Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/Yfj7fP3mieePbqCNfjwfB3Pxdx4.roa
File:                     Yfj7fP3mieePbqCNfjwfB3Pxdx4.roa (raw, json)
Hash identifier:          hsNyITXouwFOODQt4BOubf8e+UqZKlp0k714bUcwfEU=
Subject key identifier:   61:F8:FB:7C:FD:E6:89:E7:8F:6E:A0:8D:7E:3C:1F:07:73:F1:77:1E
Certificate issuer:       /CN=6689c3995e2461d5a52fd4f1000782f99a4d4822
Certificate serial:       018CC56E52E11C3365C5BD7157D9EFB278D0
Authority key identifier: 66:89:C3:99:5E:24:61:D5:A5:2F:D4:F1:00:07:82:F9:9A:4D:48:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/Yfj7fP3mieePbqCNfjwfB3Pxdx4.roa
Signing time:             Mon 01 Jan 2024 14:29:50 +0000
ROA not before:           Mon 01 Jan 2024 14:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200410
IP address blocks:        91.187.224.0/24 maxlen: 24
                          91.187.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:52:e1:1c:33:65:c5:bd:71:57:d9:ef:b2:78:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6689c3995e2461d5a52fd4f1000782f99a4d4822
        Validity
            Not Before: Jan  1 14:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61f8fb7cfde689e78f6ea08d7e3c1f0773f1771e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a6:b2:cc:da:01:8e:97:b5:69:ef:56:ef:88:
                    4d:23:cf:9c:92:f1:d0:bc:09:b6:78:d3:7a:4f:0d:
                    b5:10:b2:88:b9:1c:2e:9d:6d:78:c0:5d:fb:06:d4:
                    bb:2a:cb:74:03:cc:a2:7c:9c:a5:01:37:c9:7c:b6:
                    68:d8:5f:0a:a7:26:85:ae:8d:2c:cc:f4:ac:62:71:
                    40:69:aa:e1:4d:f3:d3:51:8a:e4:ae:ff:2f:82:48:
                    03:10:f7:53:e5:7b:7a:24:3f:23:f8:b9:7d:a4:8c:
                    ee:c3:b9:c0:28:13:fd:5b:43:f2:9a:b0:9b:0c:33:
                    01:f0:1b:91:0b:6c:ae:fe:3d:f6:ea:e5:5d:c7:d0:
                    6e:e5:b9:32:50:5f:84:bc:50:46:cc:2f:d4:fa:8e:
                    9c:6d:ff:ef:46:18:f8:8f:54:67:d4:39:c6:96:cb:
                    c6:d6:87:00:22:ed:ce:37:1c:5d:c2:16:52:f1:78:
                    04:43:fd:46:92:48:24:51:0d:14:59:e6:cc:29:d9:
                    b1:27:09:73:3b:d4:80:d1:af:14:6a:81:ca:0f:09:
                    a1:ac:ef:fb:f5:f9:a1:12:8b:6a:f6:69:04:44:59:
                    d8:d1:8a:80:ab:d2:e8:97:df:59:fe:e6:f3:d2:07:
                    57:b6:9b:b2:d3:24:1c:91:4d:e0:91:73:d5:c4:8c:
                    49:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:F8:FB:7C:FD:E6:89:E7:8F:6E:A0:8D:7E:3C:1F:07:73:F1:77:1E
            X509v3 Authority Key Identifier:
                keyid:66:89:C3:99:5E:24:61:D5:A5:2F:D4:F1:00:07:82:F9:9A:4D:48:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/Yfj7fP3mieePbqCNfjwfB3Pxdx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.187.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:39:7e:47:1d:fa:8a:d5:c2:dd:ec:4c:d9:27:14:63:0e:31:
         5b:e2:2c:ee:b6:b1:fd:9d:3f:35:52:6d:15:07:ea:30:8a:78:
         49:5f:fa:cf:b7:97:80:66:c4:99:b8:ea:21:a4:7e:cc:52:b7:
         9a:eb:fe:fe:bd:af:72:e3:99:11:17:30:95:e7:d4:b5:62:85:
         3c:a5:c4:b7:89:20:d4:d7:ec:fd:2e:7a:e5:8d:17:bb:5b:41:
         82:e5:50:af:83:01:a8:7a:40:dc:f1:42:d0:3d:9b:25:5b:a1:
         7b:db:88:d2:25:c3:b7:d8:57:49:3d:41:f8:1a:69:b1:01:66:
         28:c6:93:d7:44:af:96:a4:30:82:a0:c7:a2:ab:64:37:b1:c0:
         88:9b:82:89:6e:f2:98:55:0b:02:10:bb:8d:d6:3b:db:f6:27:
         6b:94:73:ad:69:e7:47:fb:f5:df:79:ab:5d:31:f6:02:0f:77:
         0e:78:75:f7:dd:1a:dc:3f:e9:1f:94:15:b9:73:e4:8a:c6:c8:
         48:1d:b2:46:cb:88:55:0d:1f:e0:81:62:84:59:6f:77:a7:b6:
         9d:35:ee:72:12:c2:f4:da:aa:7b:ff:00:0e:e0:7b:88:5b:27:
         c4:23:32:d7:ff:6e:6f:22:cc:8d:f3:c6:bd:4a:cc:1a:7d:e4:
         8c:f3:5e:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFblLhHDNlxb1xV9nvsnjQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ODljMzk5NWUyNDYxZDVhNTJmZDRmMTAwMDc4MmY5OWE0
ZDQ4MjIwHhcNMjQwMTAxMTQyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWY4ZmI3Y2ZkZTY4OWU3OGY2ZWEwOGQ3ZTNjMWYwNzczZjE3NzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6ayzNoBjpe1ae9W74hNI8+ckvHQ
vAm2eNN6Tw21ELKIuRwunW14wF37BtS7Kst0A8yifJylATfJfLZo2F8KpyaFro0s
zPSsYnFAaarhTfPTUYrkrv8vgkgDEPdT5Xt6JD8j+Ll9pIzuw7nAKBP9W0PymrCb
DDMB8BuRC2yu/j326uVdx9Bu5bkyUF+EvFBGzC/U+o6cbf/vRhj4j1Rn1DnGlsvG
1ocAIu3ONxxdwhZS8XgEQ/1GkkgkUQ0UWebMKdmxJwlzO9SA0a8UaoHKDwmhrO/7
9fmhEotq9mkERFnY0YqAq9Lol99Z/ubz0gdXtpuy0yQckU3gkXPVxIxJ1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGH4+3z95onnj26gjX48Hwdz8XceMB8GA1UdIwQY
MBaAFGaJw5leJGHVpS/U8QAHgvmaTUgiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm9uRG1WNGtZZFdsTDlUeEFBZUMtWnBOU0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zNDY5NjYtMDY5YS00MGIwLWIxNDMt
NDFlYWExZmRlMTFiLzEvWWZqN2ZQM21pZWVQYnFDTmZqd2ZCM1B4ZHg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zNDY5NjYtMDY5YS00MGIwLWIxNDMtNDFlYWExZmRlMTFi
LzEvWm9uRG1WNGtZZFdsTDlUeEFBZUMtWnBOU0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW7vgMA0G
CSqGSIb3DQEBCwUAA4IBAQCJOX5HHfqK1cLd7EzZJxRjDjFb4izutrH9nT81Um0V
B+owinhJX/rPt5eAZsSZuOohpH7MUrea6/7+va9y45kRFzCV59S1YoU8pcS3iSDU
1+z9LnrljRe7W0GC5VCvgwGoekDc8ULQPZslW6F724jSJcO32FdJPUH4GmmxAWYo
xpPXRK+WpDCCoMeiq2Q3scCIm4KJbvKYVQsCELuN1jvb9idrlHOtaedH+/Xfeatd
MfYCD3cOeHX33RrcP+kflBW5c+SKxshIHbJGy4hVDR/ggWKEWW93p7adNe5yEsL0
2qp7/wAO4HuIWyfEIzLX/25vIsyN88a9SswafeSM817Z
-----END CERTIFICATE-----