Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ynh_h8MyRYFYOuIsk8eU3LKhlAs.roa
File:                     ynh_h8MyRYFYOuIsk8eU3LKhlAs.roa (raw, json)
Hash identifier:          bWNBvynDC0aRBpVEa/LQWsUAzUVf8trxd0zuGluOyT4=
Subject key identifier:   CA:78:7F:87:C3:32:45:81:58:3A:E2:2C:93:C7:94:DC:B2:A1:94:0B
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0192D2A8972159862887FB9C5BA3050E0D97
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ynh_h8MyRYFYOuIsk8eU3LKhlAs.roa
Signing time:             Mon 28 Oct 2024 10:25:17 +0000
ROA not before:           Mon 28 Oct 2024 10:25:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     979
IP address blocks:        185.121.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d2:a8:97:21:59:86:28:87:fb:9c:5b:a3:05:0e:0d:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Oct 28 10:25:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca787f87c3324581583ae22c93c794dcb2a1940b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3e:f3:62:aa:de:88:39:35:f7:00:26:aa:aa:
                    3a:e7:61:b0:6f:63:aa:fc:59:4e:e8:e6:67:fc:7f:
                    92:89:6a:1d:9a:a8:f8:4b:48:9a:3b:33:77:01:c5:
                    87:61:df:67:86:c4:96:cd:0c:39:7c:dd:93:0d:71:
                    4e:ff:55:d6:f7:5c:8f:04:88:7c:fb:9a:3a:45:1e:
                    aa:d7:48:ac:10:f3:73:f6:1d:df:d7:7b:2f:20:f9:
                    a5:78:4e:ff:8d:37:9e:02:ad:76:6c:27:d1:79:b3:
                    74:3a:8b:99:38:e9:e2:7a:89:cb:0f:f5:0e:ae:6e:
                    1e:08:db:a0:49:0a:72:2e:60:bf:41:f7:a4:a5:9d:
                    fd:67:9e:d5:29:f0:a0:7b:85:91:ae:34:34:38:8b:
                    fb:9d:ac:1d:32:8e:bf:cf:f6:90:91:20:4c:cf:23:
                    80:4f:2a:8b:af:cd:51:91:6d:22:9e:61:e9:b4:cb:
                    f5:95:59:cf:7a:8f:6f:8b:37:a2:be:9e:da:85:e7:
                    11:8c:3d:ee:3f:4f:6b:07:30:aa:bb:bc:3b:58:49:
                    47:04:71:b8:e2:f4:91:5b:c1:c9:18:64:a3:b2:ca:
                    1c:63:be:a5:23:2d:8e:49:0b:ab:fc:52:27:e1:99:
                    8c:1f:b9:44:b3:0e:99:4b:66:d6:fc:5d:5e:89:8c:
                    86:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:78:7F:87:C3:32:45:81:58:3A:E2:2C:93:C7:94:DC:B2:A1:94:0B
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ynh_h8MyRYFYOuIsk8eU3LKhlAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:29:bb:0d:b3:d3:b0:ab:2b:a9:2a:78:85:21:7c:8f:7d:79:
         6b:e3:ca:dc:92:e7:0d:91:6e:71:64:3c:c3:ac:a8:28:87:57:
         8a:1a:78:17:45:17:97:ad:e6:8b:39:1e:63:21:ee:61:a3:bc:
         ff:45:71:25:b3:e1:96:6f:ec:90:5e:f4:2f:1f:ce:96:2f:91:
         7b:a4:7b:52:84:ad:14:be:0d:a4:1b:bc:db:7b:ad:0f:81:b6:
         77:81:7e:a1:ce:bc:32:c1:45:5f:02:64:67:48:b5:45:c7:c3:
         f9:a7:e2:c2:32:53:bb:d1:e5:0d:72:cc:6e:ca:c8:1e:6f:1d:
         74:f0:0f:69:c3:0f:aa:ab:7f:ad:4d:69:d2:7a:02:6a:ec:84:
         aa:ae:f0:ae:13:95:d8:74:5a:0a:f6:15:d7:50:d6:9a:73:2c:
         e7:b9:08:68:8e:e9:f0:4f:22:c9:da:87:42:10:a3:a4:90:4b:
         09:2e:41:97:88:57:9b:bf:72:58:ee:d1:61:77:23:93:db:86:
         c7:47:75:1d:eb:ba:6c:c2:f5:fd:58:0b:72:c3:bc:20:ab:e8:
         dd:52:ee:8e:2b:b5:fa:95:86:ef:2e:09:a4:2d:fe:b7:4b:50:
         7c:c6:10:bb:25:d0:90:26:e1:31:58:01:21:37:5d:d4:c0:3c:
         88:d6:93:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLSqJchWYYoh/ucW6MFDg2XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMDI4MTAyNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTc4N2Y4N2MzMzI0NTgxNTgzYWUyMmM5M2M3OTRkY2IyYTE5NDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApT7zYqreiDk19wAmqqo652Gwb2Oq
/FlO6OZn/H+SiWodmqj4S0iaOzN3AcWHYd9nhsSWzQw5fN2TDXFO/1XW91yPBIh8
+5o6RR6q10isEPNz9h3f13svIPmleE7/jTeeAq12bCfRebN0OouZOOnieonLD/UO
rm4eCNugSQpyLmC/QfekpZ39Z57VKfCge4WRrjQ0OIv7nawdMo6/z/aQkSBMzyOA
TyqLr81RkW0inmHptMv1lVnPeo9vizeivp7ahecRjD3uP09rBzCqu7w7WElHBHG4
4vSRW8HJGGSjssocY76lIy2OSQur/FIn4ZmMH7lEsw6ZS2bW/F1eiYyGOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMp4f4fDMkWBWDriLJPHlNyyoZQLMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEveW5oX2g4TXlSWUZZT3VJc2s4ZVUzTEtobEFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXkMMA0G
CSqGSIb3DQEBCwUAA4IBAQARKbsNs9OwqyupKniFIXyPfXlr48rckucNkW5xZDzD
rKgoh1eKGngXRReXreaLOR5jIe5ho7z/RXEls+GWb+yQXvQvH86WL5F7pHtShK0U
vg2kG7zbe60PgbZ3gX6hzrwywUVfAmRnSLVFx8P5p+LCMlO70eUNcsxuysgebx10
8A9pww+qq3+tTWnSegJq7ISqrvCuE5XYdFoK9hXXUNaacyznuQhojunwTyLJ2odC
EKOkkEsJLkGXiFebv3JY7tFhdyOT24bHR3Ud67pswvX9WAtyw7wgq+jdUu6OK7X6
lYbvLgmkLf63S1B8xhC7JdCQJuExWAEhN13UwDyI1pNZ
-----END CERTIFICATE-----