618f3da967a3aea44dce8e9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:97:e5:0b:ba:ed:25:cc:86:69:a2:25:8f:dc:
                    92:40:b6:48:a1:48:8a:a9:45:bc:72:b1:38:72:83:
                    8d:e3:f9:23:f0:7f:71:c7:65:34:b0:2c:b7:61:57:
                    76:c5:4b:84:be:81:b3:f9:c7:9c:ea:e0:4d:f7:4b:
                    c6:b3:2e:19:ac:a5:69:e0:92:0e:85:ad:de:cf:7c:
                    38:dd:14:53:33:ff:6b:dc:96:a8:db:d5:8e:5c:27:
                    a4:50:e4:72:89:6b:88:80:08:fd:48:ed:ea:75:1a:
                    fa:3c:b6:28:22:e1:c9:52:9f:61:f3:51:7f:c5:11:
                    b2:de:41:fa:1d:1b:9a:e3:91:0a:fb:a5:f5:11:bd:
                    7b:6d:80:a9:d5:e8:c6:22:bc:e0:da:9d:39:75:34:
                    c5:33:02:cd:3a:f7:13:13:2c:e2:e9:ef:19:2a:d0:
                    4e:80:20:0f:4b:89:90:67:82:34:bc:00:31:33:26:
                    f6:88:95:a8:35:f6:76:69:f0:86:71:33:3c:6e:2a:
                    c9:4b:2c:a5:c4:9e:5c:7c:82:61:39:0f:a5:4f:eb:
                    1a:08:49:a9:e5:dd:9f:17:41:03:f3:c2:f1:d8:11:
                    66:4e:a2:db:9a:3e:9c:a0:c6:21:a9:fe:e6:e4:3c:
                    11:ab:03:1e:e9:c8:e2:46:5e:fb:ab:67:76:cc:d3:
                    f0:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:EA:FE:0A:D0:91:DC:F9:61:8F:3D:A9:67:A3:AE:A4:4D:CE:8E:9E
            X509v3 Authority Key Identifier:
                keyid:E5:D9:0D:7F:03:51:2F:6D:BD:06:45:DF:E2:74:36:8E:2D:84:4C:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5dkNfwNRL229BkXf4nQ2ji2ETCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/cd7526-61ad-46cc-8784-3d63557301c0/1/yur-CtCR3Plhjz2pZ6OupE3Ojp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/cd7526-61ad-46cc-8784-3d63557301c0/1/5dkNfwNRL229BkXf4nQ2ji2ETCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.80.0/22
                IPv6:
                  2a00:fc20::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:9e:a3:77:fc:e6:84:5c:5a:20:3b:f3:94:34:8a:00:e3:f2:
         ef:9f:3a:8e:44:77:55:84:34:47:85:ee:52:0d:dc:a0:30:e5:
         2b:01:d6:4c:53:de:31:05:da:8d:5e:59:24:c0:8e:50:98:4c:
         6b:6d:24:48:bf:2e:5f:4a:db:7a:86:0d:3a:a5:54:2f:78:66:
         8d:37:52:94:06:bc:10:41:cb:23:2a:05:7d:15:87:9a:f9:75:
         39:e5:bf:2f:d9:e2:4f:2c:42:6c:03:cf:2d:2b:23:49:7d:f6:
         e2:06:50:2b:13:50:1f:7e:47:7f:9d:0f:b8:ce:be:38:27:2f:
         e3:e2:f9:4a:a8:23:42:16:67:92:5e:3a:04:13:8b:13:8c:0e:
         53:08:6b:d0:c5:55:58:15:1a:71:b2:65:65:d4:26:52:17:58:
         9b:8f:84:de:f5:9d:a9:bd:a5:fb:d6:ae:97:66:80:8d:66:47:
         87:50:f9:1a:28:ca:32:60:59:fa:57:70:ff:d7:bd:29:2a:c9:
         8a:b3:1a:34:c3:8b:51:8c:d4:55:39:8c:c2:d4:f7:78:c2:58:
         c4:34:d3:86:1d:07:c1:d8:e7:81:4f:52:84:fb:ad:17:ae:34:
         92:b8:04:6d:e0:41:93:ff:54:72:18:9d:ba:a2:00:a2:c0:ee:
         bb:26:11:e5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJbbF3YJZC5vv4scHgcPaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZDkwZDdmMDM1MTJmNmRiZDA2NDVkZmUyNzQzNjhlMmQ4
NDRjMjMwHhcNMjQwMTAxMjIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWVhZmUwYWQwOTFkY2Y5NjE4ZjNkYTk2N2EzYWVhNDRkY2U4ZTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpflC7rtJcyGaaIlj9ySQLZIoUiK
qUW8crE4coON4/kj8H9xx2U0sCy3YVd2xUuEvoGz+cec6uBN90vGsy4ZrKVp4JIO
ha3ez3w43RRTM/9r3Jao29WOXCekUORyiWuIgAj9SO3qdRr6PLYoIuHJUp9h81F/
xRGy3kH6HRua45EK+6X1Eb17bYCp1ejGIrzg2p05dTTFMwLNOvcTEyzi6e8ZKtBO
gCAPS4mQZ4I0vAAxMyb2iJWoNfZ2afCGcTM8birJSyylxJ5cfIJhOQ+lT+saCEmp
5d2fF0ED88Lx2BFmTqLbmj6coMYhqf7m5DwRqwMe6cjiRl77q2d2zNPwHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMrq/grQkdz5YY89qWejrqRNzo6eMB8GA1UdIwQY
MBaAFOXZDX8DUS9tvQZF3+J0No4thEwjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWRrTmZ3TlJMMjI5QmtYZjRuUTJqaTJFVENNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9jZDc1MjYtNjFhZC00NmNjLTg3ODQt
M2Q2MzU1NzMwMWMwLzEveXVyLUN0Q1IzUGxoanoycFo2T3VwRTNPanA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9jZDc1MjYtNjFhZC00NmNjLTg3ODQtM2Q2MzU1NzMwMWMw
LzEvNWRrTmZ3TlJMMjI5QmtYZjRuUTJqaTJFVENNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuShQMA0E
AgACMAcDBQAqAPwgMA0GCSqGSIb3DQEBCwUAA4IBAQBnnqN3/OaEXFogO/OUNIoA
4/LvnzqORHdVhDRHhe5SDdygMOUrAdZMU94xBdqNXlkkwI5QmExrbSRIvy5fStt6
hg06pVQveGaNN1KUBrwQQcsjKgV9FYea+XU55b8v2eJPLEJsA88tKyNJffbiBlAr
E1Affkd/nQ+4zr44Jy/j4vlKqCNCFmeSXjoEE4sTjA5TCGvQxVVYFRpxsmVl1CZS
F1ibj4Te9Z2pvaX71q6XZoCNZkeHUPkaKMoyYFn6V3D/170pKsmKsxo0w4tRjNRV
OYzC1Pd4wljENNOGHQfB2OeBT1KE+60XrjSSuARt4EGT/1RyGJ26ogCiwO67JhHl
-----END CERTIFICATE-----