Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/yvk2SvL7P28o0pPT-rWJrD5b2ic.roa
File:                     yvk2SvL7P28o0pPT-rWJrD5b2ic.roa (raw, json)
Hash identifier:          PKdVlx/Z827Nilbb25fPI8MqLTe6eoNMMsiO4ERVZOw=
Subject key identifier:   CA:F9:36:4A:F2:FB:3F:6F:28:D2:93:D3:FA:B5:89:AC:3E:5B:DA:27
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       018DC2DE904928BA80A0C75775AEA63ED403
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/yvk2SvL7P28o0pPT-rWJrD5b2ic.roa
Signing time:             Mon 19 Feb 2024 19:36:22 +0000
ROA not before:           Mon 19 Feb 2024 19:36:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        77.246.212.0/22 maxlen: 22
                          88.80.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 11:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c2:de:90:49:28:ba:80:a0:c7:57:75:ae:a6:3e:d4:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Feb 19 19:36:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=caf9364af2fb3f6f28d293d3fab589ac3e5bda27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6f:ac:cf:e4:75:96:51:81:d6:32:15:b3:53:
                    c5:78:c1:ab:48:38:87:e8:b1:f9:c3:38:58:e5:4b:
                    fa:65:af:db:b8:e0:40:bc:c2:0e:f6:ad:72:9b:5c:
                    a3:fa:8e:df:78:14:78:19:0e:03:9d:65:bf:d2:d5:
                    87:b5:a0:d5:4e:66:e7:37:ab:ab:3f:0f:29:5d:5b:
                    3c:31:dd:7e:72:9d:f9:46:87:83:de:d4:5c:fc:05:
                    fd:68:24:2a:de:ea:a0:1b:f2:dc:a6:8b:29:c4:49:
                    66:75:8d:c7:d6:aa:25:f5:d4:36:58:63:9f:e5:75:
                    91:76:7e:da:0b:3b:fb:a6:8c:86:b2:6c:f9:52:77:
                    f0:33:c9:96:81:89:5d:fa:26:cc:90:6a:b4:24:a0:
                    a9:2e:08:bb:dc:4d:40:b7:7b:88:0f:9f:44:a5:84:
                    ab:de:52:6b:73:8d:64:3b:af:06:a3:ff:1b:41:09:
                    ad:87:49:37:b5:bf:28:45:dc:6b:ca:a7:25:43:49:
                    41:11:ee:3a:80:48:45:c0:dd:5f:9b:11:c1:5d:48:
                    5c:a2:22:81:02:ae:25:b8:f1:90:15:fa:fd:aa:f0:
                    42:bc:c2:2f:ac:9f:97:0b:8c:0d:b3:6b:9d:53:86:
                    ba:47:9a:f4:11:72:9d:f2:f7:98:a1:d6:bc:01:f5:
                    da:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:F9:36:4A:F2:FB:3F:6F:28:D2:93:D3:FA:B5:89:AC:3E:5B:DA:27
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/yvk2SvL7P28o0pPT-rWJrD5b2ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.212.0/22
                  88.80.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:ba:3c:c8:c7:90:fa:47:27:e9:cd:9e:06:ad:6c:56:7a:37:
         f0:89:b7:14:9d:8d:03:75:67:14:90:83:e1:7c:e6:85:71:bb:
         c6:59:60:79:a8:a3:bd:11:57:5f:f0:be:e7:ba:2e:3a:92:8d:
         77:9c:86:1b:9a:22:71:b9:41:33:0e:17:a8:ca:2b:0c:ea:0a:
         d0:0a:a9:ea:ab:2a:c0:7f:01:52:11:e7:be:bd:2a:cd:c0:c2:
         65:0a:b1:ef:34:5d:70:30:09:ca:f3:73:75:d0:cb:24:e2:67:
         77:42:1f:64:07:9c:e8:d6:be:a4:7f:e2:fa:19:58:dc:f6:9c:
         fc:12:cf:eb:ba:ea:d8:61:f3:7e:95:0b:28:5a:ab:0d:79:16:
         53:da:bb:e4:ad:70:ff:53:cd:9b:04:69:ab:c8:99:6a:2e:06:
         32:9a:a3:64:1b:4b:04:36:5c:f8:0e:c6:49:90:2f:d9:e0:00:
         83:02:6e:5d:fd:f6:2b:50:9a:8c:a3:e9:dc:02:51:14:31:ca:
         e3:12:b1:ec:f3:47:b3:a9:1e:6e:ef:e8:82:30:1f:3f:b6:90:
         63:eb:f3:45:f1:64:90:e6:19:72:c1:f5:22:e2:2e:b5:77:8f:
         8a:03:5f:66:4f:87:7f:bc:a0:d3:47:f5:47:60:d6:f4:d6:1f:
         bd:eb:de:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3C3pBJKLqAoMdXda6mPtQDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjQwMjE5MTkzNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWY5MzY0YWYyZmIzZjZmMjhkMjkzZDNmYWI1ODlhYzNlNWJkYTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvW+sz+R1llGB1jIVs1PFeMGrSDiH
6LH5wzhY5Uv6Za/buOBAvMIO9q1ym1yj+o7feBR4GQ4DnWW/0tWHtaDVTmbnN6ur
Pw8pXVs8Md1+cp35RoeD3tRc/AX9aCQq3uqgG/LcpospxElmdY3H1qol9dQ2WGOf
5XWRdn7aCzv7poyGsmz5UnfwM8mWgYld+ibMkGq0JKCpLgi73E1At3uID59EpYSr
3lJrc41kO68Go/8bQQmth0k3tb8oRdxryqclQ0lBEe46gEhFwN1fmxHBXUhcoiKB
Aq4luPGQFfr9qvBCvMIvrJ+XC4wNs2udU4a6R5r0EXKd8veYoda8AfXaWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMr5Nkry+z9vKNKT0/q1iaw+W9onMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEveXZrMlN2TDdQMjhvMHBQVC1yV0pyRDViMmljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCTfbUAwQA
WFCMMA0GCSqGSIb3DQEBCwUAA4IBAQB0ujzIx5D6RyfpzZ4GrWxWejfwibcUnY0D
dWcUkIPhfOaFcbvGWWB5qKO9EVdf8L7nui46ko13nIYbmiJxuUEzDheoyisM6grQ
CqnqqyrAfwFSEee+vSrNwMJlCrHvNF1wMAnK83N10Msk4md3Qh9kB5zo1r6kf+L6
GVjc9pz8Es/ruurYYfN+lQsoWqsNeRZT2rvkrXD/U82bBGmryJlqLgYymqNkG0sE
Nlz4DsZJkC/Z4ACDAm5d/fYrUJqMo+ncAlEUMcrjErHs80ezqR5u7+iCMB8/tpBj
6/NF8WSQ5hlywfUi4i61d4+KA19mT4d/vKDTR/VHYNb01h+9697v
-----END CERTIFICATE-----