Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/64d7a9-cac3-4549-a7aa-61b7902ee204/1/yLepro5_bjFFSN8F4xGVDYasm2g.roa
File:                     yLepro5_bjFFSN8F4xGVDYasm2g.roa (raw, json)
Hash identifier:          0kUUnTqMEa71IJNujjhwbau/VIF+u1OLz5+2BFhxhQ0=
Subject key identifier:   C8:B7:A9:AE:8E:7F:6E:31:45:48:DF:05:E3:11:95:0D:86:AC:9B:68
Certificate issuer:       /CN=3c350ba82f3feb5aee28938fbf1b09c1e2fd19b4
Certificate serial:       018CC8011DF1E09BC525CB2226A9D55EA418
Authority key identifier: 3C:35:0B:A8:2F:3F:EB:5A:EE:28:93:8F:BF:1B:09:C1:E2:FD:19:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PDULqC8_61ruKJOPvxsJweL9GbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/64d7a9-cac3-4549-a7aa-61b7902ee204/1/yLepro5_bjFFSN8F4xGVDYasm2g.roa
Signing time:             Tue 02 Jan 2024 02:29:25 +0000
ROA not before:           Tue 02 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24990
IP address blocks:        217.69.16.0/20 maxlen: 20
                          185.3.24.0/22 maxlen: 22
                          2a03:6c80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/64d7a9-cac3-4549-a7aa-61b7902ee204/1/PDULqC8_61ruKJOPvxsJweL9GbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/64d7a9-cac3-4549-a7aa-61b7902ee204/1/PDULqC8_61ruKJOPvxsJweL9GbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PDULqC8_61ruKJOPvxsJweL9GbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:1d:f1:e0:9b:c5:25:cb:22:26:a9:d5:5e:a4:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c350ba82f3feb5aee28938fbf1b09c1e2fd19b4
        Validity
            Not Before: Jan  2 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8b7a9ae8e7f6e314548df05e311950d86ac9b68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:68:c3:e1:1b:df:9b:45:ea:18:31:28:6a:4d:
                    17:e2:4e:39:5f:a3:96:fc:82:e2:65:89:60:0b:a7:
                    e4:17:d9:b3:f5:8c:4e:54:27:2e:df:c4:be:b4:b2:
                    a2:64:de:78:c0:9a:d5:35:7b:9b:6b:be:bc:1c:6d:
                    e4:91:02:01:15:92:ff:44:be:86:fb:c2:bb:4b:23:
                    e8:50:75:21:83:6c:94:93:1c:70:c5:d2:0f:6a:94:
                    ea:77:b4:e4:48:ea:31:80:ab:91:a4:fb:7f:17:96:
                    dd:1c:df:f0:1a:a8:53:a1:c6:a4:a6:6b:bb:a6:ae:
                    dd:6d:69:2a:66:16:42:ee:38:32:57:ad:2d:e1:be:
                    c4:8f:a8:55:47:fc:53:27:c9:17:93:1b:5a:50:50:
                    71:40:1e:92:08:9f:d5:f3:c7:45:f8:cc:b4:7e:6b:
                    a7:fe:07:a1:ea:de:47:a3:ef:69:7b:f7:aa:7c:95:
                    e7:54:f5:66:4f:9d:cf:9d:3b:03:10:f6:38:cd:f5:
                    07:4c:22:a9:d9:22:ba:2c:7c:37:54:c9:ce:6d:96:
                    6c:3d:97:57:30:5a:b5:c9:d7:9c:72:d6:3f:79:83:
                    75:b2:c8:32:56:68:ba:4b:b9:d4:c7:91:d0:ae:fb:
                    1d:b2:2d:01:79:7e:0a:bb:81:68:8e:18:d6:cf:f5:
                    44:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:B7:A9:AE:8E:7F:6E:31:45:48:DF:05:E3:11:95:0D:86:AC:9B:68
            X509v3 Authority Key Identifier:
                keyid:3C:35:0B:A8:2F:3F:EB:5A:EE:28:93:8F:BF:1B:09:C1:E2:FD:19:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PDULqC8_61ruKJOPvxsJweL9GbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/64d7a9-cac3-4549-a7aa-61b7902ee204/1/yLepro5_bjFFSN8F4xGVDYasm2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/64d7a9-cac3-4549-a7aa-61b7902ee204/1/PDULqC8_61ruKJOPvxsJweL9GbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.24.0/22
                  217.69.16.0/20
                IPv6:
                  2a03:6c80::/32

    Signature Algorithm: sha256WithRSAEncryption
         89:91:bb:84:18:a7:3e:65:32:21:b3:db:c8:7a:a9:6f:0b:39:
         5b:58:50:2a:cb:d0:3c:18:19:76:2e:d6:db:1c:f4:d5:16:8a:
         b5:13:33:97:71:12:68:e8:02:e4:ec:e4:69:23:03:dc:ca:03:
         40:4d:87:9e:6a:37:2f:b1:1c:4e:40:1a:3c:cd:ce:c1:d8:94:
         7f:85:72:07:85:ad:8a:3f:3b:0c:fa:d7:bc:18:0f:70:bc:75:
         87:72:42:63:01:e7:bc:ca:6e:cb:f1:0b:66:0a:83:af:bd:5e:
         c9:cf:25:7b:fa:86:8b:10:41:78:28:80:b6:2f:90:2f:17:55:
         9b:5b:0d:eb:cc:58:80:89:0d:d8:2f:48:5d:18:96:5f:21:92:
         a0:dc:93:f6:89:a3:f0:d2:50:f9:18:0c:81:1d:78:30:03:f9:
         52:62:25:3d:35:ea:93:91:b6:25:b8:0b:88:14:3b:e1:a6:47:
         25:26:33:ff:27:36:71:72:69:23:87:87:b6:a0:68:aa:3d:94:
         37:74:ed:5a:e5:fd:cc:49:5e:a6:a3:6c:3f:44:88:19:71:23:
         1c:21:67:0e:a9:6b:b5:91:7a:d4:e7:e9:47:3f:4a:8f:19:04:
         e6:7c:dc:b4:98:75:27:1a:b9:bb:65:a7:7f:a1:ef:56:12:96:
         8c:f2:dc:85
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIAR3x4JvFJcsiJqnVXqQYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjMzUwYmE4MmYzZmViNWFlZTI4OTM4ZmJmMWIwOWMxZTJm
ZDE5YjQwHhcNMjQwMTAyMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGI3YTlhZThlN2Y2ZTMxNDU0OGRmMDVlMzExOTUwZDg2YWM5YjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2jD4Rvfm0XqGDEoak0X4k45X6OW
/ILiZYlgC6fkF9mz9YxOVCcu38S+tLKiZN54wJrVNXuba768HG3kkQIBFZL/RL6G
+8K7SyPoUHUhg2yUkxxwxdIPapTqd7TkSOoxgKuRpPt/F5bdHN/wGqhTocakpmu7
pq7dbWkqZhZC7jgyV60t4b7Ej6hVR/xTJ8kXkxtaUFBxQB6SCJ/V88dF+My0fmun
/geh6t5Ho+9pe/eqfJXnVPVmT53PnTsDEPY4zfUHTCKp2SK6LHw3VMnObZZsPZdX
MFq1ydecctY/eYN1ssgyVmi6S7nUx5HQrvsdsi0BeX4Ku4FojhjWz/VEZwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMi3qa6Of24xRUjfBeMRlQ2GrJtoMB8GA1UdIwQY
MBaAFDw1C6gvP+ta7iiTj78bCcHi/Rm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUERVTHFDOF82MXJ1S0pPUHZ4c0p3ZUw5R2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82NGQ3YTktY2FjMy00NTQ5LWE3YWEt
NjFiNzkwMmVlMjA0LzEveUxlcHJvNV9iakZGU044RjR4R1ZEWWFzbTJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82NGQ3YTktY2FjMy00NTQ5LWE3YWEtNjFiNzkwMmVlMjA0
LzEvUERVTHFDOF82MXJ1S0pPUHZ4c0p3ZUw5R2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuQMYAwQE
2UUQMA0EAgACMAcDBQAqA2yAMA0GCSqGSIb3DQEBCwUAA4IBAQCJkbuEGKc+ZTIh
s9vIeqlvCzlbWFAqy9A8GBl2LtbbHPTVFoq1EzOXcRJo6ALk7ORpIwPcygNATYee
ajcvsRxOQBo8zc7B2JR/hXIHha2KPzsM+te8GA9wvHWHckJjAee8ym7L8QtmCoOv
vV7JzyV7+oaLEEF4KIC2L5AvF1WbWw3rzFiAiQ3YL0hdGJZfIZKg3JP2iaPw0lD5
GAyBHXgwA/lSYiU9NeqTkbYluAuIFDvhpkclJjP/JzZxcmkjh4e2oGiqPZQ3dO1a
5f3MSV6mo2w/RIgZcSMcIWcOqWu1kXrU5+lHP0qPGQTmfNy0mHUnGrm7Zad/oe9W
EpaM8tyF
-----END CERTIFICATE-----