Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/4f8514-2e20-4935-995c-a084f76c8e2b/1/lYFtGqVixP5Gd8GD6R8xlxVh-Gc.roa
File:                     lYFtGqVixP5Gd8GD6R8xlxVh-Gc.roa (raw, json)
Hash identifier:          bO1F+0MuaDMii26zUzn9n9S0y2o+hKBLdDv2iKWMcG8=
Subject key identifier:   95:81:6D:1A:A5:62:C4:FE:46:77:C1:83:E9:1F:31:97:15:61:F8:67
Certificate issuer:       /CN=92f4b1c0bfbad46b811eee568a18fbaa14a9d687
Certificate serial:       018CC5DC7F623B4E507BD89F799C4E28E5D4
Authority key identifier: 92:F4:B1:C0:BF:BA:D4:6B:81:1E:EE:56:8A:18:FB:AA:14:A9:D6:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kvSxwL-61GuBHu5Wihj7qhSp1oc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/4f8514-2e20-4935-995c-a084f76c8e2b/1/lYFtGqVixP5Gd8GD6R8xlxVh-Gc.roa
Signing time:             Mon 01 Jan 2024 16:30:11 +0000
ROA not before:           Mon 01 Jan 2024 16:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202934
IP address blocks:        213.59.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/4f8514-2e20-4935-995c-a084f76c8e2b/1/kvSxwL-61GuBHu5Wihj7qhSp1oc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/4f8514-2e20-4935-995c-a084f76c8e2b/1/kvSxwL-61GuBHu5Wihj7qhSp1oc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kvSxwL-61GuBHu5Wihj7qhSp1oc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:7f:62:3b:4e:50:7b:d8:9f:79:9c:4e:28:e5:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92f4b1c0bfbad46b811eee568a18fbaa14a9d687
        Validity
            Not Before: Jan  1 16:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95816d1aa562c4fe4677c183e91f31971561f867
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d5:1d:26:3d:65:4e:ad:94:49:02:63:c7:45:
                    5f:d5:04:7e:5d:10:f4:7d:93:44:0f:2c:58:a3:86:
                    b0:72:5b:09:5a:a7:30:b8:7f:55:c6:07:b9:00:9d:
                    d3:22:fa:31:df:7c:bc:7c:eb:b2:bf:12:31:74:55:
                    2a:91:67:37:73:97:9b:99:64:bf:f4:b3:be:c4:2c:
                    3c:0e:db:a3:e7:76:08:6b:f9:6b:7f:68:69:bb:4d:
                    38:4d:6e:01:51:68:e8:ed:2d:e7:0a:d1:ee:8e:6d:
                    25:15:45:1a:d6:d9:3c:af:7d:2b:57:1b:6e:f8:1b:
                    95:83:f9:be:a4:cc:c2:21:db:0a:46:13:26:a0:3d:
                    a6:14:01:7b:09:28:bd:76:90:3f:e1:ac:31:cd:57:
                    bb:69:b6:c7:a0:fe:4e:76:95:00:90:5d:97:0b:81:
                    d0:51:7c:a9:e5:9e:f5:40:65:6c:7a:39:70:f3:85:
                    8d:72:9e:23:02:44:ad:68:33:56:8d:e8:30:05:13:
                    40:65:3c:e0:e8:bc:7a:0b:df:d7:89:8b:e1:92:b5:
                    6d:f9:62:9d:37:25:2e:fb:90:2d:c0:2b:f3:a2:f3:
                    33:c6:40:36:e4:c3:20:d3:3c:ba:3d:e3:a3:fc:ba:
                    e6:6f:89:3d:2f:60:7e:31:94:be:a9:b1:c6:9e:a1:
                    cb:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:81:6D:1A:A5:62:C4:FE:46:77:C1:83:E9:1F:31:97:15:61:F8:67
            X509v3 Authority Key Identifier:
                keyid:92:F4:B1:C0:BF:BA:D4:6B:81:1E:EE:56:8A:18:FB:AA:14:A9:D6:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kvSxwL-61GuBHu5Wihj7qhSp1oc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/4f8514-2e20-4935-995c-a084f76c8e2b/1/lYFtGqVixP5Gd8GD6R8xlxVh-Gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/4f8514-2e20-4935-995c-a084f76c8e2b/1/kvSxwL-61GuBHu5Wihj7qhSp1oc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.59.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:f0:85:c7:45:dc:67:ba:27:0c:96:ef:59:9a:c8:1e:bf:02:
         ce:8f:19:3c:09:e5:82:00:1c:7f:8d:bc:ab:28:42:24:98:9c:
         78:8c:2f:e5:db:80:e3:fe:89:1d:e0:aa:5d:4f:31:76:dd:08:
         d2:6a:1d:db:a3:77:63:81:0e:86:6f:11:7f:36:71:8a:03:bc:
         de:bd:bb:51:e2:4b:01:78:07:2e:4c:1d:66:a9:3a:db:53:04:
         cd:2a:7c:d2:4a:92:6a:45:4c:e4:e0:6b:40:25:1a:fd:d0:25:
         be:86:9a:89:48:99:3e:ca:1c:d9:58:02:66:f0:e3:7f:13:6d:
         33:15:39:19:86:ae:8c:ad:8c:27:95:41:d6:b2:28:54:b1:37:
         1d:64:9e:6f:6d:84:3f:a0:4b:ef:62:ce:1a:0b:da:07:37:ec:
         3e:2e:c7:14:4b:4d:90:e9:9a:99:ad:e8:8c:b8:b3:08:d0:ca:
         1c:35:2f:92:1a:80:ff:1c:fa:77:b7:cd:8e:d2:19:db:c8:44:
         d1:b7:07:04:59:33:c8:34:66:5e:05:f7:5b:1d:31:7e:3e:cd:
         a0:f4:fd:fa:d8:4f:58:e7:72:8a:e1:c9:ed:cc:51:42:2b:74:
         41:ea:96:ad:6c:31:8f:93:68:ec:12:13:09:94:00:2c:6b:07:
         7b:24:92:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3H9iO05Qe9ifeZxOKOXUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZjRiMWMwYmZiYWQ0NmI4MTFlZWU1NjhhMThmYmFhMTRh
OWQ2ODcwHhcNMjQwMTAxMTYzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTgxNmQxYWE1NjJjNGZlNDY3N2MxODNlOTFmMzE5NzE1NjFmODY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9UdJj1lTq2USQJjx0Vf1QR+XRD0
fZNEDyxYo4awclsJWqcwuH9Vxge5AJ3TIvox33y8fOuyvxIxdFUqkWc3c5ebmWS/
9LO+xCw8Dtuj53YIa/lrf2hpu004TW4BUWjo7S3nCtHujm0lFUUa1tk8r30rVxtu
+BuVg/m+pMzCIdsKRhMmoD2mFAF7CSi9dpA/4awxzVe7abbHoP5OdpUAkF2XC4HQ
UXyp5Z71QGVsejlw84WNcp4jAkStaDNWjegwBRNAZTzg6Lx6C9/XiYvhkrVt+WKd
NyUu+5AtwCvzovMzxkA25MMg0zy6PeOj/Lrmb4k9L2B+MZS+qbHGnqHL0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWBbRqlYsT+RnfBg+kfMZcVYfhnMB8GA1UdIwQY
MBaAFJL0scC/utRrgR7uVooY+6oUqdaHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3ZTeHdMLTYxR3VCSHU1V2loajdxaFNwMW9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi80Zjg1MTQtMmUyMC00OTM1LTk5NWMt
YTA4NGY3NmM4ZTJiLzEvbFlGdEdxVml4UDVHZDhHRDZSOHhseFZoLUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi80Zjg1MTQtMmUyMC00OTM1LTk5NWMtYTA4NGY3NmM4ZTJi
LzEva3ZTeHdMLTYxR3VCSHU1V2loajdxaFNwMW9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Tu5MA0G
CSqGSIb3DQEBCwUAA4IBAQB58IXHRdxnuicMlu9ZmsgevwLOjxk8CeWCABx/jbyr
KEIkmJx4jC/l24Dj/okd4KpdTzF23QjSah3bo3djgQ6GbxF/NnGKA7zevbtR4ksB
eAcuTB1mqTrbUwTNKnzSSpJqRUzk4GtAJRr90CW+hpqJSJk+yhzZWAJm8ON/E20z
FTkZhq6MrYwnlUHWsihUsTcdZJ5vbYQ/oEvvYs4aC9oHN+w+LscUS02Q6ZqZreiM
uLMI0MocNS+SGoD/HPp3t82O0hnbyETRtwcEWTPINGZeBfdbHTF+Ps2g9P362E9Y
53KK4cntzFFCK3RB6patbDGPk2jsEhMJlAAsawd7JJJa
-----END CERTIFICATE-----