Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/3c7f83-bc28-4282-aa02-969f2a00ede0/1/ytnFIMyiTbwhmW6yidoKPmL7B-w.roa
File:                     ytnFIMyiTbwhmW6yidoKPmL7B-w.roa (raw, json)
Hash identifier:          rCSowOmr/z5wsV/+tDgp5HvxLw/UfJPp7HohPmPyJpU=
Subject key identifier:   CA:D9:C5:20:CC:A2:4D:BC:21:99:6E:B2:89:DA:0A:3E:62:FB:07:EC
Certificate issuer:       /CN=4295c3ef00cffece2f71b61991c6c6d3da49c110
Certificate serial:       0192AD9AD10771E875AB5584362489C5E36B
Authority key identifier: 42:95:C3:EF:00:CF:FE:CE:2F:71:B6:19:91:C6:C6:D3:DA:49:C1:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpXD7wDP_s4vcbYZkcbG09pJwRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/3c7f83-bc28-4282-aa02-969f2a00ede0/1/ytnFIMyiTbwhmW6yidoKPmL7B-w.roa
Signing time:             Mon 21 Oct 2024 05:44:17 +0000
ROA not before:           Mon 21 Oct 2024 05:44:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58282
IP address blocks:        192.66.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/3c7f83-bc28-4282-aa02-969f2a00ede0/1/QpXD7wDP_s4vcbYZkcbG09pJwRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/3c7f83-bc28-4282-aa02-969f2a00ede0/1/QpXD7wDP_s4vcbYZkcbG09pJwRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QpXD7wDP_s4vcbYZkcbG09pJwRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ad:9a:d1:07:71:e8:75:ab:55:84:36:24:89:c5:e3:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4295c3ef00cffece2f71b61991c6c6d3da49c110
        Validity
            Not Before: Oct 21 05:44:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cad9c520cca24dbc21996eb289da0a3e62fb07ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:bd:84:14:37:e3:67:a7:4f:15:6a:9a:66:57:
                    eb:1f:36:29:1d:da:54:09:56:07:35:12:05:8a:ac:
                    3d:b7:ff:a3:bf:a9:b1:1d:e5:bb:04:d4:79:fd:c4:
                    90:e2:94:54:c8:cc:2c:80:cb:7b:18:7b:b0:60:ea:
                    f1:bc:d1:7a:b4:ff:39:a0:ae:97:84:22:9a:09:e1:
                    76:c5:37:c5:b0:39:62:c5:2d:8c:6e:ba:49:11:ed:
                    aa:97:7d:81:0d:ea:86:1b:9a:34:30:9c:9a:3f:2f:
                    3c:1a:ae:8e:02:58:3a:80:80:b1:3f:6c:f3:73:b8:
                    af:93:20:56:45:8b:a6:fd:da:b8:ef:8d:c2:f0:7f:
                    f0:20:d2:ff:1d:2e:ab:32:fc:38:2b:2d:ad:e3:12:
                    86:82:b5:08:cf:6e:36:4f:4c:6f:46:86:df:3a:bd:
                    2b:95:cf:3f:ce:94:51:58:fc:a4:78:f5:f0:9a:5f:
                    25:9f:3e:37:36:17:08:d0:70:72:8f:b9:68:ca:ab:
                    c0:f6:a6:76:cf:dd:56:2b:50:13:e2:21:d3:b1:a3:
                    a3:44:34:85:b7:d4:51:d7:c1:f4:63:e8:0b:97:c7:
                    c6:90:ad:55:18:20:41:9b:e7:08:7d:92:26:84:97:
                    72:dd:95:e1:d4:ac:97:e1:04:e3:c2:c5:20:bb:8c:
                    6d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:D9:C5:20:CC:A2:4D:BC:21:99:6E:B2:89:DA:0A:3E:62:FB:07:EC
            X509v3 Authority Key Identifier:
                keyid:42:95:C3:EF:00:CF:FE:CE:2F:71:B6:19:91:C6:C6:D3:DA:49:C1:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpXD7wDP_s4vcbYZkcbG09pJwRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/3c7f83-bc28-4282-aa02-969f2a00ede0/1/ytnFIMyiTbwhmW6yidoKPmL7B-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/3c7f83-bc28-4282-aa02-969f2a00ede0/1/QpXD7wDP_s4vcbYZkcbG09pJwRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.66.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:b6:5f:dd:ae:0c:38:bc:d4:90:a8:0e:0c:d4:86:41:24:9e:
         e3:f5:26:ad:95:bf:4e:09:91:45:7f:1c:9a:24:3d:7a:02:ad:
         19:2c:a7:51:4e:2a:84:d4:6a:a4:70:5c:6c:e9:63:f5:cc:3b:
         8b:0a:3b:80:d3:46:20:15:ce:b8:af:35:ea:6d:01:c4:1a:ab:
         6c:81:ae:35:0d:69:63:f1:5f:f7:f6:bc:d4:b7:af:ef:e0:85:
         19:1c:84:77:f3:c0:a9:5b:70:da:c3:72:ee:c3:43:b7:29:34:
         34:86:c8:c2:61:8e:91:a9:89:31:1c:93:f2:68:58:23:03:e0:
         ff:94:c9:14:d7:36:12:41:1c:c1:5d:5f:3b:07:2f:a2:93:b6:
         d1:c3:51:ba:4b:05:92:cc:92:1f:00:ee:31:4b:76:3e:d9:c5:
         b4:2a:46:5b:3e:f5:77:68:03:af:f1:9e:8c:4d:3b:51:dd:c6:
         d8:c8:b0:8d:70:8f:0f:01:d1:09:4f:62:61:d7:04:6e:b2:32:
         e4:29:12:fd:ab:5d:59:2c:64:38:61:01:dc:86:a4:4d:fe:5a:
         6d:ee:3d:9e:1f:33:9a:a7:69:aa:22:79:3e:8e:ec:e0:8c:4c:
         b9:06:8d:79:72:c6:25:41:da:d8:8c:88:ef:45:ed:e7:94:1c:
         52:cd:26:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKtmtEHceh1q1WENiSJxeNrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTVjM2VmMDBjZmZlY2UyZjcxYjYxOTkxYzZjNmQzZGE0
OWMxMTAwHhcNMjQxMDIxMDU0NDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWQ5YzUyMGNjYTI0ZGJjMjE5OTZlYjI4OWRhMGEzZTYyZmIwN2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwb2EFDfjZ6dPFWqaZlfrHzYpHdpU
CVYHNRIFiqw9t/+jv6mxHeW7BNR5/cSQ4pRUyMwsgMt7GHuwYOrxvNF6tP85oK6X
hCKaCeF2xTfFsDlixS2MbrpJEe2ql32BDeqGG5o0MJyaPy88Gq6OAlg6gICxP2zz
c7ivkyBWRYum/dq4743C8H/wINL/HS6rMvw4Ky2t4xKGgrUIz242T0xvRobfOr0r
lc8/zpRRWPykePXwml8lnz43NhcI0HByj7loyqvA9qZ2z91WK1AT4iHTsaOjRDSF
t9RR18H0Y+gLl8fGkK1VGCBBm+cIfZImhJdy3ZXh1KyX4QTjwsUgu4xtRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMrZxSDMok28IZlusonaCj5i+wfsMB8GA1UdIwQY
MBaAFEKVw+8Az/7OL3G2GZHGxtPaScEQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBYRDd3RFBfczR2Y2JZWmtjYkcwOXBKd1JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8zYzdmODMtYmMyOC00MjgyLWFhMDIt
OTY5ZjJhMDBlZGUwLzEveXRuRklNeWlUYndobVc2eWlkb0tQbUw3Qi13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8zYzdmODMtYmMyOC00MjgyLWFhMDItOTY5ZjJhMDBlZGUw
LzEvUXBYRDd3RFBfczR2Y2JZWmtjYkcwOXBKd1JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwEI+MA0G
CSqGSIb3DQEBCwUAA4IBAQCWtl/drgw4vNSQqA4M1IZBJJ7j9Satlb9OCZFFfxya
JD16Aq0ZLKdRTiqE1GqkcFxs6WP1zDuLCjuA00YgFc64rzXqbQHEGqtsga41DWlj
8V/39rzUt6/v4IUZHIR388CpW3Daw3Luw0O3KTQ0hsjCYY6RqYkxHJPyaFgjA+D/
lMkU1zYSQRzBXV87By+ik7bRw1G6SwWSzJIfAO4xS3Y+2cW0KkZbPvV3aAOv8Z6M
TTtR3cbYyLCNcI8PAdEJT2Jh1wRusjLkKRL9q11ZLGQ4YQHchqRN/lpt7j2eHzOa
p2mqInk+juzgjEy5Bo15csYlQdrYjIjvRe3nlBxSzSYo
-----END CERTIFICATE-----