Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/ygYHbSPe3mygJ4hOBzqJdBXgBQY.roa
File:                     ygYHbSPe3mygJ4hOBzqJdBXgBQY.roa (raw, json)
Hash identifier:          OG29UiHThV9rQrBAYAd8Vm9GWSQbrmT42YsieXPSYVs=
Subject key identifier:   CA:06:07:6D:23:DE:DE:6C:A0:27:88:4E:07:3A:89:74:15:E0:05:06
Certificate issuer:       /CN=010a7d4c64aed4bc98c6b5b064ff0a9b82eada82
Certificate serial:       018CC5001AA6004959D82CCCFE062281117D
Authority key identifier: 01:0A:7D:4C:64:AE:D4:BC:98:C6:B5:B0:64:FF:0A:9B:82:EA:DA:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/ygYHbSPe3mygJ4hOBzqJdBXgBQY.roa
Signing time:             Mon 01 Jan 2024 12:29:27 +0000
ROA not before:           Mon 01 Jan 2024 12:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12301
IP address blocks:        91.220.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 18:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:1a:a6:00:49:59:d8:2c:cc:fe:06:22:81:11:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=010a7d4c64aed4bc98c6b5b064ff0a9b82eada82
        Validity
            Not Before: Jan  1 12:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca06076d23dede6ca027884e073a897415e00506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ea:1c:85:59:65:ad:73:3a:39:ba:8d:c3:dd:
                    01:bb:52:2a:c0:50:4b:ae:df:93:57:97:ba:c0:34:
                    f3:59:77:55:34:ab:94:e8:7f:59:71:70:8a:f8:f6:
                    0a:a3:ae:68:3f:a6:f0:62:f3:35:15:00:e0:95:12:
                    1a:c6:4e:76:6a:f7:58:0f:ea:19:e5:e7:e7:04:fb:
                    4c:f9:19:bd:37:79:bc:cd:66:6e:c9:3e:6a:45:f4:
                    d0:23:96:bc:8f:e3:a2:0c:fe:52:63:6b:40:fa:41:
                    03:a5:3a:78:6d:48:93:5a:79:94:ff:3f:85:23:51:
                    a7:4a:64:c8:05:f0:7c:51:23:50:83:f9:5c:21:b0:
                    ca:42:63:15:5d:71:56:4b:96:f1:03:0b:bc:2a:3c:
                    42:98:f8:a6:57:f1:08:16:fa:77:85:6d:83:e6:ab:
                    3a:9d:5e:3e:a5:2d:a5:d1:b1:1d:be:35:18:67:da:
                    c0:a0:ce:e8:6d:f1:54:bb:4c:5c:fe:cf:0c:0d:d4:
                    00:db:8c:ee:ed:b5:5c:a5:47:60:13:4f:d9:62:d5:
                    55:6f:a4:e0:0b:67:6a:b5:1d:ec:3e:82:c9:cf:10:
                    84:55:bc:fc:bc:18:9c:9a:80:93:84:09:5d:f7:6e:
                    98:46:38:71:2f:fc:17:00:7f:af:82:06:e0:6f:85:
                    75:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:06:07:6D:23:DE:DE:6C:A0:27:88:4E:07:3A:89:74:15:E0:05:06
            X509v3 Authority Key Identifier:
                keyid:01:0A:7D:4C:64:AE:D4:BC:98:C6:B5:B0:64:FF:0A:9B:82:EA:DA:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/ygYHbSPe3mygJ4hOBzqJdBXgBQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:ee:cb:23:54:fd:25:25:07:5e:4d:e5:98:2f:7d:e8:b0:24:
         f4:af:e2:23:24:71:15:fb:d9:d0:5d:75:6e:82:a5:89:f1:b1:
         f9:bb:04:3d:e9:ee:7c:10:8c:01:f7:c1:3f:da:45:b2:ea:55:
         69:4a:52:e0:80:17:2d:ee:84:b6:5c:96:3b:2a:30:02:4d:52:
         0e:e1:e8:c2:5c:de:82:80:ab:87:89:9e:92:62:a2:a9:d0:aa:
         f4:2b:d8:23:c7:8e:d4:58:57:4e:a4:22:d5:c7:c4:95:7f:9b:
         bd:3f:eb:44:58:65:04:6a:dd:f3:82:fa:ab:d5:27:6b:b6:72:
         be:77:95:68:39:40:19:0b:5d:84:dc:54:62:b2:75:b3:b2:bc:
         69:31:82:b2:c5:ec:e5:8d:03:f0:dd:23:cb:23:85:10:ff:97:
         c5:9c:d1:f3:86:1d:2f:c9:0c:d2:11:69:74:e0:9e:71:e0:7a:
         1e:02:5f:b2:7f:35:f3:0d:6e:8b:59:3e:f2:4b:e3:c1:8d:39:
         98:9c:39:16:e8:ab:32:d3:ac:38:88:56:b7:05:74:e5:01:a5:
         33:b5:f3:8d:e5:cb:ba:81:98:6f:00:b3:dd:5b:db:0d:f1:7e:
         13:74:aa:e8:2e:e7:77:b7:98:57:02:53:05:bd:5e:c0:13:df:
         f0:ee:c2:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABqmAElZ2CzM/gYigRF9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxMGE3ZDRjNjRhZWQ0YmM5OGM2YjViMDY0ZmYwYTliODJl
YWRhODIwHhcNMjQwMTAxMTIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTA2MDc2ZDIzZGVkZTZjYTAyNzg4NGUwNzNhODk3NDE1ZTAwNTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+ochVllrXM6ObqNw90Bu1IqwFBL
rt+TV5e6wDTzWXdVNKuU6H9ZcXCK+PYKo65oP6bwYvM1FQDglRIaxk52avdYD+oZ
5efnBPtM+Rm9N3m8zWZuyT5qRfTQI5a8j+OiDP5SY2tA+kEDpTp4bUiTWnmU/z+F
I1GnSmTIBfB8USNQg/lcIbDKQmMVXXFWS5bxAwu8KjxCmPimV/EIFvp3hW2D5qs6
nV4+pS2l0bEdvjUYZ9rAoM7obfFUu0xc/s8MDdQA24zu7bVcpUdgE0/ZYtVVb6Tg
C2dqtR3sPoLJzxCEVbz8vBicmoCThAld926YRjhxL/wXAH+vggbgb4V10wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoGB20j3t5soCeITgc6iXQV4AUGMB8GA1UdIwQY
MBaAFAEKfUxkrtS8mMa1sGT/CpuC6tqCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVFwOVRHU3UxTHlZeHJXd1pQOEttNExxMm9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9kMzM2M2UtNDgzMi00ZDU3LTlkYTUt
ZGJmNzZlZDM5MzlmLzEveWdZSGJTUGUzbXlnSjRoT0J6cUpkQlhnQlFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9kMzM2M2UtNDgzMi00ZDU3LTlkYTUtZGJmNzZlZDM5Mzlm
LzEvQVFwOVRHU3UxTHlZeHJXd1pQOEttNExxMm9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9z7MA0G
CSqGSIb3DQEBCwUAA4IBAQCg7ssjVP0lJQdeTeWYL33osCT0r+IjJHEV+9nQXXVu
gqWJ8bH5uwQ96e58EIwB98E/2kWy6lVpSlLggBct7oS2XJY7KjACTVIO4ejCXN6C
gKuHiZ6SYqKp0Kr0K9gjx47UWFdOpCLVx8SVf5u9P+tEWGUEat3zgvqr1SdrtnK+
d5VoOUAZC12E3FRisnWzsrxpMYKyxezljQPw3SPLI4UQ/5fFnNHzhh0vyQzSEWl0
4J5x4HoeAl+yfzXzDW6LWT7yS+PBjTmYnDkW6Ksy06w4iFa3BXTlAaUztfON5cu6
gZhvALPdW9sN8X4TdKroLud3t5hXAlMFvV7AE9/w7sLR
-----END CERTIFICATE-----