Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/8a90d9-948a-46c2-977a-643f02daeb9e/1/yL3TCNnp-vrdFdNlNU5xirvfvzw.roa
File:                     yL3TCNnp-vrdFdNlNU5xirvfvzw.roa (raw, json)
Hash identifier:          B89lTaUfG9L4t6o5bLvlwILXhl7X/z+R1HeahHa4OvU=
Subject key identifier:   C8:BD:D3:08:D9:E9:FA:FA:DD:15:D3:65:35:4E:71:8A:BB:DF:BF:3C
Certificate issuer:       /CN=5aae19678aa37525512229a94e7890147183273c
Certificate serial:       018CC64B1155CE84C49780DE9B70742F4066
Authority key identifier: 5A:AE:19:67:8A:A3:75:25:51:22:29:A9:4E:78:90:14:71:83:27:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wq4ZZ4qjdSVRIimpTniQFHGDJzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/8a90d9-948a-46c2-977a-643f02daeb9e/1/yL3TCNnp-vrdFdNlNU5xirvfvzw.roa
Signing time:             Mon 01 Jan 2024 18:30:57 +0000
ROA not before:           Mon 01 Jan 2024 18:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51021
IP address blocks:        195.182.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/8a90d9-948a-46c2-977a-643f02daeb9e/1/Wq4ZZ4qjdSVRIimpTniQFHGDJzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/8a90d9-948a-46c2-977a-643f02daeb9e/1/Wq4ZZ4qjdSVRIimpTniQFHGDJzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wq4ZZ4qjdSVRIimpTniQFHGDJzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:11:55:ce:84:c4:97:80:de:9b:70:74:2f:40:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5aae19678aa37525512229a94e7890147183273c
        Validity
            Not Before: Jan  1 18:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8bdd308d9e9fafadd15d365354e718abbdfbf3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0b:b4:1e:4c:c1:56:36:9c:52:6d:62:88:09:
                    de:97:d6:f7:73:b6:5b:e8:39:05:8c:0a:bc:25:48:
                    c9:24:cc:12:a1:30:42:aa:7c:8e:d5:4f:f4:06:82:
                    68:09:7a:ea:01:91:8c:36:1a:e2:61:d3:52:1f:e8:
                    8b:5a:34:cd:1c:7a:93:bf:9a:c8:c4:7e:56:9f:76:
                    89:ed:6b:74:f5:ba:65:a1:45:61:71:2e:10:17:c0:
                    2a:74:a7:29:e1:12:75:ed:a6:24:18:44:d1:c8:77:
                    06:97:3a:e9:03:f2:5d:0f:86:3e:42:02:97:a9:9d:
                    0f:50:37:b1:6a:b8:08:b1:7c:68:92:07:cd:44:8b:
                    a0:38:25:f5:92:ca:38:19:c8:c5:89:6f:3b:ee:d5:
                    d8:31:bb:fb:4f:3d:54:cf:d9:8c:bc:ef:1f:be:ba:
                    b0:40:09:f9:e9:29:63:4b:d0:c4:3c:9e:13:5f:74:
                    99:7c:74:0c:9f:24:f9:75:91:c0:12:ee:45:b9:45:
                    36:0f:f9:c5:83:71:f9:d2:d7:d7:9c:d5:c9:dd:32:
                    1f:33:c2:fa:42:e0:8f:fc:68:69:a8:de:7b:72:79:
                    ad:5d:d4:8c:c3:58:21:95:46:61:55:0e:67:48:72:
                    0d:0c:48:fa:18:ff:7a:cf:95:cc:ba:d2:f6:22:0c:
                    0f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:BD:D3:08:D9:E9:FA:FA:DD:15:D3:65:35:4E:71:8A:BB:DF:BF:3C
            X509v3 Authority Key Identifier:
                keyid:5A:AE:19:67:8A:A3:75:25:51:22:29:A9:4E:78:90:14:71:83:27:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wq4ZZ4qjdSVRIimpTniQFHGDJzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/8a90d9-948a-46c2-977a-643f02daeb9e/1/yL3TCNnp-vrdFdNlNU5xirvfvzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/8a90d9-948a-46c2-977a-643f02daeb9e/1/Wq4ZZ4qjdSVRIimpTniQFHGDJzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:da:f4:95:8e:6f:94:0c:bd:78:76:44:11:7f:55:5c:40:3e:
         56:92:ea:a4:c0:fe:8f:e5:fb:d8:e0:63:a5:1e:05:d6:d7:25:
         65:9e:d7:38:b8:e8:a0:57:7a:6e:49:6d:28:36:e3:c0:27:4f:
         9e:e4:ca:49:fd:eb:31:ac:f2:ec:4a:88:1d:6d:4f:1a:e1:e2:
         e3:c9:9d:1f:48:60:85:5f:af:35:43:90:ce:e8:17:5b:4b:4e:
         fd:df:1d:fb:c1:8a:83:46:72:5b:57:d1:0d:0e:28:a0:99:d4:
         9a:5f:a8:64:09:01:85:a9:02:70:ca:e0:a8:2f:cf:4a:2b:04:
         ea:f5:1c:9b:66:0d:4e:0f:6b:32:a5:6e:a1:1c:46:84:5c:9d:
         8b:f3:4c:f4:e1:ab:8c:48:65:01:13:97:af:5e:a7:2d:26:65:
         f9:59:fd:e9:50:b4:00:8b:c4:81:41:b1:9c:93:d6:85:bc:8d:
         27:f7:50:db:5e:c2:69:ce:8f:b4:d7:3f:af:7b:b1:53:c7:f5:
         3d:44:22:b6:29:52:d9:a5:a1:c0:f0:8e:48:41:7b:7e:19:0b:
         24:4b:0f:fa:f9:00:ff:db:43:b5:40:5b:7e:c5:e9:86:b7:6f:
         1e:47:d3:c9:41:5e:2d:d4:b3:c0:82:11:65:a7:57:d6:d1:58:
         aa:9d:db:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSxFVzoTEl4Dem3B0L0BmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYWUxOTY3OGFhMzc1MjU1MTIyMjlhOTRlNzg5MDE0NzE4
MzI3M2MwHhcNMjQwMTAxMTgzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGJkZDMwOGQ5ZTlmYWZhZGQxNWQzNjUzNTRlNzE4YWJiZGZiZjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAu0HkzBVjacUm1iiAnel9b3c7Zb
6DkFjAq8JUjJJMwSoTBCqnyO1U/0BoJoCXrqAZGMNhriYdNSH+iLWjTNHHqTv5rI
xH5Wn3aJ7Wt09bploUVhcS4QF8AqdKcp4RJ17aYkGETRyHcGlzrpA/JdD4Y+QgKX
qZ0PUDexargIsXxokgfNRIugOCX1kso4GcjFiW877tXYMbv7Tz1Uz9mMvO8fvrqw
QAn56SljS9DEPJ4TX3SZfHQMnyT5dZHAEu5FuUU2D/nFg3H50tfXnNXJ3TIfM8L6
QuCP/GhpqN57cnmtXdSMw1ghlUZhVQ5nSHINDEj6GP96z5XMutL2IgwPZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMi90wjZ6fr63RXTZTVOcYq73788MB8GA1UdIwQY
MBaAFFquGWeKo3UlUSIpqU54kBRxgyc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3E0Wlo0cWpkU1ZSSWltcFRuaVFGSEdESnp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS84YTkwZDktOTQ4YS00NmMyLTk3N2Et
NjQzZjAyZGFlYjllLzEveUwzVENObnAtdnJkRmRObE5VNXhpcnZmdnp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS84YTkwZDktOTQ4YS00NmMyLTk3N2EtNjQzZjAyZGFlYjll
LzEvV3E0Wlo0cWpkU1ZSSWltcFRuaVFGSEdESnp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7YqMA0G
CSqGSIb3DQEBCwUAA4IBAQBZ2vSVjm+UDL14dkQRf1VcQD5WkuqkwP6P5fvY4GOl
HgXW1yVlntc4uOigV3puSW0oNuPAJ0+e5MpJ/esxrPLsSogdbU8a4eLjyZ0fSGCF
X681Q5DO6BdbS0793x37wYqDRnJbV9ENDiigmdSaX6hkCQGFqQJwyuCoL89KKwTq
9RybZg1OD2sypW6hHEaEXJ2L80z04auMSGUBE5evXqctJmX5Wf3pULQAi8SBQbGc
k9aFvI0n91DbXsJpzo+01z+ve7FTx/U9RCK2KVLZpaHA8I5IQXt+GQskSw/6+QD/
20O1QFt+xemGt28eR9PJQV4t1LPAghFlp1fW0Viqndsf
-----END CERTIFICATE-----