Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/YuiwjoLm98zOjPIySAlWplTBeOc.roa
File:                     YuiwjoLm98zOjPIySAlWplTBeOc.roa (raw, json)
Hash identifier:          z9tfXayF3uf5G8NsQSnHJXDf31vxDkUV4c3yS4ehuVw=
Subject key identifier:   62:E8:B0:8E:82:E6:F7:CC:CE:8C:F2:32:48:09:56:A6:54:C1:78:E7
Certificate issuer:       /CN=2e5664e02936cb5b5454d595c5382b7e7a0c7944
Certificate serial:       018CC2DB610BF223A60CF71A129D6E5BB9C1
Authority key identifier: 2E:56:64:E0:29:36:CB:5B:54:54:D5:95:C5:38:2B:7E:7A:0C:79:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/YuiwjoLm98zOjPIySAlWplTBeOc.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204784
IP address blocks:        185.184.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:61:0b:f2:23:a6:0c:f7:1a:12:9d:6e:5b:b9:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e5664e02936cb5b5454d595c5382b7e7a0c7944
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62e8b08e82e6f7ccce8cf232480956a654c178e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:5d:ff:a7:ba:9d:8d:6a:86:4c:eb:b4:b4:7b:
                    93:54:55:e4:2a:5c:87:9d:6a:d5:bf:a2:03:07:0e:
                    f9:01:09:07:16:59:96:4b:16:33:b1:d1:e3:c4:76:
                    30:f5:ea:50:23:ae:c5:75:e6:f2:98:4b:e4:2a:11:
                    f7:15:e1:0b:78:98:30:ba:41:f1:d6:eb:94:a7:25:
                    b3:18:b9:5c:c2:20:74:72:c0:be:b7:7a:e9:f0:e9:
                    fd:74:48:02:3c:34:17:5b:1a:5e:b6:52:f5:58:f5:
                    78:a4:3a:ee:64:5b:8a:93:f1:aa:12:48:3e:31:ec:
                    9c:86:03:5f:a2:fa:59:48:8b:9a:f9:7d:24:47:ac:
                    4e:d2:b7:ff:42:62:0e:d1:37:be:2f:b1:f2:15:65:
                    d2:73:f6:73:75:6b:b3:2c:e1:5d:88:1f:a9:0e:d9:
                    4d:b0:97:21:2b:04:67:a2:2b:a2:ca:11:ec:61:a1:
                    94:3c:b2:27:e1:b8:63:ab:c9:20:ff:fe:d6:78:83:
                    7e:8b:2d:dd:7c:2c:6d:cc:39:bd:46:ca:79:01:6c:
                    85:54:ac:65:86:4c:96:39:2d:42:85:99:6f:76:2f:
                    c9:78:35:21:86:c4:74:c5:aa:91:b3:16:b2:64:60:
                    36:82:be:db:48:89:a7:fe:07:d0:d5:e9:7a:20:64:
                    31:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:E8:B0:8E:82:E6:F7:CC:CE:8C:F2:32:48:09:56:A6:54:C1:78:E7
            X509v3 Authority Key Identifier:
                keyid:2E:56:64:E0:29:36:CB:5B:54:54:D5:95:C5:38:2B:7E:7A:0C:79:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/YuiwjoLm98zOjPIySAlWplTBeOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:e6:4c:0c:d1:23:3d:6d:f7:37:4a:df:d1:52:6d:38:90:39:
         48:64:64:d0:6a:01:fc:2e:26:39:d0:56:dc:05:dc:e4:97:48:
         1f:14:58:9a:8c:91:7c:f5:3e:68:87:c7:ab:86:a0:10:9a:b9:
         78:4a:3d:12:81:51:06:db:9b:bc:35:97:f6:5e:79:0b:bc:04:
         16:11:df:c2:e1:1e:9e:9f:f0:6a:ed:06:c5:15:4f:19:05:f0:
         b2:16:12:59:c1:2b:1f:71:2e:42:cc:4e:f4:51:1c:3f:c1:7a:
         af:9f:c1:29:78:33:e1:10:b8:3c:85:6e:a7:37:4f:24:17:9c:
         e3:b2:ec:5b:18:9f:1a:ba:71:47:bc:5a:c2:f5:c8:7f:4f:a8:
         78:d1:17:dc:b1:7c:67:00:7d:48:ef:1e:ce:5d:f7:be:cc:75:
         d6:a6:ac:99:bf:fa:81:8d:e1:a8:8b:67:e9:45:3e:e4:94:be:
         d9:ff:87:ce:7a:18:ab:fb:ed:b6:0b:f2:65:1b:ce:57:f7:1e:
         6b:de:a0:d6:4b:7c:60:c1:ff:c7:15:21:4d:2f:56:ff:f0:c9:
         9b:94:c5:79:9b:58:fb:4a:03:08:81:29:4a:f9:e5:96:b5:6a:
         1e:f6:66:31:3f:54:1d:00:f5:c7:fc:b8:a8:49:14:a6:e1:f2:
         3e:4c:30:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22EL8iOmDPcaEp1uW7nBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNTY2NGUwMjkzNmNiNWI1NDU0ZDU5NWM1MzgyYjdlN2Ew
Yzc5NDQwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmU4YjA4ZTgyZTZmN2NjY2U4Y2YyMzI0ODA5NTZhNjU0YzE3OGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgl3/p7qdjWqGTOu0tHuTVFXkKlyH
nWrVv6IDBw75AQkHFlmWSxYzsdHjxHYw9epQI67FdebymEvkKhH3FeELeJgwukHx
1uuUpyWzGLlcwiB0csC+t3rp8On9dEgCPDQXWxpetlL1WPV4pDruZFuKk/GqEkg+
MeychgNfovpZSIua+X0kR6xO0rf/QmIO0Te+L7HyFWXSc/ZzdWuzLOFdiB+pDtlN
sJchKwRnoiuiyhHsYaGUPLIn4bhjq8kg//7WeIN+iy3dfCxtzDm9Rsp5AWyFVKxl
hkyWOS1ChZlvdi/JeDUhhsR0xaqRsxayZGA2gr7bSImn/gfQ1el6IGQxQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLosI6C5vfMzozyMkgJVqZUwXjnMB8GA1UdIwQY
MBaAFC5WZOApNstbVFTVlcU4K356DHlEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGxaazRDazJ5MXRVVk5XVnhUZ3Jmbm9NZVVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8yN2M5MTktY2NjZS00NmE5LTg0YjMt
ZWY4MWZjYTYzMDI5LzEvWXVpd2pvTG05OHpPalBJeVNBbFdwbFRCZU9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8yN2M5MTktY2NjZS00NmE5LTg0YjMtZWY4MWZjYTYzMDI5
LzEvTGxaazRDazJ5MXRVVk5XVnhUZ3Jmbm9NZVVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubg9MA0G
CSqGSIb3DQEBCwUAA4IBAQAS5kwM0SM9bfc3St/RUm04kDlIZGTQagH8LiY50Fbc
Bdzkl0gfFFiajJF89T5oh8erhqAQmrl4Sj0SgVEG25u8NZf2XnkLvAQWEd/C4R6e
n/Bq7QbFFU8ZBfCyFhJZwSsfcS5CzE70URw/wXqvn8EpeDPhELg8hW6nN08kF5zj
suxbGJ8aunFHvFrC9ch/T6h40RfcsXxnAH1I7x7OXfe+zHXWpqyZv/qBjeGoi2fp
RT7klL7Z/4fOehir++22C/JlG85X9x5r3qDWS3xgwf/HFSFNL1b/8MmblMV5m1j7
SgMIgSlK+eWWtWoe9mYxP1QdAPXH/LioSRSm4fI+TDAr
-----END CERTIFICATE-----