Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/yhKefwCtsXXDcBhHrJpaPd3VqKA.roa
File:                     yhKefwCtsXXDcBhHrJpaPd3VqKA.roa (raw, json)
Hash identifier:          pa+CSaGRn/tWI6+BYwDmO3eTl5FRQCs4+dyYBsdgioE=
Subject key identifier:   CA:12:9E:7F:00:AD:B1:75:C3:70:18:47:AC:9A:5A:3D:DD:D5:A8:A0
Certificate issuer:       /CN=5d0a0d396f769369365f2b983c531afeca9710a7
Certificate serial:       0191EBA5AB50BA7B86F6759AB797ECE35322
Authority key identifier: 5D:0A:0D:39:6F:76:93:69:36:5F:2B:98:3C:53:1A:FE:CA:97:10:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XQoNOW92k2k2XyuYPFMa_sqXEKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/yhKefwCtsXXDcBhHrJpaPd3VqKA.roa
Signing time:             Fri 13 Sep 2024 13:49:48 +0000
ROA not before:           Fri 13 Sep 2024 13:49:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214204
IP address blocks:        45.148.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/XQoNOW92k2k2XyuYPFMa_sqXEKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/XQoNOW92k2k2XyuYPFMa_sqXEKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XQoNOW92k2k2XyuYPFMa_sqXEKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:eb:a5:ab:50:ba:7b:86:f6:75:9a:b7:97:ec:e3:53:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d0a0d396f769369365f2b983c531afeca9710a7
        Validity
            Not Before: Sep 13 13:49:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca129e7f00adb175c3701847ac9a5a3dddd5a8a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:87:eb:93:f3:03:b9:1e:96:d3:41:45:22:5a:
                    06:dc:53:7c:64:e4:d9:28:96:f9:a4:17:22:77:67:
                    7a:18:06:be:22:a7:af:31:81:da:80:3d:f0:bb:b6:
                    84:e4:45:5f:08:85:22:2b:cd:27:96:0f:8c:4a:23:
                    77:04:a7:91:16:ae:db:84:c9:02:8c:b7:ea:02:96:
                    a8:6f:df:ae:b8:c3:92:fa:c3:b0:33:38:37:dc:65:
                    d7:65:36:93:8e:4c:49:ed:e1:cf:37:32:c8:8d:4a:
                    a4:47:9e:a9:c0:ed:3c:86:8f:5e:51:7c:74:77:8c:
                    2d:92:c6:2e:81:bb:85:84:b8:ee:ff:b5:ee:4d:a7:
                    0e:ec:a0:24:f1:be:62:0e:15:b5:b4:ba:81:4c:96:
                    93:52:fb:9c:25:69:be:12:6d:83:ec:51:26:ba:8e:
                    68:d0:56:ef:df:5f:49:87:db:d9:b2:50:74:e9:32:
                    bc:ac:41:54:64:20:51:70:cc:f2:95:c2:5d:37:56:
                    82:99:8d:e6:2e:62:84:ef:50:0d:be:08:e6:95:eb:
                    0c:da:46:30:5a:02:83:95:2a:6c:d1:eb:7a:fc:48:
                    a1:56:41:9f:aa:40:6a:aa:75:32:1f:f1:9a:71:55:
                    45:53:7e:ee:b5:0e:87:1f:07:18:c6:0f:94:f5:f2:
                    c6:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:12:9E:7F:00:AD:B1:75:C3:70:18:47:AC:9A:5A:3D:DD:D5:A8:A0
            X509v3 Authority Key Identifier:
                keyid:5D:0A:0D:39:6F:76:93:69:36:5F:2B:98:3C:53:1A:FE:CA:97:10:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XQoNOW92k2k2XyuYPFMa_sqXEKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/yhKefwCtsXXDcBhHrJpaPd3VqKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/XQoNOW92k2k2XyuYPFMa_sqXEKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:97:6c:6a:8a:84:2e:d9:96:20:27:63:fb:28:6e:11:9f:bf:
         f3:6c:4d:56:87:07:cd:da:e0:77:38:1f:6c:25:b7:76:a5:d3:
         10:27:46:c8:00:13:c3:af:fd:1f:24:5b:aa:00:8c:42:3d:0b:
         e0:93:ab:f2:25:a5:9c:37:0c:b5:1a:45:e2:b1:8d:c2:7c:ea:
         e4:13:61:c7:fc:8e:2e:23:05:38:74:36:30:04:8c:01:e5:96:
         12:68:73:52:ff:ac:dd:78:93:48:7e:4c:8e:97:d9:b4:b7:c6:
         52:f7:7e:de:c4:5b:bb:d2:db:81:8f:2a:1d:cc:3d:f2:e9:bf:
         2e:14:e8:86:fa:92:c5:03:86:1c:4d:40:2a:48:1c:06:bc:ca:
         bd:4f:28:96:94:67:da:5e:80:41:65:0d:4c:a3:81:21:a2:19:
         42:00:ed:fc:ce:71:95:e5:84:e8:4f:9d:02:9c:63:54:a1:a3:
         fb:0c:04:f4:bb:8b:ee:cf:d7:ae:80:b0:cc:1f:31:98:a4:fc:
         ca:f2:1f:90:65:7a:10:b4:81:85:49:a8:e0:56:58:f5:51:b0:
         9e:60:a7:ac:3a:4d:5e:58:cc:4d:cb:ea:56:fe:51:ff:ab:c6:
         b4:c3:74:26:5b:bb:4f:4b:ff:92:cc:28:ca:b0:95:bf:3d:64:
         42:a4:3d:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHrpatQunuG9nWat5fs41MiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMGEwZDM5NmY3NjkzNjkzNjVmMmI5ODNjNTMxYWZlY2E5
NzEwYTcwHhcNMjQwOTEzMTM0OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTEyOWU3ZjAwYWRiMTc1YzM3MDE4NDdhYzlhNWEzZGRkZDVhOGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYfrk/MDuR6W00FFIloG3FN8ZOTZ
KJb5pBcid2d6GAa+IqevMYHagD3wu7aE5EVfCIUiK80nlg+MSiN3BKeRFq7bhMkC
jLfqApaob9+uuMOS+sOwMzg33GXXZTaTjkxJ7eHPNzLIjUqkR56pwO08ho9eUXx0
d4wtksYugbuFhLju/7XuTacO7KAk8b5iDhW1tLqBTJaTUvucJWm+Em2D7FEmuo5o
0Fbv319Jh9vZslB06TK8rEFUZCBRcMzylcJdN1aCmY3mLmKE71ANvgjmlesM2kYw
WgKDlSps0et6/EihVkGfqkBqqnUyH/GacVVFU37utQ6HHwcYxg+U9fLGCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoSnn8ArbF1w3AYR6yaWj3d1aigMB8GA1UdIwQY
MBaAFF0KDTlvdpNpNl8rmDxTGv7KlxCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFFvTk9XOTJrMmsyWHl1WVBGTWFfc3FYRUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yMjNkOGYtNThhYy00ZGY3LWJmMWUt
NDQyMDEwYjU3OWVmLzEveWhLZWZ3Q3RzWFhEY0JoSHJKcGFQZDNWcUtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yMjNkOGYtNThhYy00ZGY3LWJmMWUtNDQyMDEwYjU3OWVm
LzEvWFFvTk9XOTJrMmsyWHl1WVBGTWFfc3FYRUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZTvMA0G
CSqGSIb3DQEBCwUAA4IBAQBUl2xqioQu2ZYgJ2P7KG4Rn7/zbE1WhwfN2uB3OB9s
Jbd2pdMQJ0bIABPDr/0fJFuqAIxCPQvgk6vyJaWcNwy1GkXisY3CfOrkE2HH/I4u
IwU4dDYwBIwB5ZYSaHNS/6zdeJNIfkyOl9m0t8ZS937exFu70tuBjyodzD3y6b8u
FOiG+pLFA4YcTUAqSBwGvMq9TyiWlGfaXoBBZQ1Mo4EhohlCAO38znGV5YToT50C
nGNUoaP7DAT0u4vuz9eugLDMHzGYpPzK8h+QZXoQtIGFSajgVlj1UbCeYKesOk1e
WMxNy+pW/lH/q8a0w3QmW7tPS/+SzCjKsJW/PWRCpD1R
-----END CERTIFICATE-----