Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/YbAMW5foCYMQXcUb-9VoiBYQWG8.roa
File:                     YbAMW5foCYMQXcUb-9VoiBYQWG8.roa (raw, json)
Hash identifier:          EyGoCilExov5WjEXU5cLbiIzYBE98gtVRySzd3tPU/4=
Subject key identifier:   61:B0:0C:5B:97:E8:09:83:10:5D:C5:1B:FB:D5:68:88:16:10:58:6F
Certificate issuer:       /CN=0a6d5b2c6ea00931631554066f995146e3ff0144
Certificate serial:       018D55124EE439545F6B8E48A3D36C239DAA
Authority key identifier: 0A:6D:5B:2C:6E:A0:09:31:63:15:54:06:6F:99:51:46:E3:FF:01:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cm1bLG6gCTFjFVQGb5lRRuP_AUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/YbAMW5foCYMQXcUb-9VoiBYQWG8.roa
Signing time:             Mon 29 Jan 2024 11:54:39 +0000
ROA not before:           Mon 29 Jan 2024 11:54:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198471
IP address blocks:        62.170.168.0/22 maxlen: 24
                          83.98.80.0/20 maxlen: 24
                          109.235.156.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/Cm1bLG6gCTFjFVQGb5lRRuP_AUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/Cm1bLG6gCTFjFVQGb5lRRuP_AUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cm1bLG6gCTFjFVQGb5lRRuP_AUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 22:02:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:55:12:4e:e4:39:54:5f:6b:8e:48:a3:d3:6c:23:9d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a6d5b2c6ea00931631554066f995146e3ff0144
        Validity
            Not Before: Jan 29 11:54:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61b00c5b97e80983105dc51bfbd568881610586f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:0f:c7:bd:50:ba:d5:19:44:e1:87:a9:4e:a7:
                    88:da:49:99:53:17:49:fe:ae:54:1e:6b:6f:3e:92:
                    d1:a2:f0:4f:eb:ad:49:72:d8:24:2a:ef:76:a7:a7:
                    13:c4:b9:24:03:43:9c:43:81:8f:49:c9:78:c0:5b:
                    9d:63:c6:ff:11:3d:f9:c0:59:15:5c:6d:f6:42:70:
                    5d:de:9a:25:dd:ff:b6:e7:5f:f8:31:d4:6d:53:37:
                    fd:0b:f8:de:ff:15:ef:7b:70:d9:13:39:7e:c1:04:
                    34:fa:66:67:44:28:8c:2c:85:31:ca:c7:9c:3f:52:
                    e5:c1:09:f1:e5:a6:c0:4d:70:72:c2:34:7a:26:94:
                    8e:07:ee:fb:77:57:00:ad:c1:91:84:6b:3d:b5:e9:
                    59:b9:8f:05:07:4a:7f:06:99:a3:5c:12:d1:e8:96:
                    06:d9:70:15:60:24:b7:32:2c:45:fd:ce:de:93:30:
                    9b:65:3f:32:51:d3:a4:21:b0:11:e3:08:7c:be:9a:
                    d4:34:b7:08:b6:b4:cd:98:d4:07:a0:e8:d9:e7:e4:
                    ee:f9:01:b6:a7:46:c0:13:fb:e2:16:ee:1e:46:83:
                    72:a3:4d:52:81:9a:f5:c3:df:f0:47:c3:7a:7c:62:
                    d2:37:65:7b:da:d7:39:64:d6:d7:e7:f5:1a:4e:17:
                    ee:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:B0:0C:5B:97:E8:09:83:10:5D:C5:1B:FB:D5:68:88:16:10:58:6F
            X509v3 Authority Key Identifier:
                keyid:0A:6D:5B:2C:6E:A0:09:31:63:15:54:06:6F:99:51:46:E3:FF:01:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cm1bLG6gCTFjFVQGb5lRRuP_AUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/YbAMW5foCYMQXcUb-9VoiBYQWG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/Cm1bLG6gCTFjFVQGb5lRRuP_AUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.170.168.0/22
                  83.98.80.0/20
                  109.235.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:de:01:9e:23:ae:15:3d:c8:2a:30:18:ea:7c:2f:13:10:f5:
         10:ef:0a:38:e0:9a:45:5d:15:99:54:15:b8:d0:86:7b:9f:63:
         a6:d3:06:7f:2e:51:57:3f:35:e6:26:91:25:65:db:0f:23:58:
         18:1c:11:5c:3b:a2:95:55:d7:8d:06:e6:a2:b3:0e:d8:fc:56:
         83:e6:d3:ed:27:f2:3a:0a:c1:75:f8:be:16:a8:24:fc:4f:89:
         9f:66:04:79:94:f3:b8:f0:1f:bd:2d:06:bb:78:47:fa:9e:f9:
         fb:0d:82:bc:19:cd:ed:9a:ea:b6:e8:c5:c1:a6:bd:b6:93:c3:
         fd:09:4f:c0:4b:1e:ca:6a:d0:dd:97:da:17:39:c5:53:97:00:
         39:a5:f4:c4:49:82:33:7e:ba:fa:ad:d6:7b:cb:46:ea:52:87:
         65:86:7f:87:71:78:71:6b:c2:75:c1:3e:c9:dc:53:50:ee:c4:
         c0:01:87:0e:bf:8c:60:d5:b1:72:54:76:4b:90:89:32:72:08:
         ea:f9:f7:47:fe:c4:51:0f:c0:68:52:6e:c6:c1:c4:41:56:41:
         01:0a:9a:23:51:15:9f:4a:de:c3:b4:0a:7d:21:f9:8e:20:f6:
         d4:28:dc:e6:d7:7d:cb:5b:09:79:bd:93:2c:12:cc:23:94:5a:
         33:fe:b7:f4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY1VEk7kOVRfa45Io9NsI52qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNmQ1YjJjNmVhMDA5MzE2MzE1NTQwNjZmOTk1MTQ2ZTNm
ZjAxNDQwHhcNMjQwMTI5MTE1NDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWIwMGM1Yjk3ZTgwOTgzMTA1ZGM1MWJmYmQ1Njg4ODE2MTA1ODZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQ/HvVC61RlE4YepTqeI2kmZUxdJ
/q5UHmtvPpLRovBP661JctgkKu92p6cTxLkkA0OcQ4GPScl4wFudY8b/ET35wFkV
XG32QnBd3pol3f+251/4MdRtUzf9C/je/xXve3DZEzl+wQQ0+mZnRCiMLIUxysec
P1LlwQnx5abATXBywjR6JpSOB+77d1cArcGRhGs9telZuY8FB0p/BpmjXBLR6JYG
2XAVYCS3MixF/c7ekzCbZT8yUdOkIbAR4wh8vprUNLcItrTNmNQHoOjZ5+Tu+QG2
p0bAE/viFu4eRoNyo01SgZr1w9/wR8N6fGLSN2V72tc5ZNbX5/UaThfucQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGGwDFuX6AmDEF3FG/vVaIgWEFhvMB8GA1UdIwQY
MBaAFAptWyxuoAkxYxVUBm+ZUUbj/wFEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ20xYkxHNmdDVEZqRlZRR2I1bFJSdVBfQVVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS83NGIyODAtZTFiNC00MzEwLTgwODUt
ZDY1NjE3YmQzYjRmLzEvWWJBTVc1Zm9DWU1RWGNVYi05Vm9pQllRV0c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS83NGIyODAtZTFiNC00MzEwLTgwODUtZDY1NjE3YmQzYjRm
LzEvQ20xYkxHNmdDVEZqRlZRR2I1bFJSdVBfQVVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCPqqoAwQE
U2JQAwQCbeucMA0GCSqGSIb3DQEBCwUAA4IBAQCO3gGeI64VPcgqMBjqfC8TEPUQ
7wo44JpFXRWZVBW40IZ7n2Om0wZ/LlFXPzXmJpElZdsPI1gYHBFcO6KVVdeNBuai
sw7Y/FaD5tPtJ/I6CsF1+L4WqCT8T4mfZgR5lPO48B+9LQa7eEf6nvn7DYK8Gc3t
muq26MXBpr22k8P9CU/ASx7KatDdl9oXOcVTlwA5pfTESYIzfrr6rdZ7y0bqUodl
hn+HcXhxa8J1wT7J3FNQ7sTAAYcOv4xg1bFyVHZLkIkycgjq+fdH/sRRD8BoUm7G
wcRBVkEBCpojURWfSt7DtAp9IfmOIPbUKNzm133LWwl5vZMsEswjlFoz/rf0
-----END CERTIFICATE-----