Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/YHEsAG3VL36iiJj23JtSwArcF1c.roa
File:                     YHEsAG3VL36iiJj23JtSwArcF1c.roa (raw, json)
Hash identifier:          8Odx0P+HcjF0vn8mQttyGjaqTmfJo/zKnWhFkXNVSbk=
Subject key identifier:   60:71:2C:00:6D:D5:2F:7E:A2:88:98:F6:DC:9B:52:C0:0A:DC:17:57
Certificate issuer:       /CN=c09fc8a067fa6d2476bdce24afffad17131d9e86
Certificate serial:       019201213E901B79CED084110A767EB6CBF6
Authority key identifier: C0:9F:C8:A0:67:FA:6D:24:76:BD:CE:24:AF:FF:AD:17:13:1D:9E:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/YHEsAG3VL36iiJj23JtSwArcF1c.roa
Signing time:             Tue 17 Sep 2024 17:56:48 +0000
ROA not before:           Tue 17 Sep 2024 17:56:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        216.25.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:01:21:3e:90:1b:79:ce:d0:84:11:0a:76:7e:b6:cb:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c09fc8a067fa6d2476bdce24afffad17131d9e86
        Validity
            Not Before: Sep 17 17:56:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60712c006dd52f7ea28898f6dc9b52c00adc1757
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:1e:ac:e1:4e:e2:a1:45:c4:35:3a:0e:ac:eb:
                    a8:d0:d7:9a:27:4c:01:5b:63:2c:fb:98:97:51:10:
                    ed:ff:59:1a:db:32:48:43:53:7f:ef:d6:d7:2a:cb:
                    b9:67:e9:b9:c0:c2:d4:aa:46:86:83:86:99:b3:de:
                    72:aa:4d:b7:d9:88:d6:1e:6a:f9:7c:0e:ce:61:57:
                    34:cf:57:92:9e:28:85:62:39:0e:fb:08:28:07:10:
                    8f:b3:cd:08:54:fe:ff:b2:61:5f:2c:22:ed:fc:2b:
                    85:52:31:bb:f9:4c:ee:68:45:0b:39:45:12:1e:a5:
                    14:70:1c:84:5b:9f:14:e6:a3:e7:3b:3c:b7:7b:00:
                    4b:fc:7e:e1:b4:c4:77:0e:81:aa:44:ae:ff:20:29:
                    86:ad:cd:14:0c:f7:7a:b1:f8:cd:4d:e9:9c:93:e1:
                    3c:dd:35:75:c0:d7:af:61:3b:ac:92:81:9f:c4:48:
                    42:e1:a2:f9:0d:24:fe:ea:f2:a5:1a:27:1f:12:18:
                    f8:d7:ef:77:0e:10:88:8a:13:b2:c3:cc:ce:ee:2f:
                    fd:71:ae:7e:9c:31:2b:73:c5:18:0d:e6:bf:08:c6:
                    68:55:17:83:52:03:91:20:cb:5f:bf:39:b2:16:b8:
                    04:a1:35:00:c4:26:44:74:4d:4c:22:1e:5b:62:49:
                    60:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:71:2C:00:6D:D5:2F:7E:A2:88:98:F6:DC:9B:52:C0:0A:DC:17:57
            X509v3 Authority Key Identifier:
                keyid:C0:9F:C8:A0:67:FA:6D:24:76:BD:CE:24:AF:FF:AD:17:13:1D:9E:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/YHEsAG3VL36iiJj23JtSwArcF1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.25.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:a2:b4:1b:29:75:53:05:b1:19:d7:ff:b0:78:06:23:c3:5c:
         fa:56:09:39:ec:95:b2:50:04:e9:ae:cf:7d:13:e2:11:a0:09:
         ff:b8:3a:e1:14:50:7c:6e:f6:a5:20:ac:95:13:63:9c:b7:31:
         bd:ec:fe:04:92:02:7e:23:02:9e:75:9d:6f:e3:6d:51:ff:2f:
         74:4c:97:cb:86:72:e6:68:eb:38:9a:39:8f:80:13:e5:61:4c:
         74:31:72:b1:e8:54:85:44:74:15:24:77:7b:dd:4f:22:b2:1d:
         55:13:bf:b7:92:56:35:01:52:dd:4e:f1:80:bc:ab:d0:f2:5f:
         28:c1:f1:54:ff:c7:b1:b5:71:0e:55:35:0d:de:2b:0f:a2:23:
         6f:73:8d:9b:df:ff:60:30:94:99:c5:98:f0:be:e0:65:49:08:
         e7:31:bb:a0:39:dc:09:d2:13:d4:d6:b6:e4:71:6a:58:a2:d3:
         8e:88:00:d2:4a:9d:c9:de:47:2a:a3:39:ec:59:4f:bf:8e:0c:
         68:09:fd:ea:d2:4c:f8:0f:4a:d5:45:2d:08:46:7a:bc:f2:9d:
         7f:5f:65:b4:4a:59:0a:b4:57:16:21:d9:05:25:26:26:98:20:
         8e:f6:ab:e5:0d:12:2a:26:46:0d:07:48:88:6d:19:59:95:f5:
         e3:5d:d9:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIBIT6QG3nO0IQRCnZ+tsv2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwOWZjOGEwNjdmYTZkMjQ3NmJkY2UyNGFmZmZhZDE3MTMx
ZDllODYwHhcNMjQwOTE3MTc1NjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDcxMmMwMDZkZDUyZjdlYTI4ODk4ZjZkYzliNTJjMDBhZGMxNzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArR6s4U7ioUXENToOrOuo0NeaJ0wB
W2Ms+5iXURDt/1ka2zJIQ1N/79bXKsu5Z+m5wMLUqkaGg4aZs95yqk232YjWHmr5
fA7OYVc0z1eSniiFYjkO+wgoBxCPs80IVP7/smFfLCLt/CuFUjG7+UzuaEULOUUS
HqUUcByEW58U5qPnOzy3ewBL/H7htMR3DoGqRK7/ICmGrc0UDPd6sfjNTemck+E8
3TV1wNevYTuskoGfxEhC4aL5DST+6vKlGicfEhj41+93DhCIihOyw8zO7i/9ca5+
nDErc8UYDea/CMZoVReDUgORIMtfvzmyFrgEoTUAxCZEdE1MIh5bYklgcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGBxLABt1S9+ooiY9tybUsAK3BdXMB8GA1UdIwQY
MBaAFMCfyKBn+m0kdr3OJK//rRcTHZ6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0pfSW9HZjZiU1IydmM0a3JfLXRGeE1kbm9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9hNzMzYmMtNjhmOC00OTlmLTg1MGYt
OGU5MjRmZmJlNTg0LzEvWUhFc0FHM1ZMMzZpaUpqMjNKdFN3QXJjRjFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9hNzMzYmMtNjhmOC00OTlmLTg1MGYtOGU5MjRmZmJlNTg0
LzEvd0pfSW9HZjZiU1IydmM0a3JfLXRGeE1kbm9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Bl8MA0G
CSqGSIb3DQEBCwUAA4IBAQATorQbKXVTBbEZ1/+weAYjw1z6Vgk57JWyUATprs99
E+IRoAn/uDrhFFB8bvalIKyVE2OctzG97P4EkgJ+IwKedZ1v421R/y90TJfLhnLm
aOs4mjmPgBPlYUx0MXKx6FSFRHQVJHd73U8ish1VE7+3klY1AVLdTvGAvKvQ8l8o
wfFU/8extXEOVTUN3isPoiNvc42b3/9gMJSZxZjwvuBlSQjnMbugOdwJ0hPU1rbk
cWpYotOOiADSSp3J3kcqoznsWU+/jgxoCf3q0kz4D0rVRS0IRnq88p1/X2W0SlkK
tFcWIdkFJSYmmCCO9qvlDRIqJkYNB0iIbRlZlfXjXdkh
-----END CERTIFICATE-----