Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/6a6805-5ce0-4128-a04c-f62f35af4371/1/YqTqoMRBk4DwFwAFjwILOeXOiHw.roa
File:                     YqTqoMRBk4DwFwAFjwILOeXOiHw.roa (raw, json)
Hash identifier:          7zEI+pkJl9AS5kytzgxWVBT5whT9s3GyOPC8h9UUoGU=
Subject key identifier:   62:A4:EA:A0:C4:41:93:80:F0:17:00:05:8F:02:0B:39:E5:CE:88:7C
Certificate issuer:       /CN=5f96676cf398d3994c4dd4a296594614dff586c7
Certificate serial:       018CF8C75062746B6C0CC40A0890344EA354
Authority key identifier: 5F:96:67:6C:F3:98:D3:99:4C:4D:D4:A2:96:59:46:14:DF:F5:86:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X5ZnbPOY05lMTdSilllGFN_1hsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/6a6805-5ce0-4128-a04c-f62f35af4371/1/YqTqoMRBk4DwFwAFjwILOeXOiHw.roa
Signing time:             Thu 11 Jan 2024 13:47:40 +0000
ROA not before:           Thu 11 Jan 2024 13:47:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215822
IP address blocks:        89.35.152.0/24 maxlen: 24
                          84.247.57.0/24 maxlen: 24
                          89.34.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/6a6805-5ce0-4128-a04c-f62f35af4371/1/X5ZnbPOY05lMTdSilllGFN_1hsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/6a6805-5ce0-4128-a04c-f62f35af4371/1/X5ZnbPOY05lMTdSilllGFN_1hsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X5ZnbPOY05lMTdSilllGFN_1hsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 16:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f8:c7:50:62:74:6b:6c:0c:c4:0a:08:90:34:4e:a3:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f96676cf398d3994c4dd4a296594614dff586c7
        Validity
            Not Before: Jan 11 13:47:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62a4eaa0c4419380f01700058f020b39e5ce887c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:64:70:6b:22:24:c8:20:14:5f:a4:c8:6d:65:
                    c2:46:06:86:fb:d9:ea:f8:e1:73:51:16:96:fd:60:
                    f2:3c:e5:4f:c4:1a:fc:76:29:ca:bd:88:f8:04:32:
                    0f:e3:4b:ae:92:b2:18:c1:45:f2:c7:ee:b0:8f:1d:
                    3b:c8:3f:b9:6c:33:09:c6:e1:32:a8:f3:05:6d:27:
                    77:5c:1f:79:52:42:b7:0c:70:b6:92:43:e5:84:af:
                    3a:5a:ad:13:2b:d5:d6:89:5a:3d:cb:d6:9e:86:bd:
                    08:01:b8:4b:2e:2c:e3:93:87:33:98:76:3d:9c:2c:
                    77:65:2c:c7:7f:f1:ff:5e:e0:01:06:06:65:8c:2f:
                    89:92:d8:ef:30:21:83:a6:55:9c:c7:a3:86:00:7e:
                    5f:c0:3a:1e:b7:46:aa:13:ec:61:09:00:89:b2:fe:
                    7b:30:17:0d:84:ce:6b:3a:a5:d1:9f:a4:b2:c6:f6:
                    cf:ec:81:60:80:ea:28:8e:35:e3:10:b3:0b:65:a8:
                    8c:5c:69:2e:f0:91:d4:52:3b:f6:24:81:cc:23:43:
                    5f:e3:26:1e:25:bf:80:2b:d9:c1:9b:7b:20:b1:1a:
                    c5:3d:97:a1:91:db:33:ce:bd:01:f0:7b:9a:07:87:
                    77:8e:53:38:16:59:99:d4:ee:0d:af:e5:36:5d:c5:
                    5c:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:A4:EA:A0:C4:41:93:80:F0:17:00:05:8F:02:0B:39:E5:CE:88:7C
            X509v3 Authority Key Identifier:
                keyid:5F:96:67:6C:F3:98:D3:99:4C:4D:D4:A2:96:59:46:14:DF:F5:86:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X5ZnbPOY05lMTdSilllGFN_1hsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/6a6805-5ce0-4128-a04c-f62f35af4371/1/YqTqoMRBk4DwFwAFjwILOeXOiHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/6a6805-5ce0-4128-a04c-f62f35af4371/1/X5ZnbPOY05lMTdSilllGFN_1hsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.247.57.0/24
                  89.34.175.0/24
                  89.35.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:6a:26:cc:f1:27:91:a6:14:6c:d9:ca:fe:27:ed:6f:ce:38:
         0c:c9:2b:5a:34:f0:53:06:ca:fe:3c:b8:ba:21:85:cb:77:41:
         8e:ea:3b:bc:46:0f:4a:8d:cb:7a:5e:5d:66:d8:bd:45:b0:4b:
         92:3f:ff:68:52:46:e2:30:93:f0:bb:c6:46:40:60:39:6c:fe:
         e6:12:3e:11:c2:17:da:8a:51:68:c1:3b:6f:66:f1:87:cf:84:
         45:82:ab:8c:32:a5:6f:34:58:b9:00:3e:2e:95:78:93:25:be:
         23:08:ea:97:13:af:af:68:8b:56:f8:6e:35:5c:06:c5:2d:4d:
         3c:90:f9:9f:11:f0:b7:f5:9d:73:35:e5:b1:9a:8c:19:a8:57:
         fb:eb:04:39:9a:97:7b:cf:91:47:6c:a2:57:91:58:a3:5b:fc:
         23:b4:3f:dc:90:7d:2f:c1:12:d5:03:79:8e:04:d8:f1:80:98:
         9f:3a:fe:97:58:8c:ee:51:d7:9f:8f:44:38:3a:2c:75:fa:06:
         46:fa:ce:45:90:db:41:fb:de:f6:ae:d4:30:5a:e8:82:13:4d:
         72:d2:de:c6:f1:5f:fc:f2:4a:ac:e9:30:07:f8:b1:23:02:f7:
         a1:43:4f:a9:ce:d9:80:77:e0:bf:18:3d:91:d9:d7:ef:13:5b:
         72:85:e8:cb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYz4x1BidGtsDMQKCJA0TqNUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmOTY2NzZjZjM5OGQzOTk0YzRkZDRhMjk2NTk0NjE0ZGZm
NTg2YzcwHhcNMjQwMTExMTM0NzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmE0ZWFhMGM0NDE5MzgwZjAxNzAwMDU4ZjAyMGIzOWU1Y2U4ODdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WRwayIkyCAUX6TIbWXCRgaG+9nq
+OFzURaW/WDyPOVPxBr8dinKvYj4BDIP40uukrIYwUXyx+6wjx07yD+5bDMJxuEy
qPMFbSd3XB95UkK3DHC2kkPlhK86Wq0TK9XWiVo9y9aehr0IAbhLLizjk4czmHY9
nCx3ZSzHf/H/XuABBgZljC+JktjvMCGDplWcx6OGAH5fwDoet0aqE+xhCQCJsv57
MBcNhM5rOqXRn6SyxvbP7IFggOoojjXjELMLZaiMXGku8JHUUjv2JIHMI0Nf4yYe
Jb+AK9nBm3sgsRrFPZehkdszzr0B8HuaB4d3jlM4FlmZ1O4Nr+U2XcVcYQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGKk6qDEQZOA8BcABY8CCznlzoh8MB8GA1UdIwQY
MBaAFF+WZ2zzmNOZTE3UopZZRhTf9YbHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDVabmJQT1kwNWxNVGRTaWxsbEdGTl8xaHNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC82YTY4MDUtNWNlMC00MTI4LWEwNGMt
ZjYyZjM1YWY0MzcxLzEvWXFUcW9NUkJrNER3RndBRmp3SUxPZVhPaUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC82YTY4MDUtNWNlMC00MTI4LWEwNGMtZjYyZjM1YWY0Mzcx
LzEvWDVabmJQT1kwNWxNVGRTaWxsbEdGTl8xaHNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVPc5AwQA
WSKvAwQAWSOYMA0GCSqGSIb3DQEBCwUAA4IBAQBqaibM8SeRphRs2cr+J+1vzjgM
yStaNPBTBsr+PLi6IYXLd0GO6ju8Rg9Kjct6Xl1m2L1FsEuSP/9oUkbiMJPwu8ZG
QGA5bP7mEj4RwhfailFowTtvZvGHz4RFgquMMqVvNFi5AD4ulXiTJb4jCOqXE6+v
aItW+G41XAbFLU08kPmfEfC39Z1zNeWxmowZqFf76wQ5mpd7z5FHbKJXkVijW/wj
tD/ckH0vwRLVA3mOBNjxgJifOv6XWIzuUdefj0Q4Oix1+gZG+s5FkNtB+972rtQw
WuiCE01y0t7G8V/88kqs6TAH+LEjAvehQ0+pztmAd+C/GD2R2dfvE1tyhejL
-----END CERTIFICATE-----