Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/30bfb7-3c7d-47d7-ac68-9462d4e1cc72/1/yaPKdn8WHVdLbesMuDAkH_fxy50.roa
File:                     yaPKdn8WHVdLbesMuDAkH_fxy50.roa (raw, json)
Hash identifier:          jcOeVos1WxY9QyFu0f/q9CwSDmvmiCv/vo5FiDzKfuQ=
Subject key identifier:   C9:A3:CA:76:7F:16:1D:57:4B:6D:EB:0C:B8:30:24:1F:F7:F1:CB:9D
Certificate issuer:       /CN=1f9510606ad94c4f7c7a63e5c1ec26c40fb4aa88
Certificate serial:       01904AF95C601BB19317585EF472F7873B37
Authority key identifier: 1F:95:10:60:6A:D9:4C:4F:7C:7A:63:E5:C1:EC:26:C4:0F:B4:AA:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H5UQYGrZTE98emPlwewmxA-0qog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/30bfb7-3c7d-47d7-ac68-9462d4e1cc72/1/yaPKdn8WHVdLbesMuDAkH_fxy50.roa
Signing time:             Mon 24 Jun 2024 15:59:34 +0000
ROA not before:           Mon 24 Jun 2024 15:59:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        185.28.168.0/24 maxlen: 24
                          185.28.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/30bfb7-3c7d-47d7-ac68-9462d4e1cc72/1/H5UQYGrZTE98emPlwewmxA-0qog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/30bfb7-3c7d-47d7-ac68-9462d4e1cc72/1/H5UQYGrZTE98emPlwewmxA-0qog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H5UQYGrZTE98emPlwewmxA-0qog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 18:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4a:f9:5c:60:1b:b1:93:17:58:5e:f4:72:f7:87:3b:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f9510606ad94c4f7c7a63e5c1ec26c40fb4aa88
        Validity
            Not Before: Jun 24 15:59:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9a3ca767f161d574b6deb0cb830241ff7f1cb9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:53:dd:1d:9e:0c:c0:5a:4e:3e:0c:a4:f5:67:
                    b7:60:2a:22:f4:bb:86:34:1b:99:d2:c9:fa:78:9f:
                    7a:66:32:70:e0:bf:5c:f4:f8:a3:8e:f7:40:f5:95:
                    1f:4d:37:4f:1c:d0:4b:bc:ed:d2:03:61:5f:14:1a:
                    80:ae:59:00:bf:fe:bc:8a:a1:e7:c3:e2:96:47:47:
                    6a:a7:49:0f:89:bd:46:d4:39:33:80:6f:3a:62:ad:
                    3d:92:41:a8:c8:ea:e6:52:4a:c6:e1:cc:7c:05:6b:
                    81:24:c0:3e:78:7f:5a:6f:7e:83:cb:5e:77:48:09:
                    da:fa:49:22:7f:0c:15:91:8a:c6:b5:e0:a6:f9:1a:
                    79:21:d2:37:84:3f:7c:ee:6d:29:3f:42:d1:cd:c2:
                    fc:94:55:2a:64:9f:ed:28:78:bb:e6:50:51:5f:15:
                    eb:37:0c:ae:b2:96:f1:a9:08:60:16:03:59:75:e9:
                    4b:bd:0a:67:7a:04:9f:e3:ae:c1:ec:f6:0e:ac:55:
                    3e:79:9b:b8:ba:8b:c4:80:c5:0e:04:75:9d:a9:b1:
                    bd:ab:7b:c9:15:90:11:4d:e9:b5:86:ee:43:d6:99:
                    c8:5b:7a:8c:4b:63:70:09:02:9a:5a:5a:44:79:7c:
                    ee:1d:08:25:48:de:2e:ed:d2:e8:eb:ba:b2:b5:85:
                    e8:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:A3:CA:76:7F:16:1D:57:4B:6D:EB:0C:B8:30:24:1F:F7:F1:CB:9D
            X509v3 Authority Key Identifier:
                keyid:1F:95:10:60:6A:D9:4C:4F:7C:7A:63:E5:C1:EC:26:C4:0F:B4:AA:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H5UQYGrZTE98emPlwewmxA-0qog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/30bfb7-3c7d-47d7-ac68-9462d4e1cc72/1/yaPKdn8WHVdLbesMuDAkH_fxy50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/30bfb7-3c7d-47d7-ac68-9462d4e1cc72/1/H5UQYGrZTE98emPlwewmxA-0qog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:c2:49:9b:1c:d5:f4:4e:ae:87:c0:b9:dc:f4:7b:3d:74:8f:
         83:be:27:0e:fb:ec:cd:b4:dd:0f:58:fb:47:ed:f2:43:91:e3:
         de:48:2f:cd:8d:3b:5e:0b:e1:3c:4c:35:6c:a8:e5:e7:b2:62:
         8d:e8:94:8d:6a:e4:64:17:61:84:51:bd:a0:72:0f:b3:21:fe:
         87:48:0a:cd:15:a2:7d:d8:00:94:0f:91:df:67:df:ff:a4:3f:
         72:4e:3c:44:ec:b4:0e:4d:f8:a2:c1:fd:15:ff:ef:09:b5:c6:
         ee:78:51:d3:94:1c:ae:a6:d0:f8:0d:1f:66:ed:d0:e1:70:4e:
         38:8f:78:a1:1a:85:f2:f2:78:83:f4:9b:06:fd:ea:93:02:42:
         2f:a1:8b:33:be:43:75:79:c9:6d:d8:ae:4c:91:3b:0d:1e:4e:
         0b:df:1a:c3:aa:73:b0:e8:2a:d5:ba:33:22:1c:8b:72:37:94:
         db:78:af:ce:d8:b1:96:27:17:27:01:cc:a0:f7:5c:1f:76:b4:
         60:a6:06:96:0e:1b:9c:d1:57:de:77:a0:eb:0a:14:31:15:5c:
         8c:72:17:dd:4f:7d:5e:5f:5b:b5:e3:f2:c8:40:93:34:eb:b0:
         44:a0:53:aa:dd:47:58:09:b4:bd:37:31:76:ad:23:90:34:89:
         78:57:36:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBK+VxgG7GTF1he9HL3hzs3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmOTUxMDYwNmFkOTRjNGY3YzdhNjNlNWMxZWMyNmM0MGZi
NGFhODgwHhcNMjQwNjI0MTU1OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWEzY2E3NjdmMTYxZDU3NGI2ZGViMGNiODMwMjQxZmY3ZjFjYjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFPdHZ4MwFpOPgyk9We3YCoi9LuG
NBuZ0sn6eJ96ZjJw4L9c9PijjvdA9ZUfTTdPHNBLvO3SA2FfFBqArlkAv/68iqHn
w+KWR0dqp0kPib1G1DkzgG86Yq09kkGoyOrmUkrG4cx8BWuBJMA+eH9ab36Dy153
SAna+kkifwwVkYrGteCm+Rp5IdI3hD987m0pP0LRzcL8lFUqZJ/tKHi75lBRXxXr
NwyuspbxqQhgFgNZdelLvQpnegSf467B7PYOrFU+eZu4uovEgMUOBHWdqbG9q3vJ
FZARTem1hu5D1pnIW3qMS2NwCQKaWlpEeXzuHQglSN4u7dLo67qytYXofQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMmjynZ/Fh1XS23rDLgwJB/38cudMB8GA1UdIwQY
MBaAFB+VEGBq2UxPfHpj5cHsJsQPtKqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDVVUVlHclpURTk4ZW1QbHdld214QS0wcW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8zMGJmYjctM2M3ZC00N2Q3LWFjNjgt
OTQ2MmQ0ZTFjYzcyLzEveWFQS2RuOFdIVmRMYmVzTXVEQWtIX2Z4eTUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8zMGJmYjctM2M3ZC00N2Q3LWFjNjgtOTQ2MmQ0ZTFjYzcy
LzEvSDVVUVlHclpURTk4ZW1QbHdld214QS0wcW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuRyoMA0G
CSqGSIb3DQEBCwUAA4IBAQBmwkmbHNX0Tq6HwLnc9Hs9dI+DvicO++zNtN0PWPtH
7fJDkePeSC/NjTteC+E8TDVsqOXnsmKN6JSNauRkF2GEUb2gcg+zIf6HSArNFaJ9
2ACUD5HfZ9//pD9yTjxE7LQOTfiiwf0V/+8JtcbueFHTlByuptD4DR9m7dDhcE44
j3ihGoXy8niD9JsG/eqTAkIvoYszvkN1eclt2K5MkTsNHk4L3xrDqnOw6CrVujMi
HItyN5TbeK/O2LGWJxcnAcyg91wfdrRgpgaWDhuc0Vfed6DrChQxFVyMchfdT31e
X1u14/LIQJM067BEoFOq3UdYCbS9NzF2rSOQNIl4Vzap
-----END CERTIFICATE-----