Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/yc9Fw86qOfTV4OfxLpMQKKOxit0.roa
File:                     yc9Fw86qOfTV4OfxLpMQKKOxit0.roa (raw, json)
Hash identifier:          21FZP8AGkwfnZHJplYRyg6evKOn4ngA4ehM6YnuYLOg=
Subject key identifier:   C9:CF:45:C3:CE:AA:39:F4:D5:E0:E7:F1:2E:93:10:28:A3:B1:8A:DD
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       01912CBD3C3C03286FA64FE88CAD2844817D
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/yc9Fw86qOfTV4OfxLpMQKKOxit0.roa
Signing time:             Wed 07 Aug 2024 12:08:04 +0000
ROA not before:           Wed 07 Aug 2024 12:08:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        89.191.120.0/22 maxlen: 22
                          91.123.64.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2c:bd:3c:3c:03:28:6f:a6:4f:e8:8c:ad:28:44:81:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Aug  7 12:08:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9cf45c3ceaa39f4d5e0e7f12e931028a3b18add
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:b6:b4:95:4d:90:67:e1:32:61:47:d9:bb:0c:
                    59:17:9c:9e:15:4b:82:ec:a8:18:33:3d:15:77:c7:
                    e0:ec:6d:52:d3:f8:d4:2f:37:73:17:d1:36:91:9b:
                    83:57:47:fe:c4:93:b1:9f:2a:ed:8b:6b:64:04:7d:
                    55:f1:ad:05:0a:b9:cb:26:27:65:ae:cf:ea:d4:a7:
                    16:f1:4f:73:d0:dc:d7:74:b5:75:66:83:32:7e:c8:
                    1f:be:c3:d8:fc:91:aa:71:09:c2:30:2f:2d:e0:bc:
                    50:b7:16:ad:ba:d8:b8:d6:6f:a6:eb:ed:e6:b4:22:
                    05:3f:3e:8b:97:d8:f9:26:44:c3:35:4b:4e:d2:c5:
                    80:8a:11:b1:32:2c:28:c6:51:48:2e:6a:bf:1d:de:
                    38:ca:f1:ca:44:77:87:56:79:a4:3d:a6:28:e7:c7:
                    2d:4e:5c:2c:09:5d:dc:dc:34:93:d4:62:58:0d:6e:
                    37:62:79:d9:68:23:53:b8:94:48:96:c0:ff:11:13:
                    40:06:d9:50:75:d0:dc:bc:89:80:64:37:54:b7:76:
                    a8:ff:41:88:ff:db:f6:6f:ae:3a:70:4c:d8:40:7f:
                    1d:72:1f:90:ab:e7:a8:be:c8:50:de:98:a1:f9:e3:
                    00:d3:a0:e1:ae:b0:47:b2:33:62:51:ab:17:bd:9e:
                    20:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:CF:45:C3:CE:AA:39:F4:D5:E0:E7:F1:2E:93:10:28:A3:B1:8A:DD
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/yc9Fw86qOfTV4OfxLpMQKKOxit0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.191.120.0/22
                  91.123.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7a:ff:a6:cb:57:e2:ab:23:c2:d7:5b:81:8c:35:b1:cd:c5:35:
         1f:1e:15:7a:d3:9a:e6:cc:60:ae:50:16:38:c3:08:54:3a:8f:
         56:02:b0:8c:70:e2:ad:40:57:7f:c7:dc:d3:bd:d6:6d:02:43:
         56:ac:27:d7:3b:a7:b4:a0:d1:9f:59:0c:9a:d7:9e:56:a1:9c:
         87:6c:e7:5d:ca:3b:77:2e:1c:a8:2f:01:48:40:ff:47:69:9c:
         ed:7e:14:81:39:4e:70:3c:f3:d3:ef:78:1d:66:e4:b0:0d:d4:
         56:9e:04:de:86:2b:38:16:57:4d:6a:b7:2e:6f:68:d6:7e:ca:
         b4:72:60:b8:aa:a2:1c:c8:84:d7:31:b1:f5:1a:08:e2:8d:63:
         1f:fb:c6:c7:3f:04:c9:9b:6e:4f:66:35:34:a1:28:ca:7d:f1:
         3d:70:c7:61:3b:87:e9:88:13:0b:47:2f:a8:0a:3c:26:57:94:
         6f:32:ea:c1:7a:cf:a8:e1:2e:e1:b3:9b:d2:00:47:5b:4b:68:
         e3:ee:6e:6f:44:e0:ff:0c:04:4c:e2:83:73:94:74:29:6a:0a:
         86:96:f4:d6:64:16:49:eb:38:2b:ab:bf:b2:19:fd:22:89:04:
         ca:c6:53:69:3f:7f:41:d9:52:28:1d:c2:5b:ab:87:66:78:b9:
         81:62:1d:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZEsvTw8Ayhvpk/ojK0oRIF9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwODA3MTIwODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWNmNDVjM2NlYWEzOWY0ZDVlMGU3ZjEyZTkzMTAyOGEzYjE4YWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6La0lU2QZ+EyYUfZuwxZF5yeFUuC
7KgYMz0Vd8fg7G1S0/jULzdzF9E2kZuDV0f+xJOxnyrti2tkBH1V8a0FCrnLJidl
rs/q1KcW8U9z0NzXdLV1ZoMyfsgfvsPY/JGqcQnCMC8t4LxQtxatuti41m+m6+3m
tCIFPz6Ll9j5JkTDNUtO0sWAihGxMiwoxlFILmq/Hd44yvHKRHeHVnmkPaYo58ct
TlwsCV3c3DST1GJYDW43YnnZaCNTuJRIlsD/ERNABtlQddDcvImAZDdUt3ao/0GI
/9v2b646cEzYQH8dch+Qq+eovshQ3pih+eMA06DhrrBHsjNiUasXvZ4gKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMnPRcPOqjn01eDn8S6TECijsYrdMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEveWM5Rnc4NnFPZlRWNE9meExwTVFLS094aXQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWb94AwQE
W3tAMA0GCSqGSIb3DQEBCwUAA4IBAQB6/6bLV+KrI8LXW4GMNbHNxTUfHhV605rm
zGCuUBY4wwhUOo9WArCMcOKtQFd/x9zTvdZtAkNWrCfXO6e0oNGfWQya155WoZyH
bOddyjt3LhyoLwFIQP9HaZztfhSBOU5wPPPT73gdZuSwDdRWngTehis4FldNarcu
b2jWfsq0cmC4qqIcyITXMbH1GgjijWMf+8bHPwTJm25PZjU0oSjKffE9cMdhO4fp
iBMLRy+oCjwmV5RvMurBes+o4S7hs5vSAEdbS2jj7m5vROD/DARM4oNzlHQpagqG
lvTWZBZJ6zgrq7+yGf0iiQTKxlNpP39B2VIoHcJbq4dmeLmBYh2w
-----END CERTIFICATE-----