Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/YBaps3fk3ayyrGpmLCwdeEN7Bp0.roa
File:                     YBaps3fk3ayyrGpmLCwdeEN7Bp0.roa (raw, json)
Hash identifier:          CPY05p82aPamJlTXNey/WnTvZAQ7hXao3KoVsyf6gxQ=
Subject key identifier:   60:16:A9:B3:77:E4:DD:AC:B2:AC:6A:66:2C:2C:1D:78:43:7B:06:9D
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       018CC6B93CA77BD5DE609EEF084086C1AA40
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/YBaps3fk3ayyrGpmLCwdeEN7Bp0.roa
Signing time:             Mon 01 Jan 2024 20:31:17 +0000
ROA not before:           Mon 01 Jan 2024 20:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34262
IP address blocks:        82.141.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3c:a7:7b:d5:de:60:9e:ef:08:40:86:c1:aa:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  1 20:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6016a9b377e4ddacb2ac6a662c2c1d78437b069d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:e3:90:a3:57:51:56:fd:c7:b4:25:27:30:15:
                    cd:7c:8f:05:cb:38:44:8a:ea:c7:75:17:f9:65:b0:
                    a9:87:a9:c0:70:c7:6c:09:d5:96:41:c1:c5:01:d0:
                    dd:3d:28:38:a8:00:f5:dd:7a:c5:a6:fe:47:cf:47:
                    48:98:ab:87:14:f6:bb:a7:d3:c4:5f:87:9c:d4:78:
                    e6:05:c8:ce:79:30:c7:57:a0:57:b0:fc:cb:5d:12:
                    c3:80:07:98:f2:22:16:b9:1c:91:b3:0e:a3:1b:25:
                    85:d8:1e:bb:f0:96:60:85:5e:60:6c:1a:72:28:12:
                    e5:ab:d5:6d:43:d8:0d:6c:26:28:4b:21:d6:95:43:
                    19:bd:b0:97:56:b6:83:64:05:d1:2c:5b:56:28:3a:
                    cb:cc:21:ac:73:85:47:5a:35:fe:e3:36:55:fc:f9:
                    9e:d4:cb:27:68:d6:31:03:7a:e1:38:ed:b6:6e:10:
                    ac:e6:29:35:6a:67:37:2f:fb:8a:86:df:92:0e:7f:
                    12:dc:9d:63:c0:51:50:8a:d1:53:4c:08:59:f8:c8:
                    f6:90:84:07:15:11:f5:9d:9f:bc:ad:c9:f0:10:c5:
                    05:c3:22:8d:fd:e6:aa:1c:2c:ff:bf:47:1e:60:50:
                    e9:00:11:9f:b2:7c:ce:68:35:fc:ab:51:35:f5:8b:
                    d1:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:16:A9:B3:77:E4:DD:AC:B2:AC:6A:66:2C:2C:1D:78:43:7B:06:9D
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/YBaps3fk3ayyrGpmLCwdeEN7Bp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.141.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:26:b7:79:de:43:c8:d5:60:d3:3b:50:ce:6e:af:7d:68:e5:
         b0:66:80:3c:cd:41:3d:cd:5f:fa:33:5a:ec:25:7b:63:41:61:
         11:c2:1b:a0:e1:d5:98:b4:1b:42:07:71:f2:a1:8f:68:98:ad:
         52:a1:9c:c8:61:9e:9a:8f:7b:e3:de:45:e4:63:38:2a:3d:a3:
         b4:c1:fc:f0:90:91:fe:0e:3d:69:e7:c6:ca:31:68:34:66:ad:
         58:fc:a5:a9:96:c9:f3:84:3d:f2:8f:86:4d:95:b8:0f:a5:c6:
         07:dd:b8:77:fc:0d:06:f8:b4:e3:1c:60:08:64:f0:36:7c:c8:
         2c:53:fd:28:15:53:09:f6:91:10:ff:b8:a9:77:ae:a1:f7:e3:
         54:9d:24:3d:f3:51:51:08:64:de:74:f6:64:8c:a1:1d:69:b0:
         74:c1:fe:bc:e0:30:4f:be:72:73:2b:00:73:2e:cd:89:24:9e:
         8d:52:d8:45:75:2f:7e:62:95:36:dc:80:6f:d0:fd:88:a4:16:
         ec:5a:f7:20:be:82:25:99:7e:45:e4:50:fa:f8:3a:a5:02:1b:
         55:7a:38:03:80:f0:0b:c3:4e:9c:2c:ed:3d:d4:f6:99:bf:34:
         4c:78:74:a8:6c:74:23:7d:dd:12:8f:b9:6b:e9:6e:7a:90:4b:
         21:c4:3c:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTyne9XeYJ7vCECGwapAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjQwMTAxMjAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDE2YTliMzc3ZTRkZGFjYjJhYzZhNjYyYzJjMWQ3ODQzN2IwNjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhuOQo1dRVv3HtCUnMBXNfI8FyzhE
iurHdRf5ZbCph6nAcMdsCdWWQcHFAdDdPSg4qAD13XrFpv5Hz0dImKuHFPa7p9PE
X4ec1HjmBcjOeTDHV6BXsPzLXRLDgAeY8iIWuRyRsw6jGyWF2B678JZghV5gbBpy
KBLlq9VtQ9gNbCYoSyHWlUMZvbCXVraDZAXRLFtWKDrLzCGsc4VHWjX+4zZV/Pme
1MsnaNYxA3rhOO22bhCs5ik1amc3L/uKht+SDn8S3J1jwFFQitFTTAhZ+Mj2kIQH
FRH1nZ+8rcnwEMUFwyKN/eaqHCz/v0ceYFDpABGfsnzOaDX8q1E19YvRMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGAWqbN35N2ssqxqZiwsHXhDewadMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvWUJhcHMzZmszYXl5ckdwbUxDd2RlRU43QnAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2ItZWNjNDliZGMyYWQ4
LzEvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUo2aMA0G
CSqGSIb3DQEBCwUAA4IBAQCwJrd53kPI1WDTO1DObq99aOWwZoA8zUE9zV/6M1rs
JXtjQWERwhug4dWYtBtCB3HyoY9omK1SoZzIYZ6aj3vj3kXkYzgqPaO0wfzwkJH+
Dj1p58bKMWg0Zq1Y/KWplsnzhD3yj4ZNlbgPpcYH3bh3/A0G+LTjHGAIZPA2fMgs
U/0oFVMJ9pEQ/7ipd66h9+NUnSQ981FRCGTedPZkjKEdabB0wf684DBPvnJzKwBz
Ls2JJJ6NUthFdS9+YpU23IBv0P2IpBbsWvcgvoIlmX5F5FD6+DqlAhtVejgDgPAL
w06cLO091PaZvzRMeHSobHQjfd0Sj7lr6W56kEshxDyW
-----END CERTIFICATE-----