Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/YbtmoXWxBt60rGetknT9NjzHLrU.roa
File:                     YbtmoXWxBt60rGetknT9NjzHLrU.roa (raw, json)
Hash identifier:          IpaSvuSX3E1JbetXfqBqyMntNE+dfFvSUKX+jHiFImw=
Subject key identifier:   61:BB:66:A1:75:B1:06:DE:B4:AC:67:AD:92:74:FD:36:3C:C7:2E:B5
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018CC2DB6181275D7993E2E68C9955C07ECD
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/YbtmoXWxBt60rGetknT9NjzHLrU.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42899
IP address blocks:        84.54.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:61:81:27:5d:79:93:e2:e6:8c:99:55:c0:7e:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61bb66a175b106deb4ac67ad9274fd363cc72eb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:f4:f6:fa:0f:02:2a:81:a4:f1:67:ce:78:44:
                    7f:16:4e:86:bc:ac:8d:20:6b:f1:c2:ab:3b:10:21:
                    c8:cb:e8:03:bd:17:e9:38:48:2f:30:c0:06:76:20:
                    ef:8b:2a:43:61:fa:32:19:11:53:55:95:7c:67:c4:
                    19:1b:29:0c:5e:53:1d:13:44:df:a7:0f:78:0c:c1:
                    1b:68:84:f0:40:b2:4f:b6:d2:20:89:c5:88:98:db:
                    a5:92:18:96:19:a3:da:15:70:6d:99:38:0b:50:ed:
                    67:cc:53:9e:76:62:3e:37:ed:5d:b9:e0:38:b3:e4:
                    88:cb:0c:e2:08:e8:7d:22:2a:1d:f9:c8:1e:5d:0b:
                    2e:1b:ed:55:31:2e:1d:9d:1c:3e:77:06:89:50:22:
                    3f:f1:c9:d9:e7:3a:5a:2e:bf:d8:f5:1d:29:61:0b:
                    5b:cf:a4:d4:de:5e:14:99:b8:d7:29:7c:de:c7:9c:
                    5d:58:21:ff:bf:7f:7f:45:7d:7b:7c:04:87:b5:30:
                    2a:b7:2e:66:13:40:ff:35:f8:7c:dd:f7:f8:68:6f:
                    ca:9c:d4:f6:9c:3a:7c:ef:48:3d:2a:a1:90:da:22:
                    21:48:d1:44:28:e4:ea:0b:da:d7:4b:85:9b:9b:a1:
                    ec:48:aa:1a:ea:13:40:3c:bf:05:98:14:94:09:16:
                    7d:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:BB:66:A1:75:B1:06:DE:B4:AC:67:AD:92:74:FD:36:3C:C7:2E:B5
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/YbtmoXWxBt60rGetknT9NjzHLrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:a3:54:6d:ab:e9:9f:c3:d1:26:0a:12:66:f3:03:11:b0:f7:
         a8:c6:dd:76:92:37:5d:c0:89:02:a6:fb:ba:86:d5:2a:d7:d3:
         82:80:45:91:fc:25:e0:6c:da:18:fa:2e:38:d9:8b:b9:78:f1:
         a3:4f:2c:d0:22:1a:ae:79:92:68:95:73:a4:22:f2:f1:cc:bf:
         e7:46:f5:db:22:bf:2b:88:6a:38:92:78:a5:09:72:12:4c:ab:
         5e:bc:94:3a:cb:bd:98:38:37:9c:96:c5:d1:51:0e:37:47:cd:
         d9:25:57:61:da:d6:a4:47:83:fd:95:de:03:8c:20:54:7f:de:
         15:06:6f:52:3b:2c:20:c5:46:0b:87:76:d0:08:33:73:1b:16:
         5c:28:e5:bf:44:d9:fe:a2:76:0b:12:8c:64:6d:32:ff:ad:25:
         02:7e:b1:ac:9c:56:ca:96:ac:2d:c3:28:10:c4:0c:94:e3:8f:
         87:05:08:ca:e3:bd:32:ef:c1:5e:d8:44:4d:53:32:7b:0f:5b:
         b0:54:4f:fb:03:6b:e3:ed:ab:72:b4:ad:f1:bf:24:07:97:b1:
         24:e6:51:df:55:ae:12:df:96:40:21:dd:d8:df:ba:8e:9d:ba:
         c3:c1:b2:c1:41:33:0d:61:f4:4a:92:76:d7:79:75:bb:34:54:
         44:93:53:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22GBJ115k+LmjJlVwH7NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWJiNjZhMTc1YjEwNmRlYjRhYzY3YWQ5Mjc0ZmQzNjNjYzcyZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfT2+g8CKoGk8WfOeER/Fk6GvKyN
IGvxwqs7ECHIy+gDvRfpOEgvMMAGdiDviypDYfoyGRFTVZV8Z8QZGykMXlMdE0Tf
pw94DMEbaITwQLJPttIgicWImNulkhiWGaPaFXBtmTgLUO1nzFOedmI+N+1dueA4
s+SIywziCOh9Iiod+cgeXQsuG+1VMS4dnRw+dwaJUCI/8cnZ5zpaLr/Y9R0pYQtb
z6TU3l4UmbjXKXzex5xdWCH/v39/RX17fASHtTAqty5mE0D/Nfh83ff4aG/KnNT2
nDp870g9KqGQ2iIhSNFEKOTqC9rXS4Wbm6HsSKoa6hNAPL8FmBSUCRZ9EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGG7ZqF1sQbetKxnrZJ0/TY8xy61MB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvWWJ0bW9YV3hCdDYwckdldGtuVDlOanpITHJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVDY0MA0G
CSqGSIb3DQEBCwUAA4IBAQBVo1Rtq+mfw9EmChJm8wMRsPeoxt12kjddwIkCpvu6
htUq19OCgEWR/CXgbNoY+i442Yu5ePGjTyzQIhqueZJolXOkIvLxzL/nRvXbIr8r
iGo4knilCXISTKtevJQ6y72YODeclsXRUQ43R83ZJVdh2takR4P9ld4DjCBUf94V
Bm9SOywgxUYLh3bQCDNzGxZcKOW/RNn+onYLEoxkbTL/rSUCfrGsnFbKlqwtwygQ
xAyU44+HBQjK470y78Fe2ERNUzJ7D1uwVE/7A2vj7atytK3xvyQHl7Ek5lHfVa4S
35ZAId3Y37qOnbrDwbLBQTMNYfRKknbXeXW7NFREk1MA
-----END CERTIFICATE-----