Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/Yt_aUWKomWB8QO0oL0hN2qCMOd8.roa
File:                     Yt_aUWKomWB8QO0oL0hN2qCMOd8.roa (raw, json)
Hash identifier:          ZqV3xZEM4e7NnX+oj4R8IBP9JsIvWWBOE5qa7iGIv5Y=
Subject key identifier:   62:DF:DA:51:62:A8:99:60:7C:40:ED:28:2F:48:4D:DA:A0:8C:39:DF
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       01921F6AD8D11044E82134148A006F9A3BDB
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/Yt_aUWKomWB8QO0oL0hN2qCMOd8.roa
Signing time:             Mon 23 Sep 2024 15:05:48 +0000
ROA not before:           Mon 23 Sep 2024 15:05:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        81.161.2.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1f:6a:d8:d1:10:44:e8:21:34:14:8a:00:6f:9a:3b:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Sep 23 15:05:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62dfda5162a899607c40ed282f484ddaa08c39df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:14:e0:d6:14:ee:dd:50:d2:88:63:83:53:bc:
                    6f:22:33:1e:62:e4:13:a6:81:60:f9:76:5c:76:33:
                    06:e2:60:61:ca:69:b1:a5:e5:c5:cd:19:0c:64:54:
                    b1:ee:ba:bd:e9:16:ee:39:8d:40:42:07:67:ce:56:
                    d2:7d:cf:30:e7:2a:eb:3f:23:04:d1:90:df:42:22:
                    c1:95:f1:9f:fa:66:38:a4:74:52:d7:9c:2a:fa:7e:
                    be:2a:1b:55:4e:48:d7:63:a3:2f:06:73:b2:9a:30:
                    30:bf:2b:52:68:a6:25:fb:19:73:14:47:00:e3:74:
                    02:8b:fc:e6:c1:ac:cd:e4:d0:63:64:c9:b0:d7:0a:
                    f3:09:fa:46:02:4a:40:8e:9a:3f:36:bb:7d:4b:13:
                    96:c4:85:46:33:9c:4c:24:c8:01:30:a2:7f:56:c2:
                    3e:c3:51:24:63:95:27:7c:79:e6:cb:26:f1:fe:c4:
                    5c:c6:b4:d6:dd:25:22:24:2b:38:15:b7:b3:c6:71:
                    fe:28:d4:f4:a4:f6:a6:78:43:9e:54:c3:c2:1e:2d:
                    f9:b9:a4:33:66:65:34:cf:49:38:88:60:52:1a:8a:
                    f3:e9:2b:c0:08:6b:4e:48:9f:12:e1:74:6f:b8:fa:
                    c8:e3:01:0f:a7:ff:83:54:7e:21:f8:9c:f8:b5:4f:
                    56:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:DF:DA:51:62:A8:99:60:7C:40:ED:28:2F:48:4D:DA:A0:8C:39:DF
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/Yt_aUWKomWB8QO0oL0hN2qCMOd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.161.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:9a:ef:24:a9:15:b5:24:05:c9:79:54:29:0c:cd:77:b1:d6:
         6b:17:d6:48:c3:8b:ea:34:b7:d9:1a:25:49:1c:8c:b0:92:a5:
         49:1b:28:fa:63:f2:95:a3:d8:97:6e:37:f8:31:9b:5c:b0:f9:
         ac:67:31:2b:e3:21:0f:98:6d:6e:d0:ae:07:6b:bf:92:1b:21:
         a2:9d:29:2b:0b:02:10:47:44:71:17:ee:3e:a5:d4:1d:88:55:
         c1:1d:6d:71:e6:f2:4d:f8:57:73:ac:21:1c:65:fb:59:59:d2:
         22:24:db:bc:a4:88:25:1e:c9:e2:7b:2e:3d:f6:36:3d:54:51:
         54:6a:ad:c1:57:6a:5e:67:ec:99:aa:ad:4b:a3:bf:97:bd:97:
         ae:c8:4e:b3:5b:a0:bb:28:8a:5a:e8:a1:09:b5:98:f7:20:c9:
         74:8d:35:9f:b5:1b:75:9d:c8:ed:9f:04:32:94:fd:3b:67:a8:
         4c:85:64:13:67:c5:73:73:f5:ca:2f:0f:d8:a0:14:7e:0a:d0:
         2b:e6:df:ff:c9:47:9a:24:47:0d:eb:ba:6f:90:5a:39:87:b5:
         bb:60:3c:21:f8:80:db:b1:11:c2:2e:bb:b2:75:0f:ac:d8:b9:
         da:bc:9f:b9:73:56:f1:ec:27:bb:93:23:7f:02:dd:ff:69:f1:
         b6:18:86:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIfatjREEToITQUigBvmjvbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjQwOTIzMTUwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmRmZGE1MTYyYTg5OTYwN2M0MGVkMjgyZjQ4NGRkYWEwOGMzOWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxTg1hTu3VDSiGODU7xvIjMeYuQT
poFg+XZcdjMG4mBhymmxpeXFzRkMZFSx7rq96RbuOY1AQgdnzlbSfc8w5yrrPyME
0ZDfQiLBlfGf+mY4pHRS15wq+n6+KhtVTkjXY6MvBnOymjAwvytSaKYl+xlzFEcA
43QCi/zmwazN5NBjZMmw1wrzCfpGAkpAjpo/Nrt9SxOWxIVGM5xMJMgBMKJ/VsI+
w1EkY5UnfHnmyybx/sRcxrTW3SUiJCs4FbezxnH+KNT0pPameEOeVMPCHi35uaQz
ZmU0z0k4iGBSGorz6SvACGtOSJ8S4XRvuPrI4wEPp/+DVH4h+Jz4tU9WSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLf2lFiqJlgfEDtKC9ITdqgjDnfMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvWXRfYVVXS29tV0I4UU8wb0wwaE4ycUNNT2Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUaECMA0G
CSqGSIb3DQEBCwUAA4IBAQB8mu8kqRW1JAXJeVQpDM13sdZrF9ZIw4vqNLfZGiVJ
HIywkqVJGyj6Y/KVo9iXbjf4MZtcsPmsZzEr4yEPmG1u0K4Ha7+SGyGinSkrCwIQ
R0RxF+4+pdQdiFXBHW1x5vJN+FdzrCEcZftZWdIiJNu8pIglHsniey499jY9VFFU
aq3BV2peZ+yZqq1Lo7+XvZeuyE6zW6C7KIpa6KEJtZj3IMl0jTWftRt1ncjtnwQy
lP07Z6hMhWQTZ8Vzc/XKLw/YoBR+CtAr5t//yUeaJEcN67pvkFo5h7W7YDwh+IDb
sRHCLruydQ+s2LnavJ+5c1bx7Ce7kyN/At3/afG2GIZU
-----END CERTIFICATE-----