Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/lyb6aTC3k3Mcpo7WWWzUydyKjqI.roa
File:                     lyb6aTC3k3Mcpo7WWWzUydyKjqI.roa (raw, json)
Hash identifier:          mOqwDeTqLKTktwF6larRvtI1Z3xIr5mDIIAcFsC9zvM=
Subject key identifier:   97:26:FA:69:30:B7:93:73:1C:A6:8E:D6:59:6C:D4:C9:DC:8A:8E:A2
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       018CC50078136EF46D8DC9E174472584EE5F
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/lyb6aTC3k3Mcpo7WWWzUydyKjqI.roa
Signing time:             Mon 01 Jan 2024 12:29:51 +0000
ROA not before:           Mon 01 Jan 2024 12:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201871
IP address blocks:        212.80.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:78:13:6e:f4:6d:8d:c9:e1:74:47:25:84:ee:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jan  1 12:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9726fa6930b793731ca68ed6596cd4c9dc8a8ea2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:36:5c:79:d9:ba:ed:a3:5b:14:09:9c:e2:dc:
                    7e:9a:f4:50:76:11:3c:5b:89:8b:4e:2b:d2:05:32:
                    80:7c:e5:10:6f:37:02:ef:cf:54:e0:62:e2:6b:57:
                    ac:73:c5:14:06:28:f3:c9:57:8f:0a:e6:2f:9a:ec:
                    ff:50:2f:28:4f:4b:10:b7:72:bf:c2:dc:0b:a2:23:
                    84:db:cb:c6:bf:98:37:e0:15:4d:65:19:72:b5:d9:
                    de:b7:db:ee:3c:49:43:7e:3f:8c:48:45:5a:b6:b1:
                    30:73:d2:4a:e3:69:a6:10:ab:5f:33:81:2e:c8:c5:
                    93:da:d1:fb:a4:87:66:36:7c:5f:6a:86:aa:f2:2b:
                    68:de:f5:18:08:b8:7f:fb:cc:f8:d8:b6:cd:26:3e:
                    9b:4d:9f:05:4b:b1:42:4c:e5:ac:e6:8c:d2:b6:66:
                    b3:d1:1a:12:6a:12:39:89:5d:32:a4:9f:68:60:96:
                    90:13:fe:ba:5f:3d:24:60:e4:86:07:71:31:6f:6d:
                    37:25:c3:a1:41:98:3d:32:9f:26:19:bf:00:b2:00:
                    c7:d9:28:d8:c5:7c:42:81:7c:a6:84:a3:6f:ca:66:
                    01:25:6f:62:83:21:d9:45:53:6c:b1:ff:ce:81:d6:
                    d7:1c:da:e9:f7:b3:d7:b8:2a:69:e3:3b:c1:fa:ce:
                    9d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:26:FA:69:30:B7:93:73:1C:A6:8E:D6:59:6C:D4:C9:DC:8A:8E:A2
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/lyb6aTC3k3Mcpo7WWWzUydyKjqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.80.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:40:46:b3:2d:7f:bb:b2:2d:b0:79:18:48:67:d9:25:ca:6b:
         d1:ee:01:bf:cd:2f:b9:7b:24:bb:3d:84:bf:ea:82:92:d7:fb:
         cc:f3:36:e6:70:51:99:ce:ad:c5:51:8b:fd:82:da:5f:67:12:
         63:8f:03:38:60:13:42:26:3c:b6:58:7b:bd:10:ff:50:0b:79:
         e5:ce:66:8c:f1:5f:7c:e3:14:c8:a8:a5:46:2a:86:5a:3a:47:
         7e:b5:4b:a9:3c:88:9b:02:33:5b:3e:e7:1f:b5:0c:38:c7:e4:
         f2:b2:b1:44:21:49:a4:12:ce:c3:71:77:3e:b8:8e:da:8f:b1:
         46:20:e6:74:a5:fb:f3:9e:f0:4a:f6:3a:0e:01:5f:d7:c1:dd:
         5c:6f:f3:26:a3:38:9d:a0:a9:20:e9:c8:82:de:68:5f:dd:df:
         9f:49:84:c0:c7:a7:99:3d:31:cf:93:01:f9:7e:ea:1b:7a:d7:
         69:34:a9:4f:06:36:b5:82:dc:f3:d1:b9:82:7f:01:61:e2:b6:
         cb:4b:5a:0d:41:58:c7:70:bf:b6:78:2b:c1:3b:aa:5b:b1:0d:
         49:98:c9:a9:8b:71:30:65:41:fb:95:ae:62:a1:eb:ba:33:48:
         99:16:b8:6b:a4:15:b9:dc:8f:b9:54:9e:f3:53:8d:94:5b:0a:
         6a:86:79:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAHgTbvRtjcnhdEclhO5fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQwMTAxMTIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzI2ZmE2OTMwYjc5MzczMWNhNjhlZDY1OTZjZDRjOWRjOGE4ZWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTZcedm67aNbFAmc4tx+mvRQdhE8
W4mLTivSBTKAfOUQbzcC789U4GLia1esc8UUBijzyVePCuYvmuz/UC8oT0sQt3K/
wtwLoiOE28vGv5g34BVNZRlytdnet9vuPElDfj+MSEVatrEwc9JK42mmEKtfM4Eu
yMWT2tH7pIdmNnxfaoaq8ito3vUYCLh/+8z42LbNJj6bTZ8FS7FCTOWs5ozStmaz
0RoSahI5iV0ypJ9oYJaQE/66Xz0kYOSGB3Exb203JcOhQZg9Mp8mGb8AsgDH2SjY
xXxCgXymhKNvymYBJW9igyHZRVNssf/OgdbXHNrp97PXuCpp4zvB+s6dcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcm+mkwt5NzHKaO1lls1Mncio6iMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvbHliNmFUQzNrM01jcG83V1dXelV5ZHlLanFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FAEMA0G
CSqGSIb3DQEBCwUAA4IBAQABQEazLX+7si2weRhIZ9klymvR7gG/zS+5eyS7PYS/
6oKS1/vM8zbmcFGZzq3FUYv9gtpfZxJjjwM4YBNCJjy2WHu9EP9QC3nlzmaM8V98
4xTIqKVGKoZaOkd+tUupPIibAjNbPucftQw4x+TysrFEIUmkEs7DcXc+uI7aj7FG
IOZ0pfvznvBK9joOAV/Xwd1cb/MmozidoKkg6ciC3mhf3d+fSYTAx6eZPTHPkwH5
fuobetdpNKlPBja1gtzz0bmCfwFh4rbLS1oNQVjHcL+2eCvBO6pbsQ1JmMmpi3Ew
ZUH7la5ioeu6M0iZFrhrpBW53I+5VJ7zU42UWwpqhnmX
-----END CERTIFICATE-----