Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/c28ea4-059c-49dd-9278-a4db396c8987/1/yKMSrvMyXrd7G0y4ya-DfjBq8Vg.roa
File:                     yKMSrvMyXrd7G0y4ya-DfjBq8Vg.roa (raw, json)
Hash identifier:          XnbJ2Zvh9YY5UhieFodtDPcivCxxYwtHQCfE+yzNHk8=
Subject key identifier:   C8:A3:12:AE:F3:32:5E:B7:7B:1B:4C:B8:C9:AF:83:7E:30:6A:F1:58
Certificate issuer:       /CN=37949ac84d0b86910f4fd3cf5962927d83450aeb
Certificate serial:       018CC5006408B7FBC5D0BBAA7CDB913BF131
Authority key identifier: 37:94:9A:C8:4D:0B:86:91:0F:4F:D3:CF:59:62:92:7D:83:45:0A:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N5SayE0LhpEPT9PPWWKSfYNFCus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/c28ea4-059c-49dd-9278-a4db396c8987/1/yKMSrvMyXrd7G0y4ya-DfjBq8Vg.roa
Signing time:             Mon 01 Jan 2024 12:29:46 +0000
ROA not before:           Mon 01 Jan 2024 12:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30781
IP address blocks:        91.209.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/c28ea4-059c-49dd-9278-a4db396c8987/1/N5SayE0LhpEPT9PPWWKSfYNFCus.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/c28ea4-059c-49dd-9278-a4db396c8987/1/N5SayE0LhpEPT9PPWWKSfYNFCus.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N5SayE0LhpEPT9PPWWKSfYNFCus.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:64:08:b7:fb:c5:d0:bb:aa:7c:db:91:3b:f1:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37949ac84d0b86910f4fd3cf5962927d83450aeb
        Validity
            Not Before: Jan  1 12:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8a312aef3325eb77b1b4cb8c9af837e306af158
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:70:c3:40:95:c0:4f:a1:4a:f5:b2:87:8a:dd:
                    36:84:17:68:71:3e:fa:b0:12:4e:46:e1:6b:ee:6b:
                    a2:bf:71:cb:d1:66:98:cb:12:b1:1e:b5:a2:da:72:
                    ad:67:1a:30:a5:11:76:71:24:c3:58:c7:99:6a:a4:
                    ac:aa:00:c6:87:0e:ab:91:b1:60:23:ca:a0:79:3f:
                    07:52:fc:95:ef:58:ed:e1:ae:2d:31:34:93:6a:5a:
                    86:7e:8b:6b:d5:29:90:39:c5:72:d4:3d:fd:f7:7d:
                    b4:6f:f9:09:af:ea:95:67:aa:9a:96:32:97:51:09:
                    bc:1b:4a:99:08:3d:fe:36:0e:5f:2b:1f:95:66:b5:
                    db:57:1b:cf:26:9d:ea:87:01:1b:89:4f:65:6d:66:
                    a6:d6:5d:f3:9e:bc:c8:fe:10:d7:3b:ed:b5:2d:b5:
                    4d:9f:37:4b:cc:f2:a1:62:fe:e5:9e:01:15:9f:fc:
                    23:fd:1c:7f:df:68:30:a9:46:bb:94:c1:94:2b:ae:
                    32:e1:e8:16:ec:db:c5:08:75:7a:ee:03:14:e1:94:
                    6e:57:fc:53:7a:63:74:04:ee:18:77:7c:e9:93:f2:
                    03:e8:dc:22:23:cc:c7:d1:7a:b2:9f:17:d2:e9:a2:
                    43:87:42:00:1f:e7:9e:4e:e1:17:bf:c7:2d:4c:bf:
                    28:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:A3:12:AE:F3:32:5E:B7:7B:1B:4C:B8:C9:AF:83:7E:30:6A:F1:58
            X509v3 Authority Key Identifier:
                keyid:37:94:9A:C8:4D:0B:86:91:0F:4F:D3:CF:59:62:92:7D:83:45:0A:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N5SayE0LhpEPT9PPWWKSfYNFCus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/c28ea4-059c-49dd-9278-a4db396c8987/1/yKMSrvMyXrd7G0y4ya-DfjBq8Vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/c28ea4-059c-49dd-9278-a4db396c8987/1/N5SayE0LhpEPT9PPWWKSfYNFCus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:48:62:64:ab:9f:45:c0:5e:3f:ce:85:8f:ff:ca:29:33:90:
         1c:ca:63:73:2f:bd:0e:b0:bf:ad:07:73:1a:dd:42:3c:14:0a:
         fe:07:02:d6:92:1f:f6:1e:ec:32:93:2a:92:44:93:e8:02:5c:
         b9:1b:58:9b:24:4d:3e:fa:28:ac:17:93:9c:84:88:22:da:66:
         c9:f2:b9:51:47:45:9e:af:08:02:ce:f1:d4:33:c2:0d:47:f4:
         2e:b5:d5:c8:6a:d4:94:a3:97:ef:4d:d0:3b:bb:39:f1:69:73:
         e5:1b:11:3d:e2:a4:9a:92:e4:10:96:79:47:db:42:90:94:26:
         ef:c0:e8:1f:81:c5:d2:d0:a3:26:8f:fc:78:03:e7:14:d3:ef:
         2d:06:10:57:ab:fd:09:b5:cc:2c:cb:f6:b6:1e:73:5f:29:d0:
         16:2f:32:de:8f:1e:87:d5:88:32:8a:59:c0:bc:05:0e:36:ea:
         4e:2b:08:06:a7:c9:e6:e2:80:f4:40:96:42:a5:94:01:2a:37:
         b4:bd:61:01:39:00:db:fb:b1:d4:c1:c7:fb:3b:a9:73:eb:a8:
         5b:c4:c9:14:d2:b7:cf:0d:fe:f2:1d:6f:94:6c:ce:45:62:c5:
         43:cf:e7:f9:10:19:df:9a:6c:73:24:7a:c3:63:5f:55:02:5d:
         8a:63:69:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAGQIt/vF0LuqfNuRO/ExMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3OTQ5YWM4NGQwYjg2OTEwZjRmZDNjZjU5NjI5MjdkODM0
NTBhZWIwHhcNMjQwMTAxMTIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGEzMTJhZWYzMzI1ZWI3N2IxYjRjYjhjOWFmODM3ZTMwNmFmMTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHDDQJXAT6FK9bKHit02hBdocT76
sBJORuFr7muiv3HL0WaYyxKxHrWi2nKtZxowpRF2cSTDWMeZaqSsqgDGhw6rkbFg
I8qgeT8HUvyV71jt4a4tMTSTalqGfotr1SmQOcVy1D399320b/kJr+qVZ6qaljKX
UQm8G0qZCD3+Ng5fKx+VZrXbVxvPJp3qhwEbiU9lbWam1l3znrzI/hDXO+21LbVN
nzdLzPKhYv7lngEVn/wj/Rx/32gwqUa7lMGUK64y4egW7NvFCHV67gMU4ZRuV/xT
emN0BO4Yd3zpk/ID6NwiI8zH0XqynxfS6aJDh0IAH+eeTuEXv8ctTL8otQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMijEq7zMl63extMuMmvg34wavFYMB8GA1UdIwQY
MBaAFDeUmshNC4aRD0/Tz1likn2DRQrrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjVTYXlFMExocEVQVDlQUFdXS1NmWU5GQ3VzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9jMjhlYTQtMDU5Yy00OWRkLTkyNzgt
YTRkYjM5NmM4OTg3LzEveUtNU3J2TXlYcmQ3RzB5NHlhLURmakJxOFZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9jMjhlYTQtMDU5Yy00OWRkLTkyNzgtYTRkYjM5NmM4OTg3
LzEvTjVTYXlFMExocEVQVDlQUFdXS1NmWU5GQ3VzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9FrMA0G
CSqGSIb3DQEBCwUAA4IBAQB/SGJkq59FwF4/zoWP/8opM5AcymNzL70OsL+tB3Ma
3UI8FAr+BwLWkh/2HuwykyqSRJPoAly5G1ibJE0++iisF5OchIgi2mbJ8rlRR0We
rwgCzvHUM8INR/QutdXIatSUo5fvTdA7uznxaXPlGxE94qSakuQQlnlH20KQlCbv
wOgfgcXS0KMmj/x4A+cU0+8tBhBXq/0Jtcwsy/a2HnNfKdAWLzLejx6H1YgyilnA
vAUONupOKwgGp8nm4oD0QJZCpZQBKje0vWEBOQDb+7HUwcf7O6lz66hbxMkU0rfP
Df7yHW+UbM5FYsVDz+f5EBnfmmxzJHrDY19VAl2KY2nx
-----END CERTIFICATE-----