Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/yFERlsnVxKmv9ao5zFeLcK6lyEc.roa
File:                     yFERlsnVxKmv9ao5zFeLcK6lyEc.roa (raw, json)
Hash identifier:          jC2iYXhxtUAOsPgLciC7+eEalNJbYOWGR+OgjkQDvo0=
Subject key identifier:   C8:51:11:96:C9:D5:C4:A9:AF:F5:AA:39:CC:57:8B:70:AE:A5:C8:47
Certificate issuer:       /CN=af5316fc4a83b3d03e2975f8bec270cb0f4efb1d
Certificate serial:       019195038A1526702EF66CDEF06E5E09245C
Authority key identifier: AF:53:16:FC:4A:83:B3:D0:3E:29:75:F8:BE:C2:70:CB:0F:4E:FB:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r1MW_EqDs9A-KXX4vsJwyw9O-x0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/yFERlsnVxKmv9ao5zFeLcK6lyEc.roa
Signing time:             Tue 27 Aug 2024 18:05:22 +0000
ROA not before:           Tue 27 Aug 2024 18:05:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203020
IP address blocks:        82.115.215.0/24 maxlen: 24
                          194.124.252.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/r1MW_EqDs9A-KXX4vsJwyw9O-x0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/r1MW_EqDs9A-KXX4vsJwyw9O-x0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r1MW_EqDs9A-KXX4vsJwyw9O-x0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:95:03:8a:15:26:70:2e:f6:6c:de:f0:6e:5e:09:24:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af5316fc4a83b3d03e2975f8bec270cb0f4efb1d
        Validity
            Not Before: Aug 27 18:05:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8511196c9d5c4a9aff5aa39cc578b70aea5c847
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:92:c8:63:9e:6f:81:d7:96:c8:7c:ac:7f:b3:
                    36:a4:fa:6f:dd:cc:9b:37:b3:a4:f9:0a:d5:27:35:
                    57:92:c5:be:a1:26:e9:8b:10:b1:e4:87:c2:ad:45:
                    12:e3:28:c1:a2:6a:51:a7:e0:ce:5b:70:b2:30:18:
                    40:05:91:2a:7a:54:d5:45:4f:17:92:31:4f:82:36:
                    58:13:81:32:70:0d:be:f9:45:8a:99:af:4f:84:37:
                    c1:5c:8f:2e:96:f7:c4:49:da:c8:58:0f:32:37:2f:
                    a3:99:2b:ed:e8:99:a5:bc:bd:a9:42:ab:90:2c:a2:
                    d5:19:ba:1e:24:cf:46:00:88:14:e4:24:8f:90:0d:
                    70:c1:1b:61:bf:62:1b:fb:e8:93:e4:74:b4:be:d0:
                    5c:ab:a7:af:ec:1d:85:2f:d3:57:81:9f:ed:7c:6d:
                    49:ee:f6:3d:98:3e:4c:d0:cc:0d:de:8b:4e:97:a9:
                    0c:66:0a:52:d4:fb:ae:35:23:84:68:6a:56:21:95:
                    b1:86:dc:13:3d:be:2b:b7:e1:1c:96:ee:24:0f:d0:
                    51:0d:80:0d:57:55:b0:71:45:3f:e1:e4:cd:ee:b2:
                    2a:5b:61:08:66:f3:f1:b1:4e:96:e6:4b:ac:3d:d1:
                    f2:9d:73:85:6f:14:34:68:f9:c5:e8:ac:ca:d9:a1:
                    10:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:51:11:96:C9:D5:C4:A9:AF:F5:AA:39:CC:57:8B:70:AE:A5:C8:47
            X509v3 Authority Key Identifier:
                keyid:AF:53:16:FC:4A:83:B3:D0:3E:29:75:F8:BE:C2:70:CB:0F:4E:FB:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r1MW_EqDs9A-KXX4vsJwyw9O-x0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/yFERlsnVxKmv9ao5zFeLcK6lyEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/r1MW_EqDs9A-KXX4vsJwyw9O-x0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.215.0/24
                  194.124.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:11:88:14:b2:b3:eb:b9:c7:b1:59:56:32:e8:68:8b:bf:49:
         bb:e2:5a:5f:8e:86:26:28:b0:e4:7a:e5:01:f9:11:0e:f5:9b:
         44:ae:59:4f:ba:09:23:c5:e6:f3:d2:8a:5e:62:5b:22:bd:a9:
         d9:98:c3:d4:1d:33:a6:5f:dc:c3:1b:ad:d3:5b:3e:1c:6a:38:
         4a:6e:d7:36:53:d4:3f:ef:2a:67:2e:9e:fa:fe:dc:7d:06:e7:
         ec:95:e0:82:2c:fb:dc:13:69:f3:50:24:2e:6e:05:84:8e:46:
         e9:24:b7:9d:ab:00:5b:9b:43:31:38:cd:9c:f8:06:94:d7:31:
         72:12:64:78:e3:c1:91:d9:75:f8:ef:be:5c:ec:04:cd:9d:c7:
         ef:a6:91:9b:9e:75:52:47:63:6e:fa:7a:7c:0a:e1:be:19:7c:
         67:22:8d:f0:5b:da:f3:07:7e:da:54:db:bf:fc:fe:f4:5c:9c:
         f6:97:26:9e:dc:ee:39:55:7b:fb:f5:e3:fd:cb:d6:d5:56:67:
         20:42:01:41:c6:bf:13:e0:78:bd:68:13:3a:1b:72:c2:17:9f:
         e7:73:d0:c8:ca:c2:ce:f0:d3:ae:1f:92:3d:92:c5:43:63:5a:
         0d:95:9c:94:bc:7c:e3:f2:cb:c1:fd:eb:77:97:8b:2b:ed:61:
         b5:19:7d:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGVA4oVJnAu9mze8G5eCSRcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNTMxNmZjNGE4M2IzZDAzZTI5NzVmOGJlYzI3MGNiMGY0
ZWZiMWQwHhcNMjQwODI3MTgwNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODUxMTE5NmM5ZDVjNGE5YWZmNWFhMzljYzU3OGI3MGFlYTVjODQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ZLIY55vgdeWyHysf7M2pPpv3cyb
N7Ok+QrVJzVXksW+oSbpixCx5IfCrUUS4yjBompRp+DOW3CyMBhABZEqelTVRU8X
kjFPgjZYE4EycA2++UWKma9PhDfBXI8ulvfESdrIWA8yNy+jmSvt6JmlvL2pQquQ
LKLVGboeJM9GAIgU5CSPkA1wwRthv2Ib++iT5HS0vtBcq6ev7B2FL9NXgZ/tfG1J
7vY9mD5M0MwN3otOl6kMZgpS1PuuNSOEaGpWIZWxhtwTPb4rt+Eclu4kD9BRDYAN
V1WwcUU/4eTN7rIqW2EIZvPxsU6W5kusPdHynXOFbxQ0aPnF6KzK2aEQqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMhREZbJ1cSpr/WqOcxXi3CupchHMB8GA1UdIwQY
MBaAFK9TFvxKg7PQPil1+L7CcMsPTvsdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjFNV19FcURzOUEtS1hYNHZzSnd5dzlPLXgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9jOTBkNWQtY2E2MS00NDY0LTg5OWEt
ZDEyMDVlMGMwY2NlLzEveUZFUmxzblZ4S212OWFvNXpGZUxjSzZseUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9jOTBkNWQtY2E2MS00NDY0LTg5OWEtZDEyMDVlMGMwY2Nl
LzEvcjFNV19FcURzOUEtS1hYNHZzSnd5dzlPLXgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUnPXAwQA
wnz8MA0GCSqGSIb3DQEBCwUAA4IBAQA2EYgUsrPrucexWVYy6GiLv0m74lpfjoYm
KLDkeuUB+REO9ZtErllPugkjxebz0opeYlsivanZmMPUHTOmX9zDG63TWz4cajhK
btc2U9Q/7ypnLp76/tx9BufsleCCLPvcE2nzUCQubgWEjkbpJLedqwBbm0MxOM2c
+AaU1zFyEmR448GR2XX4775c7ATNncfvppGbnnVSR2Nu+np8CuG+GXxnIo3wW9rz
B37aVNu//P70XJz2lyae3O45VXv79eP9y9bVVmcgQgFBxr8T4Hi9aBM6G3LCF5/n
c9DIysLO8NOuH5I9ksVDY1oNlZyUvHzj8svB/et3l4sr7WG1GX0Q
-----END CERTIFICATE-----