Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/870bf0-9166-4f60-a603-707b0a38b1e0/1/YNWN0krYnzvZQIh9DTTRKRPBhJc.roa
File:                     YNWN0krYnzvZQIh9DTTRKRPBhJc.roa (raw, json)
Hash identifier:          52YTE101qAZNsroNR1agKOPOnBrx9nGlTBXP+kBWsZY=
Subject key identifier:   60:D5:8D:D2:4A:D8:9F:3B:D9:40:88:7D:0D:34:D1:29:13:C1:84:97
Certificate issuer:       /CN=97915ba80d3ed704524681488a72be991fa670dc
Certificate serial:       018EBE9C84C2A8C13728C98CF2AEF077B06B
Authority key identifier: 97:91:5B:A8:0D:3E:D7:04:52:46:81:48:8A:72:BE:99:1F:A6:70:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5FbqA0-1wRSRoFIinK-mR-mcNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/870bf0-9166-4f60-a603-707b0a38b1e0/1/YNWN0krYnzvZQIh9DTTRKRPBhJc.roa
Signing time:             Mon 08 Apr 2024 16:48:32 +0000
ROA not before:           Mon 08 Apr 2024 16:48:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41236
IP address blocks:        91.193.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/870bf0-9166-4f60-a603-707b0a38b1e0/1/l5FbqA0-1wRSRoFIinK-mR-mcNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/870bf0-9166-4f60-a603-707b0a38b1e0/1/l5FbqA0-1wRSRoFIinK-mR-mcNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5FbqA0-1wRSRoFIinK-mR-mcNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:be:9c:84:c2:a8:c1:37:28:c9:8c:f2:ae:f0:77:b0:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97915ba80d3ed704524681488a72be991fa670dc
        Validity
            Not Before: Apr  8 16:48:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60d58dd24ad89f3bd940887d0d34d12913c18497
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f3:3f:80:7a:59:cd:66:6d:98:84:82:1a:65:
                    2f:f8:c0:00:3f:21:a6:75:c5:e2:86:60:2c:cd:63:
                    29:0b:94:4e:01:c1:bc:e0:9f:df:57:2f:03:79:89:
                    e0:d3:b4:15:5f:78:ff:8c:94:32:2f:81:9a:3f:45:
                    f5:66:bd:12:7a:b2:72:ad:ad:24:df:ef:b7:61:24:
                    63:7f:47:c7:31:53:be:35:df:5f:6f:52:2d:10:87:
                    00:64:86:8d:6c:25:f9:50:9f:4f:6b:2b:30:b3:9f:
                    5c:f7:0d:34:fb:e7:32:90:a6:e2:ec:bc:c9:57:dd:
                    29:fd:bc:96:63:6f:13:10:46:8b:53:0c:43:80:d3:
                    01:aa:d4:3a:be:50:7d:c9:b8:07:b3:1d:41:f6:3e:
                    8e:59:13:b8:75:37:be:32:b8:2f:17:b7:aa:7c:7c:
                    f9:f0:73:d8:bc:6a:9b:92:01:22:10:b7:03:ee:55:
                    6d:6b:a7:1b:61:56:94:d2:d4:88:86:99:ab:76:06:
                    eb:7f:f1:32:8e:21:70:25:ae:51:8b:79:16:50:7a:
                    2d:b2:12:58:7e:ef:aa:60:7c:61:37:0c:09:44:73:
                    f2:15:3a:b9:db:a0:e3:5c:a8:4e:2e:ec:fe:ef:02:
                    b6:f1:10:ba:27:94:53:96:4b:c9:d2:d5:d9:c1:eb:
                    e0:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:D5:8D:D2:4A:D8:9F:3B:D9:40:88:7D:0D:34:D1:29:13:C1:84:97
            X509v3 Authority Key Identifier:
                keyid:97:91:5B:A8:0D:3E:D7:04:52:46:81:48:8A:72:BE:99:1F:A6:70:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5FbqA0-1wRSRoFIinK-mR-mcNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/870bf0-9166-4f60-a603-707b0a38b1e0/1/YNWN0krYnzvZQIh9DTTRKRPBhJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/870bf0-9166-4f60-a603-707b0a38b1e0/1/l5FbqA0-1wRSRoFIinK-mR-mcNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:0a:50:3d:35:dd:4d:55:8f:95:55:b0:f8:c9:c1:c3:16:ff:
         88:f7:1d:fb:5c:ca:00:8d:e6:c2:a6:f0:77:c9:ae:bb:fd:7d:
         07:5a:99:97:bb:2c:e1:61:c6:67:d6:f3:fc:e9:30:dc:7b:e4:
         4d:88:79:b7:28:9b:9f:66:d9:7f:11:8f:96:3f:d4:5a:16:5a:
         ce:76:35:bc:68:59:69:75:32:6f:86:a5:eb:b1:76:2a:12:6a:
         7d:04:ee:c7:db:bb:6d:39:d6:48:81:9e:9c:12:9b:fc:6c:de:
         27:9b:6c:91:69:4f:b0:ab:d3:46:8d:ba:82:ea:87:90:bb:dc:
         ff:0b:29:ab:ed:72:3e:96:a2:91:2c:0d:11:3a:dc:99:31:c3:
         0a:39:9f:5b:dc:6b:44:fa:4b:ae:ba:62:a5:ff:bc:2c:7f:13:
         72:9c:b5:07:f0:d4:bc:a3:f0:3f:fa:33:2e:77:cf:b9:79:9d:
         0c:a5:83:07:51:97:e4:b2:ca:59:58:f4:da:d3:8e:60:15:43:
         56:81:b1:a6:1e:62:49:0a:8f:9b:8d:b9:ce:8a:7a:dc:87:c8:
         7f:83:47:c8:d3:00:67:c1:63:bf:3c:70:ad:a7:49:23:c2:f0:
         46:ce:f4:e5:90:7a:4b:d1:d2:6c:d4:85:32:95:8e:a6:30:9b:
         b4:da:74:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6+nITCqME3KMmM8q7wd7BrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTE1YmE4MGQzZWQ3MDQ1MjQ2ODE0ODhhNzJiZTk5MWZh
NjcwZGMwHhcNMjQwNDA4MTY0ODMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGQ1OGRkMjRhZDg5ZjNiZDk0MDg4N2QwZDM0ZDEyOTEzYzE4NDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvM/gHpZzWZtmISCGmUv+MAAPyGm
dcXihmAszWMpC5ROAcG84J/fVy8DeYng07QVX3j/jJQyL4GaP0X1Zr0SerJyra0k
3++3YSRjf0fHMVO+Nd9fb1ItEIcAZIaNbCX5UJ9Paysws59c9w00++cykKbi7LzJ
V90p/byWY28TEEaLUwxDgNMBqtQ6vlB9ybgHsx1B9j6OWRO4dTe+MrgvF7eqfHz5
8HPYvGqbkgEiELcD7lVta6cbYVaU0tSIhpmrdgbrf/EyjiFwJa5Ri3kWUHotshJY
fu+qYHxhNwwJRHPyFTq526DjXKhOLuz+7wK28RC6J5RTlkvJ0tXZwevgLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGDVjdJK2J872UCIfQ000SkTwYSXMB8GA1UdIwQY
MBaAFJeRW6gNPtcEUkaBSIpyvpkfpnDcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVGYnFBMC0xd1JTUm9GSWluSy1tUi1tY053LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS84NzBiZjAtOTE2Ni00ZjYwLWE2MDMt
NzA3YjBhMzhiMWUwLzEvWU5XTjBrclluenZaUUloOURUVFJLUlBCaEpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS84NzBiZjAtOTE2Ni00ZjYwLWE2MDMtNzA3YjBhMzhiMWUw
LzEvbDVGYnFBMC0xd1JTUm9GSWluSy1tUi1tY053LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8EYMA0G
CSqGSIb3DQEBCwUAA4IBAQAwClA9Nd1NVY+VVbD4ycHDFv+I9x37XMoAjebCpvB3
ya67/X0HWpmXuyzhYcZn1vP86TDce+RNiHm3KJufZtl/EY+WP9RaFlrOdjW8aFlp
dTJvhqXrsXYqEmp9BO7H27ttOdZIgZ6cEpv8bN4nm2yRaU+wq9NGjbqC6oeQu9z/
Cymr7XI+lqKRLA0ROtyZMcMKOZ9b3GtE+kuuumKl/7wsfxNynLUH8NS8o/A/+jMu
d8+5eZ0MpYMHUZfksspZWPTa045gFUNWgbGmHmJJCo+bjbnOinrch8h/g0fI0wBn
wWO/PHCtp0kjwvBGzvTlkHpL0dJs1IUylY6mMJu02nTW
-----END CERTIFICATE-----