Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/yiZ3yDIVNbeWjc1KieypMQTmhvI.roa
File:                     yiZ3yDIVNbeWjc1KieypMQTmhvI.roa (raw, json)
Hash identifier:          ggk/7oQuEuNxdIhW7zOMEX3cZLrCnSR6j29EUnsdURU=
Subject key identifier:   CA:26:77:C8:32:15:35:B7:96:8D:CD:4A:89:EC:A9:31:04:E6:86:F2
Certificate issuer:       /CN=0af61798dd18965c027afa7f93ae030ff5e1d76e
Certificate serial:       018CC3B6F9F413EE4E9978623E545A421293
Authority key identifier: 0A:F6:17:98:DD:18:96:5C:02:7A:FA:7F:93:AE:03:0F:F5:E1:D7:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CvYXmN0YllwCevp_k64DD_Xh124.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/yiZ3yDIVNbeWjc1KieypMQTmhvI.roa
Signing time:             Mon 01 Jan 2024 06:29:57 +0000
ROA not before:           Mon 01 Jan 2024 06:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61225
IP address blocks:        86.106.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/CvYXmN0YllwCevp_k64DD_Xh124.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/CvYXmN0YllwCevp_k64DD_Xh124.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CvYXmN0YllwCevp_k64DD_Xh124.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f9:f4:13:ee:4e:99:78:62:3e:54:5a:42:12:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0af61798dd18965c027afa7f93ae030ff5e1d76e
        Validity
            Not Before: Jan  1 06:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca2677c8321535b7968dcd4a89eca93104e686f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:6a:62:85:ea:bd:dd:2f:73:92:51:5b:b5:85:
                    f1:cc:01:86:1e:4f:44:b3:c6:71:72:59:0c:e4:5e:
                    bc:d7:f4:3b:bc:9e:3a:ba:55:b1:1c:f0:f4:83:75:
                    99:7c:d8:d6:79:20:3c:4d:93:35:de:76:72:64:70:
                    d7:86:54:81:e9:3b:a3:1c:9a:2f:fb:df:63:7e:74:
                    3c:48:b9:4a:37:3b:a5:c9:90:80:e1:dd:94:44:40:
                    72:c1:a0:93:f4:ce:59:7a:dc:ce:2c:2a:d8:7d:95:
                    ee:12:2f:b4:45:85:f8:f6:53:0c:c4:70:7c:06:99:
                    4a:26:9e:01:f8:27:2c:5e:35:80:d6:0f:02:68:b5:
                    15:da:7a:fe:36:6b:c9:b1:f1:81:6e:90:3d:0c:41:
                    1c:3a:08:96:b2:85:a9:9e:36:7a:3b:24:af:0e:c1:
                    5a:0a:96:35:33:8a:40:b7:8c:4b:f4:c2:3b:df:f0:
                    3d:6d:df:e4:3d:ad:3f:22:97:78:0a:98:5e:86:5b:
                    93:ed:52:3d:f9:65:ed:a5:20:d2:29:09:45:93:98:
                    fe:bc:7a:e4:88:29:b5:85:47:54:6e:99:29:0d:f8:
                    26:bf:98:fd:61:45:00:1f:c7:56:e9:27:b8:8d:fb:
                    55:52:db:14:2d:bd:50:61:9d:0d:72:f3:4b:05:18:
                    69:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:26:77:C8:32:15:35:B7:96:8D:CD:4A:89:EC:A9:31:04:E6:86:F2
            X509v3 Authority Key Identifier:
                keyid:0A:F6:17:98:DD:18:96:5C:02:7A:FA:7F:93:AE:03:0F:F5:E1:D7:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CvYXmN0YllwCevp_k64DD_Xh124.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/yiZ3yDIVNbeWjc1KieypMQTmhvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/CvYXmN0YllwCevp_k64DD_Xh124.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:e0:a6:34:09:8a:66:ce:51:1b:1f:65:6e:db:7e:dd:aa:a3:
         59:1d:39:f9:09:1a:82:31:d8:2f:1f:4a:a0:12:5d:77:fe:41:
         e5:e1:77:57:f7:25:3b:79:96:2c:3d:fc:75:be:33:57:e7:81:
         46:68:0a:2e:fc:00:0b:03:5f:8b:83:2c:b4:c7:d6:55:bf:42:
         62:0e:ab:c7:b0:69:af:1c:bf:91:65:cf:6c:de:06:69:4e:a1:
         87:a1:84:b3:b1:5d:28:41:34:e4:31:17:ad:07:8a:79:c3:1c:
         a3:b7:c3:b1:ae:86:a5:65:2d:8e:92:08:c5:5a:ae:5e:19:e9:
         aa:05:9e:24:d8:7d:bc:b6:13:a1:cc:9a:e4:04:80:53:e1:00:
         ff:4d:9c:ad:09:3c:16:11:e8:18:ed:f9:d5:40:f3:c3:40:4c:
         eb:b5:17:af:91:3e:6b:7c:cd:d6:bc:2a:e9:23:f7:64:21:f1:
         00:a3:f5:4f:27:86:5e:db:20:17:80:3e:c0:9e:d2:df:6d:6a:
         c3:22:04:71:d9:98:88:03:8d:10:4b:96:f5:85:74:aa:a3:79:
         02:cb:6d:0a:24:27:dd:91:40:bc:8f:c6:7c:55:bf:1a:d8:de:
         5b:11:a2:e7:bb:ef:c6:a1:ff:b3:da:ed:c7:31:e5:f4:0d:c5:
         38:fd:70:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvn0E+5OmXhiPlRaQhKTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhZjYxNzk4ZGQxODk2NWMwMjdhZmE3ZjkzYWUwMzBmZjVl
MWQ3NmUwHhcNMjQwMTAxMDYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTI2NzdjODMyMTUzNWI3OTY4ZGNkNGE4OWVjYTkzMTA0ZTY4NmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Wpiheq93S9zklFbtYXxzAGGHk9E
s8ZxclkM5F681/Q7vJ46ulWxHPD0g3WZfNjWeSA8TZM13nZyZHDXhlSB6TujHJov
+99jfnQ8SLlKNzulyZCA4d2UREBywaCT9M5ZetzOLCrYfZXuEi+0RYX49lMMxHB8
BplKJp4B+CcsXjWA1g8CaLUV2nr+NmvJsfGBbpA9DEEcOgiWsoWpnjZ6OySvDsFa
CpY1M4pAt4xL9MI73/A9bd/kPa0/Ipd4CphehluT7VI9+WXtpSDSKQlFk5j+vHrk
iCm1hUdUbpkpDfgmv5j9YUUAH8dW6Se4jftVUtsULb1QYZ0NcvNLBRhpbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMomd8gyFTW3lo3NSonsqTEE5obyMB8GA1UdIwQY
MBaAFAr2F5jdGJZcAnr6f5OuAw/14dduMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3ZZWG1OMFlsbHdDZXZwX2s2NEREX1hoMTI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC82MTUxNjQtNmQ5Ni00ODhhLTk2YmEt
ZDZlMWUzNDdmOWM3LzEveWlaM3lESVZOYmVXamMxS2lleXBNUVRtaHZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC82MTUxNjQtNmQ5Ni00ODhhLTk2YmEtZDZlMWUzNDdmOWM3
LzEvQ3ZZWG1OMFlsbHdDZXZwX2s2NEREX1hoMTI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmqfMA0G
CSqGSIb3DQEBCwUAA4IBAQCm4KY0CYpmzlEbH2Vu237dqqNZHTn5CRqCMdgvH0qg
El13/kHl4XdX9yU7eZYsPfx1vjNX54FGaAou/AALA1+Lgyy0x9ZVv0JiDqvHsGmv
HL+RZc9s3gZpTqGHoYSzsV0oQTTkMRetB4p5wxyjt8OxroalZS2OkgjFWq5eGemq
BZ4k2H28thOhzJrkBIBT4QD/TZytCTwWEegY7fnVQPPDQEzrtRevkT5rfM3WvCrp
I/dkIfEAo/VPJ4Ze2yAXgD7AntLfbWrDIgRx2ZiIA40QS5b1hXSqo3kCy20KJCfd
kUC8j8Z8Vb8a2N5bEaLnu+/Gof+z2u3HMeX0DcU4/XDe
-----END CERTIFICATE-----