Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/b2ff91-d4ce-405b-bebf-609d8f565ffc/1/yRiP_dfJcVLSHj0Aag5jI84_z8Q.roa
File:                     yRiP_dfJcVLSHj0Aag5jI84_z8Q.roa (raw, json)
Hash identifier:          j69JzEj26gPj5DBBOVdlLrxY107R3S8NZKc71n5etKw=
Subject key identifier:   C9:18:8F:FD:D7:C9:71:52:D2:1E:3D:00:6A:0E:63:23:CE:3F:CF:C4
Certificate issuer:       /CN=cc39e6be40d80128896ccd131f65a55ad98a40af
Certificate serial:       018CCA99799FDE6B5F57551C821C85218169
Authority key identifier: CC:39:E6:BE:40:D8:01:28:89:6C:CD:13:1F:65:A5:5A:D9:8A:40:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zDnmvkDYASiJbM0TH2WlWtmKQK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/b2ff91-d4ce-405b-bebf-609d8f565ffc/1/yRiP_dfJcVLSHj0Aag5jI84_z8Q.roa
Signing time:             Tue 02 Jan 2024 14:35:04 +0000
ROA not before:           Tue 02 Jan 2024 14:35:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49321
IP address blocks:        185.245.58.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/b2ff91-d4ce-405b-bebf-609d8f565ffc/1/zDnmvkDYASiJbM0TH2WlWtmKQK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/b2ff91-d4ce-405b-bebf-609d8f565ffc/1/zDnmvkDYASiJbM0TH2WlWtmKQK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zDnmvkDYASiJbM0TH2WlWtmKQK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:79:9f:de:6b:5f:57:55:1c:82:1c:85:21:81:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc39e6be40d80128896ccd131f65a55ad98a40af
        Validity
            Not Before: Jan  2 14:35:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9188ffdd7c97152d21e3d006a0e6323ce3fcfc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:cb:ef:b8:c4:32:03:bd:88:9f:80:5e:c7:ee:
                    d1:18:dc:bb:87:23:a9:06:f7:ac:6b:f7:d0:b6:f7:
                    0f:13:d7:40:db:41:27:62:ad:07:1a:d8:a0:eb:ed:
                    f3:0f:b5:25:2d:54:54:6c:b6:6d:d7:1f:61:76:f3:
                    61:2f:ce:a0:9b:67:bd:05:12:80:b0:11:e2:0d:88:
                    fc:18:9e:d4:ff:d7:b7:95:34:5d:de:a3:01:b4:8b:
                    e9:15:2f:2c:61:62:9e:d7:17:87:03:44:4c:8f:10:
                    c4:a9:c7:bb:fb:b9:aa:2d:4f:10:8e:07:6f:b7:de:
                    76:d2:b3:5d:3d:3f:21:4c:00:97:d0:05:11:d2:43:
                    99:ad:ba:47:d3:38:67:06:b1:32:e3:12:2d:b3:4c:
                    ee:ab:09:21:19:36:b3:8f:1d:80:16:b3:53:72:bb:
                    74:3f:4e:56:e6:21:f4:3f:10:55:3e:54:ea:80:02:
                    e8:d0:9d:17:2f:f4:d8:10:46:e2:3b:c6:70:fe:64:
                    38:d6:c5:15:f3:d7:ba:ea:8a:88:f9:34:67:b0:20:
                    48:6b:44:41:10:47:04:d6:06:68:2b:02:98:f5:82:
                    82:2d:15:2e:40:3b:7b:e3:10:53:e8:c5:3b:e5:77:
                    66:e1:dc:86:7f:29:4d:4d:53:d7:ad:51:f6:99:31:
                    19:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:18:8F:FD:D7:C9:71:52:D2:1E:3D:00:6A:0E:63:23:CE:3F:CF:C4
            X509v3 Authority Key Identifier:
                keyid:CC:39:E6:BE:40:D8:01:28:89:6C:CD:13:1F:65:A5:5A:D9:8A:40:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zDnmvkDYASiJbM0TH2WlWtmKQK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/b2ff91-d4ce-405b-bebf-609d8f565ffc/1/yRiP_dfJcVLSHj0Aag5jI84_z8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/b2ff91-d4ce-405b-bebf-609d8f565ffc/1/zDnmvkDYASiJbM0TH2WlWtmKQK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:89:50:d4:b0:f8:c8:74:9d:28:5c:89:35:d9:55:a8:e3:10:
         f3:77:50:5d:6d:f2:77:f7:c1:6c:ea:4c:eb:bf:8f:8f:f5:b6:
         77:5f:9b:8b:75:62:4b:17:62:c7:63:3d:a0:ca:0b:78:5b:c3:
         0f:8e:f3:ee:98:b8:01:93:bb:ca:79:70:9f:cd:35:88:ab:1a:
         62:b9:7b:93:ba:8e:b6:e2:a5:03:17:13:cd:c7:da:4a:4d:d4:
         6e:9c:f9:55:15:61:ad:84:e7:18:bc:63:3e:37:f5:39:28:80:
         dd:85:80:59:61:87:34:27:ea:e2:8f:91:20:99:2b:b2:73:66:
         db:6e:91:3b:a6:9a:17:a1:d9:82:27:07:68:cf:96:40:de:45:
         82:d4:b8:7b:80:b4:fa:ef:40:40:88:29:88:a9:19:5f:58:29:
         06:ff:53:f7:81:fd:85:0e:bc:56:4f:ec:f2:65:bd:54:c4:03:
         16:4c:72:9a:25:d3:50:d9:be:14:f4:c3:ad:70:0c:b5:ac:87:
         38:17:d1:86:1a:7c:45:93:5a:78:63:26:7f:7a:a7:ed:7d:0f:
         68:5d:72:1a:40:5c:5d:86:c8:ed:bc:ec:22:82:6f:ac:15:16:
         78:bc:7f:b4:5c:e1:33:0b:67:3e:e1:7c:45:fe:1b:13:92:d6:
         69:cd:7d:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmXmf3mtfV1UcghyFIYFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMzllNmJlNDBkODAxMjg4OTZjY2QxMzFmNjVhNTVhZDk4
YTQwYWYwHhcNMjQwMTAyMTQzNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTE4OGZmZGQ3Yzk3MTUyZDIxZTNkMDA2YTBlNjMyM2NlM2ZjZmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAicvvuMQyA72In4Bex+7RGNy7hyOp
Bvesa/fQtvcPE9dA20EnYq0HGtig6+3zD7UlLVRUbLZt1x9hdvNhL86gm2e9BRKA
sBHiDYj8GJ7U/9e3lTRd3qMBtIvpFS8sYWKe1xeHA0RMjxDEqce7+7mqLU8Qjgdv
t9520rNdPT8hTACX0AUR0kOZrbpH0zhnBrEy4xIts0zuqwkhGTazjx2AFrNTcrt0
P05W5iH0PxBVPlTqgALo0J0XL/TYEEbiO8Zw/mQ41sUV89e66oqI+TRnsCBIa0RB
EEcE1gZoKwKY9YKCLRUuQDt74xBT6MU75Xdm4dyGfylNTVPXrVH2mTEZMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMkYj/3XyXFS0h49AGoOYyPOP8/EMB8GA1UdIwQY
MBaAFMw55r5A2AEoiWzNEx9lpVrZikCvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekRubXZrRFlBU2lKYk0wVEgyV2xXdG1LUUs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9iMmZmOTEtZDRjZS00MDViLWJlYmYt
NjA5ZDhmNTY1ZmZjLzEveVJpUF9kZkpjVkxTSGowQWFnNWpJODRfejhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9iMmZmOTEtZDRjZS00MDViLWJlYmYtNjA5ZDhmNTY1ZmZj
LzEvekRubXZrRFlBU2lKYk0wVEgyV2xXdG1LUUs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufU6MA0G
CSqGSIb3DQEBCwUAA4IBAQAPiVDUsPjIdJ0oXIk12VWo4xDzd1BdbfJ398Fs6kzr
v4+P9bZ3X5uLdWJLF2LHYz2gygt4W8MPjvPumLgBk7vKeXCfzTWIqxpiuXuTuo62
4qUDFxPNx9pKTdRunPlVFWGthOcYvGM+N/U5KIDdhYBZYYc0J+rij5EgmSuyc2bb
bpE7ppoXodmCJwdoz5ZA3kWC1Lh7gLT670BAiCmIqRlfWCkG/1P3gf2FDrxWT+zy
Zb1UxAMWTHKaJdNQ2b4U9MOtcAy1rIc4F9GGGnxFk1p4YyZ/eqftfQ9oXXIaQFxd
hsjtvOwigm+sFRZ4vH+0XOEzC2c+4XxF/hsTktZpzX2R
-----END CERTIFICATE-----