Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/61a0a9-c466-469c-afbe-8fed50909770/1/ypmW8onlmC65ZNCFGexcmBv7SII.roa
File:                     ypmW8onlmC65ZNCFGexcmBv7SII.roa (raw, json)
Hash identifier:          HIJfX8EOYqIGTk36MD+GlcTgx0ueucdlEL9Zju/dBOA=
Subject key identifier:   CA:99:96:F2:89:E5:98:2E:B9:64:D0:85:19:EC:5C:98:1B:FB:48:82
Certificate issuer:       /CN=990a80968e4c9603ca2b13dd1d1465965d8f3dbf
Certificate serial:       018CC5011AB8113591B3871716ECEFCCC557
Authority key identifier: 99:0A:80:96:8E:4C:96:03:CA:2B:13:DD:1D:14:65:96:5D:8F:3D:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mQqAlo5MlgPKKxPdHRRlll2PPb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/61a0a9-c466-469c-afbe-8fed50909770/1/ypmW8onlmC65ZNCFGexcmBv7SII.roa
Signing time:             Mon 01 Jan 2024 12:30:32 +0000
ROA not before:           Mon 01 Jan 2024 12:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42659
IP address blocks:        194.110.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/61a0a9-c466-469c-afbe-8fed50909770/1/mQqAlo5MlgPKKxPdHRRlll2PPb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/61a0a9-c466-469c-afbe-8fed50909770/1/mQqAlo5MlgPKKxPdHRRlll2PPb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mQqAlo5MlgPKKxPdHRRlll2PPb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1a:b8:11:35:91:b3:87:17:16:ec:ef:cc:c5:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=990a80968e4c9603ca2b13dd1d1465965d8f3dbf
        Validity
            Not Before: Jan  1 12:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca9996f289e5982eb964d08519ec5c981bfb4882
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:95:bc:8e:fe:5d:1c:37:b5:53:79:a8:02:d7:
                    37:8f:5f:61:06:5b:d1:b1:dc:f5:14:62:0b:16:81:
                    f5:e9:25:09:80:24:cd:5f:b7:ab:05:fb:1b:77:f5:
                    fb:b8:d5:1c:e7:8f:97:cf:2c:44:e8:d9:94:db:28:
                    9e:8c:04:90:9f:27:8e:59:e7:ed:26:4a:fb:3c:49:
                    c4:ff:61:08:79:35:f1:88:8e:c8:07:72:a7:1c:d7:
                    8c:0d:7b:08:2a:cb:4a:35:4f:a0:ee:c3:95:0e:4a:
                    bd:b0:24:58:c4:de:05:28:1b:37:2f:f3:4f:49:cd:
                    96:10:ab:bf:8f:f4:91:28:8b:4d:7b:54:17:95:81:
                    3b:5d:3a:e4:72:69:f0:a3:f5:05:14:4f:fa:9f:f9:
                    c9:7a:d1:63:9d:60:ea:1c:a7:47:74:43:68:e4:9a:
                    5d:51:73:43:ab:0c:b2:13:6d:b4:50:78:28:b4:11:
                    36:1e:d7:5c:bd:41:6e:c4:b6:cd:73:3b:5a:ca:0c:
                    a6:38:83:c4:87:78:ca:21:54:50:45:49:bb:21:dc:
                    28:98:db:6b:e2:18:a9:37:b9:71:bf:4f:0b:ce:3b:
                    cc:03:9c:78:da:c1:58:12:ef:23:c5:88:c8:98:b2:
                    7a:6b:0e:ca:44:06:de:26:1a:f9:cd:de:4a:e1:f5:
                    43:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:99:96:F2:89:E5:98:2E:B9:64:D0:85:19:EC:5C:98:1B:FB:48:82
            X509v3 Authority Key Identifier:
                keyid:99:0A:80:96:8E:4C:96:03:CA:2B:13:DD:1D:14:65:96:5D:8F:3D:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mQqAlo5MlgPKKxPdHRRlll2PPb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/61a0a9-c466-469c-afbe-8fed50909770/1/ypmW8onlmC65ZNCFGexcmBv7SII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/61a0a9-c466-469c-afbe-8fed50909770/1/mQqAlo5MlgPKKxPdHRRlll2PPb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:43:52:37:2d:69:f0:f7:42:0c:bb:ff:76:d5:2b:9d:bc:bc:
         90:17:4e:49:76:93:92:33:fa:af:c5:ac:dc:5b:b8:c0:56:0e:
         dd:f3:21:13:6f:6a:77:6d:b0:59:e2:dc:1a:ef:50:6a:b3:57:
         20:7f:5a:bc:ba:75:b6:ba:de:0f:f8:c1:b5:76:31:a0:5e:e1:
         2d:06:21:f9:db:ee:ae:23:cc:c9:3a:e3:d3:be:8c:4d:45:e5:
         64:d3:2a:de:f7:4f:b8:f2:ba:fc:0e:b7:2b:8e:f2:95:89:27:
         60:8c:bf:7f:bf:3c:f3:c5:d2:0d:2a:d3:95:55:4f:2c:6b:cc:
         6f:89:fd:83:db:68:a8:bd:fb:93:33:81:0a:63:55:b4:b7:ae:
         13:48:08:d5:e5:39:df:0d:a6:ea:44:51:c4:48:97:18:9c:1d:
         32:d3:59:6c:f3:28:41:e3:ff:a6:85:94:21:6b:61:2d:9b:a5:
         39:40:76:bb:3a:bf:64:55:8c:14:95:0e:30:24:3d:60:9f:da:
         e7:b5:93:98:c1:6d:fc:37:41:7f:54:d6:12:25:3f:d9:6c:7e:
         b3:cc:8b:f0:94:e1:78:ae:6e:62:fc:50:40:bd:71:d6:0f:ee:
         00:7f:c1:38:cb:8f:93:45:c3:49:dd:5d:f9:d2:16:8f:7f:89:
         01:f2:3b:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARq4ETWRs4cXFuzvzMVXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MGE4MDk2OGU0Yzk2MDNjYTJiMTNkZDFkMTQ2NTk2NWQ4
ZjNkYmYwHhcNMjQwMTAxMTIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTk5OTZmMjg5ZTU5ODJlYjk2NGQwODUxOWVjNWM5ODFiZmI0ODgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpW8jv5dHDe1U3moAtc3j19hBlvR
sdz1FGILFoH16SUJgCTNX7erBfsbd/X7uNUc54+XzyxE6NmU2yiejASQnyeOWeft
Jkr7PEnE/2EIeTXxiI7IB3KnHNeMDXsIKstKNU+g7sOVDkq9sCRYxN4FKBs3L/NP
Sc2WEKu/j/SRKItNe1QXlYE7XTrkcmnwo/UFFE/6n/nJetFjnWDqHKdHdENo5Jpd
UXNDqwyyE220UHgotBE2HtdcvUFuxLbNcztaygymOIPEh3jKIVRQRUm7IdwomNtr
4hipN7lxv08LzjvMA5x42sFYEu8jxYjImLJ6aw7KRAbeJhr5zd5K4fVDbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqZlvKJ5ZguuWTQhRnsXJgb+0iCMB8GA1UdIwQY
MBaAFJkKgJaOTJYDyisT3R0UZZZdjz2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVFxQWxvNU1sZ1BLS3hQZEhSUmxsbDJQUGI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC82MWEwYTktYzQ2Ni00NjljLWFmYmUt
OGZlZDUwOTA5NzcwLzEveXBtVzhvbmxtQzY1Wk5DRkdleGNtQnY3U0lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC82MWEwYTktYzQ2Ni00NjljLWFmYmUtOGZlZDUwOTA5Nzcw
LzEvbVFxQWxvNU1sZ1BLS3hQZEhSUmxsbDJQUGI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm6IMA0G
CSqGSIb3DQEBCwUAA4IBAQCNQ1I3LWnw90IMu/921SudvLyQF05JdpOSM/qvxazc
W7jAVg7d8yETb2p3bbBZ4twa71Bqs1cgf1q8unW2ut4P+MG1djGgXuEtBiH52+6u
I8zJOuPTvoxNReVk0yre90+48rr8DrcrjvKViSdgjL9/vzzzxdINKtOVVU8sa8xv
if2D22iovfuTM4EKY1W0t64TSAjV5TnfDabqRFHESJcYnB0y01ls8yhB4/+mhZQh
a2Etm6U5QHa7Or9kVYwUlQ4wJD1gn9rntZOYwW38N0F/VNYSJT/ZbH6zzIvwlOF4
rm5i/FBAvXHWD+4Af8E4y4+TRcNJ3V350haPf4kB8jvB
-----END CERTIFICATE-----