Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/WaewYlzk27mH232DQy2xmYT8lIY.roa
File:                     WaewYlzk27mH232DQy2xmYT8lIY.roa (raw, json)
Hash identifier:          Wer13rCR1JpjD2sFksmt7uQcVJ3E6O/uZbl/+l1VHtc=
Subject key identifier:   59:A7:B0:62:5C:E4:DB:B9:87:DB:7D:83:43:2D:B1:99:84:FC:94:86
Certificate issuer:       /CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
Certificate serial:       018CC8017FB9D22C8975FD4F65962AD00A27
Authority key identifier: 62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/WaewYlzk27mH232DQy2xmYT8lIY.roa
Signing time:             Tue 02 Jan 2024 02:29:50 +0000
ROA not before:           Tue 02 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203639
IP address blocks:        91.193.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7f:b9:d2:2c:89:75:fd:4f:65:96:2a:d0:0a:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
        Validity
            Not Before: Jan  2 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59a7b0625ce4dbb987db7d83432db19984fc9486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:9f:92:8f:46:a9:52:7f:be:78:56:eb:5f:d9:
                    47:52:49:4d:3f:b4:ad:b7:5a:cd:8d:fd:73:f2:14:
                    dd:96:67:da:23:d5:82:c1:ca:f7:17:70:3d:a9:f6:
                    4e:0a:dd:ef:25:7f:41:5d:4d:6f:73:13:d7:a9:3e:
                    74:73:29:7d:92:62:e3:33:4b:89:77:a8:a8:cb:03:
                    77:26:86:28:33:93:28:a0:18:a1:8b:97:e0:15:36:
                    c1:5f:77:27:90:a3:d3:a5:de:51:d3:d7:1b:0e:40:
                    66:d0:ed:1e:7e:64:8b:8d:45:c4:46:9e:4e:60:8d:
                    37:94:e2:91:05:94:bb:5a:7e:b7:05:8b:91:9b:39:
                    ab:e7:c0:b2:b1:30:01:e7:8d:94:63:ad:f4:62:81:
                    83:00:d7:01:c0:28:8b:76:ec:da:ba:4e:15:69:7d:
                    a5:ba:17:df:39:bd:41:be:9f:2c:9d:60:a2:55:20:
                    4c:be:8b:a0:ff:2b:77:a7:f4:66:cc:93:7c:38:10:
                    16:53:03:1a:82:75:1c:45:a3:f7:00:0b:bd:64:ac:
                    98:40:83:ca:8f:d8:91:8c:11:f1:70:20:4b:bc:54:
                    01:69:5c:e9:31:d1:89:87:7b:7b:13:24:cf:c3:95:
                    96:d9:b0:b9:5e:5a:99:f8:c4:0e:a3:18:cc:d3:e0:
                    28:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:A7:B0:62:5C:E4:DB:B9:87:DB:7D:83:43:2D:B1:99:84:FC:94:86
            X509v3 Authority Key Identifier:
                keyid:62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/WaewYlzk27mH232DQy2xmYT8lIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:16:46:b9:53:51:b4:a0:e7:c7:b2:a1:dd:20:0e:2e:6b:f4:
         31:04:27:59:e7:5d:23:d7:c5:b1:18:c2:af:74:d4:10:2d:3b:
         af:53:c2:ed:9b:ec:91:30:b3:a6:d9:89:02:c5:ff:f4:cf:e4:
         e0:5a:65:4e:c2:ce:d8:95:74:41:83:aa:86:23:be:77:b0:46:
         6b:36:a7:b6:40:e6:72:92:8a:41:ca:3f:c6:7f:96:38:f4:15:
         ae:67:2f:06:1f:1e:d1:c9:8f:15:79:8a:ce:e5:ff:b9:6f:8b:
         7b:6b:de:cf:12:39:bc:9d:8a:1b:d9:6e:eb:a2:12:26:43:a6:
         c0:40:dd:fd:64:39:42:e3:9d:02:92:21:fa:00:ec:cb:6b:0f:
         e9:2d:ad:eb:68:c7:c5:fe:46:e8:03:28:5a:ca:ef:c7:3a:f1:
         54:fa:a3:c7:05:4b:b2:c9:ff:5c:12:68:df:40:ae:fb:c1:21:
         4c:7f:fe:32:ba:97:0b:72:c7:28:2c:e1:fa:16:9b:ab:f9:2b:
         0b:4d:4a:24:81:a8:71:33:df:2b:39:44:10:c4:41:3d:f6:69:
         98:1d:fd:8d:99:99:5e:cd:da:8e:94:92:2a:34:8a:66:7f:21:
         60:81:36:ba:d2:8a:41:b1:e4:01:eb:53:86:6e:cb:12:58:29:
         08:f2:28:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAX+50iyJdf1PZZYq0AonMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYTE1Y2M4ODY1OWY1NzhjYzE1OWM1MmIzYTdlOWVjNTgx
OWZiMjAwHhcNMjQwMTAyMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWE3YjA2MjVjZTRkYmI5ODdkYjdkODM0MzJkYjE5OTg0ZmM5NDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJ+Sj0apUn++eFbrX9lHUklNP7St
t1rNjf1z8hTdlmfaI9WCwcr3F3A9qfZOCt3vJX9BXU1vcxPXqT50cyl9kmLjM0uJ
d6ioywN3JoYoM5MooBihi5fgFTbBX3cnkKPTpd5R09cbDkBm0O0efmSLjUXERp5O
YI03lOKRBZS7Wn63BYuRmzmr58CysTAB542UY630YoGDANcBwCiLduzauk4VaX2l
uhffOb1Bvp8snWCiVSBMvoug/yt3p/RmzJN8OBAWUwMagnUcRaP3AAu9ZKyYQIPK
j9iRjBHxcCBLvFQBaVzpMdGJh3t7EyTPw5WW2bC5XlqZ+MQOoxjM0+AoywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFmnsGJc5Nu5h9t9g0MtsZmE/JSGMB8GA1UdIwQY
MBaAFGKhXMiGWfV4zBWcUrOn6exYGfsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAt
NDI2OWI1NmJmN2Q0LzEvV2Fld1lsemsyN21IMjMyRFF5MnhtWVQ4bElZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAtNDI2OWI1NmJmN2Q0
LzEvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8H9MA0G
CSqGSIb3DQEBCwUAA4IBAQAuFka5U1G0oOfHsqHdIA4ua/QxBCdZ510j18WxGMKv
dNQQLTuvU8Ltm+yRMLOm2YkCxf/0z+TgWmVOws7YlXRBg6qGI753sEZrNqe2QOZy
kopByj/Gf5Y49BWuZy8GHx7RyY8VeYrO5f+5b4t7a97PEjm8nYob2W7rohImQ6bA
QN39ZDlC450CkiH6AOzLaw/pLa3raMfF/kboAyhayu/HOvFU+qPHBUuyyf9cEmjf
QK77wSFMf/4yupcLcscoLOH6Fpur+SsLTUokgahxM98rOUQQxEE99mmYHf2NmZle
zdqOlJIqNIpmfyFggTa60opBseQB61OGbssSWCkI8iit
-----END CERTIFICATE-----