Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/d066a3-7122-4dfa-9644-fce7e936bebd/1/YDOR-FcWKwUejDEccSZwl5co5Zk.roa
File:                     YDOR-FcWKwUejDEccSZwl5co5Zk.roa (raw, json)
Hash identifier:          u9tJGrOhSAB8o368YLBnj67M+Du5mCwmLCjkGWEeCm0=
Subject key identifier:   60:33:91:F8:57:16:2B:05:1E:8C:31:1C:71:26:70:97:97:28:E5:99
Certificate issuer:       /CN=40064dd8ac6ea56641836d4ed77facca4b22f7e0
Certificate serial:       018CC2DB1CE6A2A2666E9F73902612AF4A13
Authority key identifier: 40:06:4D:D8:AC:6E:A5:66:41:83:6D:4E:D7:7F:AC:CA:4B:22:F7:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QAZN2KxupWZBg21O13-syksi9-A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/d066a3-7122-4dfa-9644-fce7e936bebd/1/YDOR-FcWKwUejDEccSZwl5co5Zk.roa
Signing time:             Mon 01 Jan 2024 02:29:48 +0000
ROA not before:           Mon 01 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211594
IP address blocks:        185.254.123.0/24 maxlen: 24
                          2a0c:1880::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/d066a3-7122-4dfa-9644-fce7e936bebd/1/QAZN2KxupWZBg21O13-syksi9-A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/d066a3-7122-4dfa-9644-fce7e936bebd/1/QAZN2KxupWZBg21O13-syksi9-A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QAZN2KxupWZBg21O13-syksi9-A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1c:e6:a2:a2:66:6e:9f:73:90:26:12:af:4a:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40064dd8ac6ea56641836d4ed77facca4b22f7e0
        Validity
            Not Before: Jan  1 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=603391f857162b051e8c311c712670979728e599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:85:28:50:2e:65:9b:f8:e5:ea:2c:34:ef:fe:
                    5a:f4:d7:16:4f:3f:6a:4e:15:50:13:6c:8e:06:72:
                    be:cd:06:4c:43:42:54:f8:0d:ed:92:04:7c:c7:4f:
                    6f:0a:c5:85:0e:1f:12:2f:d3:8b:9f:cd:ab:77:4b:
                    db:77:b3:33:8d:7d:d6:81:92:d7:9b:82:67:d9:ec:
                    5e:8b:de:a3:55:8f:ff:bf:19:f8:b2:ad:56:22:1a:
                    40:cf:41:bc:27:18:85:42:8c:c3:1a:2c:f0:03:2b:
                    70:9f:58:f0:ec:b8:62:ec:86:b1:e2:96:c8:ea:11:
                    24:f6:9d:30:5a:0f:77:8f:59:41:2d:1a:e0:65:6e:
                    eb:8f:0f:00:ff:4e:93:41:72:48:b9:53:4d:a3:ac:
                    b9:b9:5d:14:81:76:9a:9a:4f:a0:d5:eb:8e:7d:51:
                    39:db:77:99:17:60:9c:ee:0b:c3:de:05:08:c6:a3:
                    4a:2d:3c:e0:3e:fa:f6:bf:cb:11:45:aa:11:a7:dc:
                    b6:a1:ef:42:7b:a0:2e:c3:a6:50:bd:c8:ff:e5:3a:
                    7f:a4:62:83:8b:b4:da:fb:b1:64:f1:ec:91:6f:8d:
                    fc:35:9e:aa:2a:eb:a6:04:85:ba:75:52:fe:a4:de:
                    59:6c:45:50:72:91:cc:3a:a4:7e:07:ba:0f:fe:72:
                    c6:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:33:91:F8:57:16:2B:05:1E:8C:31:1C:71:26:70:97:97:28:E5:99
            X509v3 Authority Key Identifier:
                keyid:40:06:4D:D8:AC:6E:A5:66:41:83:6D:4E:D7:7F:AC:CA:4B:22:F7:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QAZN2KxupWZBg21O13-syksi9-A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d066a3-7122-4dfa-9644-fce7e936bebd/1/YDOR-FcWKwUejDEccSZwl5co5Zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d066a3-7122-4dfa-9644-fce7e936bebd/1/QAZN2KxupWZBg21O13-syksi9-A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.123.0/24
                IPv6:
                  2a0c:1880::/29

    Signature Algorithm: sha256WithRSAEncryption
         a6:45:b7:6c:09:59:0a:b1:2b:a2:0a:02:7f:76:c2:37:0b:f9:
         ec:0b:95:00:c7:de:14:5a:b2:46:2f:45:ad:d0:34:aa:f2:ff:
         f1:2c:95:3c:9f:61:a5:d7:64:20:ee:ca:3a:de:ab:6d:88:bb:
         10:cf:bb:ac:f0:0e:39:f8:d2:4a:0b:ae:33:5e:17:f2:28:47:
         ba:71:91:7d:d1:c5:e4:81:00:5d:91:e9:7c:05:4a:9d:79:a9:
         b3:1b:6f:a3:02:25:fc:bb:96:d0:a3:9b:9b:71:8f:99:e4:85:
         a5:ae:f4:a0:15:1c:52:5a:65:4e:f0:0a:28:e7:ac:01:0d:a5:
         ab:49:d9:1f:dc:44:1f:67:cf:6f:c3:b8:51:23:c0:8c:70:f3:
         72:76:40:02:4f:9f:5f:c0:ba:5d:a6:45:8d:c6:b1:f7:d5:e5:
         2c:e8:ed:74:68:e1:eb:16:79:53:b7:e8:1d:9c:a1:02:86:a2:
         9b:11:3f:9e:91:23:5a:15:a9:e7:95:24:8d:06:48:e3:2e:bf:
         2b:66:31:8f:7d:f8:08:01:c9:11:b3:1b:65:5c:f4:03:7e:cf:
         06:c1:c3:26:d3:a5:6f:a8:ff:74:26:f3:42:b0:c9:c6:21:82:
         9f:11:f0:c8:bd:87:7a:e0:25:de:47:16:13:43:82:fd:64:f1:
         4e:0d:0f:37
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2xzmoqJmbp9zkCYSr0oTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwMDY0ZGQ4YWM2ZWE1NjY0MTgzNmQ0ZWQ3N2ZhY2NhNGIy
MmY3ZTAwHhcNMjQwMTAxMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDMzOTFmODU3MTYyYjA1MWU4YzMxMWM3MTI2NzA5Nzk3MjhlNTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIUoUC5lm/jl6iw07/5a9NcWTz9q
ThVQE2yOBnK+zQZMQ0JU+A3tkgR8x09vCsWFDh8SL9OLn82rd0vbd7MzjX3WgZLX
m4Jn2exei96jVY//vxn4sq1WIhpAz0G8JxiFQozDGizwAytwn1jw7Lhi7Iax4pbI
6hEk9p0wWg93j1lBLRrgZW7rjw8A/06TQXJIuVNNo6y5uV0UgXaamk+g1euOfVE5
23eZF2Cc7gvD3gUIxqNKLTzgPvr2v8sRRaoRp9y2oe9Ce6Auw6ZQvcj/5Tp/pGKD
i7Ta+7Fk8eyRb438NZ6qKuumBIW6dVL+pN5ZbEVQcpHMOqR+B7oP/nLGSwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGAzkfhXFisFHowxHHEmcJeXKOWZMB8GA1UdIwQY
MBaAFEAGTdisbqVmQYNtTtd/rMpLIvfgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUFaTjJLeHVwV1pCZzIxTzEzLXN5a3NpOS1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9kMDY2YTMtNzEyMi00ZGZhLTk2NDQt
ZmNlN2U5MzZiZWJkLzEvWURPUi1GY1dLd1VlakRFY2NTWndsNWNvNVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9kMDY2YTMtNzEyMi00ZGZhLTk2NDQtZmNlN2U5MzZiZWJk
LzEvUUFaTjJLeHVwV1pCZzIxTzEzLXN5a3NpOS1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuf57MA0E
AgACMAcDBQMqDBiAMA0GCSqGSIb3DQEBCwUAA4IBAQCmRbdsCVkKsSuiCgJ/dsI3
C/nsC5UAx94UWrJGL0Wt0DSq8v/xLJU8n2Gl12Qg7so63qttiLsQz7us8A45+NJK
C64zXhfyKEe6cZF90cXkgQBdkel8BUqdeamzG2+jAiX8u5bQo5ubcY+Z5IWlrvSg
FRxSWmVO8Aoo56wBDaWrSdkf3EQfZ89vw7hRI8CMcPNydkACT59fwLpdpkWNxrH3
1eUs6O10aOHrFnlTt+gdnKEChqKbET+ekSNaFannlSSNBkjjLr8rZjGPffgIAckR
sxtlXPQDfs8GwcMm06VvqP90JvNCsMnGIYKfEfDIvYd64CXeRxYTQ4L9ZPFODQ83
-----END CERTIFICATE-----