Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/406991-5be3-4a05-acb2-1ad47ccd2d9a/1/Yji0ysXxdxsre9I3lR8kIhIWorM.roa
File:                     Yji0ysXxdxsre9I3lR8kIhIWorM.roa (raw, json)
Hash identifier:          PlldFOpxboOulIuhDSr1XBDFUckW0OEzjI51JfGCmzs=
Subject key identifier:   62:38:B4:CA:C5:F1:77:1B:2B:7B:D2:37:95:1F:24:22:12:16:A2:B3
Certificate issuer:       /CN=89e21a2b8a25b971bdb741a0aae325992304194e
Certificate serial:       01905D28934B02AB6F5D0054A0B65FE7D1AC
Authority key identifier: 89:E2:1A:2B:8A:25:B9:71:BD:B7:41:A0:AA:E3:25:99:23:04:19:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ieIaK4oluXG9t0GgquMlmSMEGU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/406991-5be3-4a05-acb2-1ad47ccd2d9a/1/Yji0ysXxdxsre9I3lR8kIhIWorM.roa
Signing time:             Fri 28 Jun 2024 04:44:18 +0000
ROA not before:           Fri 28 Jun 2024 04:44:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215046
IP address blocks:        193.25.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/406991-5be3-4a05-acb2-1ad47ccd2d9a/1/ieIaK4oluXG9t0GgquMlmSMEGU4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/406991-5be3-4a05-acb2-1ad47ccd2d9a/1/ieIaK4oluXG9t0GgquMlmSMEGU4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ieIaK4oluXG9t0GgquMlmSMEGU4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5d:28:93:4b:02:ab:6f:5d:00:54:a0:b6:5f:e7:d1:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89e21a2b8a25b971bdb741a0aae325992304194e
        Validity
            Not Before: Jun 28 04:44:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6238b4cac5f1771b2b7bd237951f24221216a2b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b8:38:c2:c7:b0:39:5a:e1:87:6a:51:10:cc:
                    d6:0a:07:52:40:a1:df:43:7a:c4:b4:45:b2:86:e3:
                    71:4e:08:f0:b3:46:90:af:a3:be:7a:c0:c9:cf:3c:
                    73:d7:b2:dd:9b:1c:28:15:a8:88:8d:3b:fe:f5:83:
                    5a:1f:3c:5e:41:94:be:2a:05:b4:7a:7b:bf:77:bd:
                    7a:a5:82:c1:71:c0:88:ef:44:01:21:c8:1a:24:16:
                    74:74:e8:77:bb:26:c0:5d:03:72:d0:be:5c:0b:e1:
                    bf:1e:45:ce:15:fe:41:1f:2f:08:13:da:33:ab:28:
                    a0:8d:df:db:bb:4b:e7:c5:1b:96:f2:da:88:f2:19:
                    8e:ac:62:b6:2a:25:59:5c:27:70:c4:8b:1f:00:3a:
                    0a:79:c8:7e:c0:63:ce:d0:bf:db:23:32:2c:2a:d3:
                    be:86:a6:98:d8:e7:d7:36:f2:94:fd:b9:b9:05:ea:
                    7a:e6:16:4d:71:4e:fd:20:04:68:4a:6b:3e:d0:a8:
                    62:ad:81:be:8d:a6:42:dc:13:59:73:31:fa:04:fc:
                    eb:a4:46:ef:ca:c2:8a:f7:00:3c:27:fe:26:6a:4c:
                    27:30:66:f9:e7:e3:56:1a:d5:c8:5d:80:5b:9f:72:
                    53:42:37:0e:0c:45:33:de:26:98:1a:f0:64:cb:a0:
                    7c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:38:B4:CA:C5:F1:77:1B:2B:7B:D2:37:95:1F:24:22:12:16:A2:B3
            X509v3 Authority Key Identifier:
                keyid:89:E2:1A:2B:8A:25:B9:71:BD:B7:41:A0:AA:E3:25:99:23:04:19:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ieIaK4oluXG9t0GgquMlmSMEGU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/406991-5be3-4a05-acb2-1ad47ccd2d9a/1/Yji0ysXxdxsre9I3lR8kIhIWorM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/406991-5be3-4a05-acb2-1ad47ccd2d9a/1/ieIaK4oluXG9t0GgquMlmSMEGU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:1f:44:9a:ea:1a:5e:9a:fa:d1:51:ec:14:34:fb:1c:56:df:
         1e:69:a6:75:2b:95:21:42:52:9f:a7:58:c6:de:77:bd:c5:58:
         35:29:50:cc:29:46:97:8a:a8:2a:31:29:2c:45:03:49:a4:10:
         21:3a:5e:47:d3:43:69:08:d5:b9:79:d6:08:07:ec:32:c2:e1:
         0b:05:89:0d:9b:df:1c:1d:e3:be:ce:d6:bf:a3:54:b7:44:5b:
         d0:a8:d1:64:2a:94:15:48:f2:81:7d:45:05:5a:f8:49:9b:df:
         72:ef:01:54:a0:ef:60:f5:ea:82:23:22:f2:f3:da:a3:52:c7:
         a4:6c:d3:ed:e5:74:b5:c8:4b:07:a3:3a:58:8f:f7:e0:16:73:
         a7:09:c0:db:9d:11:d8:fa:8c:c1:bf:77:0f:6a:cc:c1:83:20:
         70:24:0c:c9:5e:51:b9:f2:70:5c:11:b1:37:1b:b0:34:d8:c7:
         f9:b4:c9:de:27:6a:3b:d0:12:11:79:54:27:05:0d:d3:35:4d:
         1c:c0:f4:97:70:8f:4d:a0:a8:c1:2b:e8:00:f1:b3:af:51:af:
         60:33:8e:c8:32:da:4c:d7:d5:86:64:25:c3:3f:65:67:39:d8:
         53:14:87:57:27:f9:77:7a:12:7d:59:2d:90:7d:30:85:ee:fc:
         0b:e6:f3:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBdKJNLAqtvXQBUoLZf59GsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ZTIxYTJiOGEyNWI5NzFiZGI3NDFhMGFhZTMyNTk5MjMw
NDE5NGUwHhcNMjQwNjI4MDQ0NDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjM4YjRjYWM1ZjE3NzFiMmI3YmQyMzc5NTFmMjQyMjEyMTZhMmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbg4wsewOVrhh2pREMzWCgdSQKHf
Q3rEtEWyhuNxTgjws0aQr6O+esDJzzxz17LdmxwoFaiIjTv+9YNaHzxeQZS+KgW0
enu/d716pYLBccCI70QBIcgaJBZ0dOh3uybAXQNy0L5cC+G/HkXOFf5BHy8IE9oz
qyigjd/bu0vnxRuW8tqI8hmOrGK2KiVZXCdwxIsfADoKech+wGPO0L/bIzIsKtO+
hqaY2OfXNvKU/bm5Bep65hZNcU79IARoSms+0KhirYG+jaZC3BNZczH6BPzrpEbv
ysKK9wA8J/4makwnMGb55+NWGtXIXYBbn3JTQjcODEUz3iaYGvBky6B8PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGI4tMrF8XcbK3vSN5UfJCISFqKzMB8GA1UdIwQY
MBaAFIniGiuKJblxvbdBoKrjJZkjBBlOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWVJYUs0b2x1WEc5dDBHZ3F1TWxtU01FR1U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi80MDY5OTEtNWJlMy00YTA1LWFjYjIt
MWFkNDdjY2QyZDlhLzEvWWppMHlzWHhkeHNyZTlJM2xSOGtJaElXb3JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi80MDY5OTEtNWJlMy00YTA1LWFjYjItMWFkNDdjY2QyZDlh
LzEvaWVJYUs0b2x1WEc5dDBHZ3F1TWxtU01FR1U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRn8MA0G
CSqGSIb3DQEBCwUAA4IBAQBKH0Sa6hpemvrRUewUNPscVt8eaaZ1K5UhQlKfp1jG
3ne9xVg1KVDMKUaXiqgqMSksRQNJpBAhOl5H00NpCNW5edYIB+wywuELBYkNm98c
HeO+zta/o1S3RFvQqNFkKpQVSPKBfUUFWvhJm99y7wFUoO9g9eqCIyLy89qjUsek
bNPt5XS1yEsHozpYj/fgFnOnCcDbnRHY+ozBv3cPaszBgyBwJAzJXlG58nBcEbE3
G7A02Mf5tMneJ2o70BIReVQnBQ3TNU0cwPSXcI9NoKjBK+gA8bOvUa9gM47IMtpM
19WGZCXDP2VnOdhTFIdXJ/l3ehJ9WS2QfTCF7vwL5vNf
-----END CERTIFICATE-----