Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/fyhjFNrYi7vXHEKpjMzy8eMRtJ8.roa
File:                     fyhjFNrYi7vXHEKpjMzy8eMRtJ8.roa (raw, json)
Hash identifier:          E+KfRqj3uDuhLCIxqZA9CDxRA5PEnPTPALouxqVSlb4=
Subject key identifier:   7F:28:63:14:DA:D8:8B:BB:D7:1C:42:A9:8C:CC:F2:F1:E3:11:B4:9F
Certificate issuer:       /CN=592e7c1f2394c3e3aaa8ccb647fd83671d6098b7
Certificate serial:       0190322B433C0DADFEB0C91855F825ECB195
Authority key identifier: 59:2E:7C:1F:23:94:C3:E3:AA:A8:CC:B6:47:FD:83:67:1D:60:98:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/fyhjFNrYi7vXHEKpjMzy8eMRtJ8.roa
Signing time:             Wed 19 Jun 2024 20:23:34 +0000
ROA not before:           Wed 19 Jun 2024 20:23:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214929
IP address blocks:        109.235.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WS58HyOUw-OqqMy2R_2DZx1gmLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WS58HyOUw-OqqMy2R_2DZx1gmLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:32:2b:43:3c:0d:ad:fe:b0:c9:18:55:f8:25:ec:b1:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=592e7c1f2394c3e3aaa8ccb647fd83671d6098b7
        Validity
            Not Before: Jun 19 20:23:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f286314dad88bbbd71c42a98cccf2f1e311b49f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:e5:64:61:6e:cb:1d:c3:46:c5:fb:4d:cc:6d:
                    70:c7:36:38:13:ab:99:2c:cb:74:52:9e:1f:9f:34:
                    50:a6:8c:33:cd:89:ec:ea:f4:1b:90:1a:f8:4d:3e:
                    a7:69:7d:a9:89:5f:a5:f8:0d:02:0b:96:09:22:3f:
                    31:bd:89:7a:35:70:6a:b0:7c:c9:a0:19:a1:c8:bc:
                    e8:26:fc:1f:7e:3d:39:fa:37:c7:25:cd:9e:bc:46:
                    ed:c4:61:4d:7b:71:52:24:fb:db:39:f8:6d:ac:d8:
                    52:b1:1e:0b:23:31:44:0e:e2:db:77:aa:f5:cd:d8:
                    92:69:25:72:5f:2c:66:a1:bf:eb:7d:42:58:8b:67:
                    e0:10:42:a4:4c:f8:04:3c:bb:5d:a7:eb:fb:50:60:
                    07:44:40:27:7c:7b:57:35:9f:a2:07:0c:e0:89:24:
                    37:be:52:d6:ae:bb:01:9f:51:59:99:86:0b:3b:8d:
                    9e:b3:f5:b0:70:58:1b:33:e7:06:46:7e:9f:3b:e6:
                    8f:a2:60:7b:08:fa:09:fa:03:8e:ec:f0:30:7b:6d:
                    12:bb:0b:14:dd:20:57:57:c8:7a:25:8a:95:48:f7:
                    7a:f0:50:d3:69:d5:64:18:2d:b6:0d:95:93:89:02:
                    3c:05:a7:f6:cb:07:0f:dc:79:0c:dd:14:2c:c1:97:
                    4f:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:28:63:14:DA:D8:8B:BB:D7:1C:42:A9:8C:CC:F2:F1:E3:11:B4:9F
            X509v3 Authority Key Identifier:
                keyid:59:2E:7C:1F:23:94:C3:E3:AA:A8:CC:B6:47:FD:83:67:1D:60:98:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/fyhjFNrYi7vXHEKpjMzy8eMRtJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WS58HyOUw-OqqMy2R_2DZx1gmLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.235.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:35:38:93:6b:04:7b:c0:98:71:50:ff:3b:e6:7f:41:89:ff:
         4a:b3:42:4e:9c:60:47:3f:ae:60:43:b6:b9:57:bd:3a:e7:44:
         85:69:c8:76:a3:e6:75:a2:56:f1:07:bf:40:43:cd:55:f5:7a:
         b2:f7:f8:3e:4e:f3:70:7d:04:63:a9:8b:4c:e3:a0:fa:c1:e8:
         8e:26:07:25:a7:63:86:d2:52:c5:24:9b:3e:f5:2b:f1:8a:e2:
         22:af:9a:73:81:f5:0e:69:e6:33:6f:38:d4:fc:5c:09:5a:5e:
         9a:00:2a:c9:9c:55:bb:19:89:96:22:35:a0:ab:91:fc:c4:03:
         07:24:9c:bc:54:99:ad:ca:e1:81:03:e0:7a:8e:db:71:70:6c:
         e5:81:b3:b5:58:fc:86:df:bc:f4:8d:5d:d9:d6:dd:70:af:ed:
         09:53:f5:d2:8c:41:31:39:de:99:69:47:37:1d:0e:b8:d9:cc:
         7a:79:ab:ba:41:43:ca:b1:d2:b1:a9:e5:be:5c:d0:43:11:6d:
         c3:e0:e3:08:6a:82:63:8a:f6:d3:e5:b6:bf:b6:69:6d:0d:04:
         a3:a2:e5:8c:83:55:09:c1:ef:b5:8b:ce:22:7d:80:ce:3a:77:
         82:3b:0c:99:0d:82:8a:66:8b:5f:10:71:62:d9:b4:ec:9f:00:
         bd:c6:c6:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAyK0M8Da3+sMkYVfgl7LGVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5MmU3YzFmMjM5NGMzZTNhYWE4Y2NiNjQ3ZmQ4MzY3MWQ2
MDk4YjcwHhcNMjQwNjE5MjAyMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjI4NjMxNGRhZDg4YmJiZDcxYzQyYTk4Y2NjZjJmMWUzMTFiNDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OVkYW7LHcNGxftNzG1wxzY4E6uZ
LMt0Up4fnzRQpowzzYns6vQbkBr4TT6naX2piV+l+A0CC5YJIj8xvYl6NXBqsHzJ
oBmhyLzoJvwffj05+jfHJc2evEbtxGFNe3FSJPvbOfhtrNhSsR4LIzFEDuLbd6r1
zdiSaSVyXyxmob/rfUJYi2fgEEKkTPgEPLtdp+v7UGAHREAnfHtXNZ+iBwzgiSQ3
vlLWrrsBn1FZmYYLO42es/WwcFgbM+cGRn6fO+aPomB7CPoJ+gOO7PAwe20SuwsU
3SBXV8h6JYqVSPd68FDTadVkGC22DZWTiQI8Baf2ywcP3HkM3RQswZdPBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8oYxTa2Iu71xxCqYzM8vHjEbSfMB8GA1UdIwQY
MBaAFFkufB8jlMPjqqjMtkf9g2cdYJi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1M1OEh5T1V3LU9xcU15MlJfMkRaeDFnbUxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi85NTcxZDYtOTc0Zi00MzI3LWI5ZTAt
NDQzYmU2M2ZjMTIzLzEvZnloakZOcllpN3ZYSEVLcGpNenk4ZU1SdEo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi85NTcxZDYtOTc0Zi00MzI3LWI5ZTAtNDQzYmU2M2ZjMTIz
LzEvV1M1OEh5T1V3LU9xcU15MlJfMkRaeDFnbUxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbev9MA0G
CSqGSIb3DQEBCwUAA4IBAQDENTiTawR7wJhxUP875n9Bif9Ks0JOnGBHP65gQ7a5
V70650SFach2o+Z1olbxB79AQ81V9Xqy9/g+TvNwfQRjqYtM46D6weiOJgclp2OG
0lLFJJs+9SvxiuIir5pzgfUOaeYzbzjU/FwJWl6aACrJnFW7GYmWIjWgq5H8xAMH
JJy8VJmtyuGBA+B6jttxcGzlgbO1WPyG37z0jV3Z1t1wr+0JU/XSjEExOd6ZaUc3
HQ642cx6eau6QUPKsdKxqeW+XNBDEW3D4OMIaoJjivbT5ba/tmltDQSjouWMg1UJ
we+1i84ifYDOOneCOwyZDYKKZotfEHFi2bTsnwC9xsYR
-----END CERTIFICATE-----