Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/YgxVbArzdtPp1zSUD1TqxDHC_bI.roa
File:                     YgxVbArzdtPp1zSUD1TqxDHC_bI.roa (raw, json)
Hash identifier:          Yx6i9YnonnMJHQ0/D+d8L6Day96T16aQpiz8vOFIWAg=
Subject key identifier:   62:0C:55:6C:0A:F3:76:D3:E9:D7:34:94:0F:54:EA:C4:31:C2:FD:B2
Certificate issuer:       /CN=ec7469c5428eef9ab768d9ed6c2c89443a6bb4be
Certificate serial:       0193630B122E4597123E8DB80BF1EA2F199F
Authority key identifier: EC:74:69:C5:42:8E:EF:9A:B7:68:D9:ED:6C:2C:89:44:3A:6B:B4:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7HRpxUKO75q3aNntbCyJRDprtL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/YgxVbArzdtPp1zSUD1TqxDHC_bI.roa
Signing time:             Mon 25 Nov 2024 11:18:10 +0000
ROA not before:           Mon 25 Nov 2024 11:18:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207388
IP address blocks:        81.30.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/7HRpxUKO75q3aNntbCyJRDprtL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/7HRpxUKO75q3aNntbCyJRDprtL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7HRpxUKO75q3aNntbCyJRDprtL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:63:0b:12:2e:45:97:12:3e:8d:b8:0b:f1:ea:2f:19:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec7469c5428eef9ab768d9ed6c2c89443a6bb4be
        Validity
            Not Before: Nov 25 11:18:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=620c556c0af376d3e9d734940f54eac431c2fdb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:62:ca:96:2d:26:11:16:ae:f4:81:54:64:c4:
                    7c:cf:9e:a2:8f:b1:2b:fb:ee:b3:d5:50:2a:e1:91:
                    c8:82:dc:75:b1:45:92:d7:3f:97:57:a2:70:18:91:
                    25:3d:df:4e:94:04:41:47:d8:d7:e4:cf:a3:d9:db:
                    c8:00:53:4a:73:ab:26:67:a6:db:ad:09:f6:77:d4:
                    f1:9c:8f:10:d0:e1:7b:72:65:71:0c:23:50:86:1d:
                    8a:b5:8d:85:1d:7d:d0:c0:7a:74:1b:cc:14:5c:e9:
                    2e:c4:65:36:d4:a7:b3:c7:1b:63:43:8c:eb:54:77:
                    5d:b0:27:e2:a2:6f:00:31:ff:97:9d:7f:d5:57:16:
                    5c:97:de:ae:32:d6:a6:f3:0e:48:fe:92:bb:7c:30:
                    5e:1b:c0:7f:e5:54:b9:0c:c8:e1:6f:f8:05:9f:8a:
                    fa:50:f6:53:f8:46:0e:b2:2c:f3:f4:79:b3:e4:bd:
                    86:73:f9:3f:24:02:7c:b6:7d:41:64:47:90:df:18:
                    fc:b7:14:1b:ce:dc:17:88:3a:c9:44:27:b9:bc:e0:
                    b2:e3:1b:ba:fb:96:7c:37:33:41:09:b9:9c:fc:3b:
                    d3:e9:5e:a4:b7:5a:31:dc:6b:af:28:78:24:bd:6b:
                    00:9b:06:66:11:71:e0:36:69:38:61:f0:5e:08:22:
                    93:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:0C:55:6C:0A:F3:76:D3:E9:D7:34:94:0F:54:EA:C4:31:C2:FD:B2
            X509v3 Authority Key Identifier:
                keyid:EC:74:69:C5:42:8E:EF:9A:B7:68:D9:ED:6C:2C:89:44:3A:6B:B4:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7HRpxUKO75q3aNntbCyJRDprtL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/YgxVbArzdtPp1zSUD1TqxDHC_bI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/7HRpxUKO75q3aNntbCyJRDprtL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:5b:ad:ee:dc:32:3a:68:da:9f:32:87:c1:00:46:8e:c7:c7:
         65:e6:d7:bb:b8:61:69:9a:9f:79:a3:c5:da:71:06:7e:34:07:
         3d:19:ff:9d:17:f6:2b:62:c9:36:43:6f:c5:51:48:19:be:d8:
         d7:7f:7d:0c:6a:2e:50:7a:33:90:ff:f6:eb:e9:54:12:19:27:
         37:f9:d1:36:fb:57:e1:9e:e5:f9:06:89:63:d2:9d:1a:29:3a:
         0d:d0:4c:b4:9b:ad:c9:3c:8c:3f:fb:1e:a4:3c:18:df:5b:eb:
         72:a7:2f:bc:c4:67:d0:8f:a3:96:8c:78:65:72:b5:16:5a:ca:
         b5:d2:f2:b8:ea:db:8b:68:e7:9a:97:38:85:ea:ff:15:58:65:
         b7:b7:43:8c:89:e6:52:5f:17:c5:24:52:85:66:1c:03:e2:e7:
         46:44:18:29:39:94:02:44:ba:f6:81:05:40:86:f5:e3:6b:68:
         f1:e5:fc:61:15:fd:8c:63:41:50:42:f5:b4:45:78:80:6f:f6:
         b2:0f:97:31:49:d5:1e:a1:6a:6a:5c:39:90:e1:a5:fa:90:51:
         6e:a4:76:48:48:c0:23:4e:a7:dc:7c:18:6b:1f:83:a3:39:36:
         80:78:26:e1:5e:81:b5:5e:df:4e:c8:68:78:22:a5:fe:28:73:
         bb:38:96:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNjCxIuRZcSPo24C/HqLxmfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNzQ2OWM1NDI4ZWVmOWFiNzY4ZDllZDZjMmM4OTQ0M2E2
YmI0YmUwHhcNMjQxMTI1MTExODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjBjNTU2YzBhZjM3NmQzZTlkNzM0OTQwZjU0ZWFjNDMxYzJmZGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1mLKli0mERau9IFUZMR8z56ij7Er
++6z1VAq4ZHIgtx1sUWS1z+XV6JwGJElPd9OlARBR9jX5M+j2dvIAFNKc6smZ6bb
rQn2d9TxnI8Q0OF7cmVxDCNQhh2KtY2FHX3QwHp0G8wUXOkuxGU21KezxxtjQ4zr
VHddsCfiom8AMf+XnX/VVxZcl96uMtam8w5I/pK7fDBeG8B/5VS5DMjhb/gFn4r6
UPZT+EYOsizz9Hmz5L2Gc/k/JAJ8tn1BZEeQ3xj8txQbztwXiDrJRCe5vOCy4xu6
+5Z8NzNBCbmc/DvT6V6kt1ox3GuvKHgkvWsAmwZmEXHgNmk4YfBeCCKTKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIMVWwK83bT6dc0lA9U6sQxwv2yMB8GA1UdIwQY
MBaAFOx0acVCju+at2jZ7WwsiUQ6a7S+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0hScHhVS083NXEzYU5udGJDeUpSRHBydEw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82YjU0NGMtNTBlNy00Zjk2LThjOGQt
OGRlZTFkYTEwNzQxLzEvWWd4VmJBcnpkdFBwMXpTVUQxVHF4REhDX2JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82YjU0NGMtNTBlNy00Zjk2LThjOGQtOGRlZTFkYTEwNzQx
LzEvN0hScHhVS083NXEzYU5udGJDeUpSRHBydEw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR5rMA0G
CSqGSIb3DQEBCwUAA4IBAQB6W63u3DI6aNqfMofBAEaOx8dl5te7uGFpmp95o8Xa
cQZ+NAc9Gf+dF/YrYsk2Q2/FUUgZvtjXf30Mai5QejOQ//br6VQSGSc3+dE2+1fh
nuX5Bolj0p0aKToN0Ey0m63JPIw/+x6kPBjfW+typy+8xGfQj6OWjHhlcrUWWsq1
0vK46tuLaOealziF6v8VWGW3t0OMieZSXxfFJFKFZhwD4udGRBgpOZQCRLr2gQVA
hvXja2jx5fxhFf2MY0FQQvW0RXiAb/ayD5cxSdUeoWpqXDmQ4aX6kFFupHZISMAj
TqfcfBhrH4OjOTaAeCbhXoG1Xt9OyGh4IqX+KHO7OJZe
-----END CERTIFICATE-----