Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/yuPuMgiOTDY-g2k5Ie42nqCNDn4.roa
File:                     yuPuMgiOTDY-g2k5Ie42nqCNDn4.roa (raw, json)
Hash identifier:          5WdFqnb0YXoS4/t5ms6Yy3vRVxvCVrPpJhvxtFYOKTk=
Subject key identifier:   CA:E3:EE:32:08:8E:4C:36:3E:83:69:39:21:EE:36:9E:A0:8D:0E:7E
Certificate issuer:       /CN=8dc69c6bbe89e7c0479b617744a4424f66674944
Certificate serial:       018CCA2A2968DB2D4603D0A96B955193347C
Authority key identifier: 8D:C6:9C:6B:BE:89:E7:C0:47:9B:61:77:44:A4:42:4F:66:67:49:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jcaca76J58BHm2F3RKRCT2ZnSUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/yuPuMgiOTDY-g2k5Ie42nqCNDn4.roa
Signing time:             Tue 02 Jan 2024 12:33:29 +0000
ROA not before:           Tue 02 Jan 2024 12:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199239
IP address blocks:        91.92.115.0/24 maxlen: 24
                          85.202.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/jcaca76J58BHm2F3RKRCT2ZnSUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/jcaca76J58BHm2F3RKRCT2ZnSUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jcaca76J58BHm2F3RKRCT2ZnSUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:29:68:db:2d:46:03:d0:a9:6b:95:51:93:34:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8dc69c6bbe89e7c0479b617744a4424f66674944
        Validity
            Not Before: Jan  2 12:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cae3ee32088e4c363e83693921ee369ea08d0e7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d9:45:01:ca:cd:41:9e:46:30:16:d2:05:08:
                    da:a8:c9:1d:1f:f4:ed:56:66:70:df:db:ea:2c:c1:
                    83:ec:b1:c0:e1:9d:36:a6:d6:57:fb:cd:0f:1d:82:
                    81:31:09:2b:7e:cc:68:00:30:83:4f:b8:eb:bc:f7:
                    4e:5e:16:c6:d1:6b:b1:e5:73:13:21:ab:4a:72:97:
                    57:a7:3d:17:f0:0b:50:d3:0e:1b:4a:6c:c2:83:b2:
                    68:14:ee:49:ab:ff:6d:6c:4d:a4:ff:ff:12:43:bb:
                    21:af:55:4c:73:3d:85:bb:3b:9b:df:b6:f2:1c:7d:
                    29:72:69:ce:53:7b:91:12:c4:89:0a:c6:b6:6e:be:
                    5d:5c:bf:41:1f:9e:b5:07:d6:0e:5f:1f:e8:5d:49:
                    02:28:d2:f0:47:24:a9:02:b8:06:e9:95:eb:d4:2b:
                    cc:9a:bb:b8:09:d3:ba:f6:38:af:b2:e0:98:d1:75:
                    da:72:be:00:2e:c5:ce:a3:cd:fe:d7:a9:0b:88:3a:
                    40:e9:dc:fe:dd:1b:3a:c0:a2:fe:27:03:e2:b0:7c:
                    da:f4:f4:2e:aa:df:88:17:08:60:12:2a:25:d0:7a:
                    12:cd:06:a5:99:5d:ce:32:95:18:5d:81:b2:1d:bf:
                    39:86:64:00:08:79:a0:e5:d8:26:67:3c:10:43:7b:
                    e6:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:E3:EE:32:08:8E:4C:36:3E:83:69:39:21:EE:36:9E:A0:8D:0E:7E
            X509v3 Authority Key Identifier:
                keyid:8D:C6:9C:6B:BE:89:E7:C0:47:9B:61:77:44:A4:42:4F:66:67:49:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jcaca76J58BHm2F3RKRCT2ZnSUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/yuPuMgiOTDY-g2k5Ie42nqCNDn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/jcaca76J58BHm2F3RKRCT2ZnSUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.95.0/24
                  91.92.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:43:a6:4c:35:22:d7:51:f2:ea:43:4a:45:3a:56:16:13:8a:
         a6:55:d1:d5:55:b3:ee:05:1e:5d:05:94:b4:60:0d:8a:81:e7:
         2e:98:df:6e:93:8c:3b:09:e8:f3:3e:f6:76:79:a2:7b:1e:f3:
         52:c0:82:8c:59:ee:a8:5f:5f:fd:7f:2d:1c:2c:9d:b1:22:b9:
         5b:27:12:8d:3f:e9:4b:b8:8b:57:f7:5a:a9:57:34:d3:8e:1f:
         4f:39:8c:4a:60:fa:66:1c:54:1c:77:98:7a:48:8e:db:fa:73:
         ad:cf:76:ed:16:6a:5c:fd:5d:cf:bd:cd:94:1c:8a:7d:bc:92:
         5d:5f:9a:2e:48:3d:96:90:1f:0a:47:8f:64:d1:df:b5:c5:d7:
         25:c7:e3:49:a8:6d:b5:34:a6:89:af:9c:8a:62:0a:03:ae:0b:
         ec:51:55:89:4a:3e:c1:d8:15:dd:08:fd:d2:5b:0f:c9:c9:70:
         92:5f:51:4f:d9:11:59:42:7e:49:60:89:54:4e:45:85:2c:84:
         d7:31:ac:b9:ff:b6:a2:ed:6f:b9:cd:6e:42:4d:e2:78:40:53:
         90:5d:47:84:51:76:07:47:fe:4c:71:37:a5:c1:26:93:e8:b2:
         27:c7:34:34:f1:65:74:50:b0:ae:84:a9:88:92:52:cc:26:02:
         9a:43:8d:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKilo2y1GA9Cpa5VRkzR8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYzY5YzZiYmU4OWU3YzA0NzliNjE3NzQ0YTQ0MjRmNjY2
NzQ5NDQwHhcNMjQwMTAyMTIzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWUzZWUzMjA4OGU0YzM2M2U4MzY5MzkyMWVlMzY5ZWEwOGQwZTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9lFAcrNQZ5GMBbSBQjaqMkdH/Tt
VmZw39vqLMGD7LHA4Z02ptZX+80PHYKBMQkrfsxoADCDT7jrvPdOXhbG0Wux5XMT
IatKcpdXpz0X8AtQ0w4bSmzCg7JoFO5Jq/9tbE2k//8SQ7shr1VMcz2Fuzub37by
HH0pcmnOU3uREsSJCsa2br5dXL9BH561B9YOXx/oXUkCKNLwRySpArgG6ZXr1CvM
mru4CdO69jivsuCY0XXacr4ALsXOo83+16kLiDpA6dz+3Rs6wKL+JwPisHza9PQu
qt+IFwhgEiol0HoSzQalmV3OMpUYXYGyHb85hmQACHmg5dgmZzwQQ3vmTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMrj7jIIjkw2PoNpOSHuNp6gjQ5+MB8GA1UdIwQY
MBaAFI3GnGu+iefAR5thd0SkQk9mZ0lEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamNhY2E3Nko1OEJIbTJGM1JLUkNUMlpuU1VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8yM2RiNWMtMWExMC00NGM2LTlkNzct
YmI1Y2FhYzJlOTAzLzEveXVQdU1naU9URFktZzJrNUllNDJucUNORG40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8yM2RiNWMtMWExMC00NGM2LTlkNzctYmI1Y2FhYzJlOTAz
LzEvamNhY2E3Nko1OEJIbTJGM1JLUkNUMlpuU1VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVcpfAwQA
W1xzMA0GCSqGSIb3DQEBCwUAA4IBAQB6Q6ZMNSLXUfLqQ0pFOlYWE4qmVdHVVbPu
BR5dBZS0YA2KgecumN9uk4w7CejzPvZ2eaJ7HvNSwIKMWe6oX1/9fy0cLJ2xIrlb
JxKNP+lLuItX91qpVzTTjh9POYxKYPpmHFQcd5h6SI7b+nOtz3btFmpc/V3Pvc2U
HIp9vJJdX5ouSD2WkB8KR49k0d+1xdclx+NJqG21NKaJr5yKYgoDrgvsUVWJSj7B
2BXdCP3SWw/JyXCSX1FP2RFZQn5JYIlUTkWFLITXMay5/7ai7W+5zW5CTeJ4QFOQ
XUeEUXYHR/5McTelwSaT6LInxzQ08WV0ULCuhKmIklLMJgKaQ42T
-----END CERTIFICATE-----