Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/YfCoNYg_1XXinjEK8MVy6AJOSas.roa
File:                     YfCoNYg_1XXinjEK8MVy6AJOSas.roa (raw, json)
Hash identifier:          GzcSVvVEKX8ihp5+dtW8JzxlG+Fy0tUESPc7ZDSPFIE=
Subject key identifier:   61:F0:A8:35:88:3F:D5:75:E2:9E:31:0A:F0:C5:72:E8:02:4E:49:AB
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018F619AF6C4F32342F51BEEB71CA741F72C
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/YfCoNYg_1XXinjEK8MVy6AJOSas.roa
Signing time:             Fri 10 May 2024 08:24:56 +0000
ROA not before:           Fri 10 May 2024 08:24:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211522
IP address blocks:        5.39.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 07:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:61:9a:f6:c4:f3:23:42:f5:1b:ee:b7:1c:a7:41:f7:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: May 10 08:24:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61f0a835883fd575e29e310af0c572e8024e49ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:30:63:79:94:76:75:84:6f:76:fa:58:21:e7:
                    fd:cc:bd:e5:d0:f2:ce:8a:ab:f6:41:14:d9:df:27:
                    1b:26:91:41:05:bb:10:97:33:bc:28:c5:a7:94:19:
                    57:8d:c5:31:9c:fb:68:c5:6d:6a:00:b7:c4:ed:3f:
                    68:10:bf:5e:89:e6:30:6d:0e:83:56:ea:c2:68:a5:
                    11:3e:8b:93:89:67:08:b1:1e:d6:da:b9:33:8d:a9:
                    15:6e:23:fe:60:b5:38:23:bd:38:3b:bb:cf:d9:1b:
                    eb:53:67:ca:66:76:75:79:a9:be:b7:7a:a4:8d:24:
                    63:02:b4:f8:3f:e5:98:45:3d:cc:86:71:8f:06:8d:
                    ac:d1:26:44:83:06:06:e3:fc:ba:ce:18:bc:bf:84:
                    d2:75:3e:23:da:9a:27:41:d8:71:d9:68:37:35:b4:
                    bd:0e:1a:dd:2f:5e:bf:0f:a3:d4:7c:a2:55:d9:67:
                    c1:fa:7b:7d:e5:f1:0f:2e:48:ff:98:40:19:c4:77:
                    00:c0:d9:96:43:3e:bc:94:f6:b7:d1:ee:53:00:54:
                    f3:02:34:8c:34:52:e8:99:f4:e3:19:bf:15:b3:de:
                    72:8e:bf:6d:0c:9a:15:c5:24:7e:9b:bd:26:ab:c7:
                    59:f1:ca:9a:8e:95:20:1d:3c:c3:d4:f4:f5:94:5c:
                    ef:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:F0:A8:35:88:3F:D5:75:E2:9E:31:0A:F0:C5:72:E8:02:4E:49:AB
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/YfCoNYg_1XXinjEK8MVy6AJOSas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:2b:65:4f:b3:35:58:10:e0:51:ae:45:e2:6b:d0:10:70:36:
         7d:6c:bc:5a:e8:b4:9b:e5:4e:44:eb:61:c5:63:04:d7:97:76:
         3d:97:7d:02:0b:f9:46:1e:6d:bc:54:0e:5e:48:8c:12:0f:80:
         ce:05:15:ab:d0:91:e8:89:19:7d:56:0c:b5:b4:82:95:eb:78:
         f4:77:6d:2f:6e:8f:70:11:99:14:1a:3f:cb:6c:6c:d4:c5:a2:
         bd:da:f5:74:e1:c7:39:1b:22:53:b0:e0:38:4b:e4:de:ea:03:
         a8:6c:ca:98:88:20:4d:79:c3:8f:4c:16:8f:84:cd:00:51:6d:
         62:33:25:8e:a8:52:48:6a:17:2c:0c:27:61:cd:59:3f:d7:8b:
         29:39:7f:ae:3d:77:a3:d0:68:3c:a6:3e:bc:7c:a4:27:24:7d:
         fc:b7:1a:53:f1:0b:7e:e9:7d:39:bc:20:3c:f9:e7:3f:02:8b:
         f7:28:ee:7e:80:1c:b2:58:a0:b2:ce:48:d0:da:1e:21:37:40:
         10:d4:64:cc:63:9c:27:40:ef:6e:43:0d:0b:1a:ae:d4:4a:d9:
         9d:e9:74:e2:a1:7a:a0:84:5a:73:9c:62:0e:b6:b6:c1:2c:2c:
         d1:1a:02:c2:ef:cf:ec:5e:7b:d8:0d:b9:7f:b6:5f:63:dd:8d:
         8c:87:47:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9hmvbE8yNC9RvutxynQfcsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwNTEwMDgyNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWYwYTgzNTg4M2ZkNTc1ZTI5ZTMxMGFmMGM1NzJlODAyNGU0OWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDBjeZR2dYRvdvpYIef9zL3l0PLO
iqv2QRTZ3ycbJpFBBbsQlzO8KMWnlBlXjcUxnPtoxW1qALfE7T9oEL9eieYwbQ6D
VurCaKURPouTiWcIsR7W2rkzjakVbiP+YLU4I704O7vP2RvrU2fKZnZ1eam+t3qk
jSRjArT4P+WYRT3MhnGPBo2s0SZEgwYG4/y6zhi8v4TSdT4j2ponQdhx2Wg3NbS9
DhrdL16/D6PUfKJV2WfB+nt95fEPLkj/mEAZxHcAwNmWQz68lPa30e5TAFTzAjSM
NFLomfTjGb8Vs95yjr9tDJoVxSR+m70mq8dZ8cqajpUgHTzD1PT1lFzvCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGHwqDWIP9V14p4xCvDFcugCTkmrMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvWWZDb05ZZ18xWFhpbmpFSzhNVnk2QUpPU2FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSf9MA0G
CSqGSIb3DQEBCwUAA4IBAQC/K2VPszVYEOBRrkXia9AQcDZ9bLxa6LSb5U5E62HF
YwTXl3Y9l30CC/lGHm28VA5eSIwSD4DOBRWr0JHoiRl9Vgy1tIKV63j0d20vbo9w
EZkUGj/LbGzUxaK92vV04cc5GyJTsOA4S+Te6gOobMqYiCBNecOPTBaPhM0AUW1i
MyWOqFJIahcsDCdhzVk/14spOX+uPXej0Gg8pj68fKQnJH38txpT8Qt+6X05vCA8
+ec/Aov3KO5+gByyWKCyzkjQ2h4hN0AQ1GTMY5wnQO9uQw0LGq7UStmd6XTioXqg
hFpznGIOtrbBLCzRGgLC78/sXnvYDbl/tl9j3Y2Mh0e/
-----END CERTIFICATE-----