Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/YY5wu9KHdpX0HUjgVdpIqlWwY68.roa
File:                     YY5wu9KHdpX0HUjgVdpIqlWwY68.roa (raw, json)
Hash identifier:          NKs717XSi8XpXd4zGV9uzoLo2KbUT/lKjsTalwwhHpI=
Subject key identifier:   61:8E:70:BB:D2:87:76:95:F4:1D:48:E0:55:DA:48:AA:55:B0:63:AF
Certificate issuer:       /CN=50980fb6ade858f2652e736993126c85759f06d9
Certificate serial:       018CC7272684FFAD61C90CAEBD396D590EDB
Authority key identifier: 50:98:0F:B6:AD:E8:58:F2:65:2E:73:69:93:12:6C:85:75:9F:06:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/YY5wu9KHdpX0HUjgVdpIqlWwY68.roa
Signing time:             Mon 01 Jan 2024 22:31:20 +0000
ROA not before:           Mon 01 Jan 2024 22:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47913
IP address blocks:        5.252.28.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:26:84:ff:ad:61:c9:0c:ae:bd:39:6d:59:0e:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50980fb6ade858f2652e736993126c85759f06d9
        Validity
            Not Before: Jan  1 22:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=618e70bbd2877695f41d48e055da48aa55b063af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b3:24:91:8d:34:63:ba:37:89:98:a7:fc:48:
                    af:5c:76:5a:50:7c:7e:a1:92:b3:84:02:65:bf:a4:
                    dc:54:2b:fa:45:75:b9:0c:f0:1f:b2:3e:63:0a:ef:
                    23:9b:a9:b6:aa:fa:9e:bb:3d:35:1d:ed:35:24:be:
                    95:42:a3:23:5a:34:65:7e:6e:11:02:30:84:54:9f:
                    1d:0a:bb:54:f9:5d:68:c0:60:d9:d0:e4:77:e5:e7:
                    8d:43:8e:47:6c:a3:69:d3:4b:cf:3c:4b:6c:f1:aa:
                    24:e5:28:17:46:2c:85:44:b2:82:f9:37:ef:88:30:
                    df:3c:4f:68:d0:ce:dd:b5:ff:22:55:17:f4:ae:ab:
                    0e:e9:db:68:fe:76:d3:5c:e8:88:28:03:44:be:70:
                    05:65:72:03:aa:07:b5:f7:16:e6:2b:51:fe:2a:51:
                    45:fc:79:17:33:25:28:94:1a:73:9c:34:00:c1:35:
                    70:7b:fe:6b:0c:6a:02:a8:92:22:fc:c8:d2:0c:0a:
                    ed:2c:60:00:bc:dd:e8:9e:52:0d:3b:8c:81:b9:51:
                    51:4a:5e:a7:1e:ba:8f:e5:23:f5:6d:1f:d4:1e:ce:
                    ed:a1:89:ee:24:7a:2c:c5:06:48:84:e1:f6:1c:33:
                    f0:8b:0e:3a:c0:56:ab:65:f6:19:ad:33:60:9f:31:
                    c6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:8E:70:BB:D2:87:76:95:F4:1D:48:E0:55:DA:48:AA:55:B0:63:AF
            X509v3 Authority Key Identifier:
                keyid:50:98:0F:B6:AD:E8:58:F2:65:2E:73:69:93:12:6C:85:75:9F:06:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/YY5wu9KHdpX0HUjgVdpIqlWwY68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:6c:b1:9d:d0:08:21:5a:d4:28:ef:ba:ce:c0:f8:f9:56:86:
         45:a4:ce:b9:c7:27:1b:b7:fa:d5:1f:78:4b:75:40:f7:52:a3:
         6a:5b:15:eb:55:fd:61:15:61:fe:1c:dc:c9:21:a5:93:f0:94:
         ce:8b:4b:2c:c9:37:76:de:f3:ea:29:5a:ed:cb:d3:22:5b:f3:
         f7:20:3c:c0:58:b8:bf:5f:1c:10:8b:55:4a:3a:a1:2a:31:57:
         2d:47:f1:48:b0:88:42:9c:72:ae:b5:49:b0:ef:bd:a8:c5:51:
         e4:ad:bb:fd:fb:6f:f5:30:04:8a:f1:82:fe:53:01:fe:0a:da:
         8c:08:47:bd:55:33:72:69:e1:37:72:f3:33:fd:c3:3c:ab:63:
         e5:a2:81:0e:95:77:8e:7e:c8:83:cd:55:94:42:28:37:59:81:
         5a:6a:82:25:89:07:c5:9e:73:ac:61:a1:c0:9e:7c:b2:47:1b:
         70:a2:80:b6:1d:a4:32:eb:01:84:5d:df:95:67:eb:0d:61:5a:
         ab:2c:f2:61:ec:47:3a:45:05:23:89:9f:da:27:28:78:82:30:
         15:4e:0c:9b:e0:8f:26:c2:1f:71:6f:2d:30:01:9d:58:61:2c:
         9d:7c:26:c9:e8:e9:e6:56:5e:f8:84:3c:b4:e2:66:68:91:e4:
         db:cd:75:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJyaE/61hyQyuvTltWQ7bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOTgwZmI2YWRlODU4ZjI2NTJlNzM2OTkzMTI2Yzg1NzU5
ZjA2ZDkwHhcNMjQwMTAxMjIzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MThlNzBiYmQyODc3Njk1ZjQxZDQ4ZTA1NWRhNDhhYTU1YjA2M2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLMkkY00Y7o3iZin/EivXHZaUHx+
oZKzhAJlv6TcVCv6RXW5DPAfsj5jCu8jm6m2qvqeuz01He01JL6VQqMjWjRlfm4R
AjCEVJ8dCrtU+V1owGDZ0OR35eeNQ45HbKNp00vPPEts8aok5SgXRiyFRLKC+Tfv
iDDfPE9o0M7dtf8iVRf0rqsO6dto/nbTXOiIKANEvnAFZXIDqge19xbmK1H+KlFF
/HkXMyUolBpznDQAwTVwe/5rDGoCqJIi/MjSDArtLGAAvN3onlINO4yBuVFRSl6n
HrqP5SP1bR/UHs7toYnuJHosxQZIhOH2HDPwiw46wFarZfYZrTNgnzHGNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGOcLvSh3aV9B1I4FXaSKpVsGOvMB8GA1UdIwQY
MBaAFFCYD7at6FjyZS5zaZMSbIV1nwbZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUpnUHRxM29XUEpsTG5OcGt4SnNoWFdmQnRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8zYzdhZjYtZjQ2Ni00ZDg3LWI5ZjEt
Y2NhNzlhNjk4MjBhLzEvWVk1d3U5S0hkcFgwSFVqZ1ZkcElxbFd3WTY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8zYzdhZjYtZjQ2Ni00ZDg3LWI5ZjEtY2NhNzlhNjk4MjBh
LzEvVUpnUHRxM29XUEpsTG5OcGt4SnNoWFdmQnRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBfwcMA0G
CSqGSIb3DQEBCwUAA4IBAQARbLGd0AghWtQo77rOwPj5VoZFpM65xycbt/rVH3hL
dUD3UqNqWxXrVf1hFWH+HNzJIaWT8JTOi0ssyTd23vPqKVrty9MiW/P3IDzAWLi/
XxwQi1VKOqEqMVctR/FIsIhCnHKutUmw772oxVHkrbv9+2/1MASK8YL+UwH+CtqM
CEe9VTNyaeE3cvMz/cM8q2PlooEOlXeOfsiDzVWUQig3WYFaaoIliQfFnnOsYaHA
nnyyRxtwooC2HaQy6wGEXd+VZ+sNYVqrLPJh7Ec6RQUjiZ/aJyh4gjAVTgyb4I8m
wh9xby0wAZ1YYSydfCbJ6OnmVl74hDy04mZokeTbzXWL
-----END CERTIFICATE-----