Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/663b4d-b80e-4946-84c4-7408eb8bc586/1/yFHwIReZ6vnMVavP8bqKJICsZIk.roa
File:                     yFHwIReZ6vnMVavP8bqKJICsZIk.roa (raw, json)
Hash identifier:          Ia3Olpd27WfBOLSVVrL5iOxBYpBL7Y5aRk466htGwAY=
Subject key identifier:   C8:51:F0:21:17:99:EA:F9:CC:55:AB:CF:F1:BA:8A:24:80:AC:64:89
Certificate issuer:       /CN=64fa66fb84a781a0584fd0d1c2df39bda4760519
Certificate serial:       018CC4933A7D0AF3110A60C8BBB6DD63DFA3
Authority key identifier: 64:FA:66:FB:84:A7:81:A0:58:4F:D0:D1:C2:DF:39:BD:A4:76:05:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZPpm-4SngaBYT9DRwt85vaR2BRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/663b4d-b80e-4946-84c4-7408eb8bc586/1/yFHwIReZ6vnMVavP8bqKJICsZIk.roa
Signing time:             Mon 01 Jan 2024 10:30:32 +0000
ROA not before:           Mon 01 Jan 2024 10:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        89.43.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/663b4d-b80e-4946-84c4-7408eb8bc586/1/ZPpm-4SngaBYT9DRwt85vaR2BRk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/663b4d-b80e-4946-84c4-7408eb8bc586/1/ZPpm-4SngaBYT9DRwt85vaR2BRk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZPpm-4SngaBYT9DRwt85vaR2BRk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:3a:7d:0a:f3:11:0a:60:c8:bb:b6:dd:63:df:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64fa66fb84a781a0584fd0d1c2df39bda4760519
        Validity
            Not Before: Jan  1 10:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c851f0211799eaf9cc55abcff1ba8a2480ac6489
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:4d:cb:7d:a5:28:f2:9e:28:2a:89:fc:3d:68:
                    da:b7:fb:ed:99:b7:10:87:d5:a0:3f:b9:31:bf:f2:
                    be:cb:a9:e4:76:68:3b:7e:67:0f:68:dd:25:65:63:
                    54:4a:b1:a3:af:03:65:2e:c3:3c:55:c6:c7:2e:18:
                    e0:ff:61:1f:db:50:d9:d9:e2:ae:78:d5:27:ec:26:
                    a5:e5:03:d5:07:f2:7e:33:46:b0:fb:69:be:31:db:
                    b2:0e:0c:f2:94:49:af:84:37:fc:86:80:cd:13:0b:
                    e2:4e:4b:35:c6:59:6a:4a:47:dd:d5:0a:f2:6a:7f:
                    eb:ba:17:72:de:ff:b9:6e:b1:f1:e3:ff:37:8f:5f:
                    65:29:72:75:41:07:2c:3f:5e:ef:b2:51:4f:6a:af:
                    e7:49:e2:43:46:35:97:36:93:fa:b8:2d:11:86:05:
                    93:72:46:df:88:20:54:7c:e8:cb:6b:44:fb:02:55:
                    bd:fa:c8:07:1a:aa:50:bd:29:3e:f7:23:5c:f1:9d:
                    09:49:83:17:88:8a:3f:b0:27:85:f0:98:be:b2:a3:
                    b1:65:af:df:7a:29:2b:b5:89:41:94:35:0f:13:ad:
                    62:77:89:4b:a1:81:e5:c7:73:a4:0e:b9:d1:d5:4a:
                    ee:1e:47:b6:fd:32:fa:1d:8b:79:26:b3:b1:ec:b5:
                    68:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:51:F0:21:17:99:EA:F9:CC:55:AB:CF:F1:BA:8A:24:80:AC:64:89
            X509v3 Authority Key Identifier:
                keyid:64:FA:66:FB:84:A7:81:A0:58:4F:D0:D1:C2:DF:39:BD:A4:76:05:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZPpm-4SngaBYT9DRwt85vaR2BRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/663b4d-b80e-4946-84c4-7408eb8bc586/1/yFHwIReZ6vnMVavP8bqKJICsZIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/663b4d-b80e-4946-84c4-7408eb8bc586/1/ZPpm-4SngaBYT9DRwt85vaR2BRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:4b:80:24:90:ba:3a:1e:d5:c2:ac:69:58:a4:21:80:ba:c6:
         40:1e:c2:b4:1e:d8:8c:43:89:cd:54:68:52:bc:95:9f:36:ab:
         32:80:33:4d:50:7e:38:d3:bf:88:af:b2:cd:f8:90:41:e5:f1:
         99:37:01:41:b8:81:7e:1f:4c:e3:69:4d:39:2b:43:49:27:45:
         25:c7:44:b4:87:da:68:d8:77:0f:85:4d:22:a1:dd:da:74:34:
         a3:e1:31:74:f7:b2:a9:d1:1a:7a:c2:2d:d1:64:92:81:b4:94:
         1f:b2:7a:6c:de:ea:e7:04:b3:69:70:fa:50:b2:01:b2:e8:9d:
         04:00:9c:47:72:7a:3f:2d:5f:d8:f8:73:e1:7a:a6:7e:9d:86:
         fd:bd:5f:2c:5d:6a:77:1c:77:24:3c:8d:5d:07:05:96:10:80:
         88:6c:76:b8:68:83:6b:41:d4:4c:7e:d5:5c:15:a8:e3:7c:d1:
         79:f8:d6:73:a1:eb:a5:10:f6:fc:7f:50:5a:68:0b:17:b5:6f:
         10:f5:63:f4:68:50:a6:ed:f9:ec:a1:18:70:24:33:ed:d5:8d:
         fd:f0:00:ea:b1:4b:aa:6f:76:d8:72:a7:ab:d3:3c:2b:06:9e:
         82:46:66:10:83:cb:45:eb:43:85:81:f3:7d:e8:1c:25:ef:be:
         52:f9:fb:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkzp9CvMRCmDIu7bdY9+jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZmE2NmZiODRhNzgxYTA1ODRmZDBkMWMyZGYzOWJkYTQ3
NjA1MTkwHhcNMjQwMTAxMTAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODUxZjAyMTE3OTllYWY5Y2M1NWFiY2ZmMWJhOGEyNDgwYWM2NDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgk3LfaUo8p4oKon8PWjat/vtmbcQ
h9WgP7kxv/K+y6nkdmg7fmcPaN0lZWNUSrGjrwNlLsM8VcbHLhjg/2Ef21DZ2eKu
eNUn7Cal5QPVB/J+M0aw+2m+MduyDgzylEmvhDf8hoDNEwviTks1xllqSkfd1Qry
an/ruhdy3v+5brHx4/83j19lKXJ1QQcsP17vslFPaq/nSeJDRjWXNpP6uC0RhgWT
ckbfiCBUfOjLa0T7AlW9+sgHGqpQvSk+9yNc8Z0JSYMXiIo/sCeF8Ji+sqOxZa/f
eikrtYlBlDUPE61id4lLoYHlx3OkDrnR1UruHke2/TL6HYt5JrOx7LVo1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhR8CEXmer5zFWrz/G6iiSArGSJMB8GA1UdIwQY
MBaAFGT6ZvuEp4GgWE/Q0cLfOb2kdgUZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlBwbS00U25nYUJZVDlEUnd0ODV2YVIyQlJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi82NjNiNGQtYjgwZS00OTQ2LTg0YzQt
NzQwOGViOGJjNTg2LzEveUZId0lSZVo2dm5NVmF2UDhicUtKSUNzWklrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi82NjNiNGQtYjgwZS00OTQ2LTg0YzQtNzQwOGViOGJjNTg2
LzEvWlBwbS00U25nYUJZVDlEUnd0ODV2YVIyQlJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSsiMA0G
CSqGSIb3DQEBCwUAA4IBAQDWS4AkkLo6HtXCrGlYpCGAusZAHsK0HtiMQ4nNVGhS
vJWfNqsygDNNUH4407+Ir7LN+JBB5fGZNwFBuIF+H0zjaU05K0NJJ0Ulx0S0h9po
2HcPhU0iod3adDSj4TF097Kp0Rp6wi3RZJKBtJQfsnps3urnBLNpcPpQsgGy6J0E
AJxHcno/LV/Y+HPheqZ+nYb9vV8sXWp3HHckPI1dBwWWEICIbHa4aINrQdRMftVc
FajjfNF5+NZzoeulEPb8f1BaaAsXtW8Q9WP0aFCm7fnsoRhwJDPt1Y398ADqsUuq
b3bYcqer0zwrBp6CRmYQg8tF60OFgfN96Bwl775S+fuS
-----END CERTIFICATE-----