Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/6871a0-afb2-45ab-adde-62be1f02ab0c/1/yZF67enWwDvbj1zZccQSBqtdZXM.roa
File:                     yZF67enWwDvbj1zZccQSBqtdZXM.roa (raw, json)
Hash identifier:          Um93McWIpj+jvYBcenulJJzqnVJqQUWtv9vVh70oyOE=
Subject key identifier:   C9:91:7A:ED:E9:D6:C0:3B:DB:8F:5C:D9:71:C4:12:06:AB:5D:65:73
Certificate issuer:       /CN=ff3ef7bb6a46baf4db1baeb7df24a40c1d4c154f
Certificate serial:       0193210584C7B6A1F47FB101DC848D8A2F96
Authority key identifier: FF:3E:F7:BB:6A:46:BA:F4:DB:1B:AE:B7:DF:24:A4:0C:1D:4C:15:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_z73u2pGuvTbG6633ySkDB1MFU8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/6871a0-afb2-45ab-adde-62be1f02ab0c/1/yZF67enWwDvbj1zZccQSBqtdZXM.roa
Signing time:             Tue 12 Nov 2024 15:37:09 +0000
ROA not before:           Tue 12 Nov 2024 15:37:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2631
IP address blocks:        185.150.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/6871a0-afb2-45ab-adde-62be1f02ab0c/1/_z73u2pGuvTbG6633ySkDB1MFU8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/6871a0-afb2-45ab-adde-62be1f02ab0c/1/_z73u2pGuvTbG6633ySkDB1MFU8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_z73u2pGuvTbG6633ySkDB1MFU8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:21:05:84:c7:b6:a1:f4:7f:b1:01:dc:84:8d:8a:2f:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff3ef7bb6a46baf4db1baeb7df24a40c1d4c154f
        Validity
            Not Before: Nov 12 15:37:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9917aede9d6c03bdb8f5cd971c41206ab5d6573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:2c:17:c6:3c:a0:d4:c3:f3:15:99:25:c4:8d:
                    61:6f:77:b4:f9:6a:86:95:42:5f:f4:75:46:5b:46:
                    fa:51:5b:8a:7f:aa:41:61:f2:e1:96:99:40:db:8e:
                    b5:69:f8:68:d9:77:72:56:13:a0:dc:39:89:84:be:
                    d9:3c:ee:d7:d3:fc:8a:41:4c:c8:44:07:a7:66:29:
                    d5:6a:44:fe:fa:a1:e8:58:90:87:94:50:53:4e:91:
                    7a:41:2e:95:92:13:08:52:77:1e:57:dc:69:e0:c8:
                    56:e7:3b:2b:e6:4f:2b:52:7d:60:65:b8:da:54:3d:
                    cc:00:1c:78:5b:9b:5b:35:63:0d:91:ec:15:d0:a3:
                    48:ad:fd:b9:76:af:de:a8:0d:68:5a:2b:48:bf:63:
                    9c:f7:08:99:95:46:5a:ae:f5:5a:7c:2d:2e:c0:ee:
                    64:60:d2:50:92:2b:7a:98:29:ea:41:ff:77:06:24:
                    92:94:ed:6d:9a:79:e0:0b:3d:6a:91:de:62:5a:aa:
                    31:8d:75:c7:c4:6b:22:7a:11:ad:3d:9e:61:18:8b:
                    39:c2:1e:7f:44:13:fb:60:48:8d:87:33:cd:09:97:
                    67:77:ef:20:f1:4d:e4:af:ec:ee:b0:e1:95:b1:c0:
                    67:2b:26:60:e9:10:84:6b:7e:5e:29:32:84:41:95:
                    f2:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:91:7A:ED:E9:D6:C0:3B:DB:8F:5C:D9:71:C4:12:06:AB:5D:65:73
            X509v3 Authority Key Identifier:
                keyid:FF:3E:F7:BB:6A:46:BA:F4:DB:1B:AE:B7:DF:24:A4:0C:1D:4C:15:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_z73u2pGuvTbG6633ySkDB1MFU8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6871a0-afb2-45ab-adde-62be1f02ab0c/1/yZF67enWwDvbj1zZccQSBqtdZXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6871a0-afb2-45ab-adde-62be1f02ab0c/1/_z73u2pGuvTbG6633ySkDB1MFU8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:eb:13:0b:f3:d2:4b:ba:b5:57:4e:75:f3:8f:f4:ed:15:00:
         70:65:0e:9e:ed:7f:b5:b7:a3:a6:52:0b:de:60:ba:e6:66:03:
         ca:ed:d9:c7:39:70:f3:35:f2:1b:7b:fa:aa:49:7b:22:47:9c:
         b9:b6:37:ed:dd:df:a6:02:89:d4:6a:e0:94:0c:19:13:08:e9:
         9e:bf:9d:8a:b3:bc:82:25:6f:ea:77:9c:ea:b2:6a:0c:f8:c9:
         91:a1:94:54:07:33:25:ae:c6:a0:68:2a:77:14:82:91:a3:ec:
         a0:ae:4a:6b:af:6c:a9:30:af:9e:ec:86:03:24:27:6f:6b:41:
         be:96:d0:d5:dc:fe:e0:04:4a:f8:85:5a:07:3e:98:cb:5d:87:
         9f:dc:af:77:64:ed:ae:bd:5a:f5:36:7c:1c:a0:a1:b7:12:10:
         07:72:8e:6a:9b:bc:f2:08:90:a2:fb:6b:a2:76:64:c5:1a:51:
         a1:a8:c9:30:e8:a0:dd:e4:25:d8:46:ad:aa:1a:99:26:6e:32:
         a0:7c:0a:3b:84:cc:7e:cd:e0:41:91:2d:99:53:98:f0:09:c3:
         57:95:b8:85:5e:8d:1a:f3:98:87:96:c1:a6:44:9d:f1:cc:28:
         da:48:2f:25:ce:ce:9e:1b:24:46:33:a2:60:ef:6b:88:6e:71:
         f8:7a:b4:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMhBYTHtqH0f7EB3ISNii+WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmM2VmN2JiNmE0NmJhZjRkYjFiYWViN2RmMjRhNDBjMWQ0
YzE1NGYwHhcNMjQxMTEyMTUzNzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTkxN2FlZGU5ZDZjMDNiZGI4ZjVjZDk3MWM0MTIwNmFiNWQ2NTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8SwXxjyg1MPzFZklxI1hb3e0+WqG
lUJf9HVGW0b6UVuKf6pBYfLhlplA2461afho2XdyVhOg3DmJhL7ZPO7X0/yKQUzI
RAenZinVakT++qHoWJCHlFBTTpF6QS6VkhMIUnceV9xp4MhW5zsr5k8rUn1gZbja
VD3MABx4W5tbNWMNkewV0KNIrf25dq/eqA1oWitIv2Oc9wiZlUZarvVafC0uwO5k
YNJQkit6mCnqQf93BiSSlO1tmnngCz1qkd5iWqoxjXXHxGsiehGtPZ5hGIs5wh5/
RBP7YEiNhzPNCZdnd+8g8U3kr+zusOGVscBnKyZg6RCEa35eKTKEQZXynQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMmReu3p1sA7249c2XHEEgarXWVzMB8GA1UdIwQY
MBaAFP8+97tqRrr02xuut98kpAwdTBVPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3o3M3UycEd1dlRiRzY2MzN5U2tEQjFNRlU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi82ODcxYTAtYWZiMi00NWFiLWFkZGUt
NjJiZTFmMDJhYjBjLzEveVpGNjdlbld3RHZiajF6WmNjUVNCcXRkWlhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi82ODcxYTAtYWZiMi00NWFiLWFkZGUtNjJiZTFmMDJhYjBj
LzEvX3o3M3UycEd1dlRiRzY2MzN5U2tEQjFNRlU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZYUMA0G
CSqGSIb3DQEBCwUAA4IBAQAM6xML89JLurVXTnXzj/TtFQBwZQ6e7X+1t6OmUgve
YLrmZgPK7dnHOXDzNfIbe/qqSXsiR5y5tjft3d+mAonUauCUDBkTCOmev52Ks7yC
JW/qd5zqsmoM+MmRoZRUBzMlrsagaCp3FIKRo+ygrkprr2ypMK+e7IYDJCdva0G+
ltDV3P7gBEr4hVoHPpjLXYef3K93ZO2uvVr1NnwcoKG3EhAHco5qm7zyCJCi+2ui
dmTFGlGhqMkw6KDd5CXYRq2qGpkmbjKgfAo7hMx+zeBBkS2ZU5jwCcNXlbiFXo0a
85iHlsGmRJ3xzCjaSC8lzs6eGyRGM6Jg72uIbnH4erTt
-----END CERTIFICATE-----