Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ynYpb4ReTL50_78kTNtvq119_kM.roa
File:                     ynYpb4ReTL50_78kTNtvq119_kM.roa (raw, json)
Hash identifier:          4CAmuYyJVwG2x+qLzIS/1+Hvmr8u17J3s+kZljqNJuA=
Subject key identifier:   CA:76:29:6F:84:5E:4C:BE:74:FF:BF:24:4C:DB:6F:AB:5D:7D:FE:43
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0190EABFECF0E766A49BBAAA408C83584C43
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ynYpb4ReTL50_78kTNtvq119_kM.roa
Signing time:             Thu 25 Jul 2024 16:36:04 +0000
ROA not before:           Thu 25 Jul 2024 16:36:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31715
IP address blocks:        89.213.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ea:bf:ec:f0:e7:66:a4:9b:ba:aa:40:8c:83:58:4c:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 25 16:36:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca76296f845e4cbe74ffbf244cdb6fab5d7dfe43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:62:36:08:cf:2e:e2:c1:2b:e8:dc:fb:39:8a:
                    7a:a6:b5:1a:de:dd:62:5e:24:20:b2:de:ae:8d:14:
                    ea:d4:e7:d3:3e:a8:31:fe:ec:3b:26:3e:75:e6:14:
                    4c:66:2c:33:fc:2a:99:25:a2:e4:0b:ac:f5:dd:e7:
                    0f:da:a5:89:48:26:53:34:15:d2:2d:7c:0a:4c:f4:
                    de:a3:12:75:29:6a:b1:99:1c:1e:75:b4:f0:51:d1:
                    37:b2:87:5c:16:1b:02:37:4b:07:e9:65:44:85:23:
                    30:f3:6d:e5:94:4a:26:e3:3d:78:a6:ba:f6:58:ef:
                    b2:cf:c9:26:98:eb:04:58:dd:da:63:f7:94:0d:5e:
                    b7:9d:3a:2f:e3:cb:16:ee:f6:08:63:ad:49:32:ea:
                    11:80:61:ce:ef:06:6c:6b:db:37:6c:4f:81:b6:13:
                    fc:23:c6:bd:89:78:29:bd:55:81:ad:10:7b:49:4f:
                    6f:86:51:b6:58:8a:9d:de:07:95:a8:2b:e9:d5:46:
                    68:0a:74:b4:eb:10:89:eb:fd:27:34:a6:8a:01:79:
                    34:c0:e7:b1:fa:f5:ce:54:8e:4d:04:c2:ec:08:fb:
                    b1:f0:1c:93:c3:de:77:c0:12:41:68:72:48:cd:69:
                    43:de:05:5e:14:7a:fc:d3:e9:c3:43:89:85:05:95:
                    28:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:76:29:6F:84:5E:4C:BE:74:FF:BF:24:4C:DB:6F:AB:5D:7D:FE:43
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ynYpb4ReTL50_78kTNtvq119_kM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:e4:73:c1:30:1c:a6:88:e3:c5:84:72:3d:13:7d:4e:c9:61:
         09:6d:30:70:06:7d:12:9f:45:e7:f6:85:02:60:80:b7:5d:f5:
         c8:e3:39:05:ed:71:9c:39:ee:46:69:ed:e2:66:0c:5c:fd:e9:
         c3:5c:70:76:d6:9a:62:18:56:39:0c:ad:71:56:46:32:17:01:
         6f:86:46:60:54:a0:a3:02:57:3b:c2:c2:fa:8a:30:b3:2b:b6:
         19:97:64:2c:2d:5d:82:11:bb:99:4a:30:13:55:15:f6:a3:c8:
         aa:87:2e:75:ea:9c:5b:11:f6:11:8b:9a:4e:db:0b:49:75:4b:
         84:fb:a3:5d:d0:52:2b:5a:34:12:31:d4:97:c9:f4:c3:db:36:
         47:7b:4d:59:1c:f6:96:5c:7c:b5:8c:e2:5e:94:d1:6c:79:62:
         5f:ce:e8:da:c0:95:c9:1a:3b:ac:42:55:7f:57:04:bf:53:c2:
         c0:6e:f8:7f:cb:a0:5e:91:8f:a1:52:91:c9:17:25:35:56:fc:
         41:42:52:2d:ff:45:84:de:7c:02:d6:39:10:06:46:06:3c:8e:
         a4:ac:68:78:c3:1c:22:f3:67:14:09:ae:83:13:43:ce:fa:bd:
         da:34:50:e5:79:0b:86:af:7a:57:a0:81:b7:19:a1:10:ce:15:
         59:6c:9d:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDqv+zw52akm7qqQIyDWExDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNzI1MTYzNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTc2Mjk2Zjg0NWU0Y2JlNzRmZmJmMjQ0Y2RiNmZhYjVkN2RmZTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3mI2CM8u4sEr6Nz7OYp6prUa3t1i
XiQgst6ujRTq1OfTPqgx/uw7Jj515hRMZiwz/CqZJaLkC6z13ecP2qWJSCZTNBXS
LXwKTPTeoxJ1KWqxmRwedbTwUdE3sodcFhsCN0sH6WVEhSMw823llEom4z14prr2
WO+yz8kmmOsEWN3aY/eUDV63nTov48sW7vYIY61JMuoRgGHO7wZsa9s3bE+BthP8
I8a9iXgpvVWBrRB7SU9vhlG2WIqd3geVqCvp1UZoCnS06xCJ6/0nNKaKAXk0wOex
+vXOVI5NBMLsCPux8ByTw953wBJBaHJIzWlD3gVeFHr80+nDQ4mFBZUoMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMp2KW+EXky+dP+/JEzbb6tdff5DMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveW5ZcGI0UmVUTDUwXzc4a1ROdHZxMTE5X2tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdV4MA0G
CSqGSIb3DQEBCwUAA4IBAQCg5HPBMBymiOPFhHI9E31OyWEJbTBwBn0Sn0Xn9oUC
YIC3XfXI4zkF7XGcOe5Gae3iZgxc/enDXHB21ppiGFY5DK1xVkYyFwFvhkZgVKCj
Alc7wsL6ijCzK7YZl2QsLV2CEbuZSjATVRX2o8iqhy516pxbEfYRi5pO2wtJdUuE
+6Nd0FIrWjQSMdSXyfTD2zZHe01ZHPaWXHy1jOJelNFseWJfzujawJXJGjusQlV/
VwS/U8LAbvh/y6BekY+hUpHJFyU1VvxBQlIt/0WE3nwC1jkQBkYGPI6krGh4wxwi
82cUCa6DE0PO+r3aNFDleQuGr3pXoIG3GaEQzhVZbJ3a
-----END CERTIFICATE-----