Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/5873c4-b5e5-497e-9242-fe0b2226cfb3/1/yeYsD1uZfuwm7p_lm9bEEldcttg.roa
File:                     yeYsD1uZfuwm7p_lm9bEEldcttg.roa (raw, json)
Hash identifier:          2I2GJKtPi2OtWzB7w2D/R768dRtm9J/RwDV3FX9+KIs=
Subject key identifier:   C9:E6:2C:0F:5B:99:7E:EC:26:EE:9F:E5:9B:D6:C4:12:57:5C:B6:D8
Certificate issuer:       /CN=f266a0f986f21945c80d831567baf29620107adc
Certificate serial:       018CC727302A9DD6A493F0BDE6F0608929E9
Authority key identifier: F2:66:A0:F9:86:F2:19:45:C8:0D:83:15:67:BA:F2:96:20:10:7A:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8mag-YbyGUXIDYMVZ7ryliAQetw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/5873c4-b5e5-497e-9242-fe0b2226cfb3/1/yeYsD1uZfuwm7p_lm9bEEldcttg.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209931
IP address blocks:        212.162.128.0/24 maxlen: 24
                          212.162.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/5873c4-b5e5-497e-9242-fe0b2226cfb3/1/8mag-YbyGUXIDYMVZ7ryliAQetw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/5873c4-b5e5-497e-9242-fe0b2226cfb3/1/8mag-YbyGUXIDYMVZ7ryliAQetw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8mag-YbyGUXIDYMVZ7ryliAQetw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Jun 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:30:2a:9d:d6:a4:93:f0:bd:e6:f0:60:89:29:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f266a0f986f21945c80d831567baf29620107adc
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9e62c0f5b997eec26ee9fe59bd6c412575cb6d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ef:3e:35:cd:1a:45:9e:45:be:1d:b9:af:28:
                    80:65:8f:83:52:36:a8:d4:40:78:1a:9a:26:3e:2c:
                    5d:ae:a1:54:26:e1:f9:a3:24:22:18:74:ae:a1:ca:
                    99:b1:d3:e9:ea:34:b3:93:20:1a:be:a3:e2:ee:93:
                    87:5c:ab:bc:dd:ab:08:57:ca:c8:9b:ca:77:28:e0:
                    63:77:db:ba:33:aa:9f:34:c0:40:f2:70:e5:7e:19:
                    fb:f7:16:ac:21:c0:4b:d2:bd:12:a2:b0:2b:aa:ee:
                    c3:2c:41:14:d4:19:d7:c1:24:e3:85:30:5b:d5:b0:
                    18:3c:f9:0d:dd:ee:73:c8:a8:7d:36:f9:6c:63:77:
                    21:1d:63:96:40:19:5f:34:0e:12:ac:8e:d8:99:e0:
                    b8:29:7a:d8:89:47:c6:49:ab:36:c5:cf:9c:00:4c:
                    7d:ce:39:c9:45:72:b8:33:d9:d3:e1:94:b4:da:66:
                    48:39:8e:57:04:6a:5a:21:6e:f4:da:f3:ff:90:bb:
                    07:06:c7:1b:64:cb:34:e8:96:18:2a:15:3f:85:73:
                    04:93:cd:a3:6f:b8:7c:c5:86:4b:a3:75:88:b3:8f:
                    c0:2f:c1:ab:d6:8b:47:75:d1:32:48:23:74:7c:d4:
                    41:b4:87:32:fb:85:01:94:71:7b:ad:92:6c:06:b5:
                    21:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:E6:2C:0F:5B:99:7E:EC:26:EE:9F:E5:9B:D6:C4:12:57:5C:B6:D8
            X509v3 Authority Key Identifier:
                keyid:F2:66:A0:F9:86:F2:19:45:C8:0D:83:15:67:BA:F2:96:20:10:7A:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8mag-YbyGUXIDYMVZ7ryliAQetw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5873c4-b5e5-497e-9242-fe0b2226cfb3/1/yeYsD1uZfuwm7p_lm9bEEldcttg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5873c4-b5e5-497e-9242-fe0b2226cfb3/1/8mag-YbyGUXIDYMVZ7ryliAQetw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.162.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:23:28:34:22:da:b5:e8:d3:0b:fc:4b:1e:14:af:ed:bf:9f:
         94:6d:a5:57:21:47:8f:98:45:b4:a3:39:db:a6:7e:9b:6f:7a:
         e8:2c:f7:d8:dc:6f:2c:8d:5f:80:04:13:d8:aa:4b:5a:60:86:
         9f:68:58:17:44:a6:32:14:f3:97:23:e1:7e:d5:a1:23:21:61:
         0f:f8:4c:7b:e5:80:44:20:c8:1f:44:b7:3d:75:c8:9f:a5:dc:
         a7:97:fa:1d:49:2b:77:be:d8:34:1c:83:2d:68:f8:ac:90:98:
         df:e5:fd:97:82:87:74:7d:b6:e9:17:68:cf:73:f8:e8:51:9a:
         5b:b8:43:f7:a7:4e:31:4d:a8:2a:e0:54:d8:ea:7d:b9:4a:2c:
         84:e6:d4:8f:4c:38:33:eb:aa:cb:9d:38:35:be:08:64:89:05:
         7b:31:4e:52:56:69:e2:cb:04:ba:ae:36:6b:e6:9c:fd:0b:ea:
         3d:e2:a8:f9:d3:0b:82:33:00:77:52:af:e3:8d:6f:69:59:ef:
         4a:29:1a:71:34:f2:31:7f:eb:ef:8a:fb:87:01:0d:a8:75:96:
         64:1c:aa:c3:99:e0:56:0c:20:3d:da:3e:5c:38:3b:f0:8b:bf:
         75:40:85:79:f5:9d:6c:33:67:53:47:1e:ea:cc:a0:75:e9:c3:
         29:91:a4:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzAqndakk/C95vBgiSnpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyNjZhMGY5ODZmMjE5NDVjODBkODMxNTY3YmFmMjk2MjAx
MDdhZGMwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWU2MmMwZjViOTk3ZWVjMjZlZTlmZTU5YmQ2YzQxMjU3NWNiNmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmO8+Nc0aRZ5Fvh25ryiAZY+DUjao
1EB4GpomPixdrqFUJuH5oyQiGHSuocqZsdPp6jSzkyAavqPi7pOHXKu83asIV8rI
m8p3KOBjd9u6M6qfNMBA8nDlfhn79xasIcBL0r0SorArqu7DLEEU1BnXwSTjhTBb
1bAYPPkN3e5zyKh9NvlsY3chHWOWQBlfNA4SrI7YmeC4KXrYiUfGSas2xc+cAEx9
zjnJRXK4M9nT4ZS02mZIOY5XBGpaIW702vP/kLsHBscbZMs06JYYKhU/hXMEk82j
b7h8xYZLo3WIs4/AL8Gr1otHddEySCN0fNRBtIcy+4UBlHF7rZJsBrUhlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnmLA9bmX7sJu6f5ZvWxBJXXLbYMB8GA1UdIwQY
MBaAFPJmoPmG8hlFyA2DFWe68pYgEHrcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG1hZy1ZYnlHVVhJRFlNVlo3cnlsaUFRZXR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS81ODczYzQtYjVlNS00OTdlLTkyNDIt
ZmUwYjIyMjZjZmIzLzEveWVZc0QxdVpmdXdtN3BfbG05YkVFbGRjdHRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS81ODczYzQtYjVlNS00OTdlLTkyNDItZmUwYjIyMjZjZmIz
LzEvOG1hZy1ZYnlHVVhJRFlNVlo3cnlsaUFRZXR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1KKAMA0G
CSqGSIb3DQEBCwUAA4IBAQB1Iyg0Itq16NML/EseFK/tv5+UbaVXIUePmEW0oznb
pn6bb3roLPfY3G8sjV+ABBPYqktaYIafaFgXRKYyFPOXI+F+1aEjIWEP+Ex75YBE
IMgfRLc9dcifpdynl/odSSt3vtg0HIMtaPiskJjf5f2Xgod0fbbpF2jPc/joUZpb
uEP3p04xTagq4FTY6n25SiyE5tSPTDgz66rLnTg1vghkiQV7MU5SVmniywS6rjZr
5pz9C+o94qj50wuCMwB3Uq/jjW9pWe9KKRpxNPIxf+vvivuHAQ2odZZkHKrDmeBW
DCA92j5cODvwi791QIV59Z1sM2dTRx7qzKB16cMpkaTp
-----END CERTIFICATE-----