Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/YCJMq-lYbdUOh4b_aZUO_wRTw1o.roa
File:                     YCJMq-lYbdUOh4b_aZUO_wRTw1o.roa (raw, json)
Hash identifier:          SdVt0idG3tSjk95PUdd5FD6O0gH5jj69TDwm9+IBpts=
Subject key identifier:   60:22:4C:AB:E9:58:6D:D5:0E:87:86:FF:69:95:0E:FF:04:53:C3:5A
Certificate issuer:       /CN=65a665b90069bd71850602e7400c529793269e39
Certificate serial:       0190ACE0D69F7F28FD828133535DE3840230
Authority key identifier: 65:A6:65:B9:00:69:BD:71:85:06:02:E7:40:0C:52:97:93:26:9E:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/YCJMq-lYbdUOh4b_aZUO_wRTw1o.roa
Signing time:             Sat 13 Jul 2024 16:15:34 +0000
ROA not before:           Sat 13 Jul 2024 16:15:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208555
IP address blocks:        80.75.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ac:e0:d6:9f:7f:28:fd:82:81:33:53:5d:e3:84:02:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65a665b90069bd71850602e7400c529793269e39
        Validity
            Not Before: Jul 13 16:15:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60224cabe9586dd50e8786ff69950eff0453c35a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f8:ef:ec:2d:2b:f0:19:8b:c0:da:78:cb:76:
                    8e:e8:9b:2d:23:92:80:80:4b:d9:af:61:04:86:44:
                    10:9b:4b:64:0b:0e:01:00:a2:bc:02:00:b0:f8:44:
                    81:03:91:53:5e:33:d1:ea:05:f3:d9:86:d2:8a:a0:
                    ed:8e:07:0d:0f:99:d8:a3:02:a1:b5:0d:c3:ee:ff:
                    94:c2:9e:08:8e:1b:0a:5a:36:14:4c:dc:f2:a6:f0:
                    39:12:db:84:84:23:1e:92:12:63:df:41:85:5c:2f:
                    2d:28:bf:2e:b4:e0:88:87:c3:24:42:28:43:1f:dd:
                    25:f3:3c:13:d2:71:ce:25:0f:c5:a1:0a:01:13:48:
                    59:e4:ac:db:26:fb:d3:72:11:72:b6:28:1d:a2:fc:
                    0c:3c:0d:78:61:7e:30:79:71:c5:18:b3:fc:3c:1c:
                    52:eb:88:c1:c4:e8:44:d8:85:60:f7:cc:28:96:55:
                    a6:f8:37:cc:06:0a:51:e4:52:0d:14:73:82:49:f9:
                    71:8b:9b:09:d7:70:06:75:a9:f4:da:a6:51:0a:ef:
                    a6:66:27:19:40:3f:1e:0e:82:a1:c3:b3:1c:1a:68:
                    6b:c8:9e:a0:0e:cb:01:3b:c6:a3:4d:ce:c4:b7:8e:
                    72:4e:aa:99:1c:52:49:d4:20:52:63:86:32:a1:54:
                    a6:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:22:4C:AB:E9:58:6D:D5:0E:87:86:FF:69:95:0E:FF:04:53:C3:5A
            X509v3 Authority Key Identifier:
                keyid:65:A6:65:B9:00:69:BD:71:85:06:02:E7:40:0C:52:97:93:26:9E:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/YCJMq-lYbdUOh4b_aZUO_wRTw1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:dd:80:2d:c6:26:2e:86:91:77:ee:e9:20:39:e0:76:c8:ee:
         ea:90:f9:8c:45:92:6e:3d:41:3a:c4:06:1e:9f:11:23:ab:60:
         ca:82:88:22:07:97:6d:d5:1d:d5:8e:76:6d:62:60:17:78:c9:
         46:0b:d2:27:de:a7:81:76:d5:72:a1:4c:de:d7:d9:30:7c:e0:
         e5:92:df:01:22:15:93:32:23:b7:84:ad:02:06:7f:db:8c:cb:
         33:1c:61:55:e1:07:04:7f:a4:de:ab:9b:3a:0a:b1:fe:28:cc:
         c9:87:da:2e:33:7e:8c:23:d5:e4:83:90:16:e5:ac:a9:65:c0:
         e7:46:de:56:aa:96:74:ea:01:63:53:60:51:6a:f7:30:9b:05:
         3b:71:7f:be:7b:1e:b5:3b:65:db:98:c1:0b:ff:a1:21:f2:5a:
         0d:2e:67:4f:da:61:a3:6f:38:06:3a:47:97:17:e1:15:57:eb:
         30:c7:f6:b8:e3:41:e6:a1:91:48:1e:5c:49:34:85:6a:bb:0d:
         4f:f0:43:46:1a:62:45:56:6f:ed:52:8f:f3:29:be:5c:21:02:
         3f:d1:91:c7:ec:07:1f:c5:f7:5a:87:5c:a6:5a:bb:00:c8:00:
         f1:39:0c:71:0b:1a:dc:ca:98:12:2e:15:e9:de:22:a6:63:17:
         e8:b5:47:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCs4Naffyj9goEzU13jhAIwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YTY2NWI5MDA2OWJkNzE4NTA2MDJlNzQwMGM1Mjk3OTMy
NjllMzkwHhcNMjQwNzEzMTYxNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDIyNGNhYmU5NTg2ZGQ1MGU4Nzg2ZmY2OTk1MGVmZjA0NTNjMzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/jv7C0r8BmLwNp4y3aO6JstI5KA
gEvZr2EEhkQQm0tkCw4BAKK8AgCw+ESBA5FTXjPR6gXz2YbSiqDtjgcND5nYowKh
tQ3D7v+Uwp4IjhsKWjYUTNzypvA5EtuEhCMekhJj30GFXC8tKL8utOCIh8MkQihD
H90l8zwT0nHOJQ/FoQoBE0hZ5KzbJvvTchFytigdovwMPA14YX4weXHFGLP8PBxS
64jBxOhE2IVg98wollWm+DfMBgpR5FINFHOCSflxi5sJ13AGdan02qZRCu+mZicZ
QD8eDoKhw7McGmhryJ6gDssBO8ajTc7Et45yTqqZHFJJ1CBSY4YyoVSmSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGAiTKvpWG3VDoeG/2mVDv8EU8NaMB8GA1UdIwQY
MBaAFGWmZbkAab1xhQYC50AMUpeTJp45MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmFabHVRQnB2WEdGQmdMblFBeFNsNU1tbmprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lNmQ4ODAtMzkwMy00YTExLWJhMjct
Yzk0NTdlYzgxMTUxLzEvWUNKTXEtbFliZFVPaDRiX2FaVU9fd1JUdzFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lNmQ4ODAtMzkwMy00YTExLWJhMjctYzk0NTdlYzgxMTUx
LzEvWmFabHVRQnB2WEdGQmdMblFBeFNsNU1tbmprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEvVMA0G
CSqGSIb3DQEBCwUAA4IBAQA13YAtxiYuhpF37ukgOeB2yO7qkPmMRZJuPUE6xAYe
nxEjq2DKgogiB5dt1R3VjnZtYmAXeMlGC9In3qeBdtVyoUze19kwfODlkt8BIhWT
MiO3hK0CBn/bjMszHGFV4QcEf6Teq5s6CrH+KMzJh9ouM36MI9Xkg5AW5aypZcDn
Rt5WqpZ06gFjU2BRavcwmwU7cX++ex61O2XbmMEL/6Eh8loNLmdP2mGjbzgGOkeX
F+EVV+swx/a440HmoZFIHlxJNIVquw1P8ENGGmJFVm/tUo/zKb5cIQI/0ZHH7Acf
xfdah1ymWrsAyADxOQxxCxrcypgSLhXp3iKmYxfotUdg
-----END CERTIFICATE-----