Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/8f96d1-9278-4b63-8288-f77c32ff19f7/1/yw2JkSPKCSYd3eCiKgknHiJdpBY.roa
File:                     yw2JkSPKCSYd3eCiKgknHiJdpBY.roa (raw, json)
Hash identifier:          scIWHoPB9Ul3jAAphjEomk0+6hn0k7M1Z++42d+t8DU=
Subject key identifier:   CB:0D:89:91:23:CA:09:26:1D:DD:E0:A2:2A:09:27:1E:22:5D:A4:16
Certificate issuer:       /CN=505026928467770d1c2fa7ceba98a18c38d6556d
Certificate serial:       018CC3B735BAABBBDA99857DE34FFD36843E
Authority key identifier: 50:50:26:92:84:67:77:0D:1C:2F:A7:CE:BA:98:A1:8C:38:D6:55:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UFAmkoRndw0cL6fOupihjDjWVW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/8f96d1-9278-4b63-8288-f77c32ff19f7/1/yw2JkSPKCSYd3eCiKgknHiJdpBY.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60345
IP address blocks:        91.228.135.0/24 maxlen: 24
                          2a06:2c80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/8f96d1-9278-4b63-8288-f77c32ff19f7/1/UFAmkoRndw0cL6fOupihjDjWVW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/8f96d1-9278-4b63-8288-f77c32ff19f7/1/UFAmkoRndw0cL6fOupihjDjWVW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UFAmkoRndw0cL6fOupihjDjWVW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:35:ba:ab:bb:da:99:85:7d:e3:4f:fd:36:84:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=505026928467770d1c2fa7ceba98a18c38d6556d
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb0d899123ca09261ddde0a22a09271e225da416
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:8a:2f:86:d8:a7:2c:56:fe:42:22:7a:02:da:
                    8c:6b:0f:2d:c5:79:02:5a:78:e6:51:94:42:04:04:
                    71:5c:71:f4:49:df:7e:42:f8:97:f3:c0:07:11:6f:
                    9e:13:98:89:96:1d:4a:03:62:80:9e:5d:51:a3:e9:
                    d4:31:d7:18:3e:88:ca:4b:ea:59:30:9f:7e:d2:d5:
                    0c:c9:b4:10:90:6e:e8:a1:1f:a6:ad:5f:1f:e9:30:
                    44:b9:ec:a9:c4:08:c1:0e:87:18:8c:85:69:69:70:
                    99:65:df:23:92:84:38:9d:61:8a:d4:77:7d:8c:ca:
                    2a:2b:83:70:64:53:c6:fe:7f:0d:8d:03:20:2c:f0:
                    b7:c5:f4:f5:79:2d:01:6e:d4:3a:9d:71:b5:f2:8c:
                    e1:f2:6d:88:4d:37:b4:47:3d:88:f0:1e:28:04:1f:
                    e2:76:9f:ca:0c:7b:05:61:a1:25:0e:c7:af:73:b7:
                    98:00:17:d8:d8:7a:2d:93:26:44:b4:31:df:3f:5f:
                    ac:30:9e:e5:ae:d7:d8:fc:2a:85:60:86:81:cd:f9:
                    39:b4:83:99:ad:c6:7e:44:e4:cd:20:b6:7f:c3:66:
                    ae:35:70:9d:f5:bb:8f:67:c6:5b:33:6f:4b:2c:8f:
                    b5:56:9e:89:1f:44:98:79:e7:69:f2:8e:df:7e:57:
                    1a:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:0D:89:91:23:CA:09:26:1D:DD:E0:A2:2A:09:27:1E:22:5D:A4:16
            X509v3 Authority Key Identifier:
                keyid:50:50:26:92:84:67:77:0D:1C:2F:A7:CE:BA:98:A1:8C:38:D6:55:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFAmkoRndw0cL6fOupihjDjWVW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/8f96d1-9278-4b63-8288-f77c32ff19f7/1/yw2JkSPKCSYd3eCiKgknHiJdpBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/8f96d1-9278-4b63-8288-f77c32ff19f7/1/UFAmkoRndw0cL6fOupihjDjWVW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.135.0/24
                IPv6:
                  2a06:2c80::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:3e:42:70:9c:4c:60:07:65:04:73:09:ff:3b:44:a6:6f:11:
         00:9d:9a:e9:f3:3a:58:e4:a6:4e:bc:04:7d:bf:20:37:65:ce:
         8b:43:b2:bc:67:0d:2e:e9:0e:00:fd:7a:9b:cb:6b:4b:d5:ae:
         9a:53:7d:ae:21:b3:b7:f5:13:bd:9c:b4:c1:56:33:93:f7:3f:
         4f:1b:df:ee:64:0f:f8:89:19:fd:f9:8e:a6:d7:2f:b2:00:a9:
         c1:6d:e1:10:fd:d0:11:3a:38:7e:5a:48:4e:59:90:12:3c:62:
         c9:71:90:84:2c:30:bb:a8:ed:01:4e:d0:04:b6:3e:80:07:f3:
         1a:9c:4a:1f:22:1c:bc:41:fa:df:27:0a:73:d7:ca:a1:13:73:
         17:a0:5c:98:ab:a1:d6:98:e2:02:b3:26:76:b5:ef:b7:04:a1:
         09:be:4d:31:78:d3:9f:f5:4a:32:3c:91:94:90:31:8d:0d:8e:
         e4:4a:15:a4:40:f1:ca:54:4e:ba:de:42:67:62:a3:5f:0c:05:
         5f:64:a9:b7:2a:fc:fd:77:fb:65:52:54:eb:e9:ca:fd:4a:23:
         db:80:fd:5a:7a:a9:4e:3c:76:b4:58:46:1d:8a:41:41:ab:bb:
         cd:86:58:c7:25:27:3b:37:79:09:09:84:9f:37:3c:d7:2c:f7:
         ec:7a:25:16
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtzW6q7vamYV940/9NoQ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNTAyNjkyODQ2Nzc3MGQxYzJmYTdjZWJhOThhMThjMzhk
NjU1NmQwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjBkODk5MTIzY2EwOTI2MWRkZGUwYTIyYTA5MjcxZTIyNWRhNDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzoovhtinLFb+QiJ6AtqMaw8txXkC
WnjmUZRCBARxXHH0Sd9+QviX88AHEW+eE5iJlh1KA2KAnl1Ro+nUMdcYPojKS+pZ
MJ9+0tUMybQQkG7ooR+mrV8f6TBEueypxAjBDocYjIVpaXCZZd8jkoQ4nWGK1Hd9
jMoqK4NwZFPG/n8NjQMgLPC3xfT1eS0BbtQ6nXG18ozh8m2ITTe0Rz2I8B4oBB/i
dp/KDHsFYaElDsevc7eYABfY2HotkyZEtDHfP1+sMJ7lrtfY/CqFYIaBzfk5tIOZ
rcZ+ROTNILZ/w2auNXCd9buPZ8ZbM29LLI+1Vp6JH0SYeedp8o7fflcajwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMsNiZEjygkmHd3goioJJx4iXaQWMB8GA1UdIwQY
MBaAFFBQJpKEZ3cNHC+nzrqYoYw41lVtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZBbWtvUm5kdzBjTDZmT3VwaWhqRGpXVlcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC84Zjk2ZDEtOTI3OC00YjYzLTgyODgt
Zjc3YzMyZmYxOWY3LzEveXcySmtTUEtDU1lkM2VDaUtna25IaUpkcEJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC84Zjk2ZDEtOTI3OC00YjYzLTgyODgtZjc3YzMyZmYxOWY3
LzEvVUZBbWtvUm5kdzBjTDZmT3VwaWhqRGpXVlcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW+SHMA0E
AgACMAcDBQAqBiyAMA0GCSqGSIb3DQEBCwUAA4IBAQBoPkJwnExgB2UEcwn/O0Sm
bxEAnZrp8zpY5KZOvAR9vyA3Zc6LQ7K8Zw0u6Q4A/Xqby2tL1a6aU32uIbO39RO9
nLTBVjOT9z9PG9/uZA/4iRn9+Y6m1y+yAKnBbeEQ/dAROjh+WkhOWZASPGLJcZCE
LDC7qO0BTtAEtj6AB/ManEofIhy8QfrfJwpz18qhE3MXoFyYq6HWmOICsyZ2te+3
BKEJvk0xeNOf9UoyPJGUkDGNDY7kShWkQPHKVE663kJnYqNfDAVfZKm3Kvz9d/tl
UlTr6cr9SiPbgP1aeqlOPHa0WEYdikFBq7vNhljHJSc7N3kJCYSfNzzXLPfseiUW
-----END CERTIFICATE-----