Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/yys8PG7onlS-mFFasHCmDm_ZHBI.roa
File:                     yys8PG7onlS-mFFasHCmDm_ZHBI.roa (raw, json)
Hash identifier:          JA2/3Do1vr9j+FM/VzZ3rfG52lMrR5XZDLRplN/WvuY=
Subject key identifier:   CB:2B:3C:3C:6E:E8:9E:54:BE:98:51:5A:B0:70:A6:0E:6F:D9:1C:12
Certificate issuer:       /CN=4f908a6d868ab9e9bdb10472fbec31c966e94274
Certificate serial:       018CC72755388592E3905F4E56F6EA537EC1
Authority key identifier: 4F:90:8A:6D:86:8A:B9:E9:BD:B1:04:72:FB:EC:31:C9:66:E9:42:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5CKbYaKuem9sQRy--wxyWbpQnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/yys8PG7onlS-mFFasHCmDm_ZHBI.roa
Signing time:             Mon 01 Jan 2024 22:31:32 +0000
ROA not before:           Mon 01 Jan 2024 22:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        91.206.52.0/23 maxlen: 23
                          2001:7f8:24::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/T5CKbYaKuem9sQRy--wxyWbpQnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/T5CKbYaKuem9sQRy--wxyWbpQnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5CKbYaKuem9sQRy--wxyWbpQnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 02:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:55:38:85:92:e3:90:5f:4e:56:f6:ea:53:7e:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f908a6d868ab9e9bdb10472fbec31c966e94274
        Validity
            Not Before: Jan  1 22:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb2b3c3c6ee89e54be98515ab070a60e6fd91c12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:4c:36:32:f1:d5:73:dc:e6:17:14:b8:bb:36:
                    bd:8b:5d:50:ef:31:e5:df:9e:e8:c4:e6:c4:c2:83:
                    17:16:7e:bb:d5:22:b3:4f:d1:7f:17:da:01:e7:0d:
                    9b:c6:df:cf:e3:2b:26:70:ca:8c:dd:7f:f5:0b:e8:
                    69:2e:44:5e:3f:82:10:4f:52:ca:84:28:d8:a2:dd:
                    3c:69:cc:30:07:6e:c1:98:d6:c6:3b:a2:78:70:35:
                    82:7c:5d:e6:e7:9a:12:67:49:1a:5b:ca:0f:2c:cb:
                    d3:56:79:08:bc:9f:f9:cc:e2:19:6a:fd:44:24:7e:
                    be:d1:9c:b7:ae:d2:6b:07:ad:52:6b:e3:f7:e9:64:
                    1c:ed:e1:9a:67:c9:20:7d:6a:b6:2a:a0:86:e9:da:
                    ef:95:11:00:3e:c0:36:db:5c:4d:03:6b:bd:c5:a8:
                    e9:a9:79:23:90:9c:c0:44:39:a8:92:f3:61:02:bc:
                    f1:22:e0:67:88:99:46:53:18:e8:97:f4:ca:51:38:
                    2a:ef:d6:e1:d4:76:4b:8b:ab:e9:54:79:95:17:37:
                    af:16:ad:82:51:8b:d8:0a:ca:2f:ae:cf:c2:47:83:
                    27:3e:a7:d3:73:0b:31:f8:ea:b9:b3:67:5d:3a:34:
                    e8:10:f8:cc:a9:1d:d8:95:e7:92:10:73:04:dd:af:
                    e2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:2B:3C:3C:6E:E8:9E:54:BE:98:51:5A:B0:70:A6:0E:6F:D9:1C:12
            X509v3 Authority Key Identifier:
                keyid:4F:90:8A:6D:86:8A:B9:E9:BD:B1:04:72:FB:EC:31:C9:66:E9:42:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5CKbYaKuem9sQRy--wxyWbpQnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/yys8PG7onlS-mFFasHCmDm_ZHBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/T5CKbYaKuem9sQRy--wxyWbpQnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.52.0/23
                IPv6:
                  2001:7f8:24::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:cb:a1:fb:9f:a8:00:83:c4:e7:d3:8f:3e:49:f3:46:e7:95:
         cb:1b:46:d6:8f:c9:19:5a:b3:95:d5:8b:8d:94:df:c8:96:62:
         4d:54:2c:2b:b8:29:50:2b:e7:d1:26:48:7b:32:d6:d5:4a:af:
         d2:cf:a8:ae:e7:53:28:bb:51:eb:75:2d:ed:91:e9:ff:30:02:
         eb:ff:cf:d9:7c:c8:41:6e:ef:bf:2b:9a:78:78:82:b2:df:e5:
         e9:a0:9f:16:d6:e7:3f:59:f0:24:b9:fd:a9:05:9a:6f:b0:f2:
         47:07:14:6d:ae:ef:3f:38:91:eb:6f:07:56:59:f1:7a:f2:51:
         f8:6c:00:0e:0b:fc:d2:c0:a5:34:81:6e:4a:58:76:1e:dc:76:
         c3:d3:ce:e4:72:cb:0d:63:85:0f:7d:99:1d:5f:e0:8e:0c:1c:
         ea:ef:8a:9e:51:0f:1a:08:fd:53:e4:09:b8:99:ca:ff:e5:30:
         01:31:fa:84:b7:88:49:03:b9:c7:c8:f5:b8:1d:4b:5c:f6:d2:
         0d:a2:94:01:a6:c0:1a:e4:04:6f:82:76:2a:bc:58:06:ce:5c:
         d0:14:d6:f7:b2:12:4d:b5:f1:45:ff:c7:d7:7c:88:a8:6a:4c:
         84:0a:98:5d:40:40:06:f6:0f:45:78:c7:bb:b8:32:b8:06:6b:
         37:73:34:fa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJ1U4hZLjkF9OVvbqU37BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTA4YTZkODY4YWI5ZTliZGIxMDQ3MmZiZWMzMWM5NjZl
OTQyNzQwHhcNMjQwMTAxMjIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjJiM2MzYzZlZTg5ZTU0YmU5ODUxNWFiMDcwYTYwZTZmZDkxYzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUw2MvHVc9zmFxS4uza9i11Q7zHl
357oxObEwoMXFn671SKzT9F/F9oB5w2bxt/P4ysmcMqM3X/1C+hpLkReP4IQT1LK
hCjYot08acwwB27BmNbGO6J4cDWCfF3m55oSZ0kaW8oPLMvTVnkIvJ/5zOIZav1E
JH6+0Zy3rtJrB61Sa+P36WQc7eGaZ8kgfWq2KqCG6drvlREAPsA221xNA2u9xajp
qXkjkJzARDmokvNhArzxIuBniJlGUxjol/TKUTgq79bh1HZLi6vpVHmVFzevFq2C
UYvYCsovrs/CR4MnPqfTcwsx+Oq5s2ddOjToEPjMqR3YleeSEHME3a/iAQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMsrPDxu6J5UvphRWrBwpg5v2RwSMB8GA1UdIwQY
MBaAFE+Qim2GirnpvbEEcvvsMclm6UJ0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVDS2JZYUt1ZW05c1FSeS0td3h5V2JwUW5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC80ZDc3ZDktYjBhMy00OGFkLWFhMmEt
MWM2ZWU1YmJlYjY2LzEveXlzOFBHN29ubFMtbUZGYXNIQ21EbV9aSEJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC80ZDc3ZDktYjBhMy00OGFkLWFhMmEtMWM2ZWU1YmJlYjY2
LzEvVDVDS2JZYUt1ZW05c1FSeS0td3h5V2JwUW5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW840MA8E
AgACMAkDBwAgAQf4ACQwDQYJKoZIhvcNAQELBQADggEBAHjLofufqACDxOfTjz5J
80bnlcsbRtaPyRlas5XVi42U38iWYk1ULCu4KVAr59EmSHsy1tVKr9LPqK7nUyi7
Uet1Le2R6f8wAuv/z9l8yEFu778rmnh4grLf5emgnxbW5z9Z8CS5/akFmm+w8kcH
FG2u7z84ketvB1ZZ8XryUfhsAA4L/NLApTSBbkpYdh7cdsPTzuRyyw1jhQ99mR1f
4I4MHOrvip5RDxoI/VPkCbiZyv/lMAEx+oS3iEkDucfI9bgdS1z20g2ilAGmwBrk
BG+Cdiq8WAbOXNAU1veyEk218UX/x9d8iKhqTIQKmF1AQAb2D0V4x7u4MrgGazdz
NPo=
-----END CERTIFICATE-----