Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/eff44d-24fd-4384-9507-7a034d170b85/1/yns2H9tAIF_TyPIKHLSEjFqiNQI.roa
File:                     yns2H9tAIF_TyPIKHLSEjFqiNQI.roa (raw, json)
Hash identifier:          KiJXW9bXEr145FNj/5PPI0lRzzwyA0LwFVVTIWN9R4I=
Subject key identifier:   CA:7B:36:1F:DB:40:20:5F:D3:C8:F2:0A:1C:B4:84:8C:5A:A2:35:02
Certificate issuer:       /CN=2f117ada3cb9515a6d8a6dcc15f2b0b1a7d9be1d
Certificate serial:       018CC3B7335B2CCB152305F6A2A195684016
Authority key identifier: 2F:11:7A:DA:3C:B9:51:5A:6D:8A:6D:CC:15:F2:B0:B1:A7:D9:BE:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LxF62jy5UVptim3MFfKwsafZvh0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/eff44d-24fd-4384-9507-7a034d170b85/1/yns2H9tAIF_TyPIKHLSEjFqiNQI.roa
Signing time:             Mon 01 Jan 2024 06:30:12 +0000
ROA not before:           Mon 01 Jan 2024 06:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6900
IP address blocks:        141.93.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/eff44d-24fd-4384-9507-7a034d170b85/1/LxF62jy5UVptim3MFfKwsafZvh0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/eff44d-24fd-4384-9507-7a034d170b85/1/LxF62jy5UVptim3MFfKwsafZvh0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LxF62jy5UVptim3MFfKwsafZvh0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:33:5b:2c:cb:15:23:05:f6:a2:a1:95:68:40:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f117ada3cb9515a6d8a6dcc15f2b0b1a7d9be1d
        Validity
            Not Before: Jan  1 06:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca7b361fdb40205fd3c8f20a1cb4848c5aa23502
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:04:a4:31:cd:17:f9:ac:c6:ac:a2:31:04:8e:
                    1a:75:1e:2d:fb:dc:75:06:39:37:cd:ed:7f:96:92:
                    06:af:c5:72:a2:03:68:27:97:04:45:e8:3d:4e:5d:
                    9b:ed:dc:15:66:48:7c:de:97:80:8d:05:24:dd:c4:
                    b4:38:6b:25:01:a1:b1:9c:bf:06:6d:08:dd:9b:21:
                    ab:9b:7f:12:9f:51:07:e1:bd:45:d3:80:67:f8:d5:
                    3f:7c:40:2e:fe:7b:7e:54:93:37:82:43:85:7e:78:
                    c0:03:f9:80:ba:3a:73:22:aa:e0:4b:6f:e0:31:4f:
                    5d:9e:05:ce:09:9e:97:1f:d1:c5:df:84:b9:4d:2b:
                    3f:f6:c6:c0:0a:3c:c7:00:a4:af:95:77:52:9b:73:
                    12:53:80:4a:1f:5a:4b:21:62:d2:ad:60:93:0d:af:
                    c3:20:4f:ee:a8:cd:cd:a1:eb:9b:0f:f7:75:02:f3:
                    2d:0a:c0:82:7b:48:ec:4c:f7:f8:3c:de:c4:2b:01:
                    ce:24:47:34:88:82:fa:72:17:e5:5b:8b:dd:b3:b7:
                    26:6f:0e:51:f4:65:03:f6:a5:43:bf:7e:29:22:65:
                    b2:2a:5b:cd:f5:5c:2d:9e:03:01:87:d8:1b:b7:4d:
                    3d:a7:49:8c:b3:6c:54:69:e1:37:0e:9c:2e:9a:0e:
                    81:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:7B:36:1F:DB:40:20:5F:D3:C8:F2:0A:1C:B4:84:8C:5A:A2:35:02
            X509v3 Authority Key Identifier:
                keyid:2F:11:7A:DA:3C:B9:51:5A:6D:8A:6D:CC:15:F2:B0:B1:A7:D9:BE:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LxF62jy5UVptim3MFfKwsafZvh0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/eff44d-24fd-4384-9507-7a034d170b85/1/yns2H9tAIF_TyPIKHLSEjFqiNQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/eff44d-24fd-4384-9507-7a034d170b85/1/LxF62jy5UVptim3MFfKwsafZvh0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.93.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:66:ce:19:d9:63:e5:30:c8:7a:f5:9b:55:fc:65:c6:93:bb:
         d3:3c:89:2b:b6:ed:2a:12:db:e3:ce:3f:61:94:52:b1:f4:0d:
         8e:f4:1f:17:72:ae:e4:21:7a:ad:a6:c3:1f:20:4c:29:f0:c3:
         a4:6d:b2:51:47:6a:53:17:65:b3:38:f3:4b:56:47:72:cb:8b:
         d6:80:04:f1:b1:2e:18:27:31:ec:01:2d:9a:76:8f:f0:27:ad:
         e6:54:04:fb:0d:fa:f7:0a:34:ad:af:15:5a:cc:02:55:92:02:
         85:e5:49:fd:ec:59:b3:39:57:f5:78:be:8e:a8:f7:58:bd:41:
         e3:8e:25:40:23:e9:02:2b:58:17:69:fa:0b:4b:83:d2:1d:65:
         ed:1f:8f:3b:a5:a7:27:11:69:57:01:28:22:88:73:af:e7:97:
         ae:b7:d8:21:8c:80:27:94:32:c2:1e:35:4a:92:b0:74:2e:98:
         9f:bc:09:4d:fc:a8:c2:f0:48:3c:c1:22:bc:7b:c6:b4:f9:f0:
         ee:ac:4b:e3:7c:aa:06:cc:8c:63:c4:60:38:01:da:16:53:1f:
         55:44:89:9f:a8:3e:df:7f:ad:00:50:12:3d:4d:dd:ad:60:11:
         1e:7f:4b:64:15:5b:18:84:cb:d8:54:48:f5:7d:44:65:c5:ce:
         2d:d9:a3:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzNbLMsVIwX2oqGVaEAWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMTE3YWRhM2NiOTUxNWE2ZDhhNmRjYzE1ZjJiMGIxYTdk
OWJlMWQwHhcNMjQwMTAxMDYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTdiMzYxZmRiNDAyMDVmZDNjOGYyMGExY2I0ODQ4YzVhYTIzNTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhASkMc0X+azGrKIxBI4adR4t+9x1
Bjk3ze1/lpIGr8VyogNoJ5cEReg9Tl2b7dwVZkh83peAjQUk3cS0OGslAaGxnL8G
bQjdmyGrm38Sn1EH4b1F04Bn+NU/fEAu/nt+VJM3gkOFfnjAA/mAujpzIqrgS2/g
MU9dngXOCZ6XH9HF34S5TSs/9sbACjzHAKSvlXdSm3MSU4BKH1pLIWLSrWCTDa/D
IE/uqM3NoeubD/d1AvMtCsCCe0jsTPf4PN7EKwHOJEc0iIL6chflW4vds7cmbw5R
9GUD9qVDv34pImWyKlvN9VwtngMBh9gbt009p0mMs2xUaeE3Dpwumg6BYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMp7Nh/bQCBf08jyChy0hIxaojUCMB8GA1UdIwQY
MBaAFC8Reto8uVFabYptzBXysLGn2b4dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHhGNjJqeTVVVnB0aW0zTUZmS3dzYWZadmgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9lZmY0NGQtMjRmZC00Mzg0LTk1MDct
N2EwMzRkMTcwYjg1LzEveW5zMkg5dEFJRl9UeVBJS0hMU0VqRnFpTlFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9lZmY0NGQtMjRmZC00Mzg0LTk1MDctN2EwMzRkMTcwYjg1
LzEvTHhGNjJqeTVVVnB0aW0zTUZmS3dzYWZadmgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjV0XMA0G
CSqGSIb3DQEBCwUAA4IBAQCtZs4Z2WPlMMh69ZtV/GXGk7vTPIkrtu0qEtvjzj9h
lFKx9A2O9B8Xcq7kIXqtpsMfIEwp8MOkbbJRR2pTF2WzOPNLVkdyy4vWgATxsS4Y
JzHsAS2ado/wJ63mVAT7Dfr3CjStrxVazAJVkgKF5Un97FmzOVf1eL6OqPdYvUHj
jiVAI+kCK1gXafoLS4PSHWXtH487pacnEWlXASgiiHOv55eut9ghjIAnlDLCHjVK
krB0LpifvAlN/KjC8Eg8wSK8e8a0+fDurEvjfKoGzIxjxGA4AdoWUx9VRImfqD7f
f60AUBI9Td2tYBEef0tkFVsYhMvYVEj1fURlxc4t2aPJ
-----END CERTIFICATE-----