Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/36ccba-85f0-4001-b939-5f6980b8c467/1/YPw1-ebVcxZm9dzraArn2Eeq7ZQ.roa
File:                     YPw1-ebVcxZm9dzraArn2Eeq7ZQ.roa (raw, json)
Hash identifier:          nVAPtubCFlxJn24d+K75yT36a1qRX+izhXTQQRSNPmk=
Subject key identifier:   60:FC:35:F9:E6:D5:73:16:66:F5:DC:EB:68:0A:E7:D8:47:AA:ED:94
Certificate issuer:       /CN=ec2918069b21e165f8cc942a6793fde5b1655be6
Certificate serial:       018CC26D0DC877AC06380B6243525C280851
Authority key identifier: EC:29:18:06:9B:21:E1:65:F8:CC:94:2A:67:93:FD:E5:B1:65:5B:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7CkYBpsh4WX4zJQqZ5P95bFlW-Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/36ccba-85f0-4001-b939-5f6980b8c467/1/YPw1-ebVcxZm9dzraArn2Eeq7ZQ.roa
Signing time:             Mon 01 Jan 2024 00:29:35 +0000
ROA not before:           Mon 01 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57063
IP address blocks:        213.5.72.0/24 maxlen: 24
                          91.236.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/36ccba-85f0-4001-b939-5f6980b8c467/1/7CkYBpsh4WX4zJQqZ5P95bFlW-Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/36ccba-85f0-4001-b939-5f6980b8c467/1/7CkYBpsh4WX4zJQqZ5P95bFlW-Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7CkYBpsh4WX4zJQqZ5P95bFlW-Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0d:c8:77:ac:06:38:0b:62:43:52:5c:28:08:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec2918069b21e165f8cc942a6793fde5b1655be6
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60fc35f9e6d5731666f5dceb680ae7d847aaed94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:e9:59:35:dc:92:ec:a8:86:ad:b9:cd:bd:64:
                    03:7a:2e:5a:84:85:f7:d7:8a:e6:6a:23:f2:b2:e0:
                    f5:0f:b4:14:73:db:a2:df:64:7f:ef:f1:0b:ac:bc:
                    b8:4b:cb:74:f8:dc:dc:13:bc:f4:f0:31:2d:6a:2f:
                    34:88:6a:d9:e5:25:62:39:b6:59:96:64:41:21:9a:
                    d8:77:b6:74:42:d3:e8:2e:3c:f2:52:13:aa:44:0d:
                    0a:d7:0e:bd:99:9c:19:07:73:7f:8b:f8:05:aa:07:
                    e5:25:6b:07:ce:f6:43:5b:df:94:38:ad:9a:fb:2e:
                    14:94:de:03:54:eb:31:bd:e6:ea:f8:52:ef:ae:d8:
                    f8:20:b7:47:c3:cf:fe:ed:8f:14:74:3b:c1:74:44:
                    ba:ac:7c:e8:90:f4:24:f5:8c:d3:61:b1:01:ba:40:
                    10:b0:94:64:cf:74:4d:f6:05:44:86:a8:4b:87:21:
                    a3:a8:bd:94:16:a7:06:9e:e0:de:cd:7c:42:14:37:
                    23:e8:a7:8b:b2:ed:cd:73:96:fd:a9:08:6a:32:45:
                    ad:b6:51:53:bd:fe:e8:7d:9b:2f:29:99:37:64:78:
                    d2:88:7c:16:ad:24:53:b2:43:83:95:af:97:94:0a:
                    6b:32:cc:ce:95:4a:3a:ef:61:48:d2:7e:86:89:5f:
                    cf:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:FC:35:F9:E6:D5:73:16:66:F5:DC:EB:68:0A:E7:D8:47:AA:ED:94
            X509v3 Authority Key Identifier:
                keyid:EC:29:18:06:9B:21:E1:65:F8:CC:94:2A:67:93:FD:E5:B1:65:5B:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7CkYBpsh4WX4zJQqZ5P95bFlW-Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/36ccba-85f0-4001-b939-5f6980b8c467/1/YPw1-ebVcxZm9dzraArn2Eeq7ZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/36ccba-85f0-4001-b939-5f6980b8c467/1/7CkYBpsh4WX4zJQqZ5P95bFlW-Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.201.0/24
                  213.5.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:e5:35:c6:1e:95:94:ab:db:ac:ae:e3:86:03:6d:e4:4e:64:
         8c:04:8f:c3:9e:e3:ef:21:6a:20:da:df:44:52:74:cc:c2:7f:
         51:24:2c:df:0d:37:8d:98:5b:7d:62:49:6a:0b:d5:c2:83:4c:
         6c:4a:30:5b:9f:06:6e:d5:da:ea:d6:68:38:64:84:b6:77:76:
         66:cd:0d:4e:11:89:0a:96:91:e7:7d:46:50:f1:25:50:2b:75:
         20:1a:1e:3f:c4:2d:9c:ff:76:47:25:87:26:de:ce:88:42:d8:
         a7:34:09:63:ad:65:4d:db:40:d5:3d:01:ec:4a:42:68:1b:0d:
         00:a4:67:46:cf:5c:86:a4:a9:94:ae:95:d4:9c:47:b7:50:42:
         9c:3a:20:e1:77:f1:16:f3:d6:2a:79:b5:e1:fd:bf:6e:88:63:
         dc:c3:56:e4:ca:f0:39:2e:40:4e:2f:5c:f1:a6:04:45:7d:52:
         3a:30:9f:a7:dd:ed:aa:89:16:af:e6:f0:60:f4:4d:b7:ac:2e:
         d8:de:12:73:48:a1:ce:c3:4d:30:ec:0f:46:41:aa:e7:78:01:
         ad:49:f6:fa:a5:d2:57:94:e7:f8:6b:00:ee:a4:e8:9d:a4:5a:
         1c:fc:00:0d:11:16:29:36:73:55:90:06:c2:10:a0:45:96:f5:
         59:20:08:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbQ3Id6wGOAtiQ1JcKAhRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjMjkxODA2OWIyMWUxNjVmOGNjOTQyYTY3OTNmZGU1YjE2
NTViZTYwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGZjMzVmOWU2ZDU3MzE2NjZmNWRjZWI2ODBhZTdkODQ3YWFlZDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+lZNdyS7KiGrbnNvWQDei5ahIX3
14rmaiPysuD1D7QUc9ui32R/7/ELrLy4S8t0+NzcE7z08DEtai80iGrZ5SViObZZ
lmRBIZrYd7Z0QtPoLjzyUhOqRA0K1w69mZwZB3N/i/gFqgflJWsHzvZDW9+UOK2a
+y4UlN4DVOsxvebq+FLvrtj4ILdHw8/+7Y8UdDvBdES6rHzokPQk9YzTYbEBukAQ
sJRkz3RN9gVEhqhLhyGjqL2UFqcGnuDezXxCFDcj6KeLsu3Nc5b9qQhqMkWttlFT
vf7ofZsvKZk3ZHjSiHwWrSRTskODla+XlAprMszOlUo672FI0n6GiV/PgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGD8Nfnm1XMWZvXc62gK59hHqu2UMB8GA1UdIwQY
MBaAFOwpGAabIeFl+MyUKmeT/eWxZVvmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0NrWUJwc2g0V1g0ekpRcVo1UDk1YkZsVy1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8zNmNjYmEtODVmMC00MDAxLWI5Mzkt
NWY2OTgwYjhjNDY3LzEvWVB3MS1lYlZjeFptOWR6cmFBcm4yRWVxN1pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8zNmNjYmEtODVmMC00MDAxLWI5MzktNWY2OTgwYjhjNDY3
LzEvN0NrWUJwc2g0V1g0ekpRcVo1UDk1YkZsVy1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+zJAwQA
1QVIMA0GCSqGSIb3DQEBCwUAA4IBAQCP5TXGHpWUq9usruOGA23kTmSMBI/DnuPv
IWog2t9EUnTMwn9RJCzfDTeNmFt9YklqC9XCg0xsSjBbnwZu1drq1mg4ZIS2d3Zm
zQ1OEYkKlpHnfUZQ8SVQK3UgGh4/xC2c/3ZHJYcm3s6IQtinNAljrWVN20DVPQHs
SkJoGw0ApGdGz1yGpKmUrpXUnEe3UEKcOiDhd/EW89YqebXh/b9uiGPcw1bkyvA5
LkBOL1zxpgRFfVI6MJ+n3e2qiRav5vBg9E23rC7Y3hJzSKHOw00w7A9GQarneAGt
Sfb6pdJXlOf4awDupOidpFoc/AANERYpNnNVkAbCEKBFlvVZIAiy
-----END CERTIFICATE-----