Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/YeP0SoHLwXqQz2MkUCi43VKiZ-M.roa
File:                     YeP0SoHLwXqQz2MkUCi43VKiZ-M.roa (raw, json)
Hash identifier:          tksAG/w7FYUMqEXqBOftIzmukz3En9fBa00oP7Pu9D0=
Subject key identifier:   61:E3:F4:4A:81:CB:C1:7A:90:CF:63:24:50:28:B8:DD:52:A2:67:E3
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B73D605081AFBF1A04D87382725448
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/YeP0SoHLwXqQz2MkUCi43VKiZ-M.roa
Signing time:             Mon 01 Jan 2024 06:30:15 +0000
ROA not before:           Mon 01 Jan 2024 06:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212709
IP address blocks:        194.51.187.0/24 maxlen: 24
                          81.252.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 20:41:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3d:60:50:81:af:bf:1a:04:d8:73:82:72:54:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61e3f44a81cbc17a90cf63245028b8dd52a267e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:da:f4:4f:90:d1:c6:5b:d6:00:b9:14:26:cd:
                    ae:bb:71:09:05:53:1d:08:31:1f:e7:ce:20:c5:17:
                    a9:54:83:05:e8:19:82:b2:67:2e:48:90:0c:40:62:
                    19:30:b1:79:f1:8f:d8:a0:ad:b7:48:88:94:d8:a5:
                    f4:41:f4:75:0c:5e:05:d7:76:b8:d1:20:d0:da:f3:
                    89:17:6a:ce:88:38:bc:7a:f5:45:60:51:fa:c3:3d:
                    45:0c:eb:f5:4b:3b:52:59:87:00:a6:f5:6d:63:87:
                    e5:7a:10:5e:61:2c:91:a7:36:4b:49:87:c9:3a:2d:
                    e8:21:8e:e2:2b:73:08:57:28:34:8b:30:00:52:d1:
                    94:5d:05:88:9c:c9:fa:39:d8:63:34:1e:27:5c:31:
                    fd:0b:b4:ab:0e:25:ad:f3:ca:ef:a8:a7:e6:a8:6f:
                    1f:eb:bd:75:0f:5e:97:a8:b2:30:32:45:63:11:57:
                    af:d9:0b:5b:83:40:c2:b8:c1:ed:19:42:4d:5a:fe:
                    3b:35:9e:3b:15:54:5f:18:50:46:f6:01:36:de:d7:
                    26:65:57:65:a3:a3:d9:c5:5a:96:32:72:e5:a6:de:
                    be:67:90:d5:d2:8b:d5:33:8c:a9:6b:4b:f7:ca:9f:
                    12:ac:bb:32:4a:4b:40:48:8c:08:6d:e6:88:29:c9:
                    8e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:E3:F4:4A:81:CB:C1:7A:90:CF:63:24:50:28:B8:DD:52:A2:67:E3
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/YeP0SoHLwXqQz2MkUCi43VKiZ-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.252.189.0/24
                  194.51.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:e6:dd:a9:53:c1:de:62:8c:88:38:2d:33:c4:76:a6:0a:3b:
         b5:29:3b:b0:96:11:d6:d7:7e:28:af:03:b1:72:67:ab:bb:2f:
         58:1a:05:c3:c9:3a:a4:eb:d0:69:05:ba:d2:76:4d:43:20:ec:
         61:91:f0:7b:fd:03:66:a6:c9:68:26:24:53:a1:b0:56:bd:01:
         1c:5f:ac:93:f1:b5:1a:1b:84:e8:c7:12:68:14:c7:3e:a5:54:
         62:af:62:26:cb:1a:c5:d0:a3:55:c7:bc:fc:93:4a:b9:05:c9:
         20:ef:10:61:49:3e:eb:e8:e4:4d:64:38:c5:97:e9:28:3d:27:
         b6:b8:2d:06:ae:08:fa:82:1e:40:34:a4:9d:0f:b9:d8:85:37:
         32:85:a5:4d:a9:25:69:b8:8b:99:de:80:93:10:40:34:dc:28:
         57:71:27:8a:68:6d:93:6c:d0:f4:2f:6a:df:20:40:ee:72:c6:
         64:4d:44:05:1b:e8:b9:62:ee:e4:62:0d:b6:74:4f:bb:1d:57:
         d5:ea:60:10:1b:04:38:0c:98:ee:0e:bd:8c:d8:e3:93:3c:0d:
         7e:47:6d:80:34:6c:47:57:33:5f:47:f4:1f:ee:8d:23:d2:ad:
         7a:12:98:12:e4:1c:33:77:5e:80:f5:cc:5f:78:38:41:cc:7e:
         05:35:e5:0c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtz1gUIGvvxoE2HOCclRIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWUzZjQ0YTgxY2JjMTdhOTBjZjYzMjQ1MDI4YjhkZDUyYTI2N2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNr0T5DRxlvWALkUJs2uu3EJBVMd
CDEf584gxRepVIMF6BmCsmcuSJAMQGIZMLF58Y/YoK23SIiU2KX0QfR1DF4F13a4
0SDQ2vOJF2rOiDi8evVFYFH6wz1FDOv1SztSWYcApvVtY4flehBeYSyRpzZLSYfJ
Oi3oIY7iK3MIVyg0izAAUtGUXQWInMn6OdhjNB4nXDH9C7SrDiWt88rvqKfmqG8f
6711D16XqLIwMkVjEVev2Qtbg0DCuMHtGUJNWv47NZ47FVRfGFBG9gE23tcmZVdl
o6PZxVqWMnLlpt6+Z5DV0ovVM4ypa0v3yp8SrLsySktASIwIbeaIKcmOEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGHj9EqBy8F6kM9jJFAouN1SomfjMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvWWVQMFNvSEx3WHFRejJNa1VDaTQzVktpWi1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUfy9AwQA
wjO7MA0GCSqGSIb3DQEBCwUAA4IBAQCY5t2pU8HeYoyIOC0zxHamCju1KTuwlhHW
134orwOxcmeruy9YGgXDyTqk69BpBbrSdk1DIOxhkfB7/QNmpsloJiRTobBWvQEc
X6yT8bUaG4ToxxJoFMc+pVRir2ImyxrF0KNVx7z8k0q5Bckg7xBhST7r6ORNZDjF
l+koPSe2uC0Grgj6gh5ANKSdD7nYhTcyhaVNqSVpuIuZ3oCTEEA03ChXcSeKaG2T
bND0L2rfIEDucsZkTUQFG+i5Yu7kYg22dE+7HVfV6mAQGwQ4DJjuDr2M2OOTPA1+
R22ANGxHVzNfR/Qf7o0j0q16EpgS5Bwzd16A9cxfeDhBzH4FNeUM
-----END CERTIFICATE-----