Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/yAgG0_a3X_AZY3yNh2aK0myVp60.roa
File:                     yAgG0_a3X_AZY3yNh2aK0myVp60.roa (raw, json)
Hash identifier:          YmuuzAmnDnT+UrrWt0k5/UPenz9iELOoaQA3l4xA/3M=
Subject key identifier:   C8:08:06:D3:F6:B7:5F:F0:19:63:7C:8D:87:66:8A:D2:6C:95:A7:AD
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       019223FEB87028D1FB6F9D77A6B9689530BC
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/yAgG0_a3X_AZY3yNh2aK0myVp60.roa
Signing time:             Tue 24 Sep 2024 12:25:48 +0000
ROA not before:           Tue 24 Sep 2024 12:25:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211529
IP address blocks:        194.5.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:23:fe:b8:70:28:d1:fb:6f:9d:77:a6:b9:68:95:30:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Sep 24 12:25:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c80806d3f6b75ff019637c8d87668ad26c95a7ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a9:3e:10:2e:d6:e9:9f:7e:ff:f3:78:5e:d7:
                    48:fd:be:23:57:9a:e9:bd:b3:c6:ed:03:87:78:ae:
                    90:21:f3:99:39:82:b4:20:32:bb:d9:9a:4d:b1:15:
                    47:a3:ca:20:ca:4a:95:36:e5:3f:58:2d:78:69:21:
                    46:57:4b:92:74:f2:36:e8:12:8e:ba:c6:26:3e:2d:
                    fa:46:ef:f2:85:6c:62:60:a0:c2:d5:ad:e7:7b:c9:
                    b3:ef:f4:fe:c8:ff:65:dc:6d:1e:2f:60:16:00:8d:
                    f3:7b:8b:83:f1:de:aa:1f:e1:e2:f7:56:5a:e9:ed:
                    ee:a4:62:9f:8d:ea:7d:bf:03:30:02:05:76:66:b8:
                    b0:1a:fa:83:d1:3c:92:d4:1b:27:1c:b0:b0:b2:c7:
                    78:77:6d:35:e6:bc:65:fe:11:70:8a:5f:72:da:b7:
                    d0:1d:2e:37:38:7a:c0:f7:e2:be:1d:21:60:a4:5e:
                    ba:10:5c:01:8e:91:17:22:5f:c3:4d:55:4b:46:71:
                    88:e2:00:5f:cd:8a:d8:af:74:19:de:0c:03:d1:8e:
                    21:54:ea:f1:ba:c0:40:b8:3f:29:6e:d7:be:f6:f4:
                    6c:55:d1:16:30:da:ec:32:d2:37:b7:25:79:44:8f:
                    92:4c:09:4b:d8:f1:f4:1e:0f:29:93:f6:cc:49:f0:
                    9b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:08:06:D3:F6:B7:5F:F0:19:63:7C:8D:87:66:8A:D2:6C:95:A7:AD
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/yAgG0_a3X_AZY3yNh2aK0myVp60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:47:3e:59:fe:3c:d0:36:ab:04:1a:38:53:c3:4d:b5:f3:e9:
         05:c2:a2:4f:42:99:30:b5:31:b2:8d:41:c6:b0:fa:44:c3:94:
         49:3d:9c:fc:b3:d1:09:cb:47:a9:6e:85:c9:53:fb:19:3e:b9:
         d3:7e:94:70:a8:c8:23:9d:00:07:7a:1b:01:2d:15:51:4c:3c:
         c4:d2:db:b1:a2:b4:a2:2b:f7:7a:80:a5:3d:3d:fc:72:66:12:
         ce:04:fa:43:74:c7:6e:aa:fe:60:ca:63:47:91:92:af:cc:e1:
         19:90:43:c9:f5:3d:ec:54:3f:2c:9e:92:49:24:8e:8c:b8:60:
         2d:93:c2:e3:08:2f:d2:6c:54:26:ad:2d:2a:94:e9:be:96:c1:
         34:3b:b2:5a:d5:4d:d7:f9:21:81:44:c0:0f:5c:10:51:23:2a:
         1b:49:3d:69:7f:5b:7f:a7:46:5a:55:e9:64:f6:3c:32:19:08:
         20:db:f9:6d:06:1a:dd:45:5f:b8:c4:0b:e4:a8:87:ee:bd:4a:
         29:d9:5d:09:c8:5d:65:aa:a0:7b:51:b4:cf:35:44:dc:b8:c9:
         c3:c8:a0:c9:07:87:ca:ab:dc:57:1c:02:15:10:ad:d1:42:5b:
         e9:7a:21:6a:31:ff:57:a0:b5:70:8d:43:92:b8:ab:69:c8:d6:
         94:7d:f2:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIj/rhwKNH7b513prlolTC8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjQwOTI0MTIyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODA4MDZkM2Y2Yjc1ZmYwMTk2MzdjOGQ4NzY2OGFkMjZjOTVhN2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6k+EC7W6Z9+//N4XtdI/b4jV5rp
vbPG7QOHeK6QIfOZOYK0IDK72ZpNsRVHo8ogykqVNuU/WC14aSFGV0uSdPI26BKO
usYmPi36Ru/yhWxiYKDC1a3ne8mz7/T+yP9l3G0eL2AWAI3ze4uD8d6qH+Hi91Za
6e3upGKfjep9vwMwAgV2ZriwGvqD0TyS1BsnHLCwssd4d2015rxl/hFwil9y2rfQ
HS43OHrA9+K+HSFgpF66EFwBjpEXIl/DTVVLRnGI4gBfzYrYr3QZ3gwD0Y4hVOrx
usBAuD8pbte+9vRsVdEWMNrsMtI3tyV5RI+STAlL2PH0Hg8pk/bMSfCb/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgIBtP2t1/wGWN8jYdmitJslaetMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEveUFnRzBfYTNYX0FaWTN5TmgyYUswbXlWcDYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgVfMA0G
CSqGSIb3DQEBCwUAA4IBAQAlRz5Z/jzQNqsEGjhTw0218+kFwqJPQpkwtTGyjUHG
sPpEw5RJPZz8s9EJy0epboXJU/sZPrnTfpRwqMgjnQAHehsBLRVRTDzE0tuxorSi
K/d6gKU9PfxyZhLOBPpDdMduqv5gymNHkZKvzOEZkEPJ9T3sVD8snpJJJI6MuGAt
k8LjCC/SbFQmrS0qlOm+lsE0O7Ja1U3X+SGBRMAPXBBRIyobST1pf1t/p0ZaVelk
9jwyGQgg2/ltBhrdRV+4xAvkqIfuvUop2V0JyF1lqqB7UbTPNUTcuMnDyKDJB4fK
q9xXHAIVEK3RQlvpeiFqMf9XoLVwjUOSuKtpyNaUffKR
-----END CERTIFICATE-----