Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/YtnZu-c0kgMDTAChjtBERUQSanA.roa
File:                     YtnZu-c0kgMDTAChjtBERUQSanA.roa (raw, json)
Hash identifier:          tYMylqMx0c2qfSfZBjQ3pAWcw3O1p68Md9BYMc3Adjo=
Subject key identifier:   62:D9:D9:BB:E7:34:92:03:03:4C:00:A1:8E:D0:44:45:44:12:6A:70
Certificate issuer:       /CN=ec7469c5428eef9ab768d9ed6c2c89443a6bb4be
Certificate serial:       019423D7980D6DC7461A77E373347116064C
Authority key identifier: EC:74:69:C5:42:8E:EF:9A:B7:68:D9:ED:6C:2C:89:44:3A:6B:B4:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7HRpxUKO75q3aNntbCyJRDprtL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/YtnZu-c0kgMDTAChjtBERUQSanA.roa
Signing time:             Wed 01 Jan 2025 21:48:39 +0000
ROA not before:           Wed 01 Jan 2025 21:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58192
IP address blocks:        81.30.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/7HRpxUKO75q3aNntbCyJRDprtL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/7HRpxUKO75q3aNntbCyJRDprtL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7HRpxUKO75q3aNntbCyJRDprtL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 20:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:98:0d:6d:c7:46:1a:77:e3:73:34:71:16:06:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec7469c5428eef9ab768d9ed6c2c89443a6bb4be
        Validity
            Not Before: Jan  1 21:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62d9d9bbe7349203034c00a18ed0444544126a70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b6:ba:ee:4b:b5:a2:bc:2d:6d:6a:d4:39:65:
                    bc:46:eb:92:24:ee:07:b3:27:ac:36:61:e1:cc:94:
                    af:85:ad:3f:6c:90:0e:df:b9:46:e3:94:30:74:0e:
                    78:20:f4:d3:82:15:e3:bf:fc:e4:17:0a:c9:11:85:
                    53:7f:08:9e:44:9f:f0:bd:ae:8f:47:f8:88:74:c5:
                    aa:c6:96:e5:61:98:cc:a1:ba:02:99:57:56:e3:46:
                    b6:3f:ff:58:82:dd:96:5e:97:89:67:13:d9:24:04:
                    b0:09:91:66:dc:e2:29:f7:80:3a:81:16:58:87:c8:
                    9f:91:d2:5a:62:63:52:4e:fe:73:12:e9:7d:d4:09:
                    e5:2a:0f:23:83:dd:06:36:5e:0e:6c:82:3b:84:db:
                    27:6e:e6:3e:4c:61:ba:a5:37:1c:a5:6b:22:87:3a:
                    88:e7:1c:bf:0f:5c:19:a0:27:f1:de:d8:1d:76:17:
                    72:70:96:a0:6c:d3:57:2a:a8:e2:6f:fd:23:a8:37:
                    d5:c8:7f:a6:82:49:84:91:f5:2c:f1:1c:c1:cc:a7:
                    1d:d1:10:50:c7:ea:4c:05:9d:f6:91:40:22:e0:86:
                    bc:c7:f6:ce:c2:b0:9c:46:f2:5a:ed:bf:3e:14:20:
                    00:b6:56:fb:e1:fc:e9:c6:ea:d2:3d:6c:a8:48:d6:
                    5d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:D9:D9:BB:E7:34:92:03:03:4C:00:A1:8E:D0:44:45:44:12:6A:70
            X509v3 Authority Key Identifier:
                keyid:EC:74:69:C5:42:8E:EF:9A:B7:68:D9:ED:6C:2C:89:44:3A:6B:B4:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7HRpxUKO75q3aNntbCyJRDprtL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/YtnZu-c0kgMDTAChjtBERUQSanA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/7HRpxUKO75q3aNntbCyJRDprtL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:3a:ef:63:f4:6e:e7:ee:d2:ff:a1:b7:80:b7:31:52:75:d0:
         a5:2c:e8:df:e4:6b:6d:08:17:2b:85:8c:06:a3:ec:72:b1:19:
         bc:16:d8:08:77:97:3b:16:0a:35:e9:ba:f8:dc:10:4f:52:43:
         a4:99:c2:f9:e9:8c:8d:fd:ce:e2:4f:28:3f:1c:0e:fa:88:1e:
         75:03:4c:b3:1f:d6:48:82:00:80:92:a3:1b:8b:45:45:9e:03:
         b8:05:2c:9c:7f:80:5d:52:cf:82:6e:34:75:15:61:f1:12:7b:
         36:da:26:ba:5f:00:b1:a8:55:11:52:92:e7:c0:d6:1e:bb:89:
         3d:0d:5b:b9:6b:b5:70:a8:c0:88:7e:b6:9c:f9:92:e9:3f:a2:
         0a:12:d1:f8:bb:db:c4:2a:82:6b:b3:e3:ea:b6:cb:a2:88:2c:
         4e:23:67:3d:04:f7:2b:76:ac:7b:bd:01:fe:c7:e7:46:68:ee:
         b1:ee:6e:eb:c0:e2:ce:ff:db:47:24:db:67:56:4d:43:60:4b:
         a1:11:af:a9:2a:5f:cf:ed:9c:e5:49:f0:3b:42:26:5f:82:ff:
         8e:03:48:94:4d:d9:67:84:22:74:84:44:25:c8:19:07:8b:c2:
         be:33:e4:93:fc:cd:1d:e1:40:a4:a3:c2:98:c2:bc:2f:46:89:
         01:b4:38:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj15gNbcdGGnfjczRxFgZMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNzQ2OWM1NDI4ZWVmOWFiNzY4ZDllZDZjMmM4OTQ0M2E2
YmI0YmUwHhcNMjUwMTAxMjE0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmQ5ZDliYmU3MzQ5MjAzMDM0YzAwYTE4ZWQwNDQ0NTQ0MTI2YTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuba67ku1orwtbWrUOWW8RuuSJO4H
syesNmHhzJSvha0/bJAO37lG45QwdA54IPTTghXjv/zkFwrJEYVTfwieRJ/wva6P
R/iIdMWqxpblYZjMoboCmVdW40a2P/9Ygt2WXpeJZxPZJASwCZFm3OIp94A6gRZY
h8ifkdJaYmNSTv5zEul91AnlKg8jg90GNl4ObII7hNsnbuY+TGG6pTccpWsihzqI
5xy/D1wZoCfx3tgddhdycJagbNNXKqjib/0jqDfVyH+mgkmEkfUs8RzBzKcd0RBQ
x+pMBZ32kUAi4Ia8x/bOwrCcRvJa7b8+FCAAtlb74fzpxurSPWyoSNZdlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLZ2bvnNJIDA0wAoY7QREVEEmpwMB8GA1UdIwQY
MBaAFOx0acVCju+at2jZ7WwsiUQ6a7S+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0hScHhVS083NXEzYU5udGJDeUpSRHBydEw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82YjU0NGMtNTBlNy00Zjk2LThjOGQt
OGRlZTFkYTEwNzQxLzEvWXRuWnUtYzBrZ01EVEFDaGp0QkVSVVFTYW5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82YjU0NGMtNTBlNy00Zjk2LThjOGQtOGRlZTFkYTEwNzQx
LzEvN0hScHhVS083NXEzYU5udGJDeUpSRHBydEw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR5rMA0G
CSqGSIb3DQEBCwUAA4IBAQCTOu9j9G7n7tL/obeAtzFSddClLOjf5GttCBcrhYwG
o+xysRm8FtgId5c7Fgo16br43BBPUkOkmcL56YyN/c7iTyg/HA76iB51A0yzH9ZI
ggCAkqMbi0VFngO4BSycf4BdUs+CbjR1FWHxEns22ia6XwCxqFURUpLnwNYeu4k9
DVu5a7VwqMCIfrac+ZLpP6IKEtH4u9vEKoJrs+PqtsuiiCxOI2c9BPcrdqx7vQH+
x+dGaO6x7m7rwOLO/9tHJNtnVk1DYEuhEa+pKl/P7ZzlSfA7QiZfgv+OA0iUTdln
hCJ0hEQlyBkHi8K+M+ST/M0d4UCko8KYwrwvRokBtDhY
-----END CERTIFICATE-----