Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/fead16-dd2f-4d66-8503-5d5aec20fc9a/1/yne18kzMVuVyf2O7sG2xvO0CxQE.roa
File:                     yne18kzMVuVyf2O7sG2xvO0CxQE.roa (raw, json)
Hash identifier:          ME940Se7lyrxNHwcpEaKfeDyn+e2xzrLFIqqWFwGFKE=
Subject key identifier:   CA:77:B5:F2:4C:CC:56:E5:72:7F:63:BB:B0:6D:B1:BC:ED:02:C5:01
Certificate issuer:       /CN=da1a521ec13031527d2f2cacfc85eb99e4841256
Certificate serial:       018CC8DE66F332D0A8E7925AA095CE53AA04
Authority key identifier: DA:1A:52:1E:C1:30:31:52:7D:2F:2C:AC:FC:85:EB:99:E4:84:12:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2hpSHsEwMVJ9Lyys_IXrmeSEElY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/fead16-dd2f-4d66-8503-5d5aec20fc9a/1/yne18kzMVuVyf2O7sG2xvO0CxQE.roa
Signing time:             Tue 02 Jan 2024 06:31:07 +0000
ROA not before:           Tue 02 Jan 2024 06:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        91.209.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/fead16-dd2f-4d66-8503-5d5aec20fc9a/1/2hpSHsEwMVJ9Lyys_IXrmeSEElY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/fead16-dd2f-4d66-8503-5d5aec20fc9a/1/2hpSHsEwMVJ9Lyys_IXrmeSEElY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2hpSHsEwMVJ9Lyys_IXrmeSEElY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:66:f3:32:d0:a8:e7:92:5a:a0:95:ce:53:aa:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da1a521ec13031527d2f2cacfc85eb99e4841256
        Validity
            Not Before: Jan  2 06:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca77b5f24ccc56e5727f63bbb06db1bced02c501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:12:ab:0b:14:7b:63:44:ca:60:a6:71:2d:11:
                    50:61:fa:ef:2e:e4:53:16:1d:51:97:e8:fd:a8:72:
                    ad:44:8c:b0:63:e4:91:a4:37:fe:ec:d4:f0:df:ca:
                    f0:1e:66:41:c6:47:ed:0c:45:58:d4:72:8d:77:6d:
                    f0:98:0f:e0:8d:35:a6:d8:c6:a9:d0:f5:d3:35:04:
                    36:68:4b:9c:65:23:09:53:b4:86:49:f6:4d:66:5b:
                    91:a2:a7:52:12:b0:39:7d:05:c2:e6:e3:61:29:c9:
                    ba:74:04:4c:8c:c9:24:df:35:42:2a:b1:29:00:27:
                    89:27:56:f2:e6:35:28:13:e7:de:10:1e:05:ec:5c:
                    dc:99:49:8c:ac:9d:c4:3c:b5:74:4a:0d:66:9c:04:
                    f9:eb:0f:6b:61:a0:c2:ee:99:eb:0b:00:b9:a5:78:
                    97:05:4a:10:35:e4:48:ab:25:27:58:eb:51:42:bf:
                    dc:70:a5:2f:32:c8:af:df:1a:d5:48:d3:c6:1e:70:
                    d3:09:67:63:6b:e2:f6:88:c9:f4:18:5f:89:6a:03:
                    cb:5a:bd:9c:29:de:2f:c1:37:63:fe:76:b5:5b:3d:
                    fd:b5:df:ab:ce:f9:3d:9c:e5:d3:23:1e:59:4b:d7:
                    0e:f0:0d:3b:a1:3c:53:7b:1a:fd:d2:97:93:dd:b5:
                    65:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:77:B5:F2:4C:CC:56:E5:72:7F:63:BB:B0:6D:B1:BC:ED:02:C5:01
            X509v3 Authority Key Identifier:
                keyid:DA:1A:52:1E:C1:30:31:52:7D:2F:2C:AC:FC:85:EB:99:E4:84:12:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2hpSHsEwMVJ9Lyys_IXrmeSEElY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/fead16-dd2f-4d66-8503-5d5aec20fc9a/1/yne18kzMVuVyf2O7sG2xvO0CxQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/fead16-dd2f-4d66-8503-5d5aec20fc9a/1/2hpSHsEwMVJ9Lyys_IXrmeSEElY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:83:05:0e:f0:ec:60:ad:7d:db:15:6d:d3:ad:36:7a:2e:29:
         55:0a:92:19:8a:63:1a:8e:f5:8b:84:fd:86:de:5c:4d:87:e4:
         f4:98:0d:84:3e:c2:1e:32:b5:42:01:9d:a0:13:c2:64:90:63:
         4f:5d:93:9f:44:b8:dc:52:67:d4:a2:c4:15:c5:12:49:8d:6d:
         fe:81:cd:8f:65:8b:6a:a3:c2:13:50:6d:9f:19:3c:24:2c:1f:
         4a:6b:17:40:ae:4c:13:56:cf:76:f4:51:d1:4d:bd:7a:8e:a7:
         14:84:9f:24:2a:59:00:ab:05:56:c1:24:8d:5b:22:01:66:77:
         45:a2:b3:78:4a:d3:2d:25:c8:a6:29:e3:c8:2a:5d:db:4b:2e:
         4a:b1:f6:e5:53:3e:04:b8:58:58:c3:c8:e2:d0:2a:01:dc:f9:
         a5:6a:43:76:d8:30:41:50:e2:ca:c4:89:02:c3:61:25:90:bf:
         78:f3:f1:5a:bd:67:29:80:4b:83:29:aa:de:07:a2:e2:c4:ea:
         3f:5d:2c:aa:a1:6c:11:a6:1c:c0:28:a0:8e:fb:b6:aa:14:dd:
         d8:7a:30:10:cf:33:8b:06:d3:a7:0e:77:f2:ff:21:bf:3a:2f:
         85:d5:95:64:0e:40:9a:ea:48:09:1b:02:a6:e1:42:d0:95:d1:
         7d:83:9a:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3mbzMtCo55JaoJXOU6oEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMWE1MjFlYzEzMDMxNTI3ZDJmMmNhY2ZjODVlYjk5ZTQ4
NDEyNTYwHhcNMjQwMTAyMDYzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTc3YjVmMjRjY2M1NmU1NzI3ZjYzYmJiMDZkYjFiY2VkMDJjNTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRKrCxR7Y0TKYKZxLRFQYfrvLuRT
Fh1Rl+j9qHKtRIywY+SRpDf+7NTw38rwHmZBxkftDEVY1HKNd23wmA/gjTWm2Map
0PXTNQQ2aEucZSMJU7SGSfZNZluRoqdSErA5fQXC5uNhKcm6dARMjMkk3zVCKrEp
ACeJJ1by5jUoE+feEB4F7FzcmUmMrJ3EPLV0Sg1mnAT56w9rYaDC7pnrCwC5pXiX
BUoQNeRIqyUnWOtRQr/ccKUvMsiv3xrVSNPGHnDTCWdja+L2iMn0GF+JagPLWr2c
Kd4vwTdj/na1Wz39td+rzvk9nOXTIx5ZS9cO8A07oTxTexr90peT3bVl1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMp3tfJMzFblcn9ju7BtsbztAsUBMB8GA1UdIwQY
MBaAFNoaUh7BMDFSfS8srPyF65nkhBJWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmhwU0hzRXdNVko5THl5c19JWHJtZVNFRWxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mZWFkMTYtZGQyZi00ZDY2LTg1MDMt
NWQ1YWVjMjBmYzlhLzEveW5lMThrek1WdVZ5ZjJPN3NHMnh2TzBDeFFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mZWFkMTYtZGQyZi00ZDY2LTg1MDMtNWQ1YWVjMjBmYzlh
LzEvMmhwU0hzRXdNVko5THl5c19JWHJtZVNFRWxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9FRMA0G
CSqGSIb3DQEBCwUAA4IBAQCbgwUO8OxgrX3bFW3TrTZ6LilVCpIZimMajvWLhP2G
3lxNh+T0mA2EPsIeMrVCAZ2gE8JkkGNPXZOfRLjcUmfUosQVxRJJjW3+gc2PZYtq
o8ITUG2fGTwkLB9KaxdArkwTVs929FHRTb16jqcUhJ8kKlkAqwVWwSSNWyIBZndF
orN4StMtJcimKePIKl3bSy5KsfblUz4EuFhYw8ji0CoB3PmlakN22DBBUOLKxIkC
w2ElkL948/FavWcpgEuDKareB6LixOo/XSyqoWwRphzAKKCO+7aqFN3YejAQzzOL
BtOnDnfy/yG/Oi+F1ZVkDkCa6kgJGwKm4ULQldF9g5pL
-----END CERTIFICATE-----