Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/39db4d-e93f-4139-aad8-6c28bb40d52e/1/Yi73awUfNeeD2qULm-KB47t1eWs.roa
File:                     Yi73awUfNeeD2qULm-KB47t1eWs.roa (raw, json)
Hash identifier:          ylHyQvumKVd2KGOFcPgDrQXCjT5j4DEroVaZHln2sgY=
Subject key identifier:   62:2E:F7:6B:05:1F:35:E7:83:DA:A5:0B:9B:E2:81:E3:BB:75:79:6B
Certificate issuer:       /CN=86623a8458eff347d424348588829ee137b45a3f
Certificate serial:       018CC86F35D77E6B4B4B1931DEBC2936BBD0
Authority key identifier: 86:62:3A:84:58:EF:F3:47:D4:24:34:85:88:82:9E:E1:37:B4:5A:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hmI6hFjv80fUJDSFiIKe4Te0Wj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/39db4d-e93f-4139-aad8-6c28bb40d52e/1/Yi73awUfNeeD2qULm-KB47t1eWs.roa
Signing time:             Tue 02 Jan 2024 04:29:40 +0000
ROA not before:           Tue 02 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43754
IP address blocks:        91.207.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/39db4d-e93f-4139-aad8-6c28bb40d52e/1/hmI6hFjv80fUJDSFiIKe4Te0Wj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/39db4d-e93f-4139-aad8-6c28bb40d52e/1/hmI6hFjv80fUJDSFiIKe4Te0Wj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hmI6hFjv80fUJDSFiIKe4Te0Wj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:35:d7:7e:6b:4b:4b:19:31:de:bc:29:36:bb:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86623a8458eff347d424348588829ee137b45a3f
        Validity
            Not Before: Jan  2 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=622ef76b051f35e783daa50b9be281e3bb75796b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:39:15:e9:05:ed:61:20:87:60:a4:48:8a:65:
                    78:62:ce:74:cc:55:e1:21:a6:7f:b2:e5:f4:bf:e0:
                    0f:38:00:32:d3:63:30:73:c7:8f:6f:16:9d:57:35:
                    5e:ea:bd:13:fe:54:dd:1f:ec:b0:9a:e2:b2:67:7b:
                    36:4a:a6:60:90:52:6c:61:35:c6:fb:dc:db:6d:d0:
                    4e:60:92:58:8b:2b:a1:eb:01:8e:e8:4a:cc:75:68:
                    7b:36:be:12:14:c6:18:a5:b5:dc:0a:0d:10:e0:b2:
                    22:81:cb:1f:f9:00:75:3f:d9:93:ac:a0:5c:90:74:
                    0e:1c:d6:7e:79:5e:b8:2f:35:57:35:eb:d9:98:d8:
                    c5:69:1c:c0:41:5a:24:80:78:fe:cc:14:18:6a:94:
                    6c:63:84:d2:17:c3:29:9d:6c:43:a8:69:80:2c:16:
                    61:58:f3:b3:7c:cb:79:f1:07:10:c5:b0:05:12:07:
                    fd:d0:8d:80:41:73:77:3a:ff:ec:41:f5:da:85:69:
                    25:69:e3:d6:75:71:2f:0d:59:88:cf:23:b7:24:ab:
                    83:d6:47:48:53:75:33:f4:82:b2:b3:59:14:2e:1d:
                    43:eb:db:35:aa:0c:05:f1:77:a8:1c:c0:1f:32:23:
                    bd:f0:e4:95:97:a3:ea:3c:72:d3:ac:1b:a9:43:13:
                    eb:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:2E:F7:6B:05:1F:35:E7:83:DA:A5:0B:9B:E2:81:E3:BB:75:79:6B
            X509v3 Authority Key Identifier:
                keyid:86:62:3A:84:58:EF:F3:47:D4:24:34:85:88:82:9E:E1:37:B4:5A:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hmI6hFjv80fUJDSFiIKe4Te0Wj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/39db4d-e93f-4139-aad8-6c28bb40d52e/1/Yi73awUfNeeD2qULm-KB47t1eWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/39db4d-e93f-4139-aad8-6c28bb40d52e/1/hmI6hFjv80fUJDSFiIKe4Te0Wj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:75:f3:cd:9f:89:b2:fb:eb:1b:1b:38:09:b8:99:a4:5d:67:
         ac:59:d6:6b:e1:e7:90:fe:09:15:c5:9f:b8:30:18:ac:2c:fe:
         f7:62:85:9f:04:1a:0a:5f:bd:62:0e:17:52:3c:c5:ef:49:7a:
         cf:26:66:7f:a7:0b:94:2c:dc:25:f6:d1:98:a7:ee:b6:83:48:
         77:1d:bc:cf:c5:87:61:a5:09:6f:fb:bc:34:a9:b1:cb:a8:51:
         4c:44:e4:14:c1:24:bf:2c:bd:f5:10:c5:d1:ec:61:6d:56:0a:
         2c:70:1f:c6:58:38:e5:ec:29:eb:0b:60:21:44:42:e6:d1:02:
         ec:44:cb:e6:2a:90:25:1d:c8:8c:ad:a1:b2:20:49:ea:01:6d:
         d2:d4:dc:e7:b7:89:78:64:6f:b7:c5:d3:aa:99:ab:a0:4d:2c:
         99:97:70:80:77:95:a9:92:55:09:56:16:16:c3:cd:23:88:3c:
         c4:f7:43:23:1c:97:52:08:75:d7:16:b7:da:2d:65:0c:0e:15:
         82:57:fd:43:ba:b6:6f:94:4c:3d:fc:05:b1:7a:e8:f3:69:f6:
         d9:b6:89:72:9b:f2:f7:1b:37:40:a3:2e:38:c9:c6:28:05:67:
         9f:94:4b:7c:02:21:85:6e:fc:c5:42:14:08:a2:76:81:85:f4:
         71:41:b5:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbzXXfmtLSxkx3rwpNrvQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NjIzYTg0NThlZmYzNDdkNDI0MzQ4NTg4ODI5ZWUxMzdi
NDVhM2YwHhcNMjQwMTAyMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjJlZjc2YjA1MWYzNWU3ODNkYWE1MGI5YmUyODFlM2JiNzU3OTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDkV6QXtYSCHYKRIimV4Ys50zFXh
IaZ/suX0v+APOAAy02Mwc8ePbxadVzVe6r0T/lTdH+ywmuKyZ3s2SqZgkFJsYTXG
+9zbbdBOYJJYiyuh6wGO6ErMdWh7Nr4SFMYYpbXcCg0Q4LIigcsf+QB1P9mTrKBc
kHQOHNZ+eV64LzVXNevZmNjFaRzAQVokgHj+zBQYapRsY4TSF8MpnWxDqGmALBZh
WPOzfMt58QcQxbAFEgf90I2AQXN3Ov/sQfXahWklaePWdXEvDVmIzyO3JKuD1kdI
U3Uz9IKys1kULh1D69s1qgwF8XeoHMAfMiO98OSVl6PqPHLTrBupQxPrOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIu92sFHzXng9qlC5vigeO7dXlrMB8GA1UdIwQY
MBaAFIZiOoRY7/NH1CQ0hYiCnuE3tFo/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaG1JNmhGanY4MGZVSkRTRmlJS2U0VGUwV2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi8zOWRiNGQtZTkzZi00MTM5LWFhZDgt
NmMyOGJiNDBkNTJlLzEvWWk3M2F3VWZOZWVEMnFVTG0tS0I0N3QxZVdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi8zOWRiNGQtZTkzZi00MTM5LWFhZDgtNmMyOGJiNDBkNTJl
LzEvaG1JNmhGanY4MGZVSkRTRmlJS2U0VGUwV2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8/NMA0G
CSqGSIb3DQEBCwUAA4IBAQArdfPNn4my++sbGzgJuJmkXWesWdZr4eeQ/gkVxZ+4
MBisLP73YoWfBBoKX71iDhdSPMXvSXrPJmZ/pwuULNwl9tGYp+62g0h3HbzPxYdh
pQlv+7w0qbHLqFFMROQUwSS/LL31EMXR7GFtVgoscB/GWDjl7CnrC2AhRELm0QLs
RMvmKpAlHciMraGyIEnqAW3S1Nznt4l4ZG+3xdOqmaugTSyZl3CAd5WpklUJVhYW
w80jiDzE90MjHJdSCHXXFrfaLWUMDhWCV/1DurZvlEw9/AWxeujzafbZtolym/L3
GzdAoy44ycYoBWeflEt8AiGFbvzFQhQIonaBhfRxQbW7
-----END CERTIFICATE-----