Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/d19c2d-38c3-4526-a7cf-1d666c422c6a/1/YTFIYMwfHXsketkgljChZuWxQ40.roa
File:                     YTFIYMwfHXsketkgljChZuWxQ40.roa (raw, json)
Hash identifier:          68E5c///2wHT9v7RspnljA8qZRizKMQb4+YkarAYJxA=
Subject key identifier:   61:31:48:60:CC:1F:1D:7B:24:7A:D9:20:96:30:A1:66:E5:B1:43:8D
Certificate issuer:       /CN=e41a8c42ece89b5fbfc210dc7b554c72ea4f3544
Certificate serial:       018CCA2AA0C26739BB675BAA6803075404AE
Authority key identifier: E4:1A:8C:42:EC:E8:9B:5F:BF:C2:10:DC:7B:55:4C:72:EA:4F:35:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5BqMQuzom1-_whDce1VMcupPNUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/d19c2d-38c3-4526-a7cf-1d666c422c6a/1/YTFIYMwfHXsketkgljChZuWxQ40.roa
Signing time:             Tue 02 Jan 2024 12:34:00 +0000
ROA not before:           Tue 02 Jan 2024 12:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30781
IP address blocks:        149.62.152.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/d19c2d-38c3-4526-a7cf-1d666c422c6a/1/5BqMQuzom1-_whDce1VMcupPNUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/d19c2d-38c3-4526-a7cf-1d666c422c6a/1/5BqMQuzom1-_whDce1VMcupPNUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5BqMQuzom1-_whDce1VMcupPNUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:a0:c2:67:39:bb:67:5b:aa:68:03:07:54:04:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e41a8c42ece89b5fbfc210dc7b554c72ea4f3544
        Validity
            Not Before: Jan  2 12:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61314860cc1f1d7b247ad9209630a166e5b1438d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:08:b4:0e:82:05:f5:42:d7:e8:73:f4:d7:2e:
                    03:85:f7:95:a1:48:7f:aa:d7:1e:1a:27:71:bb:b7:
                    d1:25:f0:15:af:a2:9a:ff:8d:e8:d3:68:0c:72:97:
                    f5:69:a2:45:70:b2:b7:ce:89:c8:e8:90:bc:58:2d:
                    74:57:52:f8:e6:6b:e3:cd:63:e1:77:5c:33:bf:d7:
                    0d:b4:83:a2:21:18:71:85:f1:36:77:0a:53:ea:42:
                    af:61:33:51:5d:4d:62:1a:e6:49:54:5e:71:14:f9:
                    ad:17:30:45:d7:4d:34:d3:04:ab:43:93:74:d0:02:
                    d3:41:bb:b1:70:b4:1f:4a:e3:27:5a:25:a5:ac:53:
                    c8:cd:f2:8b:d5:9c:91:ae:52:66:df:4b:30:e9:9d:
                    1c:77:e6:fb:74:2a:ed:b0:c4:3f:63:0e:a8:db:de:
                    ed:88:13:f1:2e:f6:4f:26:9e:cc:be:7c:46:bd:31:
                    98:f7:e9:56:76:55:73:8f:7c:de:27:e2:bd:aa:0c:
                    08:47:41:c9:0c:31:13:bb:1e:ed:59:e3:67:ee:ff:
                    7c:a8:61:68:3b:f1:8b:cc:ea:1c:cc:bc:5b:15:23:
                    f2:83:52:cb:cf:65:41:23:7c:07:ed:ec:d8:52:1a:
                    bc:b5:bb:ae:8b:bd:50:92:f6:78:03:65:1f:40:37:
                    7d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:31:48:60:CC:1F:1D:7B:24:7A:D9:20:96:30:A1:66:E5:B1:43:8D
            X509v3 Authority Key Identifier:
                keyid:E4:1A:8C:42:EC:E8:9B:5F:BF:C2:10:DC:7B:55:4C:72:EA:4F:35:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5BqMQuzom1-_whDce1VMcupPNUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/d19c2d-38c3-4526-a7cf-1d666c422c6a/1/YTFIYMwfHXsketkgljChZuWxQ40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/d19c2d-38c3-4526-a7cf-1d666c422c6a/1/5BqMQuzom1-_whDce1VMcupPNUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.62.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2a:50:be:20:e0:1e:17:92:f1:8b:c9:d8:a7:c4:63:e8:18:1d:
         ee:ff:cb:d9:9e:44:1f:b4:20:b2:80:6d:7d:72:59:73:4a:7a:
         05:5f:11:63:ef:7f:a3:7c:54:a2:67:39:83:ea:80:72:a9:ad:
         65:d0:02:54:a1:c2:18:41:9f:52:23:85:fb:fe:ac:81:da:6b:
         92:ae:19:4e:d2:32:6f:47:df:b8:cd:41:6b:a6:93:16:8f:4e:
         e6:0e:49:82:b5:79:20:42:df:0a:c3:23:42:bf:32:d8:b5:6a:
         e6:f5:8d:44:4e:d3:13:0f:7d:11:a8:77:ce:be:17:04:87:0a:
         87:80:e0:f4:e4:95:89:b3:0b:ae:33:1f:ad:74:4c:6b:81:61:
         47:9f:95:a8:21:e6:fb:dc:c5:2a:83:98:2d:84:d0:94:d9:a8:
         dd:7a:8d:71:a2:14:c0:31:1b:57:e4:b8:b7:71:25:7d:8a:7f:
         cf:3f:e8:ad:c9:f0:26:45:80:81:1b:d8:2c:76:1f:f5:0b:2b:
         2d:8c:97:a8:f3:c9:c2:f4:5c:4e:6e:e6:ef:d8:45:23:79:01:
         54:d2:a2:a5:51:f1:1a:3b:8c:b4:76:29:2c:b1:fa:81:67:a1:
         70:98:d3:53:a1:6a:dc:3e:48:8f:32:38:d2:7a:95:44:a1:de:
         d9:54:67:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKqDCZzm7Z1uqaAMHVASuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0MWE4YzQyZWNlODliNWZiZmMyMTBkYzdiNTU0YzcyZWE0
ZjM1NDQwHhcNMjQwMTAyMTIzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTMxNDg2MGNjMWYxZDdiMjQ3YWQ5MjA5NjMwYTE2NmU1YjE0MzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Ai0DoIF9ULX6HP01y4DhfeVoUh/
qtceGidxu7fRJfAVr6Ka/43o02gMcpf1aaJFcLK3zonI6JC8WC10V1L45mvjzWPh
d1wzv9cNtIOiIRhxhfE2dwpT6kKvYTNRXU1iGuZJVF5xFPmtFzBF10000wSrQ5N0
0ALTQbuxcLQfSuMnWiWlrFPIzfKL1ZyRrlJm30sw6Z0cd+b7dCrtsMQ/Yw6o297t
iBPxLvZPJp7MvnxGvTGY9+lWdlVzj3zeJ+K9qgwIR0HJDDETux7tWeNn7v98qGFo
O/GLzOoczLxbFSPyg1LLz2VBI3wH7ezYUhq8tbuui71QkvZ4A2UfQDd9LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGExSGDMHx17JHrZIJYwoWblsUONMB8GA1UdIwQY
MBaAFOQajELs6Jtfv8IQ3HtVTHLqTzVEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUJxTVF1em9tMS1fd2hEY2UxVk1jdXBQTlVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kMTljMmQtMzhjMy00NTI2LWE3Y2Yt
MWQ2NjZjNDIyYzZhLzEvWVRGSVlNd2ZIWHNrZXRrZ2xqQ2hadVd4UTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kMTljMmQtMzhjMy00NTI2LWE3Y2YtMWQ2NjZjNDIyYzZh
LzEvNUJxTVF1em9tMS1fd2hEY2UxVk1jdXBQTlVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDlT6YMA0G
CSqGSIb3DQEBCwUAA4IBAQAqUL4g4B4XkvGLydinxGPoGB3u/8vZnkQftCCygG19
cllzSnoFXxFj73+jfFSiZzmD6oByqa1l0AJUocIYQZ9SI4X7/qyB2muSrhlO0jJv
R9+4zUFrppMWj07mDkmCtXkgQt8KwyNCvzLYtWrm9Y1ETtMTD30RqHfOvhcEhwqH
gOD05JWJswuuMx+tdExrgWFHn5WoIeb73MUqg5gthNCU2ajdeo1xohTAMRtX5Li3
cSV9in/PP+ityfAmRYCBG9gsdh/1CystjJeo88nC9FxObubv2EUjeQFU0qKlUfEa
O4y0dikssfqBZ6FwmNNToWrcPkiPMjjSepVEod7ZVGfU
-----END CERTIFICATE-----