Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/YbuRUPioWN-UbDRmtPvaYD6_0ww.roa
File:                     YbuRUPioWN-UbDRmtPvaYD6_0ww.roa (raw, json)
Hash identifier:          bNz44O8hv7i9YosgYkpR001p+kKNltRTbUR5HgBjXe4=
Subject key identifier:   61:BB:91:50:F8:A8:58:DF:94:6C:34:66:B4:FB:DA:60:3E:BF:D3:0C
Certificate issuer:       /CN=6cf96a7c01d62e37acecf0786f64978905121647
Certificate serial:       018CC64B69300EA0C6BDE69FEBA6392C0CB8
Authority key identifier: 6C:F9:6A:7C:01:D6:2E:37:AC:EC:F0:78:6F:64:97:89:05:12:16:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bPlqfAHWLjes7PB4b2SXiQUSFkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/YbuRUPioWN-UbDRmtPvaYD6_0ww.roa
Signing time:             Mon 01 Jan 2024 18:31:20 +0000
ROA not before:           Mon 01 Jan 2024 18:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209180
IP address blocks:        185.117.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/bPlqfAHWLjes7PB4b2SXiQUSFkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/bPlqfAHWLjes7PB4b2SXiQUSFkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bPlqfAHWLjes7PB4b2SXiQUSFkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:69:30:0e:a0:c6:bd:e6:9f:eb:a6:39:2c:0c:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cf96a7c01d62e37acecf0786f64978905121647
        Validity
            Not Before: Jan  1 18:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61bb9150f8a858df946c3466b4fbda603ebfd30c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:87:d6:77:7d:b6:65:8a:3b:57:77:51:f6:78:
                    5f:a2:ba:9d:ca:f2:15:c8:02:1c:2b:7b:d3:70:0e:
                    e7:b8:11:23:22:22:dd:b8:bd:5a:8a:35:e7:5f:56:
                    a7:13:1b:6d:53:c0:d5:db:a9:a9:73:2f:51:75:a6:
                    95:00:e6:fd:18:a7:4e:ac:ee:40:66:09:88:4f:a6:
                    5b:e4:58:c5:55:63:55:38:e4:c9:36:22:b9:b1:54:
                    92:89:56:bc:12:1e:d1:35:e0:9f:26:c3:18:dd:f4:
                    1e:41:a9:3b:f4:27:ef:43:04:12:8c:73:aa:4e:35:
                    4e:b1:db:7c:36:29:eb:bf:78:eb:d7:06:7b:ae:5a:
                    0a:85:3d:93:ce:66:30:a6:6e:28:a0:17:60:be:65:
                    23:18:c1:85:08:9d:f9:22:16:73:ac:34:53:ec:80:
                    30:1e:0c:a4:5e:e4:d4:91:76:6f:c0:14:31:e2:18:
                    ca:4a:ff:d0:26:66:38:4c:5d:be:73:64:6f:74:ed:
                    9e:0c:89:de:7f:f9:1e:b4:2c:1a:30:5e:1c:3f:a6:
                    e2:f1:71:70:50:ab:c2:72:60:21:79:e1:ed:bd:42:
                    43:96:70:6d:12:18:23:7b:15:e9:6c:36:1d:0b:03:
                    03:5e:fd:e6:54:67:96:f2:53:5d:db:0a:d5:1c:df:
                    7c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:BB:91:50:F8:A8:58:DF:94:6C:34:66:B4:FB:DA:60:3E:BF:D3:0C
            X509v3 Authority Key Identifier:
                keyid:6C:F9:6A:7C:01:D6:2E:37:AC:EC:F0:78:6F:64:97:89:05:12:16:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bPlqfAHWLjes7PB4b2SXiQUSFkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/YbuRUPioWN-UbDRmtPvaYD6_0ww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/bPlqfAHWLjes7PB4b2SXiQUSFkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:ba:cb:02:b9:0a:d7:a5:12:52:a2:fa:86:84:f0:2a:ad:38:
         8f:d5:2b:6a:35:99:a4:20:4c:0e:78:a9:69:1c:ab:60:17:dd:
         e3:17:af:da:90:67:d3:02:04:a3:15:72:42:95:e4:64:a6:bf:
         df:f4:90:9b:90:e8:1d:b6:69:bc:a3:c7:42:28:cf:2c:12:e7:
         fe:1b:b3:e8:3c:e3:87:93:c0:24:03:84:94:35:d1:95:97:05:
         a0:a5:2a:ab:54:9e:34:07:cf:31:b3:e8:c0:ab:8b:46:9d:b0:
         33:c6:e8:e8:e2:02:15:d4:0b:64:56:a5:b4:a2:91:13:94:9a:
         f2:b8:45:46:6c:04:09:0a:f2:b7:68:49:ce:3d:6d:b4:37:ea:
         da:0e:07:2a:e4:01:99:21:2f:63:61:76:0f:0f:aa:0d:cf:ae:
         8d:df:81:2b:91:9e:80:90:e7:fc:bc:3e:95:14:45:97:d5:02:
         f3:55:b9:17:24:85:d0:04:df:60:9a:d5:36:80:18:e1:04:b8:
         f6:a2:b5:90:63:be:c1:fb:f6:51:aa:20:e9:3c:74:54:1e:d1:
         76:04:aa:75:7e:ba:62:c8:46:c6:73:2c:bd:5e:49:b3:7a:f1:
         9d:42:db:58:69:aa:58:9e:76:1b:91:e7:99:77:1f:f4:af:ea:
         08:cd:6e:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS2kwDqDGveaf66Y5LAy4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZjk2YTdjMDFkNjJlMzdhY2VjZjA3ODZmNjQ5Nzg5MDUx
MjE2NDcwHhcNMjQwMTAxMTgzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWJiOTE1MGY4YTg1OGRmOTQ2YzM0NjZiNGZiZGE2MDNlYmZkMzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwofWd322ZYo7V3dR9nhforqdyvIV
yAIcK3vTcA7nuBEjIiLduL1aijXnX1anExttU8DV26mpcy9RdaaVAOb9GKdOrO5A
ZgmIT6Zb5FjFVWNVOOTJNiK5sVSSiVa8Eh7RNeCfJsMY3fQeQak79CfvQwQSjHOq
TjVOsdt8Ninrv3jr1wZ7rloKhT2TzmYwpm4ooBdgvmUjGMGFCJ35IhZzrDRT7IAw
HgykXuTUkXZvwBQx4hjKSv/QJmY4TF2+c2RvdO2eDInef/ketCwaMF4cP6bi8XFw
UKvCcmAheeHtvUJDlnBtEhgjexXpbDYdCwMDXv3mVGeW8lNd2wrVHN98OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGG7kVD4qFjflGw0ZrT72mA+v9MMMB8GA1UdIwQY
MBaAFGz5anwB1i43rOzweG9kl4kFEhZHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlBscWZBSFdMamVzN1BCNGIyU1hpUVVTRmtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy81ZjBmMDYtNTZmNC00MWE1LTg4OWEt
YjE1YjNmYmMwNGE2LzEvWWJ1UlVQaW9XTi1VYkRSbXRQdmFZRDZfMHd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy81ZjBmMDYtNTZmNC00MWE1LTg4OWEtYjE1YjNmYmMwNGE2
LzEvYlBscWZBSFdMamVzN1BCNGIyU1hpUVVTRmtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXWEMA0G
CSqGSIb3DQEBCwUAA4IBAQCPussCuQrXpRJSovqGhPAqrTiP1StqNZmkIEwOeKlp
HKtgF93jF6/akGfTAgSjFXJCleRkpr/f9JCbkOgdtmm8o8dCKM8sEuf+G7PoPOOH
k8AkA4SUNdGVlwWgpSqrVJ40B88xs+jAq4tGnbAzxujo4gIV1AtkVqW0opETlJry
uEVGbAQJCvK3aEnOPW20N+raDgcq5AGZIS9jYXYPD6oNz66N34ErkZ6AkOf8vD6V
FEWX1QLzVbkXJIXQBN9gmtU2gBjhBLj2orWQY77B+/ZRqiDpPHRUHtF2BKp1frpi
yEbGcyy9XkmzevGdQttYaapYnnYbkeeZdx/0r+oIzW5/
-----END CERTIFICATE-----