Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d36783-4d5b-425e-949f-c41d86098df7/1/yh8tGBdsTtpnDLLpCIGc0hfBSpc.roa
File:                     yh8tGBdsTtpnDLLpCIGc0hfBSpc.roa (raw, json)
Hash identifier:          UN40sme5zzyn+eEJBVgioK9SiS8eusQF1cqvzmsONuU=
Subject key identifier:   CA:1F:2D:18:17:6C:4E:DA:67:0C:B2:E9:08:81:9C:D2:17:C1:4A:97
Certificate issuer:       /CN=294b5bbbe17467476e2282888221887df549f4b9
Certificate serial:       018CCA299A25FB156BB10E1F947E7D81BED3
Authority key identifier: 29:4B:5B:BB:E1:74:67:47:6E:22:82:88:82:21:88:7D:F5:49:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KUtbu-F0Z0duIoKIgiGIffVJ9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d36783-4d5b-425e-949f-c41d86098df7/1/yh8tGBdsTtpnDLLpCIGc0hfBSpc.roa
Signing time:             Tue 02 Jan 2024 12:32:53 +0000
ROA not before:           Tue 02 Jan 2024 12:32:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42349
IP address blocks:        91.233.122.0/24 maxlen: 24
                          185.203.28.0/22 maxlen: 24
                          2a0a:e040::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d36783-4d5b-425e-949f-c41d86098df7/1/KUtbu-F0Z0duIoKIgiGIffVJ9Lk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d36783-4d5b-425e-949f-c41d86098df7/1/KUtbu-F0Z0duIoKIgiGIffVJ9Lk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KUtbu-F0Z0duIoKIgiGIffVJ9Lk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:9a:25:fb:15:6b:b1:0e:1f:94:7e:7d:81:be:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=294b5bbbe17467476e2282888221887df549f4b9
        Validity
            Not Before: Jan  2 12:32:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca1f2d18176c4eda670cb2e908819cd217c14a97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:db:ac:54:8e:1d:93:29:54:b1:87:96:0f:3e:
                    08:eb:6f:83:5a:5c:c7:c6:24:a9:5e:80:ac:f0:0b:
                    4e:83:38:9f:90:6b:c1:c4:a2:a1:f0:d2:89:54:dd:
                    b9:76:4a:75:69:a9:be:fb:8b:b8:30:3a:80:41:04:
                    71:cb:2c:b9:d6:36:17:94:2f:f4:7a:26:4c:9c:33:
                    dd:ef:d2:97:6f:59:cf:ff:6b:e8:b0:e6:1b:e1:90:
                    a3:9c:27:af:73:2e:d2:72:44:55:b1:c5:d6:d1:7d:
                    02:17:26:a6:da:25:56:01:9a:96:40:ac:b4:63:cf:
                    60:e3:cb:93:45:b5:dd:d9:d3:82:bf:59:e4:8c:82:
                    d9:70:89:0c:0d:1d:6f:2c:43:7d:d5:6b:96:cd:2e:
                    3c:e2:ae:75:79:64:54:9f:b9:7e:c6:57:a7:74:b6:
                    23:f1:b1:c1:96:fd:9e:cb:0e:8f:e5:6e:85:c8:3a:
                    db:dc:13:6c:72:9b:44:a2:85:e7:f0:30:95:3b:aa:
                    1c:d2:79:5e:3a:03:07:98:a7:24:0e:bb:77:9d:52:
                    f9:1d:f2:2c:84:cb:65:ce:18:fb:3c:52:77:fb:8e:
                    43:d0:c5:08:26:31:73:54:39:3b:73:ec:83:db:66:
                    cb:3b:ec:dd:ae:90:cd:fe:28:e0:70:6c:43:29:7c:
                    7b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:1F:2D:18:17:6C:4E:DA:67:0C:B2:E9:08:81:9C:D2:17:C1:4A:97
            X509v3 Authority Key Identifier:
                keyid:29:4B:5B:BB:E1:74:67:47:6E:22:82:88:82:21:88:7D:F5:49:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KUtbu-F0Z0duIoKIgiGIffVJ9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d36783-4d5b-425e-949f-c41d86098df7/1/yh8tGBdsTtpnDLLpCIGc0hfBSpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d36783-4d5b-425e-949f-c41d86098df7/1/KUtbu-F0Z0duIoKIgiGIffVJ9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.122.0/24
                  185.203.28.0/22
                IPv6:
                  2a0a:e040::/29

    Signature Algorithm: sha256WithRSAEncryption
         8f:1c:25:cf:ca:fd:8f:8b:f4:be:1d:49:01:e1:81:f4:86:c0:
         2b:49:49:d3:28:60:90:76:1b:8a:8e:c9:1e:87:11:8f:98:de:
         2e:14:c2:1a:d2:de:61:31:8e:21:77:2c:01:80:5b:a2:0f:d2:
         d1:ac:6d:f3:8c:72:f5:8e:81:d6:46:00:36:9c:bc:d1:4b:58:
         cd:d2:a8:9c:b9:ea:eb:56:c8:a6:4a:ea:55:4b:c5:d3:1f:3a:
         5d:3c:00:e7:f1:cf:b2:92:94:22:52:31:66:a2:18:ef:83:72:
         94:16:22:29:2d:41:5a:e4:65:c3:62:b2:2e:ba:4a:48:56:c4:
         4f:1b:d1:11:4d:df:d3:99:15:2c:a6:fe:42:87:47:e5:f3:14:
         51:1e:84:31:9f:35:4e:fb:ea:12:db:20:42:3e:3e:a0:1b:66:
         38:41:88:6a:64:1f:bc:6b:ec:48:3e:5b:8a:38:ca:a6:46:85:
         fb:cc:01:9b:f2:84:f8:42:04:c8:09:fd:d3:e4:db:66:bc:bc:
         ea:8b:db:e4:4b:4a:21:7e:0b:d7:2a:1d:0b:2d:f2:34:11:8f:
         12:28:a7:42:61:85:1a:90:04:82:35:d0:aa:09:9f:82:ac:3c:
         2d:7f:ed:39:76:fb:1e:14:76:87:4e:ec:02:64:05:c2:bd:9e:
         8c:b5:e4:38
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKKZol+xVrsQ4flH59gb7TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NGI1YmJiZTE3NDY3NDc2ZTIyODI4ODgyMjE4ODdkZjU0
OWY0YjkwHhcNMjQwMTAyMTIzMjUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTFmMmQxODE3NmM0ZWRhNjcwY2IyZTkwODgxOWNkMjE3YzE0YTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtusVI4dkylUsYeWDz4I62+DWlzH
xiSpXoCs8AtOgzifkGvBxKKh8NKJVN25dkp1aam++4u4MDqAQQRxyyy51jYXlC/0
eiZMnDPd79KXb1nP/2vosOYb4ZCjnCevcy7SckRVscXW0X0CFyam2iVWAZqWQKy0
Y89g48uTRbXd2dOCv1nkjILZcIkMDR1vLEN91WuWzS484q51eWRUn7l+xlendLYj
8bHBlv2eyw6P5W6FyDrb3BNscptEooXn8DCVO6oc0nleOgMHmKckDrt3nVL5HfIs
hMtlzhj7PFJ3+45D0MUIJjFzVDk7c+yD22bLO+zdrpDN/ijgcGxDKXx7UwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMofLRgXbE7aZwyy6QiBnNIXwUqXMB8GA1UdIwQY
MBaAFClLW7vhdGdHbiKCiIIhiH31SfS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1V0YnUtRjBaMGR1SW9LSWdpR0lmZlZKOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kMzY3ODMtNGQ1Yi00MjVlLTk0OWYt
YzQxZDg2MDk4ZGY3LzEveWg4dEdCZHNUdHBuRExMcENJR2MwaGZCU3BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kMzY3ODMtNGQ1Yi00MjVlLTk0OWYtYzQxZDg2MDk4ZGY3
LzEvS1V0YnUtRjBaMGR1SW9LSWdpR0lmZlZKOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW+l6AwQC
ucscMA0EAgACMAcDBQMqCuBAMA0GCSqGSIb3DQEBCwUAA4IBAQCPHCXPyv2Pi/S+
HUkB4YH0hsArSUnTKGCQdhuKjskehxGPmN4uFMIa0t5hMY4hdywBgFuiD9LRrG3z
jHL1joHWRgA2nLzRS1jN0qicuerrVsimSupVS8XTHzpdPADn8c+ykpQiUjFmohjv
g3KUFiIpLUFa5GXDYrIuukpIVsRPG9ERTd/TmRUspv5Ch0fl8xRRHoQxnzVO++oS
2yBCPj6gG2Y4QYhqZB+8a+xIPluKOMqmRoX7zAGb8oT4QgTICf3T5NtmvLzqi9vk
S0ohfgvXKh0LLfI0EY8SKKdCYYUakASCNdCqCZ+CrDwtf+05dvseFHaHTuwCZAXC
vZ6MteQ4
-----END CERTIFICATE-----