Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Ynzqaf67ALN9lC9gmbn8mIs3CSM.roa
File:                     Ynzqaf67ALN9lC9gmbn8mIs3CSM.roa (raw, json)
Hash identifier:          65WGjTIcJKh34kC00k+OcHoni0/DAKt4WHM7XRafO2I=
Subject key identifier:   62:7C:EA:69:FE:BB:00:B3:7D:94:2F:60:99:B9:FC:98:8B:37:09:23
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DF9D4D15A302132089D7DE54929FA3
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Ynzqaf67ALN9lC9gmbn8mIs3CSM.roa
Signing time:             Tue 02 Jan 2024 06:32:27 +0000
ROA not before:           Tue 02 Jan 2024 06:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51921
IP address blocks:        185.58.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:9d:4d:15:a3:02:13:20:89:d7:de:54:92:9f:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=627cea69febb00b37d942f6099b9fc988b370923
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:35:eb:09:3b:c4:19:b7:a8:98:de:e8:c5:be:
                    f3:b2:03:3f:81:64:46:cf:e3:7b:6d:ae:4d:aa:7a:
                    f8:01:29:9d:15:24:68:b8:54:a5:d0:99:a8:99:e2:
                    6b:17:35:42:e7:64:b7:d3:eb:8e:e7:10:08:3a:fd:
                    7e:4a:df:e4:6e:a5:d2:a8:a6:53:98:09:78:45:ce:
                    f2:4f:aa:85:c5:2f:e9:e2:eb:de:3e:dd:ed:ae:96:
                    40:cd:22:a2:d0:e4:db:cb:7c:36:d7:9a:86:83:4c:
                    96:2c:c6:ce:cb:ca:aa:53:e3:ee:b3:57:8b:6e:39:
                    22:5e:76:57:17:45:8c:f3:9f:64:29:90:ce:e9:6f:
                    dc:15:d4:47:6f:6a:07:ef:12:36:56:c5:5c:6f:43:
                    66:f2:3a:74:72:b9:b7:f9:50:e3:af:76:b6:ad:a9:
                    61:9d:4a:db:de:50:10:03:9a:8d:50:bf:fe:3a:e7:
                    7f:b2:63:01:60:f3:46:94:14:ed:03:d8:77:5b:05:
                    6a:59:67:62:42:a7:77:3e:76:b5:1c:7e:4f:9f:41:
                    1f:74:2a:2f:b4:17:c8:f5:87:de:b1:d9:70:1f:d4:
                    3d:34:6b:19:e2:2f:21:fb:f8:be:3d:81:09:93:0a:
                    a1:c9:f6:a2:f5:f7:e3:11:f0:7c:98:62:0b:8b:31:
                    6e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:7C:EA:69:FE:BB:00:B3:7D:94:2F:60:99:B9:FC:98:8B:37:09:23
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Ynzqaf67ALN9lC9gmbn8mIs3CSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:8b:41:84:f8:a6:af:94:a0:b1:1e:ea:31:9f:e1:da:22:69:
         dc:75:25:bb:19:70:61:6f:97:7c:10:e5:d1:68:d4:98:28:63:
         60:dc:70:93:cc:d1:db:b3:a9:e6:bf:0e:12:78:bf:72:b3:4b:
         a5:39:e6:f5:37:8f:f5:2b:da:0a:67:45:c2:5c:8c:73:cf:0b:
         78:d2:5f:5b:da:97:ff:2d:5b:0d:ac:b6:56:de:da:53:53:c3:
         5d:4a:6d:27:4d:7d:69:41:6a:22:ff:7c:16:09:c5:7b:e7:b9:
         98:f9:64:18:84:08:fa:bc:c5:76:8a:a3:a9:59:07:59:84:1c:
         87:97:70:6b:e8:3c:8a:e0:6a:38:76:bb:67:00:87:82:8f:01:
         85:78:ff:f3:12:cb:50:0c:74:ff:7a:ca:ed:13:16:ec:0d:1c:
         3b:20:dc:07:6e:17:01:73:71:ef:96:40:55:8e:ad:bb:5a:bd:
         3d:38:04:0d:59:bb:70:7e:b4:2e:09:ed:23:9b:91:62:46:73:
         5f:76:fe:43:2b:91:72:6b:fc:d6:d2:22:d8:61:14:ce:a0:cb:
         06:7a:08:5f:47:cf:64:a6:40:b0:7e:c7:95:83:88:b9:cd:44:
         e4:75:e0:71:bb:44:37:8d:33:27:8a:3e:d5:63:ac:12:02:c6:
         2f:51:68:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI351NFaMCEyCJ195Ukp+jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjdjZWE2OWZlYmIwMGIzN2Q5NDJmNjA5OWI5ZmM5ODhiMzcwOTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzXrCTvEGbeomN7oxb7zsgM/gWRG
z+N7ba5Nqnr4ASmdFSRouFSl0JmomeJrFzVC52S30+uO5xAIOv1+St/kbqXSqKZT
mAl4Rc7yT6qFxS/p4uvePt3trpZAzSKi0OTby3w215qGg0yWLMbOy8qqU+Pus1eL
bjkiXnZXF0WM859kKZDO6W/cFdRHb2oH7xI2VsVcb0Nm8jp0crm3+VDjr3a2ralh
nUrb3lAQA5qNUL/+Oud/smMBYPNGlBTtA9h3WwVqWWdiQqd3Pna1HH5Pn0EfdCov
tBfI9YfesdlwH9Q9NGsZ4i8h+/i+PYEJkwqhyfai9ffjEfB8mGILizFuHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJ86mn+uwCzfZQvYJm5/JiLNwkjMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvWW56cWFmNjdBTE45bEM5Z21ibjhtSXMzQ1NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTrNMA0G
CSqGSIb3DQEBCwUAA4IBAQAzi0GE+KavlKCxHuoxn+HaImncdSW7GXBhb5d8EOXR
aNSYKGNg3HCTzNHbs6nmvw4SeL9ys0ulOeb1N4/1K9oKZ0XCXIxzzwt40l9b2pf/
LVsNrLZW3tpTU8NdSm0nTX1pQWoi/3wWCcV757mY+WQYhAj6vMV2iqOpWQdZhByH
l3Br6DyK4Go4drtnAIeCjwGFeP/zEstQDHT/esrtExbsDRw7INwHbhcBc3HvlkBV
jq27Wr09OAQNWbtwfrQuCe0jm5FiRnNfdv5DK5Fya/zW0iLYYRTOoMsGeghfR89k
pkCwfseVg4i5zUTkdeBxu0Q3jTMnij7VY6wSAsYvUWh8
-----END CERTIFICATE-----