Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/YabsFO_Xup9M9qB11ywazFg-_QA.roa
File:                     YabsFO_Xup9M9qB11ywazFg-_QA.roa (raw, json)
Hash identifier:          MPp+cNP/OBG5T2mUHC44+2sCUS+YlqiF6/9zTD77/GU=
Subject key identifier:   61:A6:EC:14:EF:D7:BA:9F:4C:F6:A0:75:D7:2C:1A:CC:58:3E:FD:00
Certificate issuer:       /CN=480b4e6530f58db338e41d434e5c248eb8b49eb5
Certificate serial:       018CC2DAB4FC89B789B32A8355F51DF0EE70
Authority key identifier: 48:0B:4E:65:30:F5:8D:B3:38:E4:1D:43:4E:5C:24:8E:B8:B4:9E:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAtOZTD1jbM45B1DTlwkjri0nrU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/YabsFO_Xup9M9qB11ywazFg-_QA.roa
Signing time:             Mon 01 Jan 2024 02:29:22 +0000
ROA not before:           Mon 01 Jan 2024 02:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3266
IP address blocks:        91.211.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/SAtOZTD1jbM45B1DTlwkjri0nrU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/SAtOZTD1jbM45B1DTlwkjri0nrU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAtOZTD1jbM45B1DTlwkjri0nrU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b4:fc:89:b7:89:b3:2a:83:55:f5:1d:f0:ee:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=480b4e6530f58db338e41d434e5c248eb8b49eb5
        Validity
            Not Before: Jan  1 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61a6ec14efd7ba9f4cf6a075d72c1acc583efd00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:fb:49:0b:82:e2:d4:ab:1b:24:bf:79:85:6f:
                    c5:7a:9c:a6:bb:04:8d:7c:0e:49:53:bb:59:36:d9:
                    b1:21:e4:3c:38:aa:80:b9:a7:b0:80:c4:9b:15:dc:
                    08:b7:89:b9:e5:b4:ba:48:0a:4a:44:92:8a:b0:70:
                    5a:0e:c2:9d:79:7a:8e:36:6e:17:1f:42:db:a4:ce:
                    4c:14:a9:8f:c9:9c:bd:df:ac:a1:09:d0:57:22:8f:
                    74:16:f8:6b:26:83:d9:6f:c4:56:9e:4a:0b:67:b6:
                    79:08:d1:47:bd:b7:74:c4:55:ee:0a:20:0c:ce:a7:
                    2f:3b:cd:00:cb:84:7d:1b:78:31:9f:97:82:f8:2f:
                    8d:63:9a:4a:c4:30:87:3f:81:3e:c8:57:3e:67:10:
                    87:4b:4f:17:72:e6:bf:e0:5c:07:9a:eb:24:b1:46:
                    f8:94:b8:b3:46:c8:bc:73:ea:fd:41:1c:b1:97:70:
                    e2:76:cd:2c:16:d8:31:e1:5b:4f:66:7a:c6:4e:75:
                    e6:bd:bd:3d:3b:e4:28:54:73:72:66:3c:32:2f:64:
                    ea:bc:8f:27:87:b9:a2:00:90:79:b2:d7:eb:c0:bd:
                    1c:4a:ab:64:a6:c4:11:74:fc:c9:7b:d8:1d:88:80:
                    18:5b:5a:64:1d:91:aa:2f:c5:48:86:b1:80:49:25:
                    38:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:A6:EC:14:EF:D7:BA:9F:4C:F6:A0:75:D7:2C:1A:CC:58:3E:FD:00
            X509v3 Authority Key Identifier:
                keyid:48:0B:4E:65:30:F5:8D:B3:38:E4:1D:43:4E:5C:24:8E:B8:B4:9E:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAtOZTD1jbM45B1DTlwkjri0nrU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/YabsFO_Xup9M9qB11ywazFg-_QA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/SAtOZTD1jbM45B1DTlwkjri0nrU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:71:a8:d1:b9:7d:cf:26:a5:97:c1:42:8c:f3:ad:d9:bc:f9:
         16:78:25:fb:0c:91:69:78:c8:09:f1:7f:c7:b8:4b:96:63:d6:
         15:00:de:94:c6:10:fc:68:3e:a5:5d:ba:0b:f3:f6:28:0b:66:
         15:6a:94:47:66:9a:f7:7d:d4:de:b4:f8:cd:73:75:2a:70:45:
         a1:9f:f3:b7:58:c9:f2:84:c4:5a:b9:1f:a2:17:83:1b:10:e4:
         4b:93:7e:52:d6:74:7d:d5:2c:78:1a:37:a2:df:79:0c:e8:6f:
         db:d2:ed:75:cb:52:37:b1:e0:2e:09:0a:df:76:16:72:a5:4f:
         32:b7:69:34:4b:db:0a:fb:ca:f2:cf:46:db:2a:7e:4a:05:d2:
         95:f0:e1:11:af:72:23:af:eb:93:ea:ce:bb:fd:0d:dd:f0:ce:
         25:23:9d:9e:c0:39:19:46:ca:57:9c:e5:be:ed:6d:b0:06:95:
         01:ac:80:78:cd:74:ec:9a:84:04:7d:67:05:92:8c:d8:e7:97:
         2a:c5:0a:6b:c8:3e:cf:18:89:c5:f2:81:13:6f:b5:6d:6d:78:
         96:b1:6e:ec:e9:eb:60:c5:e9:cb:ad:b8:2a:ae:21:2d:16:9b:
         ca:9f:39:2b:30:7f:1f:fb:11:90:46:4b:37:66:c5:1b:02:dd:
         c8:9d:b3:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2rT8ibeJsyqDVfUd8O5wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MGI0ZTY1MzBmNThkYjMzOGU0MWQ0MzRlNWMyNDhlYjhi
NDllYjUwHhcNMjQwMTAxMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWE2ZWMxNGVmZDdiYTlmNGNmNmEwNzVkNzJjMWFjYzU4M2VmZDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPtJC4Li1KsbJL95hW/FepymuwSN
fA5JU7tZNtmxIeQ8OKqAuaewgMSbFdwIt4m55bS6SApKRJKKsHBaDsKdeXqONm4X
H0LbpM5MFKmPyZy936yhCdBXIo90FvhrJoPZb8RWnkoLZ7Z5CNFHvbd0xFXuCiAM
zqcvO80Ay4R9G3gxn5eC+C+NY5pKxDCHP4E+yFc+ZxCHS08Xcua/4FwHmusksUb4
lLizRsi8c+r9QRyxl3Dids0sFtgx4VtPZnrGTnXmvb09O+QoVHNyZjwyL2TqvI8n
h7miAJB5stfrwL0cSqtkpsQRdPzJe9gdiIAYW1pkHZGqL8VIhrGASSU4aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGm7BTv17qfTPagddcsGsxYPv0AMB8GA1UdIwQY
MBaAFEgLTmUw9Y2zOOQdQ05cJI64tJ61MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0F0T1pURDFqYk00NUIxRFRsd2tqcmkwbnJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8yYTcyZWUtZWMxZi00MGM2LWFkOWQt
NWE0ZGY4OTZmYzNlLzEvWWFic0ZPX1h1cDlNOXFCMTF5d2F6RmctX1FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8yYTcyZWUtZWMxZi00MGM2LWFkOWQtNWE0ZGY4OTZmYzNl
LzEvU0F0T1pURDFqYk00NUIxRFRsd2tqcmkwbnJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9OxMA0G
CSqGSIb3DQEBCwUAA4IBAQB6cajRuX3PJqWXwUKM863ZvPkWeCX7DJFpeMgJ8X/H
uEuWY9YVAN6UxhD8aD6lXboL8/YoC2YVapRHZpr3fdTetPjNc3UqcEWhn/O3WMny
hMRauR+iF4MbEORLk35S1nR91Sx4Gjei33kM6G/b0u11y1I3seAuCQrfdhZypU8y
t2k0S9sK+8ryz0bbKn5KBdKV8OERr3Ijr+uT6s67/Q3d8M4lI52ewDkZRspXnOW+
7W2wBpUBrIB4zXTsmoQEfWcFkozY55cqxQpryD7PGInF8oETb7VtbXiWsW7s6etg
xenLrbgqriEtFpvKnzkrMH8f+xGQRks3ZsUbAt3InbPD
-----END CERTIFICATE-----