Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Y0N-he4jZG3EJ0No0WqcyETq-3c.roa
File:                     Y0N-he4jZG3EJ0No0WqcyETq-3c.roa (raw, json)
Hash identifier:          T0Rw7dx027EuStGy3dgPN3/4EaPE6+bpqnxyUWBjOzc=
Subject key identifier:   63:43:7E:85:EE:23:64:6D:C4:27:43:68:D1:6A:9C:C8:44:EA:FB:77
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018E799827FAF52C97DAC920F9FF1F7B1F73
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Y0N-he4jZG3EJ0No0WqcyETq-3c.roa
Signing time:             Tue 26 Mar 2024 07:09:58 +0000
ROA not before:           Tue 26 Mar 2024 07:09:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49217
IP address blocks:        82.115.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:79:98:27:fa:f5:2c:97:da:c9:20:f9:ff:1f:7b:1f:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Mar 26 07:09:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63437e85ee23646dc4274368d16a9cc844eafb77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6f:b2:e9:eb:90:1d:0c:35:48:de:82:6b:f4:
                    7a:3d:14:7a:c9:17:a8:5d:f3:e0:22:65:6a:78:2f:
                    50:e6:7e:85:41:84:01:77:50:de:5b:b8:f5:25:9b:
                    bf:01:4d:bd:a9:47:f1:7e:f0:d7:30:21:cb:21:c8:
                    ad:fe:06:c8:21:2a:51:f2:ae:2a:4f:5d:08:34:b3:
                    0c:fb:fe:9d:15:a5:0e:55:1c:39:53:70:9c:9c:2f:
                    33:84:c3:29:83:65:ee:33:62:c8:76:7e:b5:60:01:
                    c9:74:64:39:d5:14:87:83:1c:1d:14:32:06:0d:b2:
                    b9:7c:06:46:d9:ce:7f:a4:a5:5d:8b:f4:75:25:c9:
                    44:30:19:4b:95:71:7b:4d:13:00:70:8d:fe:d8:91:
                    12:93:80:d7:10:f8:f3:7b:67:09:37:f8:83:e5:c5:
                    fb:ae:cd:ef:9a:a6:75:bd:f7:2e:54:49:f2:e2:04:
                    b8:4f:9f:9e:9c:95:c4:11:5a:4b:2c:00:26:fd:c4:
                    a8:bf:ec:b9:c9:5f:e1:cc:af:bc:32:ac:f6:b6:e0:
                    76:9d:d6:85:23:40:4f:c1:41:61:61:08:ec:d0:89:
                    84:f3:a7:79:87:fe:bc:d7:39:41:5d:7e:b4:67:b8:
                    54:dc:14:68:af:b2:33:57:a3:6e:61:fe:b6:82:e9:
                    98:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:43:7E:85:EE:23:64:6D:C4:27:43:68:D1:6A:9C:C8:44:EA:FB:77
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Y0N-he4jZG3EJ0No0WqcyETq-3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:0d:29:e2:6e:17:e9:2d:86:59:91:6c:70:d9:df:49:58:d5:
         e2:ab:ed:b4:b9:45:0a:fd:7f:33:05:74:74:f1:dd:bb:b4:66:
         8c:37:b7:d4:68:38:2d:32:b4:87:77:af:72:5b:73:17:42:21:
         4c:dc:38:94:fc:0a:b0:60:b5:e2:54:08:be:15:ef:5e:45:ce:
         39:12:eb:3b:93:2f:24:46:2b:a5:93:72:04:57:af:77:38:d9:
         cf:36:1a:ac:80:18:92:70:48:4b:46:8b:88:b6:11:0e:fe:51:
         09:de:eb:db:58:38:ac:b0:dc:ba:df:f3:69:f8:e6:ea:95:df:
         14:f0:36:27:6a:c8:f1:78:ea:77:13:48:a4:40:bd:9e:56:86:
         5b:84:c4:20:31:ee:ee:5e:61:27:3d:97:2f:08:0a:1d:2b:82:
         ba:66:78:a4:37:a1:1e:af:2b:82:8e:c6:5e:b5:9d:4b:3e:5f:
         01:58:bb:aa:0c:cf:f1:92:f2:67:4d:a3:99:b2:4a:3a:46:27:
         bd:93:9e:b6:7c:5f:d1:28:6c:af:aa:ac:67:81:b4:1f:a2:b0:
         19:a7:0f:42:8f:8b:62:95:13:5b:b4:02:27:d0:29:23:7c:55:
         88:bf:b2:52:d8:8e:a7:62:9a:c8:5c:f8:83:37:22:90:e9:8d:
         0a:a2:1b:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY55mCf69SyX2skg+f8fex9zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMzI2MDcwOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzQzN2U4NWVlMjM2NDZkYzQyNzQzNjhkMTZhOWNjODQ0ZWFmYjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlW+y6euQHQw1SN6Ca/R6PRR6yReo
XfPgImVqeC9Q5n6FQYQBd1DeW7j1JZu/AU29qUfxfvDXMCHLIcit/gbIISpR8q4q
T10INLMM+/6dFaUOVRw5U3CcnC8zhMMpg2XuM2LIdn61YAHJdGQ51RSHgxwdFDIG
DbK5fAZG2c5/pKVdi/R1JclEMBlLlXF7TRMAcI3+2JESk4DXEPjze2cJN/iD5cX7
rs3vmqZ1vfcuVEny4gS4T5+enJXEEVpLLAAm/cSov+y5yV/hzK+8Mqz2tuB2ndaF
I0BPwUFhYQjs0ImE86d5h/681zlBXX60Z7hU3BRor7IzV6NuYf62gumYKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGNDfoXuI2RtxCdDaNFqnMhE6vt3MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvWTBOLWhlNGpaRzNFSjBObzBXcWN5RVRxLTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUnMJMA0G
CSqGSIb3DQEBCwUAA4IBAQAlDSnibhfpLYZZkWxw2d9JWNXiq+20uUUK/X8zBXR0
8d27tGaMN7fUaDgtMrSHd69yW3MXQiFM3DiU/AqwYLXiVAi+Fe9eRc45Eus7ky8k
Riulk3IEV693ONnPNhqsgBiScEhLRouIthEO/lEJ3uvbWDissNy63/Np+Obqld8U
8DYnasjxeOp3E0ikQL2eVoZbhMQgMe7uXmEnPZcvCAodK4K6ZnikN6EeryuCjsZe
tZ1LPl8BWLuqDM/xkvJnTaOZsko6Rie9k562fF/RKGyvqqxngbQforAZpw9Cj4ti
lRNbtAIn0CkjfFWIv7JS2I6nYprIXPiDNyKQ6Y0KohsP
-----END CERTIFICATE-----