Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/yy4AghrqSprO_lv2t13R_ztxYqI.roa
File:                     yy4AghrqSprO_lv2t13R_ztxYqI.roa (raw, json)
Hash identifier:          jCY89jOOVqrHCyvqmjmE4RrVVz1u5UMKNGiBAlyWpIQ=
Subject key identifier:   CB:2E:00:82:1A:EA:4A:9A:CE:FE:5B:F6:B7:5D:D1:FF:3B:71:62:A2
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       01907308DC64C49C712F4200F0BA1961C2DE
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/yy4AghrqSprO_lv2t13R_ztxYqI.roa
Signing time:             Tue 02 Jul 2024 10:41:18 +0000
ROA not before:           Tue 02 Jul 2024 10:41:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200017
IP address blocks:        88.80.134.0/24 maxlen: 24
                          185.58.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:73:08:dc:64:c4:9c:71:2f:42:00:f0:ba:19:61:c2:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Jul  2 10:41:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb2e00821aea4a9acefe5bf6b75dd1ff3b7162a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8a:2e:71:e0:be:27:37:61:97:89:53:e3:a5:
                    0a:ff:55:0f:14:3f:fe:a2:90:0f:ff:fc:0d:04:a2:
                    60:8f:e8:7a:f6:56:45:e3:8f:10:5e:15:d5:9d:f7:
                    2e:ef:30:25:eb:4f:a8:cb:da:70:bf:14:59:07:48:
                    18:08:27:dd:19:99:a4:c2:9a:40:0d:3a:c8:85:8a:
                    0b:ed:1a:3a:a9:7c:a0:ed:70:05:9a:5d:7b:7b:0e:
                    34:dd:80:59:fe:23:ec:f3:a1:03:55:46:a2:1d:0d:
                    1b:56:52:2c:eb:3a:97:90:13:ee:33:a1:06:23:6e:
                    2a:ea:af:26:af:17:88:14:4c:69:10:2f:48:15:14:
                    a6:b7:d3:59:79:de:76:cf:62:51:e5:6a:8b:1c:2c:
                    4b:35:6c:1c:a4:65:8c:0c:1d:5a:ae:9c:9c:62:79:
                    98:9c:54:50:60:fa:6e:29:dc:01:9d:82:82:40:10:
                    41:4d:69:44:12:d8:31:87:9a:56:81:86:39:23:51:
                    f2:90:22:46:5b:dc:2f:ee:24:44:c4:01:83:53:03:
                    47:57:c6:df:76:a0:0a:c0:fc:38:c3:57:74:56:dc:
                    c1:b9:38:3f:80:cb:9b:63:9b:ff:6b:47:f1:c2:0a:
                    b3:69:ca:85:be:bb:12:61:e5:97:0f:89:15:88:57:
                    5a:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:2E:00:82:1A:EA:4A:9A:CE:FE:5B:F6:B7:5D:D1:FF:3B:71:62:A2
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/yy4AghrqSprO_lv2t13R_ztxYqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.80.134.0/24
                  185.58.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:59:72:46:cf:fc:f2:02:6d:7e:b3:91:3c:2b:5b:bc:4d:61:
         8c:e4:ab:63:d4:b0:bc:df:37:50:34:91:cf:c9:54:d0:19:6a:
         9c:5d:77:46:71:de:61:e6:bd:e6:13:db:5f:db:61:1f:6c:49:
         e4:b5:69:43:8f:6d:7e:15:20:d2:64:93:f2:e1:15:76:fd:ec:
         3a:9b:f1:9b:33:6e:2d:a1:80:42:63:90:e3:3d:cb:9b:72:b1:
         c5:31:13:24:e2:df:59:7a:7a:47:f5:56:e4:f2:34:c7:d4:bf:
         e6:79:bf:81:d0:16:bb:4a:9e:d3:a3:af:28:93:df:86:e9:df:
         a2:b1:ee:d2:79:da:6b:3c:c9:bd:73:8e:63:93:53:56:34:6d:
         bd:ed:e5:86:c7:42:77:69:ad:14:52:c8:99:1b:1e:eb:69:f7:
         9c:84:96:df:a4:79:f6:ef:3c:d3:50:c6:19:32:a5:69:2f:04:
         c2:c5:04:ef:d8:2e:02:d0:e3:c7:83:81:ba:3d:a8:86:6e:c6:
         11:9e:8b:f5:ae:a9:fc:ed:4f:7c:25:6d:e6:6f:61:66:34:e8:
         26:d5:4b:66:29:47:61:48:63:ae:33:58:da:c6:7a:c8:5a:d4:
         73:59:fc:91:79:de:8c:22:39:f6:23:b4:ae:b8:61:d4:f2:84:
         c5:9b:5e:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBzCNxkxJxxL0IA8LoZYcLeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjQwNzAyMTA0MTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjJlMDA4MjFhZWE0YTlhY2VmZTViZjZiNzVkZDFmZjNiNzE2MmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYouceC+Jzdhl4lT46UK/1UPFD/+
opAP//wNBKJgj+h69lZF448QXhXVnfcu7zAl60+oy9pwvxRZB0gYCCfdGZmkwppA
DTrIhYoL7Ro6qXyg7XAFml17ew403YBZ/iPs86EDVUaiHQ0bVlIs6zqXkBPuM6EG
I24q6q8mrxeIFExpEC9IFRSmt9NZed52z2JR5WqLHCxLNWwcpGWMDB1arpycYnmY
nFRQYPpuKdwBnYKCQBBBTWlEEtgxh5pWgYY5I1HykCJGW9wv7iRExAGDUwNHV8bf
dqAKwPw4w1d0VtzBuTg/gMubY5v/a0fxwgqzacqFvrsSYeWXD4kViFdabQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMsuAIIa6kqazv5b9rdd0f87cWKiMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEveXk0QWdocnFTcHJPX2x2MnQxM1JfenR4WXFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWFCGAwQA
uToWMA0GCSqGSIb3DQEBCwUAA4IBAQAHWXJGz/zyAm1+s5E8K1u8TWGM5Ktj1LC8
3zdQNJHPyVTQGWqcXXdGcd5h5r3mE9tf22EfbEnktWlDj21+FSDSZJPy4RV2/ew6
m/GbM24toYBCY5DjPcubcrHFMRMk4t9ZenpH9Vbk8jTH1L/meb+B0Ba7Sp7To68o
k9+G6d+ise7SedprPMm9c45jk1NWNG297eWGx0J3aa0UUsiZGx7rafechJbfpHn2
7zzTUMYZMqVpLwTCxQTv2C4C0OPHg4G6PaiGbsYRnov1rqn87U98JW3mb2FmNOgm
1UtmKUdhSGOuM1jaxnrIWtRzWfyRed6MIjn2I7SuuGHU8oTFm17k
-----END CERTIFICATE-----