Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/saiyoDu_8Ep_8vn3gUHHxsRxFg8.roa
File:                     saiyoDu_8Ep_8vn3gUHHxsRxFg8.roa (raw, json)
Hash identifier:          yJPVw7gZhZ2roSNQh5HEDG6ZV69/zGTKcLqglG9fnGw=
Subject key identifier:   B1:A8:B2:A0:3B:BF:F0:4A:7F:F2:F9:F7:81:41:C7:C6:C4:71:16:0F
Certificate issuer:       /CN=59dd542781851c0bce5a3ea5cc387650ffc8277e
Certificate serial:       018CC9BCEE6F41EE4E01247246737C543B4F
Authority key identifier: 59:DD:54:27:81:85:1C:0B:CE:5A:3E:A5:CC:38:76:50:FF:C8:27:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/saiyoDu_8Ep_8vn3gUHHxsRxFg8.roa
Signing time:             Tue 02 Jan 2024 10:34:11 +0000
ROA not before:           Tue 02 Jan 2024 10:34:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201334
IP address blocks:        85.91.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ee:6f:41:ee:4e:01:24:72:46:73:7c:54:3b:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59dd542781851c0bce5a3ea5cc387650ffc8277e
        Validity
            Not Before: Jan  2 10:34:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1a8b2a03bbff04a7ff2f9f78141c7c6c471160f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:97:c0:ee:e3:d4:6f:ce:70:43:11:bc:c5:07:
                    ab:5b:f3:97:2e:ca:47:78:71:e0:26:9b:e8:c0:61:
                    1b:90:df:3c:c2:42:d1:93:7f:ad:99:63:ff:f4:e9:
                    17:89:9c:e1:ce:ef:17:71:72:1a:9d:0d:f1:f3:70:
                    3c:eb:29:6a:63:a2:f1:9a:b6:c9:05:4c:d8:6a:0e:
                    9f:90:81:78:e4:b8:a0:6b:d7:a0:59:be:d7:2e:66:
                    70:38:1a:9c:0a:d4:1a:98:82:1c:e8:9f:a6:7b:41:
                    3f:c6:c6:f6:53:dc:bb:7e:08:f4:94:7d:d1:43:a8:
                    32:6a:de:8c:61:60:c5:af:5e:66:79:bc:a6:54:ce:
                    7c:53:c7:a3:d7:2c:ac:7f:ff:5b:f2:9b:72:c0:e8:
                    d4:c2:4b:39:b3:4e:49:6f:c4:15:1a:b1:a9:e8:82:
                    67:f3:65:ca:6a:2c:02:c1:3a:9f:50:bd:6e:af:3d:
                    48:b7:e7:2a:7f:7a:b8:fe:e0:be:7e:81:a4:3e:4c:
                    fb:06:5c:58:60:94:f3:54:48:e8:5a:0d:85:81:55:
                    08:48:36:c2:69:ab:03:24:a7:79:9a:21:cb:60:6b:
                    e2:a7:76:bb:f2:24:a7:21:c1:49:65:31:63:f8:61:
                    7f:2c:4c:21:d6:33:96:d7:19:14:da:bb:17:d4:34:
                    5d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:A8:B2:A0:3B:BF:F0:4A:7F:F2:F9:F7:81:41:C7:C6:C4:71:16:0F
            X509v3 Authority Key Identifier:
                keyid:59:DD:54:27:81:85:1C:0B:CE:5A:3E:A5:CC:38:76:50:FF:C8:27:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/saiyoDu_8Ep_8vn3gUHHxsRxFg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.91.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:d1:7b:37:5a:ff:f8:ac:a0:d4:96:e1:48:ce:fe:1b:bb:ce:
         2a:5b:5c:e4:e2:42:a0:f4:02:d6:38:7a:c0:a0:f4:91:a5:b1:
         d1:8d:f4:b8:7d:b6:e5:5f:1c:28:a5:00:15:bd:d1:d4:ea:9c:
         ab:bb:1b:32:5e:a2:a4:ca:fb:23:f9:23:62:d0:7d:74:bc:8b:
         61:fb:f4:f7:d2:92:d9:18:44:c9:9a:aa:88:a9:a0:2b:d9:ab:
         74:47:93:59:05:8b:62:0c:7a:29:51:a9:43:b8:5c:22:f9:0c:
         03:9a:66:59:e7:79:25:a8:e1:1e:fd:da:74:ef:8b:c8:d7:e1:
         af:45:73:b0:e3:86:20:d0:78:2c:66:4c:2a:c8:ef:f3:4a:5a:
         e8:e0:3e:9b:51:13:76:04:7e:0b:f3:96:83:70:56:e2:f9:40:
         e3:54:88:ee:0c:d0:5c:68:3d:20:6d:b9:22:86:96:c8:87:2b:
         ea:c7:92:ac:9a:4e:b8:f9:d5:1e:2a:09:77:15:f4:a0:c2:e6:
         36:dc:d2:29:ab:9f:85:d0:39:9e:10:e3:41:78:75:89:db:1f:
         c9:01:c6:da:d8:65:cc:17:26:ae:34:f7:14:d1:7a:49:27:cb:
         89:3e:36:33:81:74:f8:2a:cb:fd:b5:65:bc:a4:c7:0d:db:68:
         74:8c:78:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvO5vQe5OASRyRnN8VDtPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZGQ1NDI3ODE4NTFjMGJjZTVhM2VhNWNjMzg3NjUwZmZj
ODI3N2UwHhcNMjQwMTAyMTAzNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWE4YjJhMDNiYmZmMDRhN2ZmMmY5Zjc4MTQxYzdjNmM0NzExNjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJfA7uPUb85wQxG8xQerW/OXLspH
eHHgJpvowGEbkN88wkLRk3+tmWP/9OkXiZzhzu8XcXIanQ3x83A86ylqY6LxmrbJ
BUzYag6fkIF45Liga9egWb7XLmZwOBqcCtQamIIc6J+me0E/xsb2U9y7fgj0lH3R
Q6gyat6MYWDFr15mebymVM58U8ej1yysf/9b8ptywOjUwks5s05Jb8QVGrGp6IJn
82XKaiwCwTqfUL1urz1It+cqf3q4/uC+foGkPkz7BlxYYJTzVEjoWg2FgVUISDbC
aasDJKd5miHLYGvip3a78iSnIcFJZTFj+GF/LEwh1jOW1xkU2rsX1DRdnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGosqA7v/BKf/L594FBx8bEcRYPMB8GA1UdIwQY
MBaAFFndVCeBhRwLzlo+pcw4dlD/yCd+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2QxVUo0R0ZIQXZPV2o2bHpEaDJVUF9JSjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi83OWM0YmEtMzhlMi00ZjVhLTk1OWYt
NDdlMDkzNzk4OWE4LzEvc2FpeW9EdV84RXBfOHZuM2dVSEh4c1J4Rmc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi83OWM0YmEtMzhlMi00ZjVhLTk1OWYtNDdlMDkzNzk4OWE4
LzEvV2QxVUo0R0ZIQXZPV2o2bHpEaDJVUF9JSjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVVt0MA0G
CSqGSIb3DQEBCwUAA4IBAQBn0Xs3Wv/4rKDUluFIzv4bu84qW1zk4kKg9ALWOHrA
oPSRpbHRjfS4fbblXxwopQAVvdHU6pyruxsyXqKkyvsj+SNi0H10vIth+/T30pLZ
GETJmqqIqaAr2at0R5NZBYtiDHopUalDuFwi+QwDmmZZ53klqOEe/dp074vI1+Gv
RXOw44Yg0HgsZkwqyO/zSlro4D6bURN2BH4L85aDcFbi+UDjVIjuDNBcaD0gbbki
hpbIhyvqx5Ksmk64+dUeKgl3FfSgwuY23NIpq5+F0DmeEONBeHWJ2x/JAcba2GXM
FyauNPcU0XpJJ8uJPjYzgXT4Ksv9tWW8pMcN22h0jHir
-----END CERTIFICATE-----