Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/YXc_rzACXJKMk6D3bHKje-hsJoM.roa
File:                     YXc_rzACXJKMk6D3bHKje-hsJoM.roa (raw, json)
Hash identifier:          ul6ZTHBWWfbex1sEmUXF2Zh1QG9KDb3ZlA83UVF6Q88=
Subject key identifier:   61:77:3F:AF:30:02:5C:92:8C:93:A0:F7:6C:72:A3:7B:E8:6C:26:83
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       018CC56E8DCDFBE323D69362F560513E5FD5
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/YXc_rzACXJKMk6D3bHKje-hsJoM.roa
Signing time:             Mon 01 Jan 2024 14:30:05 +0000
ROA not before:           Mon 01 Jan 2024 14:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60799
IP address blocks:        82.98.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:8d:cd:fb:e3:23:d6:93:62:f5:60:51:3e:5f:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  1 14:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61773faf30025c928c93a0f76c72a37be86c2683
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c3:36:be:22:3d:3d:0d:d9:d5:33:b2:1e:6a:
                    d3:f6:15:2a:79:ab:05:90:44:5e:dd:97:39:f7:56:
                    a5:94:cb:7e:3e:77:87:36:d8:1d:69:51:16:31:ec:
                    76:c4:c7:ec:c5:42:13:bc:79:6b:e9:4a:5c:07:15:
                    04:b2:60:4c:07:40:1e:da:f0:c0:f7:a3:65:a2:0f:
                    ea:cc:ec:c9:ce:62:ca:0e:ff:62:79:20:4d:a5:e3:
                    71:25:eb:fe:23:e4:b6:0f:b8:b4:d9:ae:3e:3d:c6:
                    40:25:d6:c4:4f:03:3b:ca:8f:86:4d:53:e9:19:2b:
                    82:0c:46:f1:c6:6e:f6:17:16:ab:e9:60:84:95:07:
                    f6:0d:29:a5:08:e9:d0:11:c0:f3:07:ce:e7:92:82:
                    94:ba:a4:af:c6:c2:1b:c6:26:9c:64:56:6f:71:cc:
                    60:3f:c0:cd:3c:c8:bb:ea:2b:df:e8:0c:24:f5:dc:
                    68:e6:55:e3:b8:fc:21:34:13:0f:52:09:ba:b0:4d:
                    94:d3:d2:f0:b0:c7:88:59:3e:b3:44:e4:34:8c:a7:
                    a5:10:b9:63:0a:fe:77:11:49:ac:c8:fc:34:bf:72:
                    f0:b2:f5:b6:a1:bb:52:ab:43:30:6e:7b:92:48:ce:
                    3d:ad:e5:d8:db:a0:69:49:fa:c7:e7:46:d0:3f:d4:
                    b6:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:77:3F:AF:30:02:5C:92:8C:93:A0:F7:6C:72:A3:7B:E8:6C:26:83
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/YXc_rzACXJKMk6D3bHKje-hsJoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.98.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:84:e3:ed:1a:fa:1a:a3:ed:3a:30:9d:cd:71:0e:b0:84:10:
         99:d6:ef:8b:83:42:5c:ef:e5:d7:20:59:78:f0:f4:ef:2a:32:
         da:b5:db:55:69:23:09:d2:cb:f2:37:b0:58:fc:e2:9b:e1:70:
         73:87:7a:d8:60:18:38:e8:31:e9:00:b3:15:59:95:ca:fa:3f:
         8a:5f:15:c9:48:2d:9b:cf:2b:01:71:f4:a6:d0:d4:df:d9:56:
         da:03:49:b2:4b:30:ef:96:d0:d5:62:a6:24:48:33:46:a1:a8:
         57:b1:ad:f2:cf:1a:45:bb:3a:49:bd:a7:14:eb:fa:4c:9b:bc:
         43:5a:62:9c:bb:d2:73:01:6d:92:eb:20:67:6f:33:de:3d:5d:
         25:fa:a6:2d:be:90:f6:0c:d6:e4:2d:cb:10:cc:6b:f2:d5:5d:
         cd:e1:e6:de:6e:6c:d6:3c:88:6a:b1:36:d0:0b:e9:77:97:25:
         a0:e3:b7:3e:7f:98:06:1f:a3:54:5c:85:db:b6:50:c8:cf:d4:
         aa:ca:c6:ed:fd:bc:b0:65:57:cf:f9:52:d1:02:62:f6:59:22:
         df:f5:6a:2a:34:3a:8e:e8:b2:93:57:66:53:0f:a4:d4:10:6e:
         90:49:84:89:bc:27:76:99:76:48:be:1d:ca:3e:fe:89:b3:d0:
         ba:18:fb:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbo3N++Mj1pNi9WBRPl/VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjQwMTAxMTQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTc3M2ZhZjMwMDI1YzkyOGM5M2EwZjc2YzcyYTM3YmU4NmMyNjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8M2viI9PQ3Z1TOyHmrT9hUqeasF
kERe3Zc591allMt+PneHNtgdaVEWMex2xMfsxUITvHlr6UpcBxUEsmBMB0Ae2vDA
96Nlog/qzOzJzmLKDv9ieSBNpeNxJev+I+S2D7i02a4+PcZAJdbETwM7yo+GTVPp
GSuCDEbxxm72Fxar6WCElQf2DSmlCOnQEcDzB87nkoKUuqSvxsIbxiacZFZvccxg
P8DNPMi76ivf6Awk9dxo5lXjuPwhNBMPUgm6sE2U09LwsMeIWT6zROQ0jKelELlj
Cv53EUmsyPw0v3LwsvW2obtSq0MwbnuSSM49reXY26BpSfrH50bQP9S2EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGF3P68wAlySjJOg92xyo3vobCaDMB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvWVhjX3J6QUNYSktNazZEM2JIS2plLWhzSm9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUmLnMA0G
CSqGSIb3DQEBCwUAA4IBAQBrhOPtGvoao+06MJ3NcQ6whBCZ1u+Lg0Jc7+XXIFl4
8PTvKjLatdtVaSMJ0svyN7BY/OKb4XBzh3rYYBg46DHpALMVWZXK+j+KXxXJSC2b
zysBcfSm0NTf2VbaA0mySzDvltDVYqYkSDNGoahXsa3yzxpFuzpJvacU6/pMm7xD
WmKcu9JzAW2S6yBnbzPePV0l+qYtvpD2DNbkLcsQzGvy1V3N4ebebmzWPIhqsTbQ
C+l3lyWg47c+f5gGH6NUXIXbtlDIz9Sqysbt/bywZVfP+VLRAmL2WSLf9WoqNDqO
6LKTV2ZTD6TUEG6QSYSJvCd2mXZIvh3KPv6Js9C6GPvZ
-----END CERTIFICATE-----